From 233a608ddd1b2865bfc312d538b6627d77a73297 Mon Sep 17 00:00:00 2001
From: "Steven R. Loomis" <srl295@gmail.com>
Date: Thu, 9 May 2024 15:15:03 -0500
Subject: [PATCH] CLDR-7633 ansible: move performance improvements into ansible
 (#3708)

---
 tools/scripts/ansible/certbot-playbook.yml   |  5 +++++
 tools/scripts/ansible/cldr-apps-playbook.yml |  1 +
 tools/scripts/ansible/nginx-playbook.yml     | 12 ++++++++++++
 3 files changed, 18 insertions(+)

diff --git a/tools/scripts/ansible/certbot-playbook.yml b/tools/scripts/ansible/certbot-playbook.yml
index 259d7cdcfd3..bd4b2e74592 100644
--- a/tools/scripts/ansible/certbot-playbook.yml
+++ b/tools/scripts/ansible/certbot-playbook.yml
@@ -15,3 +15,8 @@
         --keep --redirect --uir --hsts --staple-ocsp --must-staple
       args:
         creates: /etc/letsencrypt/renewal/{{ inventory_hostname }}.conf
+    - name: Speedup http2
+      replace:
+        path: /etc/nginx/sites-enabled/default
+        regexp: '^(\s*)listen 443 ssl;(.*)$'
+        replace: '\1listen 443 ssl http2;\2'
diff --git a/tools/scripts/ansible/cldr-apps-playbook.yml b/tools/scripts/ansible/cldr-apps-playbook.yml
index 79819d187f0..0e0c138bf37 100644
--- a/tools/scripts/ansible/cldr-apps-playbook.yml
+++ b/tools/scripts/ansible/cldr-apps-playbook.yml
@@ -53,6 +53,7 @@
         force: no
         update: no
         version: main
+        remote: origin
         # this is a deep clone because we will need to keep updating
         # it with history. It does not include LFS as that
         # is not needed for the surveytool.
diff --git a/tools/scripts/ansible/nginx-playbook.yml b/tools/scripts/ansible/nginx-playbook.yml
index 7fbe93832f1..aee51204e2e 100644
--- a/tools/scripts/ansible/nginx-playbook.yml
+++ b/tools/scripts/ansible/nginx-playbook.yml
@@ -14,6 +14,18 @@
         group: root
         mode: '0644'
       notify: 'Restart Nginx'
+    - name: Setup gzip.conf
+      copy:
+        dest: /etc/nginx/conf.d/gzip.conf
+        owner: root
+        group: root
+        mode: '0644'
+        content: |
+          gzip on;
+          gzip_types      text/plain application/xml application/json text/javascript application/x-javascript;
+          gzip_proxied    no-cache no-store private expired auth;
+          gzip_min_length 1000;
+      notify: 'Restart Nginx'
     - name: Setup reverse proxy
       blockinfile:
         path: /etc/nginx/sites-enabled/default