Enable HTTP2 Support in Apache

From Sympl Wiki
Revision as of 20:58, 11 April 2020 by 6np (talk | contribs)
Jump to navigation Jump to search

To get http2 running on Symbiosis in a production environment reliably, brings about a few configuration changes. I'll attempt to highlight these here.

MPM_event to replace MPM_prefork

The prefork MPM has substantial limitations when working with http2 namely in that each connection can only handle one request at a time. More details can be found on the apache website. Because of this we are going to switch the apache server to using the event MPM. The event MPM is not able to preload the PHP module so we will also need to install php-fpm to parse php on the server.

If you had previously made modifications to the prefork settings to optimise performance then these will need transposing across to the MPM_event configuration as well. if you have not made changes as highlighted below then just disabling the prefork module and enabling the event module as below will be enough. - more details to follow -

notes only, needs editing

Install the php-fpm, the default php install on a buster machine is currently php7.3:

 apt-get install -y php7.3-fpm 

We will disable the prefork and php7.3 module. The php7.3 module allows the prefork module to run in prefork but we need to remove it to run php-fpm

 a2dismod php7.3 mpm_prefork

We will then install the modules for the event MPM, proxy_fcgi for passing php requests to php-fpm and the http2 module

 a2enmod alias mpm_event proxy proxy_fcgi setenvif http2

We can then add the php7.3-fpm config as well.

 2enconf php7.3-fpm

At this point the system is configured to run with the new settings but until we have restarted apache they have not taken effect. The php_admin directives that we are set in sympl to enhance security throw errors using the fpm as the multiple fields are not recognised by proxy_fcgi. We need to contain the multiple parameters in quotes so they are all seen as one parameter and passed through to php-fpm as a whole. To do this moving forwards we can adapt the sympl-web-configure templates:

 sed -E -i 's/php_admin_value (.*)/SetEnv php_admin_value \"\1\"/' /etc/sympl/apache.d/*.erb
 sed -E -i 's/php_admin_flag (.*)/SetEnv php_admin_flag \"\1\"/' /etc/sympl/apache.d/*.erb

if you have hand edited the configuration files and dont want to run sympl-web-configure --force

 sed -E -i 's/php_admin_value (.*)/SetEnv php_admin_value \"\1\"/' /etc/apache2/*-available/*.conf
 sed -E -i 's/php_admin_flag (.*)/SetEnv php_admin_flag \"\1\"/' /etc/apache2/*-available/*.conf

You can test the new configuration before restarting apache with the apachectl config test:

 apachectl -t

You should recieve a message saying 'Syntax OK'. there may be a message about the test not seeing the correct IP address but this can be ignored, as long as there are no errors your configuration will work. You can then create the config with the following command:

 sympl-web-configure --verbose

You can test the new configuration using a browser in debug mode or using curl from your server with:

 curl -I --http2 http://localhost

and you should recieve somethig like:

 HTTP/1.1 101 Switching Protocols
 Upgrade: h2c
 Connection: Upgrade

 HTTP/2 200
 date: Sat, 11 Apr 2020 21:55:34 GMT
 server: Apache
 content-type: text/html; charset=UTF-8