Enable HTTP2 Support in Apache
To get http2 running on Symbiosis in a production environment reliably, brings about a few configuration changes. I'll attempt to highlight these here.
MPM_event to replace MPM_prefork
The prefork MPM has substantial limitations when working with http2 namely in that each connection can only handle one request at a time. More details can be found on the apache website. Because of this we are going to switch the apache server to using the event MPM. The event MPM is not able to preload the PHP module so we will also need to install php-fpm to parse php on the server.
If you had previously made modifications to the prefork settings to optimise performance then these will need transposing across to the MPM_event configuration as well. if you have not made changes as highlighted below then just disabling the prefork module and enabling the event module as below will be enough.
Install the php-fpm, the default php install on a buster machine is currently php7.3:
apt-get install -y php7.3-fpm
We will disable the prefork and php7.3 module. The php7.3 module allows the prefork module to run in prefork but we need to remove it to run php-fpm
a2dismod php7.3 mpm_prefork
We will then install the modules for the event MPM, proxy_fcgi for passing php requests to php-fpm and the http2 module
a2enmod alias mpm_event proxy proxy_fcgi setenvif http2
We can then add the php7.3-fpm config as well.
At this point the system is configured to run with the new settings but until we have restarted apache they have not taken effect. The php_admin directives that we are set in sympl to enhance security throw errors using the fpm as the multiple fields are not recognised by proxy_fcgi. We need to contain the multiple parameters in quotes so they are all seen as one parameter and passed through to php-fpm as a whole. To do this moving forwards we can adapt the sympl-web-configure templates:
sed -E -i 's/php_admin_value (.*)/SetEnv php_admin_value \"\1\"/' /etc/sympl/apache.d/*.erb
sed -E -i 's/php_admin_flag (.*)/SetEnv php_admin_flag \"\1\"/' /etc/sympl/apache.d/*.erb
if you have hand edited the configuration files and dont want to run sympl-web-configure --force
sed -E -i 's/php_admin_value (.*)/SetEnv php_admin_value \"\1\"/' /etc/apache2/*-available/*.conf
sed -E -i 's/php_admin_flag (.*)/SetEnv php_admin_flag \"\1\"/' /etc/apache2/*-available/*.conf
You can test the new configuration before restarting apache with the apachectl config test:
You should recieve a message saying 'Syntax OK'. there may be a message about the test not seeing the correct IP address but this can be ignored, as long as there are no errors your configuration will work. You can then create the config with the following command:
You can test the new configuration using a browser in debug mode or using curl from your server with:
curl -I --http2 http://localhost
and you should recieve somethig like:
HTTP/1.1 101 Switching Protocols Upgrade: h2c Connection: Upgrade HTTP/2 200 date: Sat, 11 Apr 2020 21:55:34 GMT server: Apache content-type: text/html; charset=UTF-8