Categories
Linux

Enable HTTP/2 with Apache+PHP on Ubuntu

I recently made the necessary adjustments to my Apache+PHP server to support the HTTP/2 protocol. This newer protocol comes with performance advantages and support is widespread by now. Depending on existing Apache server configuration, it is not always trivial to enable, due to specific requirements for HTTP/2 with Apache. This especially applies if you’re using PHP with the classic mod_php Apache module.

Here is a summary of the setup I used before, when my web server only supported HTTP/1.X:

  1. Ubuntu 20.04 LTS
  2. Apache 2.4 web server with the classic prefork multi processing module.
  3. mod_php for server side PHP script execution.
  4. Fully https-enabled site with certificate from Let’s Encrypt.
  5. WordPress for publishing.

Points 2 and 3 will require changes.

The Apache multi processing module (often referred to simply as an «MPM») must be switched to the generally recommended mpm_event. Since mod_php is not compatible with the multi threaded mpm_event, an alternative must be used for PHP script execution. The recommended approach is to setup PHP as a FastCGI service and have Apache proxy requests to this service for actual script execution. So the big difference here is that PHP code will execute outside of the Apache server processes, thereby decoupling Apache’s execution environment and request handling from PHP.

The steps in the following sections all apply to Ubuntu 20.04 and Debian in general (package versions may vary). There are some handy command line tools to configure the modular Apache server, which we will be using. Assuming nothing goes wrong, no significant downtime will occur when following these steps.

1. Setting up the PHP FastCGI service

Disable and remove the classic mod_php package, since it is no longer needed:

# Disable Apache mod_php:
a2dismod php7.4

# Optionally remove packages, no longer be needed:
apt autoremove libapache2-mod-php\*

Install the PHP FastCGI process manager package:

apt install php-fpm

The service should be automatically started. The package provides the following information after a successful installation:

NOTICE: Not enabling PHP 7.4 FPM by default.
NOTICE: To enable PHP 7.4 FPM in Apache2 do:
NOTICE: a2enmod proxy_fcgi setenvif
NOTICE: a2enconf php7.4-fpm
NOTICE: You are seeing this message because you have apache2 package installed.

So let’s just do what is recommended:

a2enmod proxy_fcgi setenvif
a2enconf php7.4-fpm

The proxy_fcgi module is required so that Apache can proxy requests to FastCGI services. The second command enables proxy configuration specific to the service setup by the php7.4-fpm package.

If you have customizations to php.ini, you will have to copy those from the old mod_php configuration file to the separate php-fpm configuration. These are the relevant files:

# old mod_php config file no longer in use:
/etc/php/7.4/apache2/php.ini

# new php-fpm config file:
/etc/php/7.4/fpm/php.ini

Finally, you can test that PHP still works on your web site after the switch to php-fpm, before moving on:

apache2ctl configtest
systemctl restart apache2

2. Switch to event multi processing module in Apache

Disable mpm_prefork, then enable mpm_event:

a2dismod mpm_prefork
a2enmod mpm_event

If those commands succeed, then restart Apache and test that your site still works:

apache2ctl configtest
systemctl restart apache2

3. Enable the HTTP/2 protocol

a2enmod http2
systemctl restart apache2

Now you can open your browser developer tools and do a page load of your site. If using https, then your browser should negotiate HTTP/2 with the server, and you will see that logged as the protocol. All done.

If not using https however, then you cannot really take advantage of HTTP/2. In theory it is supported, but most browsers will only use it over TLS connections. The protocol is then referred to as “h2”, meaning HTTP/2 over secure transport.

Tuning mpm_event and php-fpm

You can tune the Apache event MPM by editing the following configuration file:

/etc/apache2/mods-enabled/mpm_event.conf

The PHP FastCGI process manager service can be tuned by editing:

/etc/php/7.4/fpm/pool.d/www.conf

Summary of setup after enabling HTTP/2

  1. Ubuntu 20.04 LTS
  2. Apache 2.4 web server with the event multi processing, http2 and proxy_fcgi modules enabled.
  3. PHP-fpm for server side PHP script execution.
  4. Fully https-enabled site with certificate from Let’s Encrypt.
  5. WordPress for publishing.

References

https://httpd.apache.org/docs/2.4/howto/http2.html

Categories
Other

Web Warts

A web wart is a type of Modal, Popup, Drop-down, Slide-in, Banner, Useless widget or other Annoying element that comes to greet you on your visit to a web page; there are many shapes and sizes. First time visitors are particularly susceptible to wart attacks. Many such warts can be removed by striking their weak spot, often a small [x]. If you do not pay attention to them, they persist, eat page space and proliferate. Web warts tend to reappear after a few days and can be hard to fully get rid of. Some you cannot remove, and some of those even tag along as you scroll the page.

A very common type of web wart is the Cookie Monster Modal that begs of you to Accept all. Such warts offer several options for you to annihilate them, but if you do not choose their own preferred way of dying, they will often come back the next day or next week or next month.

Every day the warts of the web increase in numbers. Landing on a new web site is like encountering an impenetrable wall of weeds. Your mission, should you choose to accept it, is to whack it all away, equipped with a pointy weapon. More often than not, your best bet is to just leave. There are many sources of truth these days.

I hate Web Warts.

Categories
Hardware Other

EU puts pressure on smartphone manufacturers

In August of 2020, I wrote a post about how smartphone manufacturers fail to provide a long enough period of security updates to the devices they sell. Leaving the market to itself has obviously lead to planned obsolescence being the norm for Android-based devices, where it is necessary to buy a new phone every 2–3 years to stay secure. But things might change for the better. The European Commission is planning to extend [1] its Ecodesign and Energy labelling directive to also apply to smartphone (and similar) products, and with it comes requirements to reparability and minimum security update support period. Currently proposed is a 5 year period for such products, which is great news. Going further, Germany is lobbying [2] to get a 7 year support period for updates and spare parts. It will be interesting to see the outcome of this.

On a personal note, I ended up buying a new Samsung S21 phone, after Sony stopped updates for my two year old Xperia compact. The Samsung phone is too big, but I could not find a better alternative. And I will likely get at least 4 years of updates. I have no need to replace my smartphone every 2 years and contribute to such ridiculous resource waste.

References

  1. Heise online article (translated to English):
    https://www-heise-de.translate.goog/news/EU-plant-Energielabel-und-strenge-Umweltregeln-fuer-Smartphones-und-Tablets-6171979.html?_x_tr_sl=auto&_x_tr_tl=en
  2. Heise online article (translated to English):
    https://www-heise-de.translate.goog/news/Bundesregierung-Smartphones-sollen-sieben-Jahre-lang-Updates-erhalten-6179995.html?_x_tr_sl=auto&_x_tr_tl=en