HI David On Tue, 26 Jul 2022 at 14:07, <dc...@prosentient.com.au> wrote: > > Hi all, > > > > I was looking at BibLibre’s ERM sandbox, and I noticed that the Nginx reverse > proxy was using HTTP/2. It got me thinking about Apache httpd and HTTP/2. > > > > Apparently, Apache has an optional mod_http2 module, but it is said to work > better with mpm_event and mpm_worker than mpm_prefork. > > > > But because we use mpm_itk (in order to declare “AssignUserID kohadev-koha > kohadev-koha” per VirtualHost) we’re tied to using mpm_prefork. > > > > Yet… Koha mostly runs in Starman these days. We don’t necessarily get that > much benefit from AssignUserID anymore. The main problem would be permissions > for the CGI scripts that we don’t proxy. So maybe we wait until after we’re > proxying everything through Apache and Apache is just a reverse proxy to > Starman and a static asset server. Because at that point… there’s no reason > it couldn’t just run under the “www-data” user. > > That's not entirely true, plack runs on a unix socket as a user, with potentially multiple sites on a single server. So having only the right apache sites being able to talk to the right sockets by them both being the same user is a very important thing.
For example starman worker -M FindBin --max-requests 50 --workers 2 --user=demo-koha --group demo-koha --pid /var/run/koha/demo/plack.pid --daemonize --access-log /var/log/koha/demo/plack.log --error-log /var/log/koha/demo/plack-error.log -E deployment --socket /var/run/koha/demo/plack.sock /etc/koha/plack.psgi So you need to find some way to achieve this, without mpm_itk or accept the big step backwards in site segregation. > > I mean we could try testing mod_http2 with mpm_prefork anyway I suppose. And > there’s always the old “if it ain’t broke, don’t fix it”. > > > I suppose I just think it’s funny that HTTP/3 exists (although it’s not > widely supported on FOSS servers yet) but we haven’t even moved from HTTP/1.1 > to HTTP/2. > > > > Frido, curious if you have any comments on HTTP/2 since I’m guessing you set > up that Nginx reverse proxy? > Chris _______________________________________________ Koha-devel mailing list Koha-devel@lists.koha-community.org https://lists.koha-community.org/cgi-bin/mailman/listinfo/koha-devel website : https://www.koha-community.org/ git : https://git.koha-community.org/ bugs : https://bugs.koha-community.org/
