[Koha-devel] Thoughts on retiring libapache2-mpm-itk?
Chris Cormack
chris at bigballofwax.co.nz
Tue Jul 26 05:03:20 CEST 2022
HI David
On Tue, 26 Jul 2022 at 14:07, <dcook at prosentient.com.au> wrote:
>
> Hi all,
>
>
>
> I was looking at BibLibre’s ERM sandbox, and I noticed that the Nginx reverse proxy was using HTTP/2. It got me thinking about Apache httpd and HTTP/2.
>
>
>
> Apparently, Apache has an optional mod_http2 module, but it is said to work better with mpm_event and mpm_worker than mpm_prefork.
>
>
>
> But because we use mpm_itk (in order to declare “AssignUserID kohadev-koha kohadev-koha” per VirtualHost) we’re tied to using mpm_prefork.
>
>
>
> Yet… Koha mostly runs in Starman these days. We don’t necessarily get that much benefit from AssignUserID anymore. The main problem would be permissions for the CGI scripts that we don’t proxy. So maybe we wait until after we’re proxying everything through Apache and Apache is just a reverse proxy to Starman and a static asset server. Because at that point… there’s no reason it couldn’t just run under the “www-data” user.
>
>
That's not entirely true, plack runs on a unix socket as a user, with
potentially multiple sites on a single server. So having only the
right apache sites being able to talk to the right sockets by them
both being the same user is a very important thing.
For example
starman worker -M FindBin --max-requests 50 --workers 2
--user=demo-koha --group demo-koha --pid /var/run/koha/demo/plack.pid
--daemonize --access-log /var/log/koha/demo/plack.log --error-log
/var/log/koha/demo/plack-error.log -E deployment --socket
/var/run/koha/demo/plack.sock /etc/koha/plack.psgi
So you need to find some way to achieve this, without mpm_itk or
accept the big step backwards in site segregation.
>
> I mean we could try testing mod_http2 with mpm_prefork anyway I suppose. And there’s always the old “if it ain’t broke, don’t fix it”.
>
>
> I suppose I just think it’s funny that HTTP/3 exists (although it’s not widely supported on FOSS servers yet) but we haven’t even moved from HTTP/1.1 to HTTP/2.
>
>
>
> Frido, curious if you have any comments on HTTP/2 since I’m guessing you set up that Nginx reverse proxy?
>
Chris
More information about the Koha-devel
mailing list