Commit 114a5ecf authored by Rafael Monnerat's avatar Rafael Monnerat

apache-frontend: Make http2 and MPM configuration option

  Allow http2 protocol be enable or disable by default
  Allow set certain configurations for MPM to control the number of process and threads.
parent 89c16d80
...@@ -39,7 +39,7 @@ md5sum = 665e83d660c9b779249b2179d7ce4b4e ...@@ -39,7 +39,7 @@ md5sum = 665e83d660c9b779249b2179d7ce4b4e
[template-apache-frontend-configuration] [template-apache-frontend-configuration]
filename = templates/apache.conf.in filename = templates/apache.conf.in
md5sum = 771861ed82411730d95695c107c2bd4e md5sum = 070658d10546b5a69fe291e0da876e62
[template-custom-slave-list] [template-custom-slave-list]
filename = templates/apache-custom-slave-list.cfg.in filename = templates/apache-custom-slave-list.cfg.in
...@@ -55,7 +55,7 @@ md5sum = d98a01182f38868612948c87d5231428 ...@@ -55,7 +55,7 @@ md5sum = d98a01182f38868612948c87d5231428
[template-default-slave-virtualhost] [template-default-slave-virtualhost]
filename = templates/default-virtualhost.conf.in filename = templates/default-virtualhost.conf.in
md5sum = cc7c80148d29154ae6444cbd0613c890 md5sum = 5344bff68a3f7dead633a35771ad1a19
[template-cached-slave-virtualhost] [template-cached-slave-virtualhost]
filename = templates/cached-virtualhost.conf.in filename = templates/cached-virtualhost.conf.in
......
...@@ -14,7 +14,44 @@ ...@@ -14,7 +14,44 @@
"description": "Value used to set IPReadLimit Parameter for antiloris.", "description": "Value used to set IPReadLimit Parameter for antiloris.",
"type": "integer", "type": "integer",
"default": 10 "default": 10
}, },
"mpm-server-limit": {
"title": "ServerLimit",
"description": "Value used to set ServerLimit on apache configuration.",
"type": "integer",
"default": 16
},
"mpm-max-clients": {
"title": "MaxClients",
"description": "Value used to set MaxClients on apache configuration.",
"type": "integer",
"default": 400
},
"mpm-start-servers": {
"title": "StartServers",
"description": "Value used to set StartServers on apache configuration.",
"type": "integer",
"default": 3
},
"mpm-thread-per-child": {
"title": "ThreadsPerChild",
"description": "Value used to set ThreadsPerChild on apache configuration.",
"type": "integer",
"default": 25
},
"mpm-graceful-shutdown-timeout": {
"title": "ThreadsPerChild",
"description": "Value used to set ThreadsPerChild on apache configuration.",
"type": "integer",
"default": 5
},
"enable-http2-by-default": {
"title": "Enable HTTP2 by Default",
"description": "Use HTTP2 as default Protocol",
"type": "string",
"default": "true",
"enum": ["true", "false"]
},
"re6st-verification-url": { "re6st-verification-url": {
"title": "Test Verification URL", "title": "Test Verification URL",
"description": "Url to verify if the internet and/or re6stnet is working.", "description": "Url to verify if the internet and/or re6stnet is working.",
......
...@@ -140,7 +140,13 @@ ...@@ -140,7 +140,13 @@
"default": "false", "default": "false",
"enum": ["false", "true"] "enum": ["false", "true"]
}, },
"enable-http2": {
"title": "Enable HTTP2 Protocol",
"description": "Use HTTP2 Protocol for the site",
"type": "string",
"default": "true",
"enum": ["true", "false"]
},
"prefer-gzip-encoding-to-backend": { "prefer-gzip-encoding-to-backend": {
"title": "Prefer gzip Encoding for Backend", "title": "Prefer gzip Encoding for Backend",
"description": "If set to true, frontend will rewrite Accept-Encoding request header to simply 'gzip' for all variants of Accept-Encoding containing 'gzip', in order to maximize cache hits for resources cached with Vary: Accept-Encoding when enable_cache is used", "description": "If set to true, frontend will rewrite Accept-Encoding request header to simply 'gzip' for all variants of Accept-Encoding containing 'gzip', in order to maximize cache hits for resources cached with Vary: Accept-Encoding when enable_cache is used",
......
...@@ -16,7 +16,6 @@ ServerRoot {{ instance_home }} ...@@ -16,7 +16,6 @@ ServerRoot {{ instance_home }}
{% endfor -%} {% endfor -%}
ServerAdmin {{ server_admin }} ServerAdmin {{ server_admin }}
DefaultType text/plain
TypesConfig {{ httpd_home }}/conf/mime.types TypesConfig {{ httpd_home }}/conf/mime.types
AddType application/x-compress .Z AddType application/x-compress .Z
AddType application/x-gzip .gz .tgz AddType application/x-gzip .gz .tgz
...@@ -105,6 +104,11 @@ BrowserMatch "^gnome-vfs" redirect-carefully ...@@ -105,6 +104,11 @@ BrowserMatch "^gnome-vfs" redirect-carefully
BrowserMatch "^XML Spy" redirect-carefully BrowserMatch "^XML Spy" redirect-carefully
BrowserMatch "^Dreamweaver-WebDAV-SCM1" redirect-carefully BrowserMatch "^Dreamweaver-WebDAV-SCM1" redirect-carefully
{% if slapparameter_dict.get('enable-http2-by-default', 'true') == 'true' %}
Protocols h2 http/1.1
{% endif %}
# Increase IPReadLimit to 10 # Increase IPReadLimit to 10
<IfModule antiloris_module> <IfModule antiloris_module>
# IPReadLimit - Maximum simultaneous connections in READ state per IP address # IPReadLimit - Maximum simultaneous connections in READ state per IP address
...@@ -125,7 +129,12 @@ ExtendedStatus On ...@@ -125,7 +129,12 @@ ExtendedStatus On
Require valid-user Require valid-user
</Location> </Location>
ServerLimit {{ slapparameter_dict.get('mpm-server-limit', '16') }}
MaxClients {{ slapparameter_dict.get('mpm-max-clients', '400') }}
StartServers {{ slapparameter_dict.get('mpm-start-servers', '3') }}
ThreadsPerChild {{ slapparameter_dict.get('mpm-thread-per-child', '25') }}
#MaxRequestsPerChild 0 // Default value is 0
GracefulShutdownTimeout {{ slapparameter_dict.get('mpm-graceful-shutdown-timeout', '5') }}
# Deflate # Deflate
AddOutputFilterByType DEFLATE text/html text/plain text/xml text/css text/javascript application/x-javascript application/javascript AddOutputFilterByType DEFLATE text/html text/plain text/xml text/css text/javascript application/x-javascript application/javascript
...@@ -156,13 +165,7 @@ SSLProxyCheckPeerCN off ...@@ -156,13 +165,7 @@ SSLProxyCheckPeerCN off
SSLProxyCheckPeerExpire off SSLProxyCheckPeerExpire off
include {{frontend_configuration.get('log-access-configuration')}} include {{frontend_configuration.get('log-access-configuration')}}
NameVirtualHost *:{{ http_port }}
NameVirtualHost *:{{ https_port }}
include {{ slave_configuration_directory }}/*.conf include {{ slave_configuration_directory }}/*.conf
NameVirtualHost *:{{ cached_port }}
NameVirtualHost *:{{ ssl_cached_port }}
include {{ slave_with_cache_configuration_directory }}/*.conf include {{ slave_with_cache_configuration_directory }}/*.conf
ErrorDocument 404 /notfound.html ErrorDocument 404 /notfound.html
......
...@@ -3,6 +3,7 @@ ...@@ -3,6 +3,7 @@
{%- set disable_via_header = ('' ~ slave_parameter.get('disable-via-header', '')).lower() in TRUE_VALUES -%} {%- set disable_via_header = ('' ~ slave_parameter.get('disable-via-header', '')).lower() in TRUE_VALUES -%}
{%- set prefer_gzip = ('' ~ slave_parameter.get('prefer-gzip-encoding-to-backend', '')).lower() in TRUE_VALUES -%} {%- set prefer_gzip = ('' ~ slave_parameter.get('prefer-gzip-encoding-to-backend', '')).lower() in TRUE_VALUES -%}
{%- set server_alias_list = slave_parameter.get('server-alias', '').split() -%} {%- set server_alias_list = slave_parameter.get('server-alias', '').split() -%}
{%- set enable_h2 = ('' ~ slave_parameter.get('enable-http2', 'true')).lower() in TRUE_VALUES -%}
{%- set ssl_proxy_verify = ('' ~ slave_parameter.get('ssl-proxy-verify', '')).lower() in TRUE_VALUES -%} {%- set ssl_proxy_verify = ('' ~ slave_parameter.get('ssl-proxy-verify', '')).lower() in TRUE_VALUES -%}
{%- set disabled_cookie_list = slave_parameter.get('disabled-cookie-list', '').split() -%} {%- set disabled_cookie_list = slave_parameter.get('disabled-cookie-list', '').split() -%}
{%- set https_only = ('' ~ slave_parameter.get('https-only', '')).lower() in TRUE_VALUES -%} {%- set https_only = ('' ~ slave_parameter.get('https-only', '')).lower() in TRUE_VALUES -%}
...@@ -33,8 +34,10 @@ ...@@ -33,8 +34,10 @@
SSLProtocol all -SSLv2 -SSLv3 SSLProtocol all -SSLv2 -SSLv3
SSLCipherSuite ECDH+AESGCM:DH+AESGCM:ECDH+AES256:DH+AES256:ECDH+AES128:DH+AES:ECDH+3DES:DH+3DES:RSA+AESGCM:RSA+AES:RSA+3DES:HIGH:!aNULL:!MD5 SSLCipherSuite ECDH+AESGCM:DH+AESGCM:ECDH+AES256:DH+AES256:ECDH+AES128:DH+AES:ECDH+3DES:DH+3DES:RSA+AESGCM:RSA+AES:RSA+3DES:HIGH:!aNULL:!MD5
SSLHonorCipherOrder on SSLHonorCipherOrder on
Protocols h2 http/1.1
{% if enable_h2 %}
Protocols h2 http/1.1
{% endif -%}
{% for key, value in ssl_configuration_list -%} {% for key, value in ssl_configuration_list -%}
{% if value in slave_parameter -%} {% if value in slave_parameter -%}
...@@ -123,7 +126,9 @@ ...@@ -123,7 +126,9 @@
# Remove "Secure" from cookies, as backend may be https # Remove "Secure" from cookies, as backend may be https
Header edit Set-Cookie "(?i)^(.+);secure$" "$1" Header edit Set-Cookie "(?i)^(.+);secure$" "$1"
{% if enable_h2 %}
Protocols h2 http/1.1 Protocols h2 http/1.1
{% endif -%}
{% if disable_no_cache_header %} {% if disable_no_cache_header %}
RequestHeader unset Cache-Control RequestHeader unset Cache-Control
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment