Added http2 support in Mission Portal with apache and php-fpm

Ticket: ENT-11440 Changelog: title
cfengine · Oct 7, 2024 · 25cba38 · 25cba38
1 parent 2e411fb
commit 25cba38
Show file tree

Hide file tree

Showing 7 changed files with 741 additions and 1 deletion.
diff --git a/cfe_internal/enterprise/mission_portal.cf b/cfe_internal/enterprise/mission_portal.cf
@@ -4,6 +4,42 @@ bundle agent cfe_internal_enterprise_mission_portal
 
       "description" string => "Manage mission portal configuration";
 
+classes:
+      "mission_portal_http2_enabled"
+        expression => and(
+                          fileexists("$(sys.workdir)/httpd/php/sbin/php-fpm"),
+                          fileexists("$(sys.workdir)/httpd/modules/mod_http2.so")
+                      ),
+        comment => "If php-fpm and mod_http2.so are present then http2 is enabled
+                    and we use this class in httpd.conf to configure accordingly.";
+  vars:
+    # TODO: instead of hard-coded defaults, base them on cpu/memory of hub
+    policy_server.enterprise_edition.mission_portal_http2_enabled::
+      "php_fpm_www_pool_max_children" string => ifelse(
+        isvariable("default:def.php_fpm_www_pool_max_children"),
+        "$(default:def.php_fpm_www_pool_max_children)",
+        "8");
+      "php_fpm_www_pool_start_servers" string => ifelse(
+        isvariable("default:def.php_fpm_www_pool_start_servers"),
+        "$(default:def.php_fpm_www_pool_start_servers)",
+        "2");
+      "php_fpm_www_pool_min_spare_servers" string => ifelse(
+        isvariable("default:def.php_fpm_www_pool_min_spare_servers"),
+        "$(default:def.php_fpm_www_pool_min_spare_servers)",
+        "1");
+      "php_fpm_www_pool_max_spare_servers" string => ifelse(
+        isvariable("default:def.php_fpm_www_pool_max_spare_servers"),
+        "$(default:def.php_fpm_www_pool_max_spare_servers)",
+        "3");
+"php_fpm_state" data => mergedata('{"vars.sys.workdir": "${default:sys.workdir}"}');
+      "www_pool_state" data => 
+mergedata('{
+"max_children":"${php_fpm_www_pool_max_children}",
+"start_servers":"${php_fpm_www_pool_start_servers}",
+"min_spare_servers":"${php_fpm_www_pool_min_spare_servers}",
+"max_spare_servers":"${php_fpm_www_pool_max_spare_servers}"
+}');
+
   methods:
 
     policy_server::
@@ -15,6 +51,28 @@ bundle agent cfe_internal_enterprise_mission_portal
         handle => "cfe_internal_management_web_server",
         comment => "Manage Apache Web server (on/off)";
 
+policy_server.mission_portal_http2_enabled::
+    "PHP FastCGI process manager"
+      usebundle => service_config(
+"cf-php-fpm",
+"$(this.promise_dirname)/templates/php-fpm.conf.mustache",
+"$(sys.workdir)/httpd/php/etc/php-fpm.conf",
+"$(sys.workdir)/httpd/php/sbin/php-fpm -t --fpm-config ",
+@(php_fpm_state)
+);
+
+    "PHP FastCGI www pool config"
+      usebundle => service_config(
+"cf-php-fpm",
+"$(this.promise_dirname)/templates/php-fpm-pool-www.conf.mustache",
+"$(sys.workdir)/httpd/php/etc/php-fpm.d/www.conf",
+"$(sys.workdir)/httpd/php/sbin/php-fpm -t --fpm-config ",
+@(www_pool_state)
+);
+
+ reports:
+   "php_fpm_state is ${with}" with => storejson(php_fpm_state);
+   "www_pool_state is ${with}" with => storejson(www_pool_state);
 }
 bundle agent apachectl_patched_for_upgrade
 # @brief Ensure that apacehctl is patched so that it is able to re-start services

diff --git a/cfe_internal/enterprise/templates/httpd.conf.mustache b/cfe_internal/enterprise/templates/httpd.conf.mustache
@@ -110,7 +110,12 @@ DocumentRoot "{{{vars.cfe_internal_hub_vars.public_docroot}}}"
 </FilesMatch>
 
 ErrorLog "logs/error_log"
+{{#data:cfengine_enterprise_mission_portal_debug_php_fpm}}
+LogLevel warn rewrite:trace6 proxy:debug proxy_fcgi:debug dir:debug
+{{/data:cfengine_enterprise_mission_portal_debug_php_fpm}}
+{{^data:cfengine_enterprise_mission_portal_debug_php_fpm}}
 LogLevel warn
+{{/data:cfengine_enterprise_mission_portal_debug_php_fpm}}
 
 <IfModule log_config_module>
     LogFormat "%h %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\"" combined
@@ -244,10 +249,26 @@ LogLevel warn
 </IfModule>
 
 
+{{#classes.mission_portal_http2_enabled}}
+# Use mod_http2
+LoadModule http2_module modules/mod_http2.so
+# Prefer http2 protocol
+Protocols h2 h2c http/1.1
+
+# Setup php to be handled by php-fpm. Required for use of mod_http2 due to threading issues in php.
+LoadModule proxy_module modules/mod_proxy.so
+LoadModule proxy_fcgi_module modules/mod_proxy_fcgi.so
+# Need to pass auth headers to fpm
+SetEnvIf Authorization "(.*)" HTTP_AUTHORIZATION=$1
+<FilesMatch \.php$>
+SetHandler "proxy:fcgi://127.0.0.1:9000"
+</FilesMatch>
+{{/classes.mission_portal_http2_enabled}}
+{{^classes.mission_portal_http2_enabled}}
 LoadModule php{{{vars.cfe_internal_hub_vars.php_version}}}_module       modules/libphp{{{vars.cfe_internal_hub_vars.php_version}}}.so
 AddHandler php{{{vars.cfe_internal_hub_vars.php_version}}}-script       .php
 AddType    application/x-httpd-php-source php{{{vars.cfe_internal_hub_vars.php_version}}}
-
+{{/classes.mission_portal_http2_enabled}}
 
 <Directory "{{{vars.cfe_internal_hub_vars.public_docroot}}}">