From c11827de9f675bffcd045caa56038c2e6d71dfbd Mon Sep 17 00:00:00 2001 From: Kevin Fenzi Date: Wed, 3 Aug 2022 11:46:46 -0700 Subject: [PATCH] pagure/src: see about enabling h2 I'll try this in stg first and then roll to prod if all looks ok. I don't see any reason why it wouldn't work off hand. Signed-off-by: Kevin Fenzi --- playbooks/include/proxies-websites.yml | 2 +- roles/apache/tasks/main.yml | 10 ++++++++++ roles/pagure/templates/0_pagure.conf | 2 ++ 3 files changed, 13 insertions(+), 1 deletion(-) diff --git a/playbooks/include/proxies-websites.yml b/playbooks/include/proxies-websites.yml index 81065b6fb8..ceffd5d2e7 100644 --- a/playbooks/include/proxies-websites.yml +++ b/playbooks/include/proxies-websites.yml @@ -172,7 +172,7 @@ server_aliases: [src.stg.fedoraproject.org] cert_name: "{{wildcard_cert_name}}" sslonly: true - use_h2: false + use_h2: true - role: httpd/website site_name: download.fedoraproject.org diff --git a/roles/apache/tasks/main.yml b/roles/apache/tasks/main.yml index 75571caa30..f2968c7dff 100644 --- a/roles/apache/tasks/main.yml +++ b/roles/apache/tasks/main.yml @@ -11,6 +11,16 @@ - apache when: ansible_cmdline.ostree is not defined +- name: install mod_http2 on rhel8 hosts + package: + state: present + name: + - mod_http2 + tags: + - packages + - apache + when: ansible_distribution_major_version|int >= 8 and ansible_distribution == 'RedHat' + - name: set apache running/enabled service: name=httpd enabled=yes ignore_errors: true diff --git a/roles/pagure/templates/0_pagure.conf b/roles/pagure/templates/0_pagure.conf index 3cc1722a6a..4391321541 100644 --- a/roles/pagure/templates/0_pagure.conf +++ b/roles/pagure/templates/0_pagure.conf @@ -6,6 +6,8 @@ WSGIPassAuthorization On WSGIDaemonProcess pagure user=git group=git maximum-requests=1000 display-name=pagure processes=10 threads=6 inactivity-timeout=300 WSGIDaemonProcess paguredocs user=git group=git maximum-requests=1000 display-name=paguredocs processes=4 threads=4 inactivity-timeout=300 +Protocols h2 h2c http/1.1 + ## Redirects http -> https