From f10f66ef821abbd3b6c907f452d96a2d67c4926e Mon Sep 17 00:00:00 2001
From: Stephen Smoogen <smooge@redhat.com>
Date: Thu, 30 Apr 2020 09:55:06 +0000
Subject: [PATCH] httpd: download servers fix to 408's

The Fedora download servers are experiencing a large number of 408's
every day. This is causing timeouts and breaks on yum update. I talked
with the CentOS admins and they pointed me to
https://github.com/CentOS/ansible-role-httpd/ which I shameless borrowed
some code for just the dl. box.
---
 roles/download/templates/httpd/dl.fedoraproject.org.conf | 7 +++++++
 vars/global.yml                                          | 2 ++
 2 files changed, 9 insertions(+)

diff --git a/roles/download/templates/httpd/dl.fedoraproject.org.conf b/roles/download/templates/httpd/dl.fedoraproject.org.conf
index edf3c7223f..2f5a572120 100644
--- a/roles/download/templates/httpd/dl.fedoraproject.org.conf
+++ b/roles/download/templates/httpd/dl.fedoraproject.org.conf
@@ -29,3 +29,10 @@
 
   Include "conf.d/dl.fedoraproject.org/*.conf"
 </VirtualHost>
+
+# Prefork tuning
+<IfModule mpm_prefork_module>
+    ServerLimit               {{ httpd_maxrequestworkers * 1.5 }}
+    MaxRequestWorkers         {{ httpd_maxrequestworkers }}
+    MaxConnectionsPerChild    {{ httpd_maxrequestworkers * 5 }}
+</IfModule>
diff --git a/vars/global.yml b/vars/global.yml
index d62022d4b3..532170d0b9 100644
--- a/vars/global.yml
+++ b/vars/global.yml
@@ -61,6 +61,8 @@ fedora31_x86_64: Fedora-Cloud-Base-31-1.9.x86_64
 ssl_protocols: "+all -SSLv3 -TLSv1 -TLSv1.1"
 ssl_ciphers: "TLS_AES_256_GCM_SHA384:TLS_CHACHA20_POLY1305_SHA256:TLS_AES_128_GCM_SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-DSS-AES128-GCM-SHA256:kEDH+AESGCM:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA256:DHE-RSA-AES256-SHA256:DHE-DSS-AES256-SHA:DHE-RSA-AES256-SHA:!aNULL:!eNULL:!EXPORT:!DES:!RC4:!3DES:!MD5:!PSK"
 
+httpd_maxrequestworkers: 512
+
 # Set a default hostname base to transient. Override in host vars or command line.
 hostbase: transient
 global_pkgs_inst: ['bind-utils', 'mailx', 'nc', 'openssh-clients',