Synced

remove ssl ciphers they bug out the new method (91ce5c1563)
doc changes (aa9806300a)

docs/apache2.md

@@ -7,19 +7,25 @@ Then, install the following dependencies:
 ```sh
 apt update
 apt upgrade
-apt install php-mbstring apache2 certbot php-imagick imagemagick php-curl curl php-apcu git libapache2-mod-php
+apt install php-mbstring apache2 certbot php-imagick imagemagick php-curl curl php-apcu git libapache2-mod-fcgid php-fpm
 ```
 
 Enable the required modules:
 ```sh
+a2dismod mpm_prefork
+a2enmod mpm_event
 a2enmod ssl
 a2enmod rewrite
+a2enmod proxy_fcgi setenvif actions alias
+a2enmod http2
+a2enmod headers
+a2enmod proxy
 ```
 
-And enable these optional ones, which might be useful to you later on. The `proxy` module is useful for setting up reverse proxies to services like gitea, and `headers` is useful to tweak global header values:
+Tune the performance of php-fpm. You will need to edit this file according to your server specs and number of users. Edit the file at `/etc/php/8.4/pool.d/www.conf`:
 ```sh
-a2enmod proxy
-a2enmod headers
+pm = static
+pm.max_children = 50
 ```
 
 Now, restart apache2:
@@ -27,7 +33,7 @@ Now, restart apache2:
 service apache2 restart
 ```
 
-Just for good measure, please check if your webserver is running. Access it through HTTP, not HTTPS. You should see the apache2 default landing page.
+Just for good measure, please check if your webserver is running. Access it through HTTP, not HTTPS. You should see the apache2 default landing page. Just a note, http2 won't work just yet since you don't have SSL yet.
 
 ## 000-default.conf
 Now, edit the following file: `/etc/apache2/sites-available/000-default.conf`, remove everything and carefully add each rule specified here, while making sure to replace my domains with your own:
@@ -73,6 +79,10 @@ Now, edit the following file: `/etc/apache2/sites-available/000-default.conf`, r
 	AddOutputFilterByType DEFLATE text/css
 
 	DocumentRoot /var/www/4get
+	
+	<FilesMatch \.php$>
+		SetHandler "proxy:unix:/run/php/php8.1-fpm.sock|fcgi://localhost/"
+	</FilesMatch>
 
 	Options -MultiViews
 	RewriteEngine On
@@ -80,6 +90,17 @@ Now, edit the following file: `/etc/apache2/sites-available/000-default.conf`, r
 	RewriteCond %{REQUEST_FILENAME} !-f
 	RewriteRule ^([^\.]+)$ $1.php [NC,L]
 
+	<Directory /var/www/4get>
+		Options -MultiViews
+		AllowOverride All
+		Require all granted
+
+		RewriteEngine On
+		RewriteCond %{REQUEST_FILENAME} !-d
+		RewriteCond %{REQUEST_FILENAME} !-f
+		RewriteRule ^([^\.]+)$ $1.php [NC,L]
+	</Directory>
+
 	# deny access to private resources
 	<Directory /var/www/4get/data/>
 		Order Deny,allow
@@ -115,7 +136,8 @@ Make sure to replace `4g.flossboxin.org.in` with your own domain under the `SSLC
 
 	ServerAdmin dev@flossboxin.org.in
 	DocumentRoot /var/www/4get
-	
+
+	Protocols h2 http/1.1	
 	SSLEngine On
 	SSLOptions +StdEnvVars
 	
@@ -127,7 +149,11 @@ Make sure to replace `4g.flossboxin.org.in` with your own domain under the `SSLC
 	AddOutputFilterByType DEFLATE text/html
 	AddOutputFilterByType DEFLATE text/plain
 	AddOutputFilterByType DEFLATE text/css
-	
+
+	<FilesMatch \.php$>
+		SetHandler "proxy:unix:/run/php/php8.1-fpm.sock|fcgi://localhost/"
+	</FilesMatch>
+
 	SSLCertificateFile /etc/letsencrypt/live/4g.flossboxin.org.in/fullchain.pem
 	SSLCertificateKeyFile /etc/letsencrypt/live/4g.flossboxin.org.in/privkey.pem
 	SSLCertificateChainFile /etc/letsencrypt/live/4g.flossboxin.org.in/chain.pem
@@ -213,4 +239,4 @@ chmod 777 -R icons/
 
 ... And try accessing your webserver. You should now have a working 4get instance!
 
-Please make sure to check out how to further <a href="https://git.flossboxin.org.in/FbIN/4get/src/branch/main/docs/configure.md">configure 4get</a> to your liking!
+Please make sure to check out how to further <a href="https://git.flossboxin.org.in/FbIN/4get/src/branch/main/docs/configure.md">configure 4get</a> to your liking!