Per default most Apache+PHP installations on Debian are using Apache with the modules MPM-Prefork and PHP (mod_php).
Besides from getting a small tuning and running the newer MPM, there is one important change, if you switch such a setup to PHP-FPM + Apache MPM-Event: You can then use HTTP/2.
The gains of the mentioned ‘tuning’ depends largely on your setup and the profit is rarely huge, but still beneficial.
The mpm-prefork module is not compatible with HTTP/2. If you want HTTP/2, you have to use the mpm-event- or mpm-worker module, but these two are not compatible with mod_php, which is not thread safe.
mpm-prefork is process-driven and so the non thread safety isn’t an issue. mpm-event and -worker are based on threads. I guess, you see the problem …
So let’s start and fastly do the switch. As mentioned before the following steps all refer to Debian 10 Buster with Apache and mod_php installed.
1. Preparation in forehand
Create the file /etc/apache2/conf-available/protect-user-inis.conf with following content:
<FilesMatch "^\.user.ini">
Require all denied
</FilesMatch>
2. Stop Apache
systemctl stop apache2.service
systemctl disable apache2.service
3. Remove php-flags and -values in vhosts
The Apache with MPM Event or Worker can not handle php-directives inside its configuration, so we have to get rid of it or we will not be able to start apache after changing the MPM.
grep -irE 'php.*(flag|value)' /etc/apache2/sites-enabled
- per docroot in the found vhosts create at the root a .user.ini file
- fill these with the values and flags found by the grep command above
- omit the keywords ‘php_admin_flag’ and such and just insert ‘key=value’ pairs
- eg: ‘php_admin_value memory_limit 512M’
- this will be only ‘memory_limit=512M’ in .user.ini
- if done, comment the entries in the vhosts or delte them
4. Install the PHP-FPM software ..
.. and check if its running and will be started at boot.
apt install php-fpm
systemctl status php*-fpm.service
systemctl is-enabled php7.3-fpm.service
Normally the service is started after installation. If it is not running, check the reason, fix it and start it manually.
5. Activate/deactivate modules and confs to our needs
a2dismod php7.3 mpm_prefork
a2enmod proxy_fcgi setenvif mpm_event
a2enconf php7.3-fpm protect-user-inis
6. Start and re-enable Apache
systemctl start apache2.service
systemctl enable apache2.service
Well, that was all. Pretty easy, if you don’t have too complex configurations. You can also simply enable HTTP/2 now (a2enmod http2 && systemctl restart apache), but don’t forget, that HTTP/2 only works with SSL.