Page MenuHomePhabricator

Enable http/2 for planet apache
Closed, DeclinedPublic

Description

What it says in the title.

This will have increase performance :).


This is to test enabling http/2 on planet before we do it on other services such as Gerrit in T180978.

https://gerrit.wikimedia.org/r/#/c/392495/ added http/2 support to Apache module

Event Timeline

Change 392983 had a related patch set uploaded (by Paladox; owner: Paladox):
[operations/puppet@production] planet: Add support for http/2 on stretch

https://gerrit.wikimedia.org/r/392983

Dzahn updated the task description. (Show Details)

Change 392983 merged by Dzahn:
[operations/puppet@production] planet: Add support for http/2 on stretch

https://gerrit.wikimedia.org/r/392983

Yeah! planet-hotdog.wmflabs.org supports HTTP/2.0.

from https://tools.keycdn.com/http2-test using URL https://planet-hotdog.wmflabs.org after the above merge and Paladox applied it on labs.

Planet is behind misc-web, right? If so, that's a fairly pointless task, unless I'm missing something. Even if HTTP/2 made a difference (doubtful) for the internal low-latency traffic, Varnish doesn't support HTTP/2 on the client-side anyway, so it won't get used. 008b62f4048 should probably be reverted, its effects manually reverted (a2dismod http2) and this task be declined, unless I'm missing something.

Also, over the last 1.5 years there have been four HTTP/2 specific Apache vulnerabilities ranging from DoS to potential code execution via use-after-free and the feature only got promoted out of "experimental" status in June (in a release more recent than what's in stretch), we should revisit this for the buster release.

008b62f4048 should probably be reverted, its effects manually reverted (a2dismod http2) and this task be declined

done