From f1280f1e5ee85d52d482d2eac0289334042cef58 Mon Sep 17 00:00:00 2001
From: Salt <rehashedsalt@cock.li>
Date: Wed, 30 Dec 2020 16:37:22 -0600
Subject: [PATCH] Reorder roles of web1.desu.ltd, enable FastCGI, switch to
 prefork, and enable HTTP2 WEW

---
 playbooks/web.yml | 85 +++++++++++++++++++++++++++--------------------
 1 file changed, 49 insertions(+), 36 deletions(-)

diff --git a/playbooks/web.yml b/playbooks/web.yml
index 0b0d94f..88c47b5 100755
--- a/playbooks/web.yml
+++ b/playbooks/web.yml
@@ -12,16 +12,64 @@
           - /var/www/www.9iron.club/files
       become: yes
       tags: [ backup ]
+    - role: certbot
+      vars:
+        certbot_admin_email: rehashedsalt@cock.li
+        certbot_create_if_missing: yes
+        certbot_create_method: standalone
+        certbot_create_standalone_stop_services:
+          - apache2
+        certbot_certs:
+          - domains:
+              - desu.ltd
+              - git.desu.ltd
+              - nc.desu.ltd
+              - web1.desu.ltd
+              - 9iron.club
+              - www.9iron.club
+      become: yes
+      tags: [ web, certbot ]
+    - role: php
+      vars:
+        php_enable_php_fpm: yes
+        php_memory_limit: 512M
+        php_packages_extra:
+          - libapache2-mod-php
+          - php-zip # For Nextcloud
+          - php-intl
+          - php-imagick
+          - php-redis
+          - php-bcmath
+          - php-gmp
+          - php-pgsql # For general DB stuff
+        # Nextcloud recommended opcache settings
+        php_opcache_max_accelerated_files: 10000
+        php_opcache_memory_consumption: 128
+        php_opcache_revalidate_freq: 2
+      become: yes
+      tags: [ web, php ]
     - role: apache
       vars:
         apache_remove_default_vhost: yes
         apache_packages_state: latest
         apache_mods_enabled:
           - headers.load
-          - ssl.load
+          - http2.load
+          - mpm_worker.load
           - proxy.load
+          - proxy_fcgi.load
           - proxy_http.load
           - rewrite.load
+          - ssl.load
+        apache_mods_disabled:
+          - mpm_prefork.load
+          - php7.4.load
+        apache_global_vhost_settings: |
+          DirectoryIndex index.php index.html
+          Protocols h2 http/1.1
+          <FilesMatch \.php$>
+            SetHandler "proxy:unix:/var/run/php/php-fpm.sock|fcgi://localhost/"
+          </FilesMatch>
         apache_vhosts:
             # desu.ltd
           - servername: nc.desu.ltd
@@ -76,41 +124,6 @@
             certificate_chain_file: /etc/letsencrypt/live/desu.ltd/chain.pem
       become: yes
       tags: [ web, apache ]
-    - role: certbot
-      vars:
-        certbot_admin_email: rehashedsalt@cock.li
-        certbot_create_if_missing: yes
-        certbot_create_method: standalone
-        certbot_create_standalone_stop_services:
-          - apache2
-        certbot_certs:
-          - domains:
-              - desu.ltd
-              - git.desu.ltd
-              - nc.desu.ltd
-              - web1.desu.ltd
-              - 9iron.club
-              - www.9iron.club
-      become: yes
-      tags: [ web, certbot ]
-    - role: php
-      vars:
-        php_memory_limit: 512M
-        php_packages_extra:
-          - libapache2-mod-php
-          - php-zip # For Nextcloud
-          - php-intl
-          - php-imagick
-          - php-redis
-          - php-bcmath
-          - php-gmp
-          - php-pgsql # For general DB stuff
-        # Nextcloud recommended opcache settings
-        php_opcache_max_accelerated_files: 10000
-        php_opcache_memory_consumption: 128
-        php_opcache_revalidate_freq: 2
-      become: yes
-      tags: [ web, php ]
     - role: git
       vars:
         git_repos: