perf(apache): improve performance of the Apache container

- nextcloud.conf: increase BrotliCompressionQuality from 0 to 4
- nextcloud.conf: add mod_deflate fallback for non-Brotli clients
- nextcloud.conf: enable HTTP/2 cleartext (h2c) via mod_http2 IfModule block
- nextcloud.conf: remove Options Indexes and duplicate Options line
- nextcloud.conf: remove deprecated Satisfy Any directive
- nextcloud.conf: add KeepAlive On / KeepAliveTimeout 5 / MaxKeepAliveRequests 100
- nextcloud.conf: add EnableSendfile On / EnableMMAP Off
- Dockerfile: enable mod_http2 LoadModule via sed
- Dockerfile: tune mpm_event (MaxRequestWorkers 400, ServerLimit 16,
  ThreadsPerChild 25, StartServers 2, MinSpareThreads 25, MaxSpareThreads 75)
- Caddyfile: add encode gzip zstd for response compression
- supervisord.conf: remove duplicate nodaemon=true

Agent-Logs-Url: https://github.com/nextcloud/all-in-one/sessions/a79198ed-cd31-4e15-9074-b3d3f3f92069

fix(apache): disable HTTP/2, disable Caddy gzip, restore MaxRequestWorkers 5000

- Caddyfile: remove `encode gzip zstd` (disable gzip/zstd compression in Caddy)
- nextcloud.conf: remove HTTP/2 `<IfModule mod_http2.c>` block (disable h2c in Apache)
- Dockerfile: remove mod_http2.so LoadModule sed line
- Dockerfile: restore MaxRequestWorkers 5000, ServerLimit 200, and original comments

Kept from previous commit:
- BrotliCompressionQuality raised from 0 to 4
- mod_deflate fallback for non-Brotli clients
- KeepAlive On / KeepAliveTimeout 5 / MaxKeepAliveRequests 100
- EnableSendfile On / EnableMMAP Off
- ThreadsPerChild 25, StartServers 2, MinSpareThreads 25, MaxSpareThreads 75
- supervisord.conf: remove duplicate nodaemon=true

Agent-Logs-Url: https://github.com/nextcloud/all-in-one/sessions/66a07d0e-2276-4b0e-b17d-53c733530d07

fix(apache): prevent double-encoding, add explanatory comments

- Add SetEnvIfNoCase Accept-Encoding \bbr\b no-gzip inside mod_brotli block
  so mod_deflate is skipped for clients that already get Brotli-compressed
  responses, preventing double-encoding.
- Expand all comments to explain the purpose/benefit of each added directive.

Agent-Logs-Url: https://github.com/nextcloud/all-in-one/sessions/98098727-e2c1-4504-b0d5-47c8b06b794d

docs(apache/Dockerfile): add explanatory comments to all new directives

- Add comment block before the sed/LoadModule block explaining why mpm_event
  is chosen and why mod_brotli is enabled alongside the deflate fallback.
- Add per-line comments for ThreadsPerChild, StartServers, MinSpareThreads,
  and MaxSpareThreads explaining the rationale for each value.

Agent-Logs-Url: https://github.com/nextcloud/all-in-one/sessions/2dc7afc9-b8a1-4b0a-ba13-0ad89e5c2d37

fix(apache): disable EnableSendfile to allow output filters (Brotli/deflate) on static files

Agent-Logs-Url: https://github.com/nextcloud/all-in-one/sessions/54995b4a-7b5d-4e8e-a92a-684d32b42bd4

docs(apache/nextcloud.conf): add per-directive comments to KeepAlive block

Agent-Logs-Url: https://github.com/nextcloud/all-in-one/sessions/329da0e6-b5dd-4cdd-8c05-9ae0bf25ebfd

reduce MaxSpareThreads from 75 to 50

Agent-Logs-Url: https://github.com/nextcloud/all-in-one/sessions/f253e0c7-a192-4bda-96c2-c12a7e1cb81b

raise MaxKeepAliveRequests from 100 to 500 for Nextcloud sync clients

Agent-Logs-Url: https://github.com/nextcloud/all-in-one/sessions/89da74d6-b0d3-4d19-909d-dee06cbad060

remove deflate fallback — all Nextcloud-supported browsers have Brotli

Agent-Logs-Url: https://github.com/nextcloud/all-in-one/sessions/def9ae64-6793-4c8f-ba0c-e36ef6f8f28f

Apply suggestion from @szaimen

Signed-off-by: Simon L. <szaimen@e.mail.de>
Co-Authored-By: szaimen <42591237+szaimen@users.noreply.github.com>

Containers/apache/Dockerfile

@@ -60,6 +60,19 @@ RUN set -ex; \
     grep -q '<IfModule mpm_event_module>' /usr/local/apache2/conf/extra/httpd-mpm.conf; \
 # ServerLimit needs to be set to MaxRequestWorkers divided by ThreadsPerChild which is set to 25 by default
     sed -i '/<IfModule mpm_event_module>/a\ \ \ \ ServerLimit 200' /usr/local/apache2/conf/extra/httpd-mpm.conf; \
+# Pin ThreadsPerChild so the value is deterministic regardless of the httpd base-image
+# defaults; 25 threads per process balances concurrency against per-process memory use.
+    sed -i 's|ThreadsPerChild.*|ThreadsPerChild 25|' /usr/local/apache2/conf/extra/httpd-mpm.conf; \
+# Start two server processes on boot to absorb the first requests without spawning
+# new processes on the critical path, while avoiding unnecessary memory overhead.
+    sed -i 's|StartServers.*|StartServers 2|' /usr/local/apache2/conf/extra/httpd-mpm.conf; \
+# Keep at least 25 idle threads (one full process worth) so traffic bursts can be
+# absorbed immediately without triggering new process creation.
+    sed -i 's|MinSpareThreads.*|MinSpareThreads 25|' /usr/local/apache2/conf/extra/httpd-mpm.conf; \
+# Retire idle threads above 50 to reclaim memory during quiet periods. 50 is the
+# minimum valid value (MinSpareThreads + ThreadsPerChild = 25 + 25) and is enough
+# to absorb typical bursts without respawning a new process.
+    sed -i 's|MaxSpareThreads.*|MaxSpareThreads 50|' /usr/local/apache2/conf/extra/httpd-mpm.conf; \
     \
     rm -rf /usr/local/apache2/conf/original /var/www; \
     mkdir -p /var/www; \

Containers/apache/nextcloud.conf

@@ -9,6 +9,34 @@ Listen 8000
     ErrorLogFormat "[%t] [%l] [%E] [client: %{X-Forwarded-For}i] [%M] [%{User-Agent}i]"
     LogLevel warn
 
+    # KeepAlive On: allow the same TCP connection to carry multiple HTTP requests.
+    # Without this each asset (JS, CSS, image) would require a full TCP handshake,
+    # which is especially expensive on TLS connections and noticeably slows down
+    # Nextcloud's login page and file manager that load dozens of resources at once.
+    KeepAlive On
+    # KeepAliveTimeout: close an idle keep-alive connection after 5 seconds.
+    # A short timeout frees Apache worker threads quickly so they are available
+    # for new requests; 5 s is long enough to cover the gap between requests
+    # that a browser issues while rendering a page (typically < 1 s), yet short
+    # enough to avoid holding threads open for idle or slow clients.
+    KeepAliveTimeout 5
+    # MaxKeepAliveRequests: allow at most 500 requests per persistent connection.
+    # 100 (the Apache default) is too low for Nextcloud: the desktop and mobile
+    # sync clients issue many small API calls (PROPFIND, GET, PUT, checksums …)
+    # per sync cycle and routinely exceed 100 requests on a single connection.
+    # Hitting the limit forces a new TCP/TLS handshake, adding latency and CPU
+    # overhead. 500 gives sync clients enough headroom while still periodically
+    # recycling threads to contain per-process memory growth.
+    MaxKeepAliveRequests 500
+
+    # sendfile(2) is disabled because it bypasses Apache's output-filter chain: with
+    # it enabled, mod_brotli is silently skipped for static files (JS, CSS, SVG),
+    # negating the compression configured below.  MMAP is also
+    # disabled because files can be replaced by Nextcloud at any time and mmap'd
+    # pages could serve stale data.
+    EnableSendfile Off
+    EnableMMAP Off
+
     # PHP match
     <FilesMatch "\.php$">
         SetHandler "proxy:fcgi://${NEXTCLOUD_HOST}:9000"
@@ -17,20 +45,25 @@ Listen 8000
     <Proxy "fcgi://${NEXTCLOUD_HOST}:9000" flushpackets=on>
     </Proxy>
 
-    # Enable Brotli compression for js, css and svg files - other plain files are compressed by Nextcloud by default
+    # Compress JS, CSS and SVG responses with Brotli (quality 4 gives good
+    # compression with reasonable CPU cost; the default of 0 barely compresses).
+    # Other plain-text files are already compressed by Nextcloud itself.
+    # No deflate fallback is needed: every browser that Nextcloud supports
+    # (Chrome 49+, Firefox 44+, Safari 11+, Edge 15+ — all from 2016-2017)
+    # supports Brotli. Internet Explorer, the only browser that never gained
+    # Brotli support, was dropped by Nextcloud with NC15 (2019).
+    # Desktop and mobile sync clients never request JS/CSS/SVG assets.
     <IfModule mod_brotli.c>
         AddOutputFilterByType BROTLI_COMPRESS text/javascript application/javascript application/x-javascript text/css image/svg+xml
-        BrotliCompressionQuality 0
+        BrotliCompressionQuality 4
     </IfModule>
 
     # Nextcloud dir
     DocumentRoot /var/www/html/
     <Directory /var/www/html/>
-        Options Indexes FollowSymLinks
+        Options FollowSymLinks MultiViews
         Require all granted
         AllowOverride All
-        Options FollowSymLinks MultiViews
-        Satisfy Any
         <IfModule mod_dav.c>
             Dav off
         </IfModule>

Containers/apache/supervisord.conf

@@ -1,6 +1,5 @@
 [supervisord]
 nodaemon=true
-nodaemon=true
 logfile=/var/log/supervisord/supervisord.log
 pidfile=/var/run/supervisord/supervisord.pid
 childlogdir=/var/log/supervisord/