diff --git a/build-scripts/compile-options b/build-scripts/compile-options
index 11b091805..2efea9b64 100644
--- a/build-scripts/compile-options
+++ b/build-scripts/compile-options
@@ -208,7 +208,7 @@ case "$ROLE" in
     # HUB-ONLY dependencies
     hub)
         var_append DEPS "libcurl-hub"
-        var_append DEPS "libexpat apr apr-util apache git rsync"
+        var_append DEPS "nghttp2 libexpat apr apr-util apache git rsync"
         var_append DEPS "postgresql php"
         ;;
     # AGENT-ONLY dependencies
diff --git a/deps-packaging/apache/cfbuild-apache.spec b/deps-packaging/apache/cfbuild-apache.spec
index 8fd727d13..cc113dae6 100644
--- a/deps-packaging/apache/cfbuild-apache.spec
+++ b/deps-packaging/apache/cfbuild-apache.spec
@@ -30,13 +30,13 @@ CPPFLAGS=-I%{buildprefix}/include
     --prefix=%{prefix}/httpd \
     --enable-so \
     --enable-mods-shared="all ssl ldap authnz_ldap" \
+    --enable-http2 \
     --with-z=%{prefix} \
     --with-ssl=%{prefix} \
     --with-ldap=%{prefix} \
     --with-apr=%{prefix} \
     --with-apr-util=%{prefix} \
     --with-pcre=%{prefix}/bin/pcre2-config \
-    --with-mpm=prefork \
     CPPFLAGS="$CPPFLAGS"
 
 %build
diff --git a/deps-packaging/apache/debian/rules b/deps-packaging/apache/debian/rules
index 504541046..d76a3e604 100755
--- a/deps-packaging/apache/debian/rules
+++ b/deps-packaging/apache/debian/rules
@@ -24,7 +24,6 @@ build-stamp:
 --with-apr=$(PREFIX) \
 --with-apr-util=$(PREFIX) \
 --with-pcre=$(PREFIX)/bin/pcre2-config \
---with-mpm=prefork \
 CPPFLAGS="$(CPPFLAGS)"
 	make
 
diff --git a/deps-packaging/nghttp2/cfbuild-nghttp2.spec b/deps-packaging/nghttp2/cfbuild-nghttp2.spec
new file mode 100644
index 000000000..07aeb11e6
--- /dev/null
+++ b/deps-packaging/nghttp2/cfbuild-nghttp2.spec
@@ -0,0 +1,67 @@
+%define nghttp2_version 1.62.1
+
+Summary: CFEngine Build Automation -- nghttp2
+Name: cfbuild-nghttp2
+Version: %{version}
+Release: 1
+Source0: nghttp2-%{nghttp2_version}.tar.xz
+License: MIT
+Group: Other
+Url: nghttp2.org
+BuildRoot: %{_topdir}/BUILD/%{name}-%{version}-%{release}-buildroot
+
+AutoReqProv: no
+
+%define prefix %{buildprefix}
+%prep
+mkdir -p %{_builddir}
+%setup -q -n nghttp2-%{nghttp2_version}
+
+./configure --prefix=%{prefix}
+
+%build
+
+make
+
+%install
+
+rm -rf ${RPM_BUILD_ROOT}
+
+make install DESTDIR=${RPM_BUILD_ROOT}
+
+# Remove unused files
+rm -rf ${RPM_BUILD_ROOT}%{prefix}/lib/libnghttp2.*a
+rm -rf ${RPM_BUILD_ROOT}%{prefix}/share/doc/nghttp2/README.rst
+rm -rf ${RPM_BUILD_ROOT}%{prefix}/share/man/man1/h2load.1
+rm -rf ${RPM_BUILD_ROOT}%{prefix}/share/man/man1/nghttp*
+rm -rf ${RPM_BUILD_ROOT}%{prefix}/share/nghttp2/fetch-ocsp-response
+
+%clean
+
+rm -rf $RPM_BUILD_ROOT
+
+%package devel
+Summary: CFEngine Build Automation -- nghttp2 -- development files
+Group: Other
+AutoReqProv: no
+
+%description
+CFEngine Build Automation -- nghttp2
+
+%description devel
+CFEngine Build Automation -- nghttp2 -- development files
+
+%files
+%defattr(-,root,root)
+
+%dir %prefix/lib
+%prefix/lib/*.so*
+
+%files devel
+%defattr(-,root,root)
+
+%prefix/include
+%dir %prefix/lib
+%prefix/lib/pkgconfig
+
+%changelog
diff --git a/deps-packaging/nghttp2/debian/cfbuild-nghttp2-devel.install b/deps-packaging/nghttp2/debian/cfbuild-nghttp2-devel.install
new file mode 100644
index 000000000..96c4b3019
--- /dev/null
+++ b/deps-packaging/nghttp2/debian/cfbuild-nghttp2-devel.install
@@ -0,0 +1,2 @@
+/var/cfengine/include
+/var/cfengine/lib/pkgconfig
diff --git a/deps-packaging/nghttp2/debian/cfbuild-nghttp2.install b/deps-packaging/nghttp2/debian/cfbuild-nghttp2.install
new file mode 100644
index 000000000..d47339c9d
--- /dev/null
+++ b/deps-packaging/nghttp2/debian/cfbuild-nghttp2.install
@@ -0,0 +1 @@
+/var/cfengine/lib/*.so*
diff --git a/deps-packaging/nghttp2/debian/compat b/deps-packaging/nghttp2/debian/compat
new file mode 100644
index 000000000..f599e28b8
--- /dev/null
+++ b/deps-packaging/nghttp2/debian/compat
@@ -0,0 +1 @@
+10
diff --git a/deps-packaging/nghttp2/debian/control b/deps-packaging/nghttp2/debian/control
new file mode 100644
index 000000000..778b59ddc
--- /dev/null
+++ b/deps-packaging/nghttp2/debian/control
@@ -0,0 +1,18 @@
+Source: cfbuild-nghttp2
+Section: libs
+Priority: optional
+Maintainer: CFEngine Packages <packager@cfengine.com>
+Build-Depends: debhelper
+Standard-Version: 3.8.4
+
+Package: cfbuild-nghttp2
+Section: libs
+Architecture: any
+Description: CFEngine Build Automation -- nghttp2
+ CFEngine Build Automation -- nghttp2
+
+Package: cfbuild-nghttp2-devel
+Section: libdevel
+Architecture: any
+Desciption: CFEngine Build Automation -- cfbuild-nghttp2-devel
+ CFEngine Build Automation -- cfbuild-nghttp2-devel
diff --git a/deps-packaging/nghttp2/debian/copyright b/deps-packaging/nghttp2/debian/copyright
new file mode 100644
index 000000000..e69de29bb
diff --git a/deps-packaging/nghttp2/debian/rules b/deps-packaging/nghttp2/debian/rules
new file mode 100644
index 000000000..cf106c36b
--- /dev/null
+++ b/deps-packaging/nghttp2/debian/rules
@@ -0,0 +1,50 @@
+#!/usr/bin/make -f
+PREFIX=$(BUILDPREFIX)
+
+clean:
+	dh_testdir
+	dh_testroot
+
+	dh_clean
+
+build: build-stamp
+build-stamp:
+	dh_testdir
+
+	./configure --prefix=$(PREFIX)
+
+	make
+
+	touch build-stamp
+
+install: build
+	dh_testdir
+	dh_testroot
+	dh_clean -k
+	dh_installdirs
+
+	$(MAKE) install DESTDIR=$(CURDIR)/debian/tmp
+
+	rm -rf $(CURDIR)/debian/tmp$(PREFIX)/lib/libnghttp2.*a
+	rm -rf $(CURDIR)/debian/tmp$(PREFIX)/share/doc/nghttp2/README.rst
+	rm -rf $(CURDIR)/debian/tmp$(PREFIX)/share/man/man1/h2load.1
+	rm -rf $(CURDIR)/debian/tmp$(PREFIX)/share/man/man1/nghttp*
+	rm -rf $(CURDIR)/debian/tmp$(PREFIX)/share/nghttp2
+
+binary-indep: build install
+
+binary-arch: build install
+	dh_testdir
+	dh_testroot
+	dh_install --sourcedir=debian/tmp
+	dh_link
+	dh_strip
+	dh_compress
+	dh_fixperms
+	dh_installdeb
+	dh_gencontrol
+	dh_md5sums
+	dh_builddeb
+
+binary: binary-indep binary-arch
+.PHONY: build clean binary-indep binary-arch binary install configure
diff --git a/deps-packaging/nghttp2/distfiles b/deps-packaging/nghttp2/distfiles
new file mode 100644
index 000000000..ab9b85cef
--- /dev/null
+++ b/deps-packaging/nghttp2/distfiles
@@ -0,0 +1 @@
+2345d4dc136fda28ce243e0bb21f2e7e8ef6293d62c799abbf6f633a6887af72  nghttp2-1.62.1.tar.xz
diff --git a/deps-packaging/nghttp2/source b/deps-packaging/nghttp2/source
new file mode 100644
index 000000000..bbdbefacd
--- /dev/null
+++ b/deps-packaging/nghttp2/source
@@ -0,0 +1 @@
+https://github.com/nghttp2/nghttp2/releases/download/v1.62.1/
diff --git a/deps-packaging/php/cfbuild-php.spec b/deps-packaging/php/cfbuild-php.spec
index 25d0bcedd..a9aa0a598 100644
--- a/deps-packaging/php/cfbuild-php.spec
+++ b/deps-packaging/php/cfbuild-php.spec
@@ -45,10 +45,7 @@ LDFLAGS=""
   --enable-mbstring \
   --enable-sockets \
   --disable-mbregex \
-  --without-fpm-user \
-  --without-fpm-group \
-  --without-fpm-systemd \
-  --without-fpm-acl \
+  --enable-fpm \
   --without-layout \
   --without-sqlite3 \
   --without-bz2 \
@@ -114,6 +111,9 @@ make
 rm -rf ${RPM_BUILD_ROOT}
 mkdir -p ${RPM_BUILD_ROOT}%{prefix}/httpd/conf
 cp %{prefix}/httpd/conf/httpd.conf ${RPM_BUILD_ROOT}%{prefix}/httpd/conf
+#mkdir -p ${RPM_BUILD_ROOT}%{prefix}/httpd/php/etc/php-fpm.d
+#cp ${RPM_BUILD_ROOT}/../../SOURCES/php-fpm.conf ${RPM_BUILD_ROOT}%{prefix}/httpd/php/etc
+#cp ${RPM_BUILD_ROOT}/../../SOURCES/www.conf ${RPM_BUILD_ROOT}%{prefix}/httpd/php/etc/php-fpm.d
 
 INSTALL_ROOT=${RPM_BUILD_ROOT} make install
 
@@ -168,7 +168,8 @@ CFEngine Build Automation -- php -- development files
 %prefix/httpd/php/lib
 %prefix/httpd/php/bin
 %prefix/httpd/php/php
-%prefix/httpd/php/lib/php.ini
+%prefix/httpd/php/etc
+%prefix/httpd/php/sbin
 
 %dir %prefix/httpd/modules
 %prefix/httpd/modules/libphp.so
diff --git a/deps-packaging/php/debian/cfbuild-php.install b/deps-packaging/php/debian/cfbuild-php.install
index b40f834e0..c521b9fe5 100644
--- a/deps-packaging/php/debian/cfbuild-php.install
+++ b/deps-packaging/php/debian/cfbuild-php.install
@@ -3,3 +3,4 @@
 /var/cfengine/httpd/php/php
 /var/cfengine/httpd/modules/libphp.so
 /var/cfengine/httpd/php/lib/php.ini
+/var/cfengine/httpd/php/sbin/php-fpm
diff --git a/deps-packaging/php/debian/rules b/deps-packaging/php/debian/rules
index 94eaf588d..257a7277c 100755
--- a/deps-packaging/php/debian/rules
+++ b/deps-packaging/php/debian/rules
@@ -25,10 +25,7 @@ build-stamp:
 --enable-mbstring \
 --enable-sockets \
 --disable-mbregex \
---without-fpm-user \
---without-fpm-group \
---without-fpm-systemd \
---without-fpm-acl \
+--enable-fpm \
 --without-layout \
 --without-sqlite3 \
 --without-bz2 \
@@ -97,6 +94,9 @@ install: build
 
 	mkdir -p $(CURDIR)/debian/tmp$(PREFIX)/httpd/conf
 	cp $(PREFIX)/httpd/conf/httpd.conf $(CURDIR)/debian/tmp$(PREFIX)/httpd/conf/httpd.conf
+#	mkdir -p $(CURDIR)/debian/tmp$(PREFIX)/httpd/php/etc/php-fpm.d
+#	cp $(CURDIR)/php-fpm.conf $(CURDIR)/debian/tmp$(PREFIX)/httpd/php/etc/
+#	cp $(CURDIR)/www.conf $(CURDIR)/debian/tmp$(PREFIX)/httpd/php/etc/php-fpm.d/
 
 	INSTALL_ROOT=$(CURDIR)/debian/tmp CPPFLAGS="-I$(PREFIX)/include" LD_LIBRARY_PATH="$(PREFIX)/lib" LD_RUN_PATH="$(PREFIX)/lib" $(MAKE) install
 
diff --git a/deps-packaging/release-monitoring.json b/deps-packaging/release-monitoring.json
index e9749b68e..1eb7b9f46 100644
--- a/deps-packaging/release-monitoring.json
+++ b/deps-packaging/release-monitoring.json
@@ -14,6 +14,7 @@
         "libxml2":"1783",
         "libyaml":"13522",
         "lmdb":"6974",
+        "nghttp2":"8651",
         "openldap":"2551",
         "openssl":"2566",
         "pcre2":"5832",
diff --git a/packaging/cfengine-nova-hub/cfengine-nova-hub.spec.in b/packaging/cfengine-nova-hub/cfengine-nova-hub.spec.in
index d72ee91ee..7f1988bd2 100644
--- a/packaging/cfengine-nova-hub/cfengine-nova-hub.spec.in
+++ b/packaging/cfengine-nova-hub/cfengine-nova-hub.spec.in
@@ -409,10 +409,12 @@ exit 0
 %prefix/httpd/modules
 %prefix/httpd/php/lib
 %prefix/httpd/php/php
+%prefix/httpd/php/etc
 %config(noreplace) %prefix/httpd/php/lib/php.ini
 
 %defattr(755,root,root,755)
 %prefix/httpd/php/bin
+%prefix/httpd/php/sbin
 
 # Software upgrade delivery area
 %dir %prefix/master_software_updates
diff --git a/packaging/common/cfengine-hub/postinstall.sh b/packaging/common/cfengine-hub/postinstall.sh
index 9189d1e75..782637aa0 100644
--- a/packaging/common/cfengine-hub/postinstall.sh
+++ b/packaging/common/cfengine-hub/postinstall.sh
@@ -87,7 +87,7 @@ fi
 #Copy necessary Files and permissions
 #
 cp "$PREFIX/lib/php"/*.ini "$PREFIX/httpd/php/lib"
-EXTENSIONS_DIR="$(ls -d -1 "$PREFIX/httpd/php/lib/php/extensions/no-debug-non-zts-"*|tail -1)"
+EXTENSIONS_DIR="$(ls -d -1 "$PREFIX/httpd/php/lib/php/extensions/no-debug-zts-"*|tail -1)"
 cp "$PREFIX/lib/php"/*.so "$EXTENSIONS_DIR"
 
 #
@@ -993,6 +993,18 @@ $PREFIX/httpd/bin/apachectl start
 #
 
 if ! is_upgrade; then
+  true "Bootstrapping configs and permissions"
+  # bootstrap to local IP, localhost causes troubles so get a real IP, doesn't matter which one this is a "temporary setup bootstrap"
+#  systemctl start cf-execd # for some reason bootstrap is not starting cf-execd
+#  journalctl -u cf-execd # debug how it went starting it
+  $PREFIX/bin/cf-agent -vB $(hostname -I | cut -d' ' -f1)
+#  systemctl start cf-serverd # for some reason bootstrap is not starting cf-serverd
+#  journalctl -u cf-serverd # debug starting cf-serverd
+  $PREFIX/bin/cf-agent -Kvf update.cf
+  $PREFIX/bin/cf-agent -Kv
+  $PREFIX/bin/cf-agent -Kv
+  true "Done with initial localhost bootstrap. Come back later and do another bootstrap if needed to rebind to a different IP."
+
   true "Adding CFE_ROBOT user"
   ( set +x
     $PREFIX/httpd/php/bin/php $PREFIX/httpd/htdocs/public/index.php cli_tasks create_cfe_robot_user