Is anyone using Magento with Apache worker MPM?
I've read conflicting reports of stability and security using worker instead of prefork, but have also read that worker is much faster than prefork.
PHP5 is thread-safe, but PHP extensions aren't all thread-safe. So it's considered harmfull to run a PHP application on a worker-mpm. And Magento is a PHP application like any other, chances are that you are using some PHP extensions somewhere (GD, Xml, etc) and that you can't test it for thread stability (really hard to test).
But what you can do is use apache as worker (really a lot more HTTP request handled, very useful for all static files), and push PHP out of Apache (so with no mod_php).
For that you will have to use PHP with fcgid or php-fpm, that is modern version of cgi to say it in a few words.
Related
I have been trying to run HHVM as standalone web server for multiple domains and it looks like they are switching to FCGI mode only https://github.com/facebook/hhvm/wiki/runtime-options
Is that the case or running it as standalone is still possible on production?
Yes, you should use FastCGI mode and let nginx/Apache/whatever deal with being the webserver. HHVM's old built-in webserver has been deprecated for quite a number of releases now -- I can't find the old the wiki page on its deprecation, but it's been about six months or so. This more closely mirrors how PHP is often used, and removes a whole host of complicated HHVM-specific configuration mess. Many people are already familiar with how to make nginx/Apache serve files the way they want, and so we can just keep the HHVM-specific stuff in HHVM and let the full-featured webservers do what they are good at.
The getting started guide has a very quick, basic intro to getting FastCGI set up if you're using our prebuilt debian/ubuntu packages, and the FastCGI wiki page contains all the details to get set up in some other environment.
I am downloading PHP for Windows. I got 2 options on the website.
PHP Thread Safe
PHP Non-Thread Safe
Please answer the following questions:
What is the difference between the two? What are the
advantages and disadvantages over one another?
I am developing an e-commerce website which will have heavy traffic, which one is more recommended and why?
From PHP documentation:
Thread Safety means that binary can work in a multithreaded webserver context, such as Apache 2 on Windows. Thread Safety works by creating a local storage copy in each thread, so that the data won't collide with another thread.
So what do I choose? If you choose to run PHP as a CGI binary, then you won't need thread safety, because the binary is invoked at each request. For multithreaded webservers, such as IIS5 and IIS6, you should use the threaded version of PHP.
So it really depends on the way that you want to use PHP:
Apache + LoadModule: Thread Safe
Apache + FastCGI: Non-Thread Safe
IIS: Thread Safe
IIS + FastCGI: Non-Thread Safe
PHP manual has nice installation instructions.
AFAIR running PHP with FastCGI is the preferable way, it performs faster and allows for more fine-grained security configuration.
Quick and simple: If you are using Apache edit your Apache24\conf\httpd.conf file and search for "loadmodule". If you see your loadmodule is referencing a .dll something like:
LoadModule php7_module "e:/x64Stack/PHP/php7.1.9/php7apache2_4.dll"
AddHandler application/x-httpd-php .php
PHPIniDir "e:/x64Stack/PHP/php7.1.9"
Then you want Thread Safety enabled or TS - Thread Safe version.
Else if you are using IIS or Apache with CGI then NTS flavor.
I use multiple stacks and within those multiple servers and versions of PHP so don't let the paths / php or server versions throw you.
In addition to Crack, since 5.4 you can use built-in web server (it works nice!).
Warning This web server was designed to aid application development.
It may also be useful for testing purposes or for application
demonstrations that are run in controlled environments. It is not
intended to be a full-featured web server. It should not be used on a
public network.
Can anybody tell me why using the pcntl lib on production servers is discouraged? The PHP manual tells very briefly about it, and I'm in a dire need to use this library...
Is there another way to do the same thing in php?
pcntl is discouraged in production environments because the functionality it supports (fork, process control, signal handling) are fairly explicitly things you should not be using in a CGI style application. Now, if you're writing a daemon or command line application in PHP, that is another matter...
From the PHP manual:
Process Control should not be enabled within a web server environment and unexpected results may happen if any Process Control functions are used within a web server environment.
one has to be clear about the differences of a php cli script and a sapi/cgi script.
php on production systems may as well have support for pcntl.
the important thing here is to have 2 php config files. one for cli and one for cgi setup.
one then has to disable pctnl in the cgi setup because the real security issue is, that forking a script when executed by the webserver may leave zombie processes flooding the system.
in a cli environment it might be necessary to be able to write scripts that fork...
In http://windows.php.net/downloads I couldn't find any x64 built for download.
Further I have to choose among "Thread Safe" and "Non Thread Safe" with no explanation whether one is safer than the other or it performs better. The install.txt inside the available ZIPs for download seems out-dated an it doesn't mention anything about this.
In http://php.net/manual/pl/install.windows.iis7.php they don't say a word about it either...
Another doubt is once I know what to download (and why), should it be setup as a FastCGI module or as an ISAPI extension?
(My experiences running PHP under IIS)
I believe that you should set up PHP as a FastCGI module - I don't think you are able to set up PHP as an ISAPI extension. You can set up PHP either using FastCGI or ISAPI - It may be that ISAPI is faster than FastCGI. There is a guide on setting up IIS using ISAPI here:
http://www.lazynetworkadmin.com/knowledgebase-mainmenu-6/2-windows/141-install-php-on-server-2008-r2
Searching google reveals a lot of pages discussing the thread safe vs non thread safe argument if you want to know the detail, however the short version is that the non thread safe version is faster, but the thread safe version is safer. You should choose the thread safe version for now unless you have a performance problem and know that your app is going to run correctly under the non thread safe binaries.
Finally, there isn't really any need for x64 binaries when running PHP as a FastCGI application - php runs as a separate process and so the x86 binaries will run fine on a x64 web server, and most normal php applications will have no need for an address space above 4GB as to scale IIS can simply start additional php processes.
When configuring your FastCGI extension you need to point it at the php-cgi.exe executable in the php installation directory.
I often use FastCGI when setting up PHP on IIS. It is moreso habit than anything else. While I did read over many of the other articles posted and it does appear that ISAPI has many advantages I thought I'd add a link to setting up FastCGI for those who want to go that route. I've used it and never had any issues with moderate request traffic.
Anyway here's a link to an article with screenshots on setting up PHP via FastCGI on IIS 7.5.
Click here to visit the article.
What are the differences between mod_php and cgi php script?
I mean, why it's better (is it?) to use mod_php instead simple php scripts, running them as CGIs?
Thanks
When using CGI : a PHP process is launched by Apache, and it is that PHP process that interprets PHP code -- not Apache itself.
In theory, a distinct PHP process has to be created for each request -- which makes things slower : Apache has more work to do to answer a request.
(Well, as pointed out by #AlReece45 in a comment, this can be made better using FastCGI)
When using PHP as an Apache module (mod_php, or mod_php5), the PHP interpreter is kind of "embedded" inside the Apache process : there is no external PHP process.
Which means :
No forking to answer a request (faster)
Better communication between Apache and PHP
Generally speaking, I would say that mod_php is the solution that's used the most.
Plain CGI requires process to be spawned for each request at the time of request.
mod_php requires you to use bloated apache instead of slick nginx or lighttpd. Besides, "better communication between Apache and PHP" mentioned by Pascal may harm apache (it harms anyone who develops in php!;-)).
FastCGI lets you separate php from the web server (possibly run it on the different host).
Also, php.net just released a vulnerability today where source code disclosure is possible if you are using mod_cgi to run PHP and your PHP version is older than PHP 5.3.12 or PHP 5.4.2.
http://www.php.net/archive/2012.php#id2012-05-03-1
Patch by upgrading or applying a mod_rewrite rule.