Our Blog

Different ways to run PHP on a server

Posted by:

PHP is a server-side scripting language widely used for making web applications. From System Administration point of view, there are various methods which you can use to run PHP on a server, with each method having its own pros and cons. A system administrator should select a method that is best suited to his needs. Each method has a difference in file access permissions for users of content management systems such as WordPress, Joomla or Drupal. Different methods with which PHP can be setup include:

  • Mod_php
  • suPHP
  • FastCGI
  • PHP-FPM

mod_php

mod_php is an Apache web server module that enables the web server to interpret PHP code by making PHP a part of the web server. It’s the fastest PHP handler available as PHP code is directly executed by the web server itself. It has a low CPU and memory requirement which is beneficial in conditions where there are limited system resources.

The downside to this approach is that the footprint for each Apache process spawned is larger as it requires more system resources and Apache still loads the PHP interpreter when serving files such as CSS, JavaScript or images which do not require PHP interpreter to be loaded. This can cause serious security issues for example when a user uploads a CSS or an image file containing malicious PHP code, that code will be executed by the Apache web server which can create security issues for the web application and the server in general. For example a user can upload a PHP code as a CSS or an image file and code it to accept POST data and send spam or phishing emails.

Furthermore, the files created/uploaded to the server are usually owned by the web server user (such as www-data on Ubuntu/Debian). All files and directories should be owned by the web server user for the application to function properly. If the files and directories are owned by the web server user, no developer with limited access to the server can modify web application files which can cause security issues. Even though there are workarounds available for mod_php to solve the permissions problem but they can potentially leave the server open to security problems.

suPHP

The suPHP Apache module along with suPHP itself allows an easy way to run PHP scripts with different users on the same server. This essentially removes the ownership problem of the user files. It offers a robust way of separating user accounts on a server. Users can own files, run PHP application. If the code has vulnerabilities, the attacker will only be able to harm data owned by that specific user.

The performance hit of running PHP scripts with suPHP is very significant requiring more CPU resources. Web pages take longer to load and in heavy traffic situations server load goes off the charts. suPHP cannot use any sort of OPCode caching such as memcached, APC, XCache which means that every time suPHP executes, it will parse the script which is the reason it takes longer for an application to load.

Just like mod_php, suPHP also loads PHP interpreter when serving files such as CSS, JavaScript images.

Despite the fact that suPHP is no longer maintained it is being used for many production shared hosting environments.

FastCGI

FastCGI is another way to run PHP. Its retains the robustness of separating user accounts by executing PHP code as the owner like suPHP, but its typically not as fast when compared to mod_php. FastCGI is good at reducing CPU usage by leveraging server’s available RAM to keep PHP scripts in memory instead of having to start up a PHP process for each and every PHP request which also allows usage of OPCode caching such as APC, memcached and XCache.

Unlike mod_php and suPHP, FastCGI only processes PHP files and leaves CSS, JavaScript and images to web server to serve.

The main disadvantage of the FastCGI is that it requires a lot of memory. This is because FastCGI keeps PHP sessions opened in the background in memory for quicker access and the ability to use PHP opcode caching can add to the memory usage as well. Additionally FastCGI can encounter an array of errors depending on how your PHP scripts are coded. This can typically require a day or two of setting tweaks, specific to what PHP scripts are trying to do.

You might choose FastCGI as your method of executing PHP scripts if you’re experiencing slow or excessive PHP executions when using the suPHP, and if you have extra memory on your server.

FastCGI requires additional server configuration.

PHP-FPM

PHP-FPM (FastCGI Process Manager) is another PHP FastCGI implementation with some additional features useful for heavy-loaded sites. It has been bundled with PHP since the launch of PHP 5.3.3. In a regular FastCGI implementation web server runs PHP processes, however PHP-FPM runs a standalone master process that launches child processes (also known as worker processes) that serve PHP requests on a UNIX or network socket connection.

The major advantage of PHP-FPM is that it relies on the concept of pool management. Each PHP-FPM pool can be viewed as a full instance of PHP with its own configuration, limit and restrictions such as memory, child processes, modules, environment variables and logs.

PHP-FPM requires additional configuration for web servers as well as PHP-FPM pools.

 

 

 

 

 

 

 

0


Add a Comment

Time limit is exhausted. Please reload CAPTCHA.

# #