Production LAMP system: Lighttpd + PHP + MySQL: Difference between revisions

From Alpine Linux
(→‎PHP-FPM Configuration: added to run boot php fpm daemon)
(fixed redaction and add cluster info with php fpm)
Line 3: Line 3:
== 1. The web server part: Lighttpd ==
== 1. The web server part: Lighttpd ==

[ lighttpd] is a simple, standards-compliant, secure, and flexible web server, Nginx are the most use due are administrable by ISP panel's software, but '''lighttpd performs better always. Nginx could not process fast-cgi programs'''. for more complete lighttpd consult the [[Production Web server: Lighttpd]] wiki page.
[ lighttpd] is a simple, standards-compliant, secure, and flexible web server, Nginx are the most use due are manageable by ISP panel's software, but '''lighttpd performs better always. Nginx could not process fast-cgi programs'''. for more complete lighttpd consult the [[Production Web server: Lighttpd]] wiki page.

=== Lighttpd Installation ===
=== Lighttpd Installation ===
Line 192: Line 192:

After that, all the files with php will be proceses faster than used a host based, also under the <code>/var/www/localhost/cgi-bin</code> directory will be showed as <nowiki>http://localhost/cgi-bin/</nowiki> path.
After that, all the files with php will be proceses faster than used a host based, also under the <code>/var/www/localhost/cgi-bin</code> directory will be showed as <nowiki>http://localhost/cgi-bin/</nowiki> path.
=== Multiple PHP-FPM cluster ===
As we said, in FPM it is managed by process pools, but the connection can be over the network or over a direct n socket, the configuration for a powerful server of average requests is with socket and localhost, but for high availability it is required CAT6 wired network connections of 1000Mbps and php-fpm by network connections in roundrobin mode.
For php fpm pool will be on a specific machine and the web server(s) will simply connect to these machines with php to serve the php pages, the result is that we have a cluster of lighttpd web servers against other php-fpm process clusters, the php project can be the same code on all web servers and connected to a single database.
At the Linux console the change are, by example two machines and both have php and lighttpd, so then in each one will setup the php of the other:
mkdir -p /var/www/localhost/cgi-bin
sed -i -r 's#\#.*mod_alias.*,.*#    "mod_alias",#g' /etc/lighttpd/lighttpd.conf
sed -i -r 's#.*include "mod_cgi.conf".*#  include "mod_cgi.conf"#g' /etc/lighttpd/lighttpd.conf
sed -i -r 's#.*include "mod_fastcgi.conf".*#\#  include "mod_fastcgi.conf"#g' /etc/lighttpd/lighttpd.conf
sed -i -r 's#.*include "mod_fastcgi_fpm.conf".*#  include "mod_fastcgi_fpm.conf"#g' /etc/lighttpd/lighttpd.conf
cat > /etc/lighttpd/mod_fastcgi_fpm.conf << EOF
server.modules += ( "mod_fastcgi" )
index-file.names += ( "index.php" )
fastcgi.server = ( ".php" =>
    ( "host" => "",
      "port" => 9000
    ( "host" => "",
      "port" => 9000 )
sed -i -r 's|^.*listen =.*|listen = 9000|g' /etc/php*/php-fpm.d/www.conf
sed -i -r 's|^.*listen.owner = .*|listen.owner = lighttpd|g' /etc/php*/php-fpm.d/www.conf
sed -i -r 's|^.* = .*| = lighttpd|g' /etc/php*/php-fpm.d/www.conf
sed -i -r 's|^.*listen.mode = .*|listen.mode = 0660|g' /etc/php*/php-fpm.d/www.conf
rc-service php-fpm7 restart
rc-service lighttpd restart
echo "<?php echo phpinfo(); ?>" > /var/www/localhost/htdocs/info.php
== 2. The DBMS part: mysql/mariadb ==

= See Also =
= See Also =

Revision as of 02:39, 8 March 2020

In production web, LAMP means Linux + Apache + Mysql + Php installed and integrated, but today the "A" of apache are more used as Nginx or Lighttpd, and the "M" of MySQL are more used as Mariadb, the LAMP focused documents are:

1. The web server part: Lighttpd

lighttpd is a simple, standards-compliant, secure, and flexible web server, Nginx are the most use due are manageable by ISP panel's software, but lighttpd performs better always. Nginx could not process fast-cgi programs. for more complete lighttpd consult the Production Web server: Lighttpd wiki page.

Lighttpd Installation

Production environment only will handle need packages.. so no doc or manages allowed:

  1. run apk for need packages

apk add lighttpd gamin

Lighttpd pre php configuration

  1. make the htdos public web root directories
  2. change default port to production one, http are used with 80
  3. use FAM style (gamin) file alteration monitor, increases performance
  4. use linux event handler, increases performance due Alpine are linux only
  5. added the service to the default runlevel, not to boot, because need networking activated
  6. started the web server service
  7. Enable the mod_status at the config files
  8. change path in the config file, we are using security by obfuscation
  9. restart the service to see changes at the browser

mkdir -p /var/www/localhost/htdocs/stats /var/log/lighttpd /var/lib/lighttpd

sed -i -r 's#\#.*server.port.*=.*#server.port          = 80#g' /etc/lighttpd/lighttpd.conf

sed -i -r 's#.*server.stat-cache-engine.*=.*# server.stat-cache-engine = "fam"#g' /etc/lighttpd/lighttpd.conf

sed -i -r 's#\#.*server.event-handler = "linux-sysepoll".*#server.event-handler = "linux-sysepoll"#g' /etc/lighttpd/lighttpd.conf

chown -R lighttpd:lighttpd /var/www/localhost/

chown -R lighttpd:lighttpd /var/lib/lighttpd

chown -R lighttpd:lighttpd /var/log/lighttpd

rc-update add lighttpd default

rc-service lighttpd restart

echo "it works" > /var/www/localhost/htdocs/index.html

sed -i -r 's#\#.*mod_status.*,.*#    "mod_status",#g' /etc/lighttpd/lighttpd.conf

sed -i -r 's#.*status.status-url.*=.*#status.status-url  = "/stats/server-status"#g' /etc/lighttpd/lighttpd.conf

sed -i -r 's#.*status.config-url.*=.*#status.config-url  = "/stats/server-config"#g' /etc/lighttpd/lighttpd.conf

rc-service lighttpd restart

For testing open a browser and go to http://<webserveripaddres> and you will see "it works". The "webserveripaddres" are the ip address of your setup/server machine.

There's a problem in Alpine linux, FAM (gamin) are activated as a lighttpd only service, that's make sense in dockers but in servers could be a problem if FAM (gamin) are also need for others services at the same time.

2. The php scripting part: PHP fpm

In Alpine there's two main language for programming dynamic web pages: PHP and LUA. Alpine are minimalist so not all PHP packages are need in most cases, both repositories must be enabled (main and community), here are explained the most common used in production, for PHP at development please watch the Alpine_newbie_developer wiki page.

PHP Installation

Since version v3.5, PHP 7 is available along with PHP 5.6 coexisting together, until version v3.9 where the latter was removed. So for Alpine 3.5+m we will assume PHP7, if you need PHP5.6 still could use it, that wil be cover in the special Production LAMP system: Lighttpd + PHP5 + MySQL wiki page for older Alpine systems and some specific php softwares.

apk add php7 php7-bcmath php7-bz2 php7-ctype php7-curl php7-dba php7-dom php7-enchant php7-exif php7-fpm php7-gd php7-gettext php7-gmp php7-iconv php7-imap php7-intl php7-json php7-mbstring php7-opcache php7-openssl php7-phar php7-posix php7-pspell php7-recode php7-session php7-simplexml php7-sockets php7-sysvmsg php7-sysvsem php7-sysvshm php7-tidy php7-tokenizer php7-xml php7-xmlreader php7-xmlrpc php7-xmlwriter php7-xsl php7-zip php7-sqlite3

NOTE: next packages are only for specific situations.. only install when need (specially php-pear one): php7-pgsql php7-mysqli php7-mysqlnd php7-snmp php7-soap php7-ldap php7-pcntl php7-pear php7-shmop php7-wddx php7-cgi

A special case it's the php7-odbc, unless the others, that are able php to connect to only specific database, unixodbc are a universal way to do so, the most important difference are that by example, php7-mysqli package has better functions to manage data into the php software usage.

PHP Global Configuration

  1. Use fix.pathinfo
  2. Set safe mode off
  3. Dont expose php code if something fails
  4. Set amount of memory limit for execution to 536Mb (most servers are minimal of 1Gb of RAM)
  5. So then set upload size to 128Mb as maximun.
  6. Set then POST max size to 256Mb based on the upload max size limit.
  7. Turn on the url open method
  8. Set default charset to UTF-8 more compatible
  9. Increase the execution time and the input time for.
sed -i -r 's|.*cgi.fix_pathinfo=.*|cgi.fix_pathinfo=1|g' /etc/php*/php.ini
sed -i -r 's#.*safe_mode =.*#safe_mode = Off#g' /etc/php*/php.ini
sed -i -r 's#.*expose_php =.*#expose_php = Off#g' /etc/php*/php.ini
sed -i -r 's#memory_limit =.*#memory_limit = 536M#g' /etc/php*/php.ini
sed -i -r 's#upload_max_filesize =.*#upload_max_filesize = 128M#g' /etc/php*/php.ini
sed -i -r 's#post_max_size =.*#post_max_size = 256M#g' /etc/php*/php.ini
sed -i -r 's#^file_uploads =.*#file_uploads = On#g' /etc/php*/php.ini
sed -i -r 's#^max_file_uploads =.*#max_file_uploads = 12#g' /etc/php*/php.ini
sed -i -r 's#^allow_url_fopen = .*#allow_url_fopen = On#g' /etc/php*/php.ini
sed -i -r 's#^.default_charset =.*#default_charset = "UTF-8"#g' /etc/php*/php.ini
sed -i -r 's#^.max_execution_time =.*#max_execution_time = 150#g' /etc/php*/php.ini
sed -i -r 's#^max_input_time =.*#max_input_time = 90#g' /etc/php*/php.ini

PHP-FPM Configuration

  1. Create directory for php socket and pid files, MUST BE EQUAL to openrc defined!
  2. Set into configuration file the socket path, MUST BE EQUAL to openrc defined!
  3. Set into configuration file the pid file path, MUST BE EQUAL to openrc defined!

mkdir -p /var/run/php-fpm7/

chown lighttpd:root /var/run/php-fpm7

sed -i -r 's|^.*listen =.*|listen = /run/php-fpm7/php7-fpm.sock|g' /etc/php*/php-fpm.d/www.conf

sed -i -r 's|^pid =.*|pid = /run/php-fpm7/|g' /etc/php*/php-fpm.conf

sed -i -r 's|^.*listen.mode =.*|listen.mode = 0640|g' /etc/php*/php-fpm.d/www.conf

rc-update add php-fpm7 default

service php-fpm7 restart

The PHP-FPM defined a master process with some pool of process for each service resuests, by default there's only one pool of processes, the www pool process.

Default values are good for starting, but later will need tuning, the best it's static one but need test and set until get right configuration.

Lighttpd + PHP-FPM

The web server comes to and very unmantained config file so we must handle all the required settings:

  1. enable the mod_alias at the config file, due need of a specific path for cgi files into security
  2. be sure and disable the fastcgi-php module by cgi only
  3. and then enable the fastcgi-php-fpm specific module then
  4. write a much much better approach of the php handler in the local server using the socket
  5. configure the php to use also the socket too for direct connection locally
  6. restart the service to see changes at the browser

mkdir -p /var/www/localhost/cgi-bin

sed -i -r 's#\#.*mod_alias.*,.*#    "mod_alias",#g' /etc/lighttpd/lighttpd.conf

sed -i -r 's#.*include "mod_cgi.conf".*#   include "mod_cgi.conf"#g' /etc/lighttpd/lighttpd.conf

sed -i -r 's#.*include "mod_fastcgi.conf".*#\#   include "mod_fastcgi.conf"#g' /etc/lighttpd/lighttpd.conf

sed -i -r 's#.*include "mod_fastcgi_fpm.conf".*#   include "mod_fastcgi_fpm.conf"#g' /etc/lighttpd/lighttpd.conf

cat > /etc/lighttpd/mod_fastcgi_fpm.conf << EOF
server.modules += ( "mod_fastcgi" )
index-file.names += ( "index.php" )
fastcgi.server = (
    ".php" => (
      "localhost" => (
        "socket"                => "/var/run/php-fpm7/php7-fpm.sock",
        "broken-scriptfilename" => "enable"

sed -i -r 's|^.*listen =.*|listen = /var/run/php-fpm7/php7-fpm.sock|g' /etc/php*/php-fpm.d/www.conf

sed -i -r 's|^.*listen.owner = .*|listen.owner = lighttpd|g' /etc/php*/php-fpm.d/www.conf

sed -i -r 's|^.* = .*| = lighttpd|g' /etc/php*/php-fpm.d/www.conf

sed -i -r 's|^.*listen.mode = .*|listen.mode = 0660|g' /etc/php*/php-fpm.d/www.conf

rc-service php-fpm7 restart

rc-service lighttpd restart

echo "<?php echo phpinfo(); ?>" > /var/www/localhost/htdocs/info.php

For testing open a browser and go to http://<webserveripaddres>/info.php and you will see only the minimal info due in production there's no need for too much information to crackers. The "webserveripaddres" are the ip address of your setup/server machine.

After that, all the files with php will be proceses faster than used a host based, also under the /var/www/localhost/cgi-bin directory will be showed as http://localhost/cgi-bin/ path.

Multiple PHP-FPM cluster

As we said, in FPM it is managed by process pools, but the connection can be over the network or over a direct n socket, the configuration for a powerful server of average requests is with socket and localhost, but for high availability it is required CAT6 wired network connections of 1000Mbps and php-fpm by network connections in roundrobin mode.

For php fpm pool will be on a specific machine and the web server(s) will simply connect to these machines with php to serve the php pages, the result is that we have a cluster of lighttpd web servers against other php-fpm process clusters, the php project can be the same code on all web servers and connected to a single database.

At the Linux console the change are, by example two machines and both have php and lighttpd, so then in each one will setup the php of the other:

mkdir -p /var/www/localhost/cgi-bin

sed -i -r 's#\#.*mod_alias.*,.*#    "mod_alias",#g' /etc/lighttpd/lighttpd.conf

sed -i -r 's#.*include "mod_cgi.conf".*#   include "mod_cgi.conf"#g' /etc/lighttpd/lighttpd.conf

sed -i -r 's#.*include "mod_fastcgi.conf".*#\#   include "mod_fastcgi.conf"#g' /etc/lighttpd/lighttpd.conf

sed -i -r 's#.*include "mod_fastcgi_fpm.conf".*#   include "mod_fastcgi_fpm.conf"#g' /etc/lighttpd/lighttpd.conf

cat > /etc/lighttpd/mod_fastcgi_fpm.conf << EOF
server.modules += ( "mod_fastcgi" )
index-file.names += ( "index.php" )
fastcgi.server = ( ".php" => 
    ( "host" => "",
      "port" => 9000
    ( "host" => "",
      "port" => 9000 )

sed -i -r 's|^.*listen =.*|listen = 9000|g' /etc/php*/php-fpm.d/www.conf

sed -i -r 's|^.*listen.owner = .*|listen.owner = lighttpd|g' /etc/php*/php-fpm.d/www.conf

sed -i -r 's|^.* = .*| = lighttpd|g' /etc/php*/php-fpm.d/www.conf

sed -i -r 's|^.*listen.mode = .*|listen.mode = 0660|g' /etc/php*/php-fpm.d/www.conf

rc-service php-fpm7 restart

rc-service lighttpd restart

echo "<?php echo phpinfo(); ?>" > /var/www/localhost/htdocs/info.php

2. The DBMS part: mysql/mariadb

See Also