What are the pros and cons of running PHP as an Apache module or a FastCGI?

php apache vps plesk
5,801

Linking PHP as an Apache HTTPD module makes them inseparable.

This is not without problems:

Indeed, many PHP libraries aren't threadsafe, so it's essential to use the prefork-mpm module for HTTPD 2.x in production to implements a non-threaded, pre-forking web server that handles requests in a manner similar to HTTPD 1.3.

But this approach strongly affects the performance, which can overload the CPU and RAM, causing timeouts and other troubles.

The manual page Apache Performance Tuning enlighten us a little more about the advantages and disadvantages:

The prefork MPM uses multiple child processes with one thread each. Each process handles one connection at a time. On many systems, prefork is comparable in speed to worker, but it uses more memory. Prefork's threadless design has advantages over worker in some situations: it can be used with non-thread-safe third-party modules, and it is easier to debug on platforms with poor thread debugging support.

So, IMHO, PHP with FastCGI is more suitable in production.

Moreover, my preference is for mod_fastcgi rather than mod_fcgid because it provides more functionalities, such as the ability to define an external process manager.

Anyway, there will be no more needs for the prefork-mpm module, and it will finally be possible to pass on the worker-mpm module, much more effective; except that the management process is handled through a shell script to launch the php-cgi executable, which isn't very convenient.

Fortunately, we can use the FastCGI Process Manager for PHP (PHP-FPM), a popular patch natively integrated since PHP 5.3.3. Unfortunately, if you are using PHP 5.2.x, you'll be confined to the classical FastCGI.

Still, it's vital to be aware of the possible vulnerabilities involved by the CGI mode, as reported on the manual page CGI and command line setups:

Warning
A server deployed in CGI mode is open to several possible vulnerabilities. Please read our CGI security section to learn how to defend yourself from such attacks.

You can take a look at this blog post, which contains an example of practical use, and which was of great help in writing this response:

php, fastcgi, fpm et apache (French)
php, fastcgi, and apache fpm (English with Google Translate)

Share:
5,801

Related videos on Youtube

nute
Author by

nute

Soluto #SOreadytohelp

Updated on September 18, 2022

Comments

  • nute
    nute over 1 year

    My VPS is giving me the option between running PHP as an Apache Module or a FastCGI.

    How should one make this decision? Performance? Security? Ease of use? Compatibility?

    I'm using PLESK.

    • nute
      nute over 12 years
      Is this more appropriate for ServerFault or for StackOverflow?
    • nute
      nute over 12 years
      Please don't close. If you think it should be transfered do so, but don't close. It's not an open ended question.
    • DaveRandom
      DaveRandom over 12 years
      Both the close votes you can see are in fact votes to transfer to webmasters (they appear under the "close" umbrella). It may be quicker for you to delete this question and create a new one over at webmasters. It won't damage your rep if you do so, and if you don't you'll have to either wait for a mod to arrive here or wait for 5 people to vote...
    • joosthoek
      joosthoek over 12 years
      To anyone else briefly confused by @DaveRandom's comment above, please note that it was posted before this question was migrated here from SO and before it had any answers.

Recents

Why Is PNG file with Drop Shadow in Flutter Web App Grainy?
How to troubleshoot crashes detected by Google Play Store for Flutter app
Cupertino DateTime picker interfering with scroll behaviour
Why does awk -F work for most letters, but not for the letter "t"?
Flutter change focus color and icon color but not works
How to print and connect to printer using flutter desktop via usb?
Critical issues have been reported with the following SDK versions: com.google.android.gms:play-services-safetynet:17.0.0
Flutter Dart - get localized country name from country code
navigatorState is null when using pushNamed Navigation onGenerateRoutes of GetMaterialPage
Android Sdk manager not found- Flutter doctor error
Flutter Laravel Push Notification without using any third party like(firebase,onesignal..etc)
How to change the color of ElevatedButton when entering text in TextField

Related

How to edit the php.ini file using Plesk
Laravel 5 not getting any error logs
Apache notice caught SIGTERM, shutting down php loop script
WAMP "Unable to load dynamic library php_intl.dll"
Activation Curl on EasyPHP
Docker - Run Apache on host and container for different websites
.htaccess in Subfolder not working
HTTPS giving 404 not found error
Apache error - child pid 1789 exit signal Bus error (10)
How to isolate the HTTP headers/body from a PHP Sockets request