Table of Contents

To configure apache for a single domain is easy. To configure apache with multiple virtual hosts for a single webmaster is easy, too.

But if you need to host several domains for several different users this can be much more difficult. The biggest problem is to offer PHP functionality while keeping the system secure and fast.

Scenario

Problem

Possible solutions

mod_chroot

Ths apache module mod_chroot can be used to chroot() an apache process into a virtual hosts DocRoot.

Disadvantages:

PHP safe_mode

The PHP safe_mode may be used to tell PHP to not allow access to files not owned by the same user as the script itself, restrict several php functions such as system() exec() fopen() etc.

Disadvantages:

suPHP

With suPHP/mod_suphp any php script is executed with uid of the owner of the script.

Disadvantages:

mod_become

Using mod_become there is no need for suPHP anymore making it possible to use mod_php instead of php-cgi. It will setuid()/setgid() the apache process before serving a request.

Disadvantages:

Conclusion so far

If its secure and fast, it has limitations. If it is secure and has no limitations, its slow.

Now what? Impossible to do that? Wait. There might be another solution:

**The** solution?

mod_fastcgi

This module can be used to pre-fork cgi processed and let them running instead of starting up a new process for every request.

Apache2, php5-fcgi, php4-fcgi, mod_fastcgi HowTo (german)

Benchmarking

For testing we install apache and all other needed stuff into a default debian sarge chroot.

Hardware:

Intel(R) Celeron(R) CPU 2.00GHz with 512MB of RAM

Preparation

We use a tool called hammerhead to stress our apache.

The tool httping will be used to test apache's response time

Benchmarking with hammerhead:

I tried to find a hammerhead config that will get most out of the webserver, but will not stress the hammering machine too much.

There are two different scenarios:

NStatic HTML page
RGET /static/ HTTP/1.0
E<html><head><title>testpage</title></head><body>this is a test</body></html>
NDynamic page (PHP)
RGET /php/ HTTP/1.0
E<html><head><title>testpage</title></head><body>this is a test</body></html>

The corresponding testpages will be created like that:

  -  cd /var/www/
/var/www# mkdir static php
/var/www# echo "<html><head><title>testpage</title></head><body>this is a test</body></html>" > static/index.html
/var/www# echo "<?php echo '<html><head><title>testpage</title></head><body>this is a test</body></html>'; ?>" > php/index.php
/var/www#