Table of Contents
一、簡述
常見的 PHP 執行模式 有 cgi、suphp、dso、fastcgi
這麼多種應該要如何設定或是如何安裝呢?
本篇會介紹 LAMP 編譯安裝,並依序介紹 suphp、dso、fastcgi handler 如何編譯安裝以及設定檔該如何撰寫,以及不同執行模式的 CPU Loading 、 Memory Usage 等效能測試。
此篇教學使用的硬體規格如下 :
- System : CentOS Linux release 7.5.1804
- CPU : 1 x QEMU Virtual CPU version 2.5+
- Memory : 2G + 1 G swap
在開始安裝前先講講什麼是 PHP handler,不同的執行模式又有什麼差異
handler 其實只是在告訴 Apache 應該如何處理 .php 結尾的檔案而已
在安裝完 Apache 後,預設下就會在 conf 中建立好基本的 type 對應表 : mime.types
藉由這個基本的對照表 Apache 得已去處理基本的 html、css、javascript、img 等等的檔案類型,但是在該類型中並未包含 PHP 類型的檔案處理,因此在未設定 PHP handler 時,呼叫 .php 檔案 可能會被誤判成文字類型而直接將原代碼顯示出來,又或是被判斷為未知的類型而變成下載原代碼檔案。
PHP handler 要設定時,會隨著不同的 PHP 執行模式,會有不同的設定方式,那麼 PHP 執行模式又是什麼?
以下的架構圖可以很好的說明 :
Apache PHP 架構圖:
Apache 是需要透過 SAPI 接口與 PHP 連接的,也因此會隨著不同的需求 ( 安全性及速度 ),而發展出不同的接口,也就是 dso、suphp 等這些所謂的執行模式了。
以下是執行模式的比較表,此篇中也會對這些執行模式進行直接的測試,看看效能使用上是否如訪間所述
DSO | CGI | suPHP | FastCGI | |
---|---|---|---|---|
Memory usage | Low | Low | Low | High |
CPU Usage | Low | High | High | Low |
Security | Low | Low | High | High |
Run as file owner | No | No | Yes | Yes |
Overall Performance | Fast | Slow | Slow | Fast |
二、 LAMP 編譯安裝
MySQL 安裝
在開始安裝 Apache 以及 PHP 前,先進行 MySQL 的安裝
值得一提的是雖然目前大多數的 CMS 都已經支援 MariaDB,但是目前少數如 ecshop 尚未能支援 ( 會導致網頁變亂碼 ),因此這裡安裝的是 Oracle MySQL 5.6 community 版本
wget http://repo.mysql.com/mysql-community-release-el7-5.noarch.rpm
rpm -ivh mysql-community-release-el7-5.noarch.rpm
yum update
yum install mysql-server
systemctl start mysqld
如果你希望安裝 MySQL 5.7 版本,
只需要將 /etc/yum.repos.d/mysql-community.repo 中 Mysql 5.7 部分的 enabled 設定為 1 即可
而如果你需要安裝最新的 MySQL 8.0 則是在檔案中加入此段 :
[mysql80-community]
name=MySQL 8.0 Community Server
baseurl=http://repo.mysql.com/yum/mysql-8.0-community/el/7/$basearch/
enabled=1
gpgcheck=1
gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-mysql
啟用 MySQL 設定開機啟動,並設定 root 密碼 :
systemctl start mysqld.service
systemctl enable mysqld.service
# mysql 5.6 set up root password
mysql_secure_installation
# mysql 5.7 set up root password
grep 'temporary password' /var/log/mysqld.log
mysql_secure_installation
PHP 安裝
Apache 與 PHP 相依性安裝
yum install libxml2 \
libxml2-devel \
curl \
curl-devel \
libjpeg \
libjpeg-devel \
libpng \
libpng-devel \
libmcrypt \
libmcrypt-devel \
libtool-ltdl-devel \
bzip2-devel \
readline-devel \
libc-client-devel \
libxslt-devel \
libXpm-devel \
freetype-devel \
libmemcached \
libmemcached-devel \
libdb-devel\
enchant-devel \
libvpx-devel \
t1lib-devel \
gmp-devel \
firebird-devel \
libicu-devel \
openldap-devel \
unixODBC-devel \
postgresql-devel \
aspell-devel \
recode-devel \
net-snmp-devel \
libtidy-devel \
cyrus-imapd \
cyrus-imapd-devel \
libwebp-devel \
sqlite-devel \
freetds-devel \
ImageMagick-devel \
gcc+ \
gcc-c++ \
autoconf \
libtool \
openssl-devel \
pcre-devel \
zlib-devel \
expat-devel \
libuuid-devel \
libnghttp2-devel
編譯 Apache 以及 PHP 使用的 curl
在開始編譯 PHP 前,需要先編譯 Apache 以及 PHP 使用的 curl。因為如果在編譯 PHP 時,未使用指定的 curl 時,預設會使用主機的 curl ,但是 CentOS 預設的 curl 在進行 ssl 加密連線時,是使用 NSS 而非 openssl
在編譯 curl 前,先編譯 curl 所需要使用的函數庫 ( 僅有 1、2 是必要安裝 ) :
- libssh2 : https://www.libssh2.org/
git clone https://github.com/libssh2/libssh2.git
cd libssh2/
./buildconf
./configure --prefix=/opt/alt/libssh2/
make & make install
- nghttp2 : https://github.com/nghttp2/nghttp2
git clone https://github.com/nghttp2/nghttp2.git
cd nghttp2/
git submodule update --init
autoreconf -i
automake
autoconf
./configure
make & make install
echo '/usr/local/lib' > /etc/ld.so.conf.d/custom-libs.conf
ldconfig
- zlib : http://zlib.net/
wget http://zlib.net/zlib-1.2.11.tar.gz
tar zxvf zlib-1.2.11.tar.gz
cd zlib-1.2.11
./configure --prefix=/opt/alt/zlib/
開始進行 curl 編譯
curl 下載 : https://curl.haxx.se/download/
請注意,如果要編譯新版本的 openssl, 請移除 openssl-devel 以及 libssh2-devel 後在編譯
wget https://curl.haxx.se/download/curl-7.60.0.tar.gz
tar zxvf curl-7.60.0.tar.gz
cd curl-7.60.0
export LD_LIBRARY_PATH=/usr/local/lib:/usr/lib64:/opt/alt/libbrotli/lib/:/opt/alt/libssh2/lib/:$LD_LIBRARY_PATH
./configure --prefix=/opt/alt/curl \
--with-ssl=path_to_openssl_source_code \
--with-nghttp2 \
--enable-http \
--enable-ftp \
--enable-file \
--enable-ldap \
--enable-ldaps \
--enable-proxy \
--enable-dict \
--enable-telnet \
--enable-tftp \
--enable-pop3 \
--enable-imap \
--enable-smb \
--enable-ipv6 \
--enable-crypto-auth \
--enable-cookies \
--with-zlib=path_to_zlib_source_code \
--with-libssh2=/opt/alt/libssh2/ \
--with-gssapi \
--with-brotli=/opt/alt/libbrotli/
make & make install
ln -s /opt/alt/curl/lib /opt/alt/curl/lib64
成果展示 :
PHP 安裝
下載 PHP : http://php.net/downloads.php
除了以下的主要編譯參數,這裡紀錄一些其他可以使用的參數
如果要使用 php-fpm 則增加此選項
--enable-fpm
主要取決於 apache 的類型,如果 apache 以線程方式工作必須編譯成這種格式。(為 prefork 不用,使用 event 或 worker 需要要用)
--enable-maintainer-zts
可以設定另外的 conf 目錄
--with-config-file-scan-dir
DSO 模式編譯時使用
--with-apxs2=/usr/local/apache/bin/apxs
PHP 7x
./configure '--prefix=/opt/alt/phpxx' \
'--with-curl=/opt/alt/curl' \
'--mandir=/opt/alt/phpxx/usr/share/man' \
'--disable-debug' \
'--with-pic' \
'--with-bz2' \
'--with-freetype-dir=/usr' \
'--with-png-dir=/usr' \
'--with-xpm-dir=/usr' \
'--with-webp-dir=/usr' \
'--enable-gd-native-ttf' \
'--with-t1lib=/opt/alt/t1lib/usr' \
'--without-gdbm' \
'--with-gettext' \
'--with-gmp' \
'--with-iconv' \
'--with-jpeg-dir=/usr' \
'--with-openssl=/usr' \
'--with-openssl-dir=/usr' \
'--with-pcre-regex=/usr' \
'--with-zlib' \
'--with-layout=GNU' \
'--enable-exif' \
'--enable-ftp' \
'--with-kerberos' \
'--enable-shmop' \
'--enable-calendar' \
'--with-libxml-dir=/opt/alt/libxml2/usr' \
'--enable-xml' \
'--with-readline' \
'--with-mhash' \
'--with-zlib-dir=/usr' \
'--enable-force-cgi-redirect' \
'--enable-fastcgi' \
'--enable-pcntl' \
'--enable-sysvsem=shared' \
'--enable-sysvshm=shared' \
'--enable-sysvmsg=shared' \
'--enable-sockets=shared' \
'--with-imap=shared' \
'--with-imap-ssl=/usr' \
'--enable-mbstring=shared' \
'--enable-mbregex' \
'--with-gd=shared' \
'--enable-bcmath=shared' \
'--enable-dba=shared' \
'--with-db4=/usr' \
'--with-xmlrpc=shared' \
'--with-ldap=shared' \
'--with-ldap-sasl' \
'--enable-dom=shared' \
'--with-pgsql=shared' \
'--enable-wddx=shared' \
'--with-snmp=shared,/usr' \
'--enable-soap=shared' \
'--with-xsl=shared,/usr' \
'--enable-xmlreader=shared' \
'--enable-xmlwriter=shared' \
'--with-icu-dir=/usr' \
'--enable-pdo=shared' \
'--with-pdo-pgsql=shared,/usr' \
'--with-pdo-sqlite=shared,/opt/alt/sqlite/usr' \
'--enable-json=shared' \
'--enable-zip=shared' \
'--with-pspell=shared' \
'--enable-phar=shared' \
'--enable-posix=shared' \
'--enable-fileinfo=shared' \
'--enable-intl=shared' \
'--with-sqlite3' \
'--with-enchant=shared,/usr' \
'--with-pdo-dblib=shared,/usr' \
'--with-interbase=shared,/usr' \
'--with-pdo-firebird=shared,/usr' \
'--with-mcrypt=shared,/usr' \
'--with-tidy=shared,/usr' \
'--enable-opcache' \
'--enable-opcache-file' \
'--with-unixODBC=shared,/usr' \
'--with-pdo-odbc=shared,unixODBC,/usr' \
'--with-apxs2=/usr/local/apache/bin/apxs' \
'--with-libdir=lib64' \
'--with-mysql' \
'--with-mysqli' \
'--with-pdo-mysql=shared'
PHP 5x
./configure '--prefix=/opt/alt/phpxx' \
'--with-curl=/opt/alt/curl' \
'--disable-debug' \
'--with-pic' \
'--with-bz2' \
'--with-exec-dir=/usr/bin' \
'--with-freetype-dir=/usr' \
'--with-png-dir=/usr' \
'--with-xpm-dir=/usr' \
'--with-vpx-dir=/usr' \
'--enable-gd-native-ttf' \
'--with-t1lib=/opt/alt/t1lib/usr' \
'--without-gdbm' '--with-gettext' \
'--with-gmp' \
'--with-iconv' \
'--with-jpeg-dir=/usr' \
'--with-openssl=/usr' \
'--with-openssl-dir=/usr' \
'--with-pcre-regex' \
'--with-zlib' \
'--with-layout=GNU' \
'--enable-exif' \
'--enable-ftp' \
'--enable-sockets=shared' \
'--enable-sysvsem=shared' \
'--enable-sysvshm=shared' \
'--enable-sysvmsg=shared' \
'--with-kerberos' \
'--enable-shmop' \
'--enable-calendar' \
'--with-libxml-dir=/opt/alt/libxml2/usr' \
'--enable-xml' \
'--with-mcrypt=shared,/usr' \
'--with-tidy=shared,/usr' \
'--with-readline' \
'--with-mhash' \
'--enable-dbx=shared' \
'--with-zlib-dir=/usr' \
'--with-mssql=shared' \
'--with-pdo-dblib=shared' \
'--with-interbase=shared,/usr' \
'--with-pdo-firebird=shared,/usr' \
'--enable-phpdbg' \
'--enable-pcntl' \
'--with-imap=shared' \
'--with-imap-ssl=/usr' \
'--enable-mbstring=shared' \
'--enable-mbregex' \
'--with-gd=shared' \
'--enable-bcmath=shared' \
'--enable-dba=shared' \
'--with-db4=/usr' \
'--with-xmlrpc=shared' \
'--with-ldap=shared' \
'--with-ldap-sasl' \
'--enable-dom=shared' \
'--with-pgsql=shared' \
'--enable-wddx=shared' \
'--with-snmp=shared' \
'--enable-soap=shared' \
'--with-xsl=shared,/usr' \
'--enable-xmlreader=shared' \
'--enable-xmlwriter=shared' \
'--with-icu-dir=/usr' \
'--enable-pdo=shared' \
'--with-pdo-odbc=shared,unixODBC,/usr' \
'--with-pdo-pgsql=shared' \
'--with-pdo-sqlite=shared' \
'--enable-json=shared' \
'--enable-zip=shared' \
'--with-pspell=shared' \
'--enable-phar=shared' \
'--enable-posix=shared' \
'--with-unixODBC=shared,/usr' \
'--enable-fileinfo=shared' \
'--enable-intl=shared' \
'--with-enchant=shared' \
'--with-sybase-ct=shared,/usr' \
'--with-libdir=lib64' \
'--with-sqlite3' \
'--with-apxs2=/usr/local/apache/bin/apxs' \
'--enable-opcache' \
'--with-mysql' \
'--with-mysqli' \
'--with-pdo-mysql=shared'
複製設定到該版本底下
cp php.ini-production /usr/local/phpxx/lib/php.ini
ZendGurad Loader ( 僅有在 apache mpm 模式是 prefork 時 才需使用 )
http://www.zend.com/en/products/loader/downloads#Linux
Ioncube
https://www.ioncube.com/loaders.php
在 php.ini 中加入
extension_dir=’/opt/alt/phpxx/lib/php/xxxxxx’
extension=’bcmath.so’
extension=’dom.so’
extension=’fileinfo.so’
extension=’gd.so’
extension=’imagick.so’
extension=’imap.so’
extension=’intl.so’
extension=’json.so’
extension=’ldap.so’
extension=’mbstring.so’
extension=’mcrypt.so’
extension=’pdo.so’
extension=’pdo_mysql.so’
extension=’pdo_pgsql.so’
; extension=’pdo_sqlite.so’
extension=’phar.so’
extension=’pgsql.so’
extension=’posix.so’
extension=’soap.so’
extension=’sockets.so’
extension=’xmlreader.so’
extension=’xmlrpc.so’
extension=’xmlwriter.so’
extension=’zip.so’
extension=’memcache.so’
extension=’memcached.so’
zend_extension=’ioncube_loader_lin_5.6.so’
zend_extension=’opcache.so’
zend_extension=’ZendGuardLoader.so’
以下僅記錄用,已經很少使用
zend_extension xcache 安裝方式
zend_extension xcache 下載:https://xcache.lighttpd.net/
/usr/local/php56/bin/phpize
./configure --enable-xcache --with-php-config=/usr/local/php56/bin/php-config
make
make install
其他 Extension 編譯安裝
memcache、memcached 安裝 :
http://pecl.php.net/package/memcached
phpize
./configure --with-php-config=/opt/alt/php56/bin/php-config
make
make install
php 5
wget http://pecl.php.net/get/memcache-2.2.4.tgz
phpize
./configure --with-php-config=/opt/alt/php56/bin/php-config
make
make install
php 7
git clone https://github.com/websupport-sk/pecl-memcache.git
phpize
./configure --with-php-config=/opt/alt/php71/bin/php-config
make
make install
或是使用 pecl 來進行安裝
pecl install memcache
pecl install memcached
pecl install imagick
Apache安裝
Download pcre:https://ftp.pcre.org/pub/pcre/
請注意不要下載 pcre2,解壓縮後先編譯 pcre ( pcre 也可以用 yum 安裝就好 )
cd pcre
./configure --prefix=/usr/local/pcre
make;make install
ldconfig
libbrotli : https://github.com/bagder/libbrotli
git clone https://github.com/bagder/libbrotli
cd libbrotli/
./autogen.sh
./configure --prefix=/opt/alt/libbrotli
make & make install
Download apache:http://httpd.apache.org/download.cgi
Download apr & apr-util:http://apr.apache.org/download.cgi
將所有 tar.gz 解壓縮,將 apr 以及 apr-util 複製到 httpd-XXXX/srclib 底下
cp -r apr-XXXXX httpd-XXXX/srclib/apr
cp -r apr-util-XXXX httpd-XXXXX/srclib/apr-util
※ http2 不支援 prefork 改為使用 event 或是 worker
./configure --prefix=/usr/local/apache \
--enable-so \
--with-included-apr \
--with-included-apr-util \
--with-curl=/opt/alt/curl \
--with-brotli=/opt/alt/brotli \
--enable-deflate=static \
--enable-rewrite=static \
--enable-ssl=static \
--enable-headers=static \
--enable-asis=static \
--enable-dir=static \
--enable-expires=static \
--enable-filter=static \
--enable-mods-static="mime log_config logio" \
--with-mpm=worker \
--enable-http2 \
--enable-cgi \
--enable-brotli \
--enable-suexec \
--with-suexec-caller=nobody \
--with-suexec-userdir=public_html \
--with-suexec-docroot="/"
make & make install
ln -s /opt/alt/brotli/lib/libbrotlienc.so.1 /lib64
ln -s /opt/alt/brotli/lib/libbrotlicommon.so.1 /lib64
新增 http 啟動檔 :
vi /usr/lib/systemd/system/httpd.service
[Unit]
Description=The Apache HTTP Server
After=network.target
[Service]
Type=forking
ExecStart=/usr/local/apache/bin/apachectl -k start
ExecReload=/usr/local/apache/bin/apachectl -k graceful
ExecStop=/usr/local/apache/bin/apachectl -k graceful-stop
PIDFile=/usr/local/apache/logs/httpd.pid
PrivateTmp=true
[Install]
WantedBy=multi-user.target
編輯 .bash_profile 中加入
PATH=$PATH:/usr/local/apache/bin
export PATH
PATH=$PATH:/opt/alt/phpxx/bin
export PATH
三、Apache 各執行模式設定方法
Apache 一般性設定
# PHP 設定檔
touch /usr/local/apache/conf/php.conf
# 新增用戶,並增加用戶 document root
useradd wordpress
chmod 711 /home/wordpress
mkdir /home/wordpress/public_html
chgrp nobody /home/wordpress/public_html
chmod 750 /home/wordpress/public_html
# 用戶 log 檔案
mkdir -p /usr/local/apache/logs/domlogs/wordpress
chgrp wordpress /usr/local/apache/logs/domlogs/wordpress
su wordpress
ln -s /usr/local/apache/logs/domlogs/wordpress /home/wordpress/logs
exit
# vi /usr/local/apache/conf/httpd.conf
httpd.conf 設定範例
ServerRoot "/usr/local/apache"
Listen 0.0.0.0:80
Listen [::]:80
Listen 0.0.0.0:443
Listen [::]:443
LoadModule authn_file_module modules/mod_authn_file.so
#LoadModule authn_dbm_module modules/mod_authn_dbm.so
#LoadModule authn_anon_module modules/mod_authn_anon.so
#LoadModule authn_dbd_module modules/mod_authn_dbd.so
#LoadModule authn_socache_module modules/mod_authn_socache.so
LoadModule authn_core_module modules/mod_authn_core.so
LoadModule authz_host_module modules/mod_authz_host.so
LoadModule authz_groupfile_module modules/mod_authz_groupfile.so
LoadModule authz_user_module modules/mod_authz_user.so
#LoadModule authz_dbm_module modules/mod_authz_dbm.so
#LoadModule authz_owner_module modules/mod_authz_owner.so
#LoadModule authz_dbd_module modules/mod_authz_dbd.so
LoadModule authz_core_module modules/mod_authz_core.so
LoadModule access_compat_module modules/mod_access_compat.so
LoadModule auth_basic_module modules/mod_auth_basic.so
#LoadModule auth_form_module modules/mod_auth_form.so
#LoadModule auth_digest_module modules/mod_auth_digest.so
#LoadModule allowmethods_module modules/mod_allowmethods.so
#LoadModule file_cache_module modules/mod_file_cache.so
#LoadModule cache_module modules/mod_cache.so
#LoadModule cache_disk_module modules/mod_cache_disk.so
#LoadModule cache_socache_module modules/mod_cache_socache.so
LoadModule socache_shmcb_module modules/mod_socache_shmcb.so
LoadModule socache_dbm_module modules/mod_socache_dbm.so
#LoadModule socache_memcache_module modules/mod_socache_memcache.so
#LoadModule watchdog_module modules/mod_watchdog.so
#LoadModule macro_module modules/mod_macro.so
#LoadModule dbd_module modules/mod_dbd.so
#LoadModule dumpio_module modules/mod_dumpio.so
#LoadModule buffer_module modules/mod_buffer.so
#LoadModule ratelimit_module modules/mod_ratelimit.so
LoadModule reqtimeout_module modules/mod_reqtimeout.so
#LoadModule ext_filter_module modules/mod_ext_filter.so
#LoadModule request_module modules/mod_request.so
#LoadModule include_module modules/mod_include.so
#LoadModule substitute_module modules/mod_substitute.so
#LoadModule sed_module modules/mod_sed.so
LoadModule brotli_module modules/mod_brotli.so
#LoadModule log_debug_module modules/mod_log_debug.so
LoadModule env_module modules/mod_env.so
#LoadModule unique_id_module modules/mod_unique_id.so
LoadModule setenvif_module modules/mod_setenvif.so
LoadModule version_module modules/mod_version.so
#LoadModule remoteip_module modules/mod_remoteip.so
#LoadModule proxy_module modules/mod_proxy.so
#LoadModule proxy_connect_module modules/mod_proxy_connect.so
#LoadModule proxy_ftp_module modules/mod_proxy_ftp.so
#LoadModule proxy_http_module modules/mod_proxy_http.so
#LoadModule proxy_fcgi_module modules/mod_proxy_fcgi.so
#LoadModule proxy_scgi_module modules/mod_proxy_scgi.so
#LoadModule proxy_uwsgi_module modules/mod_proxy_uwsgi.so
#LoadModule proxy_fdpass_module modules/mod_proxy_fdpass.so
#LoadModule proxy_wstunnel_module modules/mod_proxy_wstunnel.so
#LoadModule proxy_ajp_module modules/mod_proxy_ajp.so
#LoadModule proxy_balancer_module modules/mod_proxy_balancer.so
#LoadModule proxy_express_module modules/mod_proxy_express.so
#LoadModule proxy_hcheck_module modules/mod_proxy_hcheck.so
#LoadModule session_module modules/mod_session.so
#LoadModule session_cookie_module modules/mod_session_cookie.so
#LoadModule session_dbd_module modules/mod_session_dbd.so
#LoadModule slotmem_shm_module modules/mod_slotmem_shm.so
LoadModule http2_module modules/mod_http2.so
#LoadModule lbmethod_byrequests_module modules/mod_lbmethod_byrequests.so
#LoadModule lbmethod_bytraffic_module modules/mod_lbmethod_bytraffic.so
#LoadModule lbmethod_bybusyness_module modules/mod_lbmethod_bybusyness.so
#LoadModule lbmethod_heartbeat_module modules/mod_lbmethod_heartbeat.so
LoadModule unixd_module modules/mod_unixd.so
#LoadModule dav_module modules/mod_dav.so
LoadModule status_module modules/mod_status.so
LoadModule autoindex_module modules/mod_autoindex.so
LoadModule info_module modules/mod_info.so
#LoadModule suexec_module modules/mod_suexec.so
LoadModule cgid_module modules/mod_cgid.so
#LoadModule cgi_module modules/mod_cgi.so
#LoadModule dav_fs_module modules/mod_dav_fs.so
LoadModule vhost_alias_module modules/mod_vhost_alias.so
LoadModule negotiation_module modules/mod_negotiation.so
#LoadModule actions_module modules/mod_actions.so
#LoadModule speling_module modules/mod_speling.so
#LoadModule userdir_module modules/mod_userdir.so
LoadModule alias_module modules/mod_alias.so
#LoadModule fcgid_module modules/mod_fcgid.so
#LoadModule php7_module modules/libphp7.so
User nobody
Group nobody
ServerAdmin [email protected]
ServerName nginx.beck.idv.tw
PidFile /usr/local/apache/logs/httpd.pid
AllowOverride none
Require all denied
DirectoryIndex index.htm index.html index.shtml index.xhtml index.wml index.perl index.pl index.plx index.ppl index.cgi index.jsp index.js index.php index.php5 index.php4 index.php3 index.jp index.phtml Default.html Default.htm default.html default.htm home.html home.htm
Require all denied
ErrorLog "logs/error_log"
LogLevel warn
LogFormat "%{Referer}i -> %U" referer
LogFormat "%{User-agent}i" agent
# NOTE: "combined" and "common" are required by WHM
LogFormat "%h %l %u %t \"%r\" %>s %b" common
LogFormat "%h %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\"" combined
# access_log format can be set in WHM under 'Basic cPanel & WHM Setup'
CustomLog logs/access_log combined
DirectoryIndex index.htm index.html index.shtml index.xhtml index.wml index.perl index.pl index.plx index.ppl index.cgi index.jsp index.js index.php index.php5 index.php4 index.php3 index.jp index.phtml Default.html Default.htm default.html default.htm home.html home.htm
StartServers 3
MinSpareThreads 75
MaxSpareThreads 250
ThreadsPerChild 25
MaxRequestWorkers 400
MaxConnectionsPerChild 0
ServerLimit 512
ProtocolsHonorOrder On
Protocols h2 http/1.1
Protocols h2c http/1.1
# This is used by the WHM 'Apache Status' application
SetHandler server-status
Order deny,allow
Deny from all
Allow from 127.0.0.1 ::1
SecRuleEngine Off
Order allow,deny
Deny from all
Satisfy All
KeepAlive On
KeepAliveTimeout 5
MaxKeepAliveRequests 100
Timeout 300
AccessFileName .htaccess
TraceEnable Off
ServerSignature Off
ServerTokens ProductOnly
RewriteEngine on
# cipher and protocol directives can be set in WHM under 'Apache Configuration' -> 'Global Configuration'
SSLCipherSuite ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA:ECDHE-RSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-RSA-AES256-SHA256:DHE-RSA-AES256-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:!DSS
SSLProtocol All -SSLv2 -SSLv3
SSLPassPhraseDialog builtin
SSLUseStapling on
SSLStaplingCache shmcb:/run/stapling_cache_shmcb(256000)
# Prevent browsers from failing if an OCSP server is temporarily broken.
SSLStaplingReturnResponderErrors off
SSLStaplingErrorCacheTimeout 60
SSLStaplingFakeTryLater off
SSLStaplingResponderTimeout 3
SSLSessionCache shmcb:/run/ssl_gcache_data_shmcb(1024000)
SSLSessionCache dbm:/run/ssl_gcache_data_dbm
SSLSessionCacheTimeout 300
Mutex file:/run/ ssl-cache
SSLRandomSeed startup builtin
SSLRandomSeed connect builtin
AddType application/x-x509-ca-cert .crt
AddType application/x-pkcs7-crl .crl
ScriptAlias /cgi-bin/ "/usr/local/apache/cgi-bin/"
ScriptSock /usr/local/apache/logs/cgid_sock
RequestHeader unset Proxy early
TypesConfig conf/mime.types
AddType application/x-compress .Z
AddType application/x-gzip .gz .tgz
AddType text/html .shtml
AddType application/x-tar .tgz
AddType text/vnd.wap.wml .wml
AddType image/vnd.wap.wbmp .wbmp
AddType text/vnd.wap.wmlscript .wmls
AddType application/vnd.wap.wmlc .wmlc
AddType application/vnd.wap.wmlscriptc .wmlsc
AddHandler cgi-script .cgi .pl .plx .ppl .perl
AddHandler server-parsed .shtml
Include conf/extra/proxy-html.conf
Options +ExecCGI
AllowOverride all
Require all granted
include conf/extra/httpd-languages.conf
include conf/php.conf
# BEGIN: HTTP vhosts list
ServerName nginx.beck.idv.tw
ServerAlias www.nginx.beck.idv.tw
DocumentRoot /home/wordpress/public_html
ServerAdmin [email protected]
UseCanonicalName Off
CustomLog /usr/local/apache/logs/domlogs/wordpress/nginx.beck.idv.tw "%a %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\" %I %O"
CustomLog /usr/local/apache/logs/domlogs/wordpress/nginx.beck.idv.tw-bytes_log "%{%s}t %I .\n%{%s}t %O ."
UserDir disabled
UserDir enabled wordpress
# Enable backwards compatible Server Side Include expression parser for Apache versions >= 2.4.
# To selectively use the newer Apache 2.4 expression parser, disable SSILegacyExprParser in
# the user's .htaccess file. For more information, please read:
# http://httpd.apache.org/docs/2.4/mod/mod_include.html#ssilegacyexprparser
SSILegacyExprParser On
suPHP_UserGroup wordpress wordpress
SuexecUserGroup wordpress wordpress
RMode config
RUidGid wordpress wordpress
# For more information on MPM ITK, please read:
# http://mpm-itk.sesse.net/
AssignUserID wordpress wordpress
PassengerUser wordpress
PassengerGroup wordpress
SecRuleEngine Off
ScriptAlias /cgi-bin/ /home/wordpress/public_html/cgi-bin/
DSO :
Apache 設定 :
vi /usr/local/apache/conf/php.conf
# conf start
LoadModule php7_module modules/libphp7.so
AddType application/x-httpd-php .php7 .php5 .php4 .php .php3 .php2 .phtml
AddType application/x-httpd-php-source .phps
suPHP :
suPHP : https://www.suphp.org/Home.html
編譯 mod_suPHP :
cd /usr/local/src
wget https://www.suphp.org/download/suphp-0.7.2.tar.gz
tar zxvf https://www.suphp.org/download/suphp-0.7.2.tar.gz
cd suphp-0.7.2
perl -pi -e 's/AM_CONFIG_HEADER/AC_CONFIG_HEADERS/' configure.ac
aclocal
libtoolize --force
automake --add-missing
autoreconf
perl -pi -e 's#"\$major_version" = "2.2"#"\$major_version" = "2.4"#' ./configure
./configure --with-apr=/usr/local/apache/bin/apr-1-config \
--with-apxs=/usr/local/apache/bin/apxs \
--with-setid-mode=paranoid \
--with-apache-user=nobody \
--with-logfile=/usr/local/apache/logs/suphp.log \
--sysconfdir=/usr/local/apache/conf/ \
--sbindir=/usr/local/apache/bin/
編輯 suPHP 設定 :
vi /usr/local/apache/conf/suphp.conf
[global]
;Path to logfile
logfile=/usr/local/apache/logs/suphp.log
;Loglevel
;info, warn, error
loglevel=error
;User Apache is running as
webserver_user=nobody
;Path all scripts have to be in
docroot=/var/www:${HOME}/public_html
;Path to chroot() to before executing script
;chroot=/mychroot
; Security options
allow_file_group_writeable=true
allow_file_others_writeable=false
allow_directory_group_writeable=true
allow_directory_others_writeable=false
;Check wheter script is within DOCUMENT_ROOT
check_vhost_docroot=true
;Send minor error messages to browser
errors_to_browser=false
;PATH environment variable
env_path="/bin:/usr/bin"
;Umask to set, specify in octal notation
umask=0022
; Minimum UID
min_uid=1000
; Minimum GID
min_gid=200
[handlers]
;Handler for php-scripts
x-httpd-php="php:/opt/alt/php72/bin/php-cgi"
application/x-httpd-php="php:/opt/alt/php72/bin/php-cgi"
;Handler for CGI-scripts
x-suphp-cgi="execute:!self"
Apache suPHP 設定 :
LoadModule suphp_module modules/mod_suphp.so
AddType application/x-httpd-php .php7 .php5 .php4 .php .php3 .php2 .phtml
AddType application/x-httpd-php-source .phps
suPHP_Engine On
suPHP_AddHandler application/x-httpd-php
suEXEC + Fastcgi :
編譯 mod_fastcgi :
# go to download http://httpd.apache.org/download.cgi#mod_fcgid
APXS=/usr/local/apache/bin/apxs ./configure.apxs
make
make install
suEXEC + Fastcgi 設定 :
mkdir -p /usr/local/apache/wrapper/wordpress
vi /usr/local/apache/wrapper/wordpress/nginx.beck.idv.tw
# wrapper content start
#!/bin/sh
# Set desired PHP_FCGI_* environment variables.
# Example:
# PHP FastCGI processes exit after 500 requests by default.
PHP_FCGI_MAX_REQUESTS=10000
export PHP_FCGI_MAX_REQUESTS
# Replace with the path to your FastCGI-enabled PHP executable
exec /opt/alt/php72/bin/php-cgi
chown wordpress.wordpress /usr/local/apache/wrapper/wordpress/nginx.beck.idv.tw
chown wordpress.wordpress /usr/local/apache/wrapper/wordpress
vi /usr/local/apache/conf/php.conf
# content start
LoadModule fcgid_module modules/mod_fcgid.so
LoadModule suexec_module modules/mod_suexec.so
AddHandler fcgid-script .php5 .php4 .php .php3 .php2 .phtml
FcgidBusyScanInterval 90
FcgidBusyTimeout 600
FcgidErrorScanInterval 3
FcgidFixPathinfo 1
FcgidIdleScanInterval 70
FcgidIdleTimeout 360
FcgidIOTimeout 1000
FcgidMaxProcesses 1000
FcgidMaxProcessesPerClass 100
FcgidMaxRequestInMem 268435456
#FcgidMaxRequestLen 1073741824
#128MB
FcgidMaxRequestLen 134217728
FcgidMaxRequestsPerProcess 0
FcgidMinProcessesPerClass 3
FcgidOutputBufferSize 1048576
FcgidPassHeader HTTP_AUTHORIZATION
#FcgidProcessLifeTime 3600
#3600 EP容易爆炸
FcgidProcessLifeTime 300
FcgidSpawnScore 1
FcgidSpawnScoreUpLimit 10
FcgidTerminationScore 2
FcgidTimeScore 2
FcgidZombieScanInterval 3
Apache 設定 :
在 virtualhost 中增加
FcgidWrapper /usr/local/apache/wrapper/wordpress/nginx.beck.idv.tw .php
四、效能測試
phpinfo 網頁效能測試 :
以下效能測試皆使用此指令 :
ab -n 500 -c 10 http://nginx.beck-yeh.idv.tw/
vi /home/wordpress/public_html/index.php
# content start
DSO
1 | 2 | 3 | 4 | 5 | |
---|---|---|---|---|---|
CPU Loading | 0.00 | 0.00 | 0.16 | 0.11 | 0.05 |
Memory Usage | 251Mb | 249Mb | 249Mb | 250Mb | 249Mb |
Requests per second | 43.26 | 44.73 | 44.56 | 44.74 | 40.97 |
suPHP
1 | 2 | 3 | 4 | 5 | |
---|---|---|---|---|---|
CPU Loading | 2.51 | 3.48 | 2.72 | 2.83 | 2.85 |
Memory Usage | 10Mb | 10Mb | 10Mb | 10Mb | 10Mb |
Requests per second | 5.58 | 5.83 | 5.70 | 5.62 | 5.78 |
suEXEC + Fastcgid
1 | 2 | 3 | 4 | 5 | |
---|---|---|---|---|---|
CPU Loading | 0.00 | 0.00 | 0.05 | 0.34 | 0.13 |
Memory Usage | 65Mb | 60Mb | 60Mb | 90Mb | 44Mb |
Requests per second | 40.15 | 41.07 | 38.67 | 39.50 | 40.89 |
WordPress 網頁效能測試 :
DSO
1 | 2 | 3 | 4 | 5 | |
---|---|---|---|---|---|
CPU Loading | 5.28 | 7.12 | 4.30 | 4.82 | 4.91 |
Memory Usage | 681Mb | 687Mb | 687Mb | 687Mb | 685Mb |
Requests per second | 13.49 | 13.11 | 13.17 | 12.82 | 12.95 |
suPHP
1 | 2 | 3 | 4 | 5 | |
---|---|---|---|---|---|
CPU Loading | 11.14 | 11.16 | 11.23 | 11.92 | 11.25 |
Memory Usage | 10Mb | 10Mb | 10Mb | 10Mb | 10Mb |
Requests per second | 1.65 | 1.66 | 1.67 | 1.64 | 1.67 |
suEXEC + Fastcgid
1 | 2 | 3 | 4 | 5 | |
---|---|---|---|---|---|
CPU Loading | 4.57 | 4.10 | 5.14 | 4.89 | 4.62 |
Memory Usage | 159Mb | 159Mb | 159Mb | 159Mb | 159Mb |
Requests per second | 13.52 | 13.52 | 13.51 | 13.29 | 13.53 |
五、總結
從結論來說,資源使用上 DSO 模式並未比較低,速度上也並非與 Fastcgi 模式相差不大。
而 suPHP 的部分,在執行時 memory 使用會比 DSO 低一些,但是在執行結束後全部釋放,算是蠻特殊的情形,其餘 2 種模式都會在執行後,還是會有記憶體的增長,而不像 suPHP 會釋放掉。
Fastcgi 的部分記憶體的使用中規中矩,但是執行速度上很快而且 CPU Loading 也不高,從這裡也不難得知為何此執行模式使用的人會越來越多,不管是 安全性、速度、以及資源的消耗的綜合表現上,的確是比其他的執行模式還要好的許多。
另外值得一提的是,Fastcgi 也是有其本身的問題,也就是 gc ( garbage collection ) 上,一直會因為 Apache 的 gracefull 重啟而導致記憶體使用會不斷堆疊,因此在 Apache Worker 以及 Fastcgi gc 調整優化會是此模式下最大的重點,需要考驗管理人員的功力。
這裡也分享一些在編譯的過程中學習到的一些小知識 :
- Apache 與 PHP 在編譯 module 時皆可以宣告是編譯成 static 或是 shared,查詢結果是 static 一定會載入,而 shared 則是可以動態選擇要不要載入,但是以 static 方式載入可以得到更好的執行速度。
- Apache 的 mpm 模式雖然可以指定也可以不指定,但是指定固定的模式可以得到更好的運行速度。
到這裡我對 Apache 的研究也到一個段落,後續會是對其他的 module 中的設定項目不斷的了解與精進,才能條整出更出色的 Apache 效能 !!