The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Re-assessing PHP Handler choice

Discussion in 'Workarounds and Optimization' started by Jay M, Jan 9, 2012.

  1. Jay M

    Jay M Active Member
    PartnerNOC

    Joined:
    Oct 10, 2011
    Messages:
    43
    Likes Received:
    0
    Trophy Points:
    6
    cPanel Access Level:
    Root Administrator
    Hi all,

    I'm looking for fellow server admin thoughts regarding choice of PHP Handler on shared hosting platforms. suPHP has been our choice for as long as I can remember, however, in recent times I've begun looking at using the alternative of mod_fcgi purely for the much talked about speed benefits it offers. Does anybody have any real world experience with going from one to the other?

    By this I mean, when moving from suPHP across to mod_fcgi what sort of memory consumption increase did you see? And did you opt for a caching option for your clients; such as APC, xcache, etc?

    I've done some digging across these forums and many others, but couldn't come up with any decent stats on how changes went, but am considering something along the lines of:

    current: suPHP + MPM Prefork
    move to: FastCGI + MPM Worker/Prefork+APC

    But then again I've just noticed mod_ruid2 available by default with EasyApache now, although there's alot less data out there about this.

    Any advise or real world experiences would be very helpful.

    Cheers
     
    #1 Jay M, Jan 9, 2012
    Last edited: Jan 9, 2012
  2. cPanelTristan

    cPanelTristan Quality Assurance Analyst
    Staff Member

    Joined:
    Oct 2, 2010
    Messages:
    7,623
    Likes Received:
    21
    Trophy Points:
    38
    Location:
    somewhere over the rainbow
    cPanel Access Level:
    Root Administrator
    Since mod_php (DSO) is the fastest, less memory consuming of the PHP handlers, I would suggest mod_ruid2 + DSO running. The processes for all components will run as the user rather than just PHP, so you can track down any script running on the account in a browser or via Apache for that user. If you do decide to use DSO, you can also use OPCode caching with it, so you could have either EAccelerator or xCache for DSO.

    While it is true mod_ruid2 has less information, there are some issues with FCGI for highly trafficked servers. You really have to understand the configuration settings to run FCGI well, which isn't normally viable for a production machine.

    Also, if you have any way to setup a testing machine before switching over, I would suggest setting up your own testing environment to see the results, then base your decision on those results.
     
  3. Jay M

    Jay M Active Member
    PartnerNOC

    Joined:
    Oct 10, 2011
    Messages:
    43
    Likes Received:
    0
    Trophy Points:
    6
    cPanel Access Level:
    Root Administrator
    Thanks for your thoughts of fcgi Tristan, I might cross that off the list as these servers are all quite highly trafficked.

    Now regarding mod_ruid2, given this runs in conjunction with DSO I guess this means account level custom php.ini's are out. So that probably crosses it off my list for now too unfortunately.

    Ah well, was worth investigating though as it's a good deployment opportunity for smaller VPSs.
     
  4. cPanelTristan

    cPanelTristan Quality Assurance Analyst
    Staff Member

    Joined:
    Oct 2, 2010
    Messages:
    7,623
    Likes Received:
    21
    Trophy Points:
    38
    Location:
    somewhere over the rainbow
    cPanel Access Level:
    Root Administrator
    You cannot use account level php.ini but you can use php_value and php_flag in .htaccess files on the accounts.
     
  5. xanubi

    xanubi Well-Known Member

    Joined:
    Jun 28, 2006
    Messages:
    86
    Likes Received:
    1
    Trophy Points:
    8
    Well, good news on this one. The problem wasn't the mod_ruid2. The problem was mod_security and the gootroot rules, that take a lot of memory. Removing that rules, apache went down to 1%, which is almost "unbelievable." Mod_ruid2 is the way to go, and now i'm fine-tuning the modsecurity rules to have total protection and speed.
     
  6. markb14391

    markb14391 Well-Known Member

    Joined:
    Jun 9, 2008
    Messages:
    305
    Likes Received:
    2
    Trophy Points:
    18
    We also use gotroot's rules. Would you be willing to share any information on the tweaking you do to get the best mix of protection and speed?
     
  7. markb14391

    markb14391 Well-Known Member

    Joined:
    Jun 9, 2008
    Messages:
    305
    Likes Received:
    2
    Trophy Points:
    18
    We like mod_ruid2, but we don't want to run Edge on production servers. When do you think it will be in Release or Stable?

    Thanks,

    Mark
     
  8. cPanelTristan

    cPanelTristan Quality Assurance Analyst
    Staff Member

    Joined:
    Oct 2, 2010
    Messages:
    7,623
    Likes Received:
    21
    Trophy Points:
    38
    Location:
    somewhere over the rainbow
    cPanel Access Level:
    Root Administrator
    mod_ruid2 would be in RELEASE and STABLE when those reach 11.32. There is currently no set date for when that would occur. CURRENT tier would have 11.32 after EDGE, then RELEASE, then STABLE. The existing versions can be tracked at Downloads - cPanel Inc.
     
  9. xanubi

    xanubi Well-Known Member

    Joined:
    Jun 28, 2006
    Messages:
    86
    Likes Received:
    1
    Trophy Points:
    8
    But, regarding modsecurity, just with the rules provided by cpanel, isn't enough to stop many of hacker attacks. The best option i found was to get the OWASP modsecurity rules, and tweak them. It's true that consumes alot of memory.
     
Loading...

Share This Page