Optimize Apache and PHP

Apache is a highly configurable software. It has many features, but each one is expensive. To some extent, optimizing Apache involves allocating resources in an appropriate way and simplifying the configuration to include only necessary content. MPMApache configuration is modular because features can be easily added and removed. At the core of Apache, many

Apache is a highly configurable software. It has many features, but each one is expensive. To some extent, optimizing Apache involves allocating resources in an appropriate way and simplifying the configuration to include only necessary content. Configuring MPM Apache is modular because features can be easily added and removed. At the core of Apache, many

Apache is a highly configurable software. It has many features, but each one is expensive. To some extent, optimizing Apache involves allocating resources in an appropriate way and simplifying the configuration to include only necessary content.

Configure MPM

Apache is modular because features can be easily added and removed. At the core of Apache, the Multi-Processing Module (MPM) provides this modular feature-managing network connections and scheduling requests. MPM enables you to use threads and even migrate Apache to another operating system.

Only one MPM is active at a time and must be statically compiled using -- with-mpm = (worker | prefork | event.

Each request uses a process's traditional model called prefork. The newer threading model is called worker. It uses multiple processes and each process has multiple threads, so that it can achieve better performance with lower overhead. The latest event MPM is an experimental model that uses separate thread pools for different tasks. To determine which MPM is currently used, run httpd-l.

For example:

[Root @ localhost ~] # Httpd-l

Compiled in modules:

Core. c

Prefork. c

Http_core.c

Mod_so.c

Choosing which MPM to use depends on many factors. Before the event MPM is out of the experiment state, you should not consider this model, but make a choice between the thread used and the thread not used. On the surface, if all underlying modules (including all libraries used by PHP) are thread-safe, the thread is better than forking ). Prefork is a safer option. If worker is selected, perform the test with caution. Performance gains also depend on the libraries and hardware attached to your release.

No matter which MPM is selected, you must configure it properly. Generally, configuring MPM includes telling Apache how to control how many workers are running, whether they are threads or processes. Important configuration options of prefork MPM are shown in Listing 1.

Listing 1. prefork MPM Configuration

StartServers 50

MinSpareServers 15

MaxSpareServers 30

MaxClients 225

MaxRequestsPerChild 4000

The prefork model creates a new process for each request. Redundant processes remain idle to process incoming requests, which reduces startup latency. As long as the Web server appears, the pre-configured 50 processes will be started immediately, and try to keep 10 to 20 idle servers running. The hard limit on the number of processes is specified by MaxClients. Although a process can process many successive requests, Apache will cancel the process with more than 4,000 connections, which reduces the risk of Memory leakage.

Similar to configuring a threaded MPM, the difference is that you must determine how many threads and processes are used. The Apache document explains all necessary parameters and calculations.

The value to be used can be selected only after several attempts and errors. The most important value is MaxClients. The goal is to allow enough workder processes or threads to run without causing excessive server exchanges. If the incoming request exceeds the processing capability, the requests that meet this value at least will receive services and other requests will be blocked.

If MaxClients is too high, all clients will experience bad services, because the Web server will try to switch out a process so that another process can run. Too low may cause unnecessary Denial of Service. It is helpful to set this value to view the number of processes running under high load and the memory usage caused by all Apache processes. If the value of MaxClients exceeds 256, you must set ServerLimit to the same value. Read the MPM documentation carefully for more information.

The number of servers to be started and kept idle according to the server role optimization. If the server only runs Apache, you can use a moderate value, as shown in Listing 1, because this will make full use of the machine. If there are other databases or servers in the system, you should limit the number of idle servers in operation.

Effectively use options and override

Each request processed by Apache must fulfill a complex set of rules that indicate the constraints or special commands that the Web server must follow. Access to folders may be restricted by IP addresses as a specific folder, or you can configure the user name and password. These options also include processing specific files. For example, if a directory list is provided, how the files are processed, or whether the output results should be compressed.

These configurations appear as containers in httpd. conf, such To specify a location on the disk that is referenced by the configuration. Indicates that the reference is the path in the URL. Listing 2 shows an actual Directory container.

Listing 2. A Directory container for the root Directory Application

AllowOverride None

Options FollowSymLinks

In Listing 2, the configuration between a pair of Directory and/Directory tags is applied to everything in the given Directory and under the Directory-in this example, the given Directory is the root Directory. Here, the AllowOverride flag indicates that you are not allowed to override any option (which will be further described later ). The FollowSymLinks option is enabled, which allows Apache to view previous symbolic connections to provide services for the request, even if the file is located outside the directory containing the Web file. This means that if a file in the Web directory is connected by the/etc/passwd symbol, the Web server will provide services for the file at request time. If-FollowSymLinks is used, this feature will be disabled. The same request will cause an error to be returned for the client.

Finally, this scenario is the cause of two concerns. The first aspect is related to performance. If FollowSymLinks is disabled, Apache must check all components that use the file name (directories and files) to ensure that they are not symbolic connections. This will incur additional overhead (disk operations ). Another option, called FollowSymLinksIfOwnerMatch, uses symbols to connect the file owner with the connection owner. For optimal performance, use the option in Listing 2.

So far, readers with security awareness should feel vigilant. Security is always a trade-off between functionality and risks. In our example, the functionality is speed, and the risk is to allow unauthorized access to files on the system. One of the measures to mitigate the risk is that the LAMP application server typically focuses on a specific function, and users cannot create dangerous symbolic connections. If you need to enable symbolic connections, you can restrict them to a specific area of the file system, as shown in listing 3.

Listing 3. constrain FollowSymLinks into a user's directory

Options FollowSymLinks

Options-FollowSymLinks

In listing 3, The FollowSymLinks option is removed from any public_html directory in a user's home directory and all its subdirectories.

As you can see, you can configure options separately for each directory through the master server configuration. You can rewrite the server configuration by yourself (if the administrator allows this operation through the AllowOverrides statement), you only need to put a. htaccess file into a directory. This file contains additional server commands that will be loaded and applied each time a request contains a directory containing the. htaccess file. Although we have discussed the problem that the system has no users, many LAMP applications use this function to control access and implement URL rewriting. Therefore, it is necessary to understand how it works.

Even if the AllowOverrides statement can prevent users from doing what you don't want them to do, Apache must check the. htaccess file to see if there is any work to be done. The parent directory can specify the commands to be processed by requests from sub-directories. This means that Apache must search for all components in the directory tree of the requested file. It is conceivable that this will cause a large number of disk operations for each request.

The simplest solution is not to allow rewriting, which can eliminate the need for Apache to check. htaccess. Any subsequent special configuration will be directly placed in httpd. conf. Listing 4 shows the code added to httpd. conf by checking the password of a user's project directory, instead of placing it into a. htaccess file and relying on AllowOverrides.

Listing 4. Move the. htaccess configuration to httpd. conf

AuthUserFile/home/user/. htpasswd

AuthName "uber secret project"

AuthType basic

Require valid-user

If the configuration is transferred to httpd. conf and AllowOverrides is disabled, the disk usage will be reduced. A user's project may not attract many people to click on, but imagine how powerful it will be when applied to a busy site.

Sometimes it is impossible to completely eliminate the use of. htaccess files. For example, in listing 5, if an option is restricted to a specific part of the file system, the rewrite can also be scoped.

Listing 5. limits the scope of the. htaccess check

AllowOverrides None

AllowOverrides AuthConfig

After listing 5 is implemented, Apache will find the. htaccess file in the parent directory, but it will stop in the public_html directory, because the remaining part of the file system has disabled this function. For example, if you are requesting a file mapped to/home/user/public_html/project/notes.html, only the public_html and project directories are searched.

The last prompt for separate configuration of each directory is: Perform the configuration in sequence. Any article about Apache optimization will tell you that you should use the HostnameLookups off command to disable DNS lookup, because it is a waste of resources to attempt reverse resolution to connect all IP addresses connected to your server. However, any constraints based on the host name will force the Web server to perform reverse lookup on the IP address of the client and perform forward lookup on the result to verify the authenticity of the name. Therefore, it is wise to avoid using access control based on the customer's host name and set its scope when the time limit is required.

Persistent connection

When a client connects to the Web server, it allows the client to send multiple requests through the same TCP connection, which reduces the latency related to multiple connections. This is useful when multiple images are referenced on a Web page: the client can first request the page and then request all images through a connection. The disadvantage is that the worker process on the server must wait for the session to be closed by the client before it can be transferred to the next request.

Apache enables you to configure how to handle persistent connections (known as keepalives ). The global KeepAlive 5 of httpd. conf allows the server to process five requests for a connection before the connection is forcibly closed. Setting this value to 0 will disable persistent connections. KeepAliveTimeout at the global level determines how long Apache will wait for another connection before the session is closed.

Handling persistent connections is not a one-size-fits-all configuration. For some Web sites, it is more appropriate to disable keepalives (KeepAlive 0). For other sites, enabling it will bring huge benefits. The only solution is to try the two configurations and observe which one is more appropriate. However, if keepalives is enabled, it is wise to use a small timeout value, for example, 2, that is, KeepAliveTimeout 2. This ensures that the client that wishes to send another request has sufficient time, and the worker process will not remain idle, waiting for the next request that may never occur.

Compression

The Web server can compress the output before sending it back to the client. This will make the pages sent over the Internet smaller, at the cost of the CPU cycle on the Web server. This is a good way to speed up page downloads for servers that can afford CPU overhead-it is not uncommon to compress the page size to 1/3.

Images are usually compressed, so Compression should be limited to text output. Apache uses mod_deflate to provide compression. Although mod_deflate can be easily enabled, it involves too much complexity and many manuals have explained this complexity. This article does not introduce the compression configuration, but provides links to the relevant documentation (see references ).

Optimize PHP

PHP is the engine for running application code. Install only the modules you plan to use and configure your Web server so that php is used only for script files (usually those files ending with. PHP), not all static files.

Operation Code Cache

When a PHP script is requested, PHP will read the script and compile it into a Zend operation code. This is a binary representation of the code to be executed. This operation code is then executed and discarded by PHP. The operation code cache will save the compiled operation code and reuse it the next time you call this page. This saves a lot of time. Multiple types of caches are available. I usually use eAccelerator.

To install eAccelerator, you must have a PHP development library on your computer. Because different Linux releases store different files in different locations, it is best to obtain installation instructions directly from the eAccelerator Web site (see references for links ). Your release may also contain an operation code cache. You only need to install it.

No matter how you install eAccelerator on the system, you need to pay attention to some configuration options. The configuration file is usually/etc/php. d/eaccelerator. ini. Eaccelerator. shm_size defines the size of the shared cache. The compiled script is stored here. The unit of the value is MB ). Determine the proper size based on your application. EAccelerator provides a script to display the cache status, including memory usage. 64 MB is a good choice (eaccelerator. shm_size = "64 "). If the value you selected is not accepted, you must modify the maximum shared memory size of the kernel. Add kernel. shmmax = 67108864 to/etc/sysctl. conf and run sysctl-p to make the setting take effect. The unit of the kernel. shmmax value is byte.

If the shared memory allocation exceeds the limit, the eAccelerator must clear the old script from the memory. By default, this is disabled. eaccelerator. shm_ttl = "60" specifies that when the eAccelerator uses up the shared memory, all unaccessed scripts within 60 seconds will be cleared.

Another popular Alternative tool for eAccelerator is Alternative PHP Cache (APC ). Zend vendors also provide a commercial operation code cache, including an optimizer for further efficiency improvement.

Php. ini

PHP configuration is completed in php. ini. Four important settings control how many system resources PHP can use, as shown in table 1.

Table 1. resource-related settings in php. ini

Set recommended description values

Max_execution_time how many CPU seconds a script can use 30

Max_input_time how long a script waits for input data (seconds) 60

Memory_limit memory (in bytes) 32 MB for a script before it is canceled

Before output_buffering data is sent to the client, how much data (bytes) needs to be cached 4096

The specific number depends on your application. If you want to receive a large file from the user, max_input_time may have to be added. You can modify it in php. ini or rewrite it using code. Similarly, programs with a large CPU or memory usage may require a larger value. The goal is to mitigate the impact of programs that exceed the limit. Therefore, we do not recommend that you disable these settings globally. Note that max_execution_time indicates the CPU time of the process, rather than the absolute time. Therefore, the running time of a program that performs a large amount of I/O and a small amount of computing may be much longer than max_execution_time. This is why max_input_time can be greater than max_execution_time.

The number of PHP executable log records is configurable. In the production environment, disabling all log records except the most important logs can reduce disk write operations. If you need to use logs to troubleshoot the problem, you can enable logging as needed. Error_reporting = E_COMPILE_ERROR | E_ERROR | E_CORE_ERROR will enable sufficient logging so that you can discover the problem and eliminate a large amount of useless content from the script.