Optimizing PHP settings for Shared Hosting March M h 21 21, 212 Igor Seletskiy CEO, CloudLinux
Type Security Performance Stability bl mod_php Scary Excellent Bad mod_php + mod_ruid2 Questionable Excellent Bad mod_php + MPM_ITK Questionably Excellent if Ok Scary used with nginx mod_suphp Good Ok Excellent mod_fcgid Good Excellent Flaky mod_cgi Good Bad Excellent FPM Good Excellent? LiteSpeed Good Excellent Excellent
5 WordPress sites Hitting each site with: 11 static files (images, css) 3 php files Each site has: Concurrency index: number of times set of URLs is requested Delay between executions All requests are: done in parallel 1ms ramp up between requests. Site #1 is hit with concurrency of 2 and delay of 2 sec. Sites 2-3 are hit with concurrency 3 and delay of 3 sec. Sites 31-5 are hit with concurrency of 4, and delay of 6 sec. 15 minutes per test.
CentOS 5.7 Intel Quad CPU Q94 @ 2.66Ghz 4GB of RAM 5GB WD SATA HD, 72RPM All standard settings Cron disabled
Apache MPM Prefork MaxClients 256 PHP choice: Mod_FCGID Default Plesk Settings FcgidMaxProcesses 2 FcgidIdleTimeout 4 FcgidIdleScanInterval 1 FcgidProcessLifeTime e e 3
#MPM Prefork MaxClients 256 FcgidMaxProcesses 2 FcgidIdleTimeout 4 FcgidIdleScanInterval 1 FcgidProcessLifeTime 3 Terrible Performance PHP pages are served at 15+ seconds / page Static files are served at 2+ seconds/page Lots timeouts for static pages Lots of failures (53, 5) and timeouts for dynamic pages Load Average fluctuated from 2 to 5 About 2GB of RAM free static requests dynamic requests
#MPM Prefork MaxClients 124 ServerLimit 124 FcgidMaxProcesses 1 4 2 1 3 5 7 9 11 13 static ms/req No more timeouts Just 13 failures for PHP pages Static files take up to 4ms to load PHP pages take up to 1 seconds to load Load averages are 15+ Free Memory drops bellow 1GB 1 5 3 2 Free Memory 7 1 3 5 7 9 11 13 dynamic ms/req 1 1 2 3 4 5 6 7 8 9 1 11 12 13 14 Load Averages Free Memory In GB
FcgidMaxProcesses 2 FcgidIdleTimeout 4 FcgidIdleScanInterval 1 FcgidProcessLifeTime 3 FcgidMaxProcessesPerClass 8 FcgidMaxProcesses global limit on number of processes. For example, Plesk s 2 processes limit is too low for high end servers. cpanel s lack of settings uses default 1. The higher the number of processes, the higher memory usage. FcgidMaxProcessesPerClass limit on number of processes per application (user) FcgidIdleTimeout terminate after an idle period (seconds) FcgidIdleScanInterval scan interval for idle timeout process FcgidProcessLifetime terminate after certain lifetime (if idle).. Apache s default value is 36 seconds 8
FcgidMaxProcesses 1 Response time is much better (around 1 sec) FcgidMaxProccessesPerClass 8 FcgidIdleTimeout 24 Static requests are from ~13ms/request FcgidProcessLifeTime 36 Load is much lower (~4) FcgidIdleScanInterval 12 Just 3MB of free memory left Lots of failures (hitting max processes limit) 8 Increasing MaxProcesses to 12 causes system to start swapping (kills performance) 6 4 2 1 2 3 4 5 6 7 8 9 1 11 12 13 14 dyn. ms/req (new) dyn. ms/req (old) 4 2 1 2 3 4 5 6 7 8 9 1 11 12 13 14 Load Averages (new) Load Averages (old) 3 2 dynamic failures 1 9 1 2 3 4 5 6 7 8 9 1 11 12 13 14 static ms/req (new) static ms/req (old) 15 1 5 1 2 3 4 5 6 7 8 9 1 11 12 13 14
FcgidMaxProcesses 12 FcgidMaxProccessesPerClass 2 Very good performance FcgidIdleTimeout 24 A bit better memory footprint (even with higher Max Processes) FcgidIdleScanInterval 12 FcgidProcessLifeTime 36 3 2 1 1 2 3 4 5 6 7 8 9 1 11 12 13 14 4 ms/req (new) ms/req (prev) 13 failures for every 1 requests Still some failures hitting Max Processes Per Class limit. i 6 2 1 2 3 4 5 6 7 8 9 1 11 12 13 14 15 Load (new) Load (prev) 1 5 3, 1 2 3 4 5 6 7 8 9 1 11 12 13 14 failures (new) failures (prev) 2, 1,, 1 2 3 4 5 6 7 8 9 1 11 12 13 14 Free Mem (new) Free Mem (prev)
Caches PHP opcode so that php source wouldn t have to be re compiled every time. Free, Open Source, Easy to Install Server wide configuration Very good performance (sub 1ms response time) Significantly lower load average Uses lots of RAM 8 6 4 2 1 2 3 4 5 6 7 8 9 111121314 6 4 2 1 2 3 4 5 6 7 8 9 1 11 12 13 14 ms/req (new) ms/req (prev) load (new) load (prev) 15 1 3, 5 2, 1 2 3 4 5 6 7 8 9 111121314 success (new) success (prev) 1,, 1 2 3 4 5 6 7 8 9 1 11 12 13 14 Free Mem (new) Free Mem (prev) 11
FcgidMaxProcesses 25 FcgidMaxProccessesPerClass 8 FcgidIdleTimeout 12 FcgidIdleScanInterval 4 FcgidProcessLifeTime 3 4 CPU, 8GB RAM (4GB free) server with 4 customers (~15 activate at peak hour) CPU usage is at ~1%us, ~5%wa. LA: <.5 Max Processes depend on available RAM Max Processes Per Class defines number of concurrent php executions. default value of 8 is good, but more is better for site responsiveness. IdleTimeout depends on number of active sites on the server (bigger the number, smaller the timeout). Try playing with 1 to 15 minutes timeout, and see the server behavior. Increasing IdleTimeout means that you have to increase MaxProcesses as well. 12
15 Load Averages CPU usage approached 1% Terrible performance Server completely overloaded 1 5 1 2 3 4 5 6 7 8 9 1 11 12 13 14 mod_php fcgid 4 ms/req 35 3 25 4, 2,, 2, Memory 1 2 3 4 5 6 7 8 9 1 11 12 13 14 2 15 1 5 1 2 3 4 5 6 7 8 9 1 11 12 13 14 mod_php fcgid mod_php fcgid
1GB memory for eaccelerator 1 max clients 6 4 2 ms/req 1 2 3 4 5 6 7 8 9 1 11 12 13 14 mod_php fcgid Free Memory Load Averages 3 15 2 1 1 5 1 2 3 4 5 6 7 8 9 1 11 12 13 14 1 2 3 4 5 6 7 8 9 1 11 12 13 14 fcgid mod_php fcgid mod_php
ms/req Load Average 3 3 2 2 1 1 1 2 3 4 5 6 7 8 9 1 11 12 13 14 1 2 3 4 5 6 7 8 9 1 11 12 13 14 mod_ruid mod_php mod_ruid mod_php 3 Free Memory 2 1 1 2 3 4 5 6 7 8 9 1 11 12 13 14 mod_ruid mod_php
HTTPD Request Apache Running As Root fork Find Virtual Host Switch User Serve Request As User DIE HTTPD Request Apache Running As nobody Find Virtual Host Switch User Serve Request As User Switch to nobody
ms/req 1 5 1 2 3 4 5 6 7 8 9 1 11 12 13 14 suphp mod_php Load Average Free Memory 25 4 2 15 1 5 1 2 3 4 5 6 7 8 9 1 11 12 13 14 3 2 1 1 2 3 4 5 6 7 8 9 1 11 12 13 14 suphp mod_php suphp mod_php
Excellent performance Stable Drop in replacement
Run as user Limit exec family of functions often meaningless Cronjobs, CGI scripts Suhoshin WAF (mod_security) Chroot CageFS (CloudLinux)
The PHP safe mode is an attempt to solve the shared server security problem. It is architecturally incorrect to try to solve this problem at the PHP level, but since the alternatives at the web server and OS levels aren't very realistic, many people, especially ISP's, use safe mode for now. php.net mod_php depends on safe mode Not Reliable Deprecated as of PHP 5.3., removed in PHP 5.4.
Easy with mod_fcgid specify right binary in the wrapper script As many php versions as you need
NGINX HTTP and reverse proxy server Supports caching Live configuration updates Varnish Cache State of the art web accelerator Sophisticated caching VCL Varnish Configuration Language
Single customer is the most common cause of majority of downtimes Limit resource usage per customer will remove spikes and prevent issues for other customers Hard & expensive to track Takes time to track, which results in downtime for the server.
Type CPU Memory IO Number of connections CageFS mod_php Yes No Maybe Yes No* mod_php + mod_ ruid2 ud mod_php + MPM_ITK Yes No Maybe Yes No* Yes Maybe Maybe Yes Yes mod_suphp Yes Yes Apr 212 Yes Yes mod_fcgid Yes Yes Apr 212 Yes Yes mod_cgi Yes Yes Apr 212 Yes Yes FPM Yes Yes Apr 212 Yes Yes LiteSpeed Yes Yes Apr 212 Yes Yes
Better stability Improved security No server slow downs No need to suspend customers due to resource abuse Simplifies up sell to higher plans / VPS Removes the need to upsell to VPS Ability to track usage on per customer bases Less support Improved security Better density
We deployed CloudLinux on our shared hosting servers, and we have seen immediate improvement in reliability. Ditlev Bredah, CEO UK2 Group We deployed CloudLinux on our shared hosting servers, and we have seen immediate improvement in reliability. Now we want to offer the same solution to our dedicated server customers. Emmanuel Vivar, CEO HostDime
Per user, virtualized file system User can see only their own files / safe system files Virtualized /etc /etc, including passwd file No config files with all the users Only one user in /home No presence of other users. Virtualized Vi t li d //proc user can see only l th their i own processes No SUID software Virtualized /dev file system Better then VPS?
Protection against symbolic link attacks. Part of CageFS Better then SymlinksIfOwnerMatch Doesn t suffer from race condition Better Performance This option should not be considered d a security restriction, ti since symlink testing is subject to race conditions that make it circumventable. Apache Documentation http://httpd.apache.org/docs/2.2/mod/core.html
Most Customers Deploy CloudLinux To Existing Production Servers
Visit Us At CloudLinux Booth http://www.cloudlinux.com com