For the longest time I’ve been using Apache Prefork with mod_php. I like it, as it’s easy to configure, understand and troubleshoot. However it’s much more inefficient than Worker or Event (or so I’m told). I’ve been wanting to switch to Event for a while now, mainly due to always having to make do with a small number of
MaxRequestWorkers in Apache Prefork.
I’ve finally setup a test VPS and reconfigured everything to use Apache Event with PHP-FPM and have it all working, but I’ve stumbled upon something that’s stopped me in my tracks.
Previously, I would set
open_basedir in an Apache virtualhost, to prevent a website from “breaking out” and reading or modifying the files of another website. I realise that
open_basedir isn’t 100% full proof, however these are all websites that we manage (i.e. it’s not shared hosting with lots of random clients running amok) so with some other strategies in place, it does the job.
However, with PHP-FPM, PHP’s
open_basedir configuration value can no longer go in Apache’s virtualhost container. Instead, it seems like the conventional approach is to create a separate pool for each website, and configure the
open_basedir and any other individual PHP configurations there. Furthermore, each pool can be configured to run as a separate user, so
open_basedir is perhaps still a bonus, but less important.
What concerns me, is that if we configure each pool to have, for example,
pm.max_children = 5, but then we have 200 websites, that’s potentially going to be 1,000 children. My thinking is, this could quickly become more out of hand than the old
MaxRequestWorkers setting in Apache Prefork.
Another option is to utilise a single pool, and place a
.user.ini file in each website’s document root. However, as a minimum this file could be inadvertantly deleted by anyone administering the website, so doesn’t feel like a very secure approach.
Is this just the way it is, or am I missing something?