Revision 2 as of 2009-06-08 12:51:31

Clear message

Running PHP applications

Another option for creating dynamic Web content is PHP - the PHP: Hypertext Preprocessor, a very popular HTML-embedded scripting language (see http://www.php.net).

In April 2005, we implemented some changes affecting the integration of PHP into the Apache Web server. With many installations, PHP runs as a module (libphp4.so or libphp5.so) within Apache. While this is good for performance reasons, it has some serious drawbacks as far as Web server security is concerned - every PHP application runs under the same account (in our case, it's the httpd user). Other users on the people.ee.ethz.ch Web server might therefore interfere with your PHP applications, all your PHP files have to be readable by the httpd user, safe mode needs to be enabled in order to prevent further damage etc. ... but fortunately, all this no longer applies to the setup on the people.ee.ethz.ch Web server. We're now using mod_fastcgi to link PHP to Apache. (If you're interested in the gory details these slides have some more information.)

The following list of questions and answers should help to clear things up.

My PHP application doesn't work. What should I do?

The first thing you should do is to have a look at the error log file written by Apache. You can find the error log files under

/usr/galen/netvar/apache/logs/error_log.people /usr/galen/netvar/apache/logs/error_log.people_ee_ssl

These directories (automounted by NFS) might not be available on all UNIX workstations; if you can't find them simply log in to galen (with ssh people.ee.ethz.ch), where they are available under /var/log/apache.

How can I choose between PHP 4 or PHP 5?

By putting an .htaccess file into your public_html directory (or one of its subdirectories, if you wish to restrict the setting to a subtree only). By default, our Web server still uses PHP 4; to switch to PHP 5, put these lines into your .htaccess file:

<IfModule mod_actions.c>
 Action application/x-httpd-php /cgi-bin/php5
</IfModule>

It's also possible to limit this setting to particular files/subdirectories, see http://httpd.apache.org/docs-2.0/mod/core.html#files for details.

Why would I want to switch to PHP 5?

Because it allows you to write more elegant code (new object model) ... or because its performance has been improved ... or - well, it's actually your choice, there are plenty of reasons, as you can see here.

http://www.php.net/manual/en/migration5.php might serve as a starting point http://www.php.net/manual/en/migration5.incompatible.php gives a list of "backward incompatible changes" you should pay attention to

Provided that the PHP 4.x branch is still actively maintained), you can count on PHP 4 still being available. Some day, PHP 4 will reach the end of its life, so why not begin to think about migrating to PHP 5 today?

If you didn't write the PHP code yourself, then it might be a good time to check with the author/vendor about his plans for updating the application to run under PHP 5.

Can I have my own PHP settings (php.ini)?

Yes you can. That's one of the advantages of our setup.

Create a .php subdirectory in your home directory (mkdir ~/.php) and put a php.ini file in this subdirectory. For a list of the parameters you can set in php.ini, have a look at http://www.php.net/manual/en/ini.php

Please note that PHP only reads the settings from your php.ini when the PHP interpreter starts for the first time, so to make sure your changes to your php.ini become effective, you can either wait for the next day (see the question below about the lifetime of your PHP processes) or manually kill your current PHP process(es) - they are automatically restarted by mod_fastcgi:

joe@galen:~> pkill -u $USER -f php 

You can use pgrep -u $USER -fl php to see whether you have any persistent PHP processes running. And make sure that you are running this command on the people.ee.ethz.ch Web server itself (i.e. on galen).

What about PHP security (file permissions etc.)?

Security has definitely improved with the new setup. You no longer have to make your PHP scripts (with passwords for database access or similar) readable for the httpd user, nor does a directory have to be writable for httpd. You can set the permissions for your .php files to a mode as tight as 0400 (-r--------, for read-only access) or 0600 (-rw-------, read-write access). No fiddling with ACLs (setfacl) is required any more.

Note that we still recommend to run your PHP applications under safe mode (see http://www.php.net/manual/en/features.safe-mode.php). After all, the PHP code now runs with the rights of your account, and you have to take the responsibility for the proper use for this (cf. http://computing.ee.ethz.ch/overview/rules.en.html).

To enable safe mode, put this line into your ~/.php/php.ini file:

safe_mode = On

and then restart your PHP process, if necessary (see above).

To learn more about PHP and security we recommend these URLs as starting points:

How long will "my" PHP process survive?

There is no exact answer to this question. The minimum lifetime of your PHP process depends on how many other users have concurrent PHP processes running (with the current setting, mod_fastcgi will probably first kill those which have been idle for the longest amount of time). Depending on our experience with the platform, we might modify these settings from time to time, so we can't really give you an exact answer, as stated above. The maximum lifetime of a PHP process, BTW, is 24 hours - at 0:10 a.m. every day Apache's log files are rotated, which will also result in your PHP process being shut down.

Why does my PHP based page take so long to show up in the browser?

Probably because it's the first time you open the page on this very day. Apache first checks if there is already a PHP process available which runs under your account, and if it doesn't find one, there is some overhead to get an initial process started. After the first request to a PHP based page on your Web site, the PHP performance should be much higher.