April 1st, 2010
This part 1 is going to focus on the Slackware side of things in order to prep your server to use all of the above. If you are not running Slackware, don’t nessessarily skip this section, as the configure options for compiling everything are still very important and apply to any distro. If you already have everything recompiled, installed, etc. I would skim this to make sure (if you were recompiled before seeing this) that you used the options I did or at least are familiar with them so that when I reference them later you can apply them to your setup if you choose different options at compile time. (Wow, that was a mouth full..(that’s what she said..)) Ha ha ha.
Before we start, lets do a benchmark of our current configuration of apache with php. Be sure to save the output to comepare it with the end results at the end of Part 2.
ab -n 50 -c 3 -k http://www.somevhost.com/
I am using a fully up to date Slackware 13.0 installation at the time of this writing. I choose not to install the following “disk sets”, E, KDE, KDEI, X, XAP, Y when upgrading my Linode 360 from 12.2 to 13.0. I keep a local copy of the source on my Linode just in case. You will need the source from the Slackware 13.0 repo for the following programs:
As of this writing, both are under the patches directory. You can do the following to download the source:
lftp -c "open http://slackware.cs.utah.edu/pub/slackware/slackware-13.0/patches/source/; mirror httpd; mirror php"
Next we will just need to modify a few things in both slackbuilds. Besure to increase the $BUILD by +1 in both slackbuilds.
HTTPD SlackBuild
First start with httpd. Open the httpd.SlackBuild in whatever your editor of choice is. Add the following lines just above “–build=$ARCH-slackware-linux || exit 1″
--enable-suexec \ --with-suexec-bin=/usr/sbin/suexec \ --with-suexec-caller=apache \ --with-suexec-userdir=public_html \ --with-suexec-docroot=/home \
Now run the SlackBuild and upgrade the package. To check and make sure that it build properly:
suexec -V
This will output something along the lines of:
-D AP_DOC_ROOT="/home" -D AP_GID_MIN=100 -D AP_HTTPD_USER="apache" -D AP_LOG_EXEC="/var/log/httpd/suexec_log" -D AP_SAFE_PATH="/usr/local/bin:/usr/bin:/bin" -D AP_UID_MIN=100 -D AP_USERDIR_SUFFIX="public_html"
# Uncomment the following line to enable <a class="zem_slink" title="PHP" rel="homepage" href="http://www.php.net/">PHP</a>: # #Include /etc/httpd/mod_php.conf # FastCgi Config # **Must go before your virtual hosts** Include /etc/httpd/mod_fastcgi.conf # Virtual hosts Include /etc/httpd/extra/httpd-vhosts.conf
Please note that mod_php.conf is commented out, this must be done. The fastcgi.conf will be added in a little bit as well. Okay, everything looks good so lets move on.
PHP SlackBuild
Same thing here, open the php.SlackBuild up. This one requires a few more tweaks.
Completely remove the IMAP section, unless you need it.
# we need to compile alpine to get c-client.a for IMAP support: IMAPLIBDIR=/usr/local/lib${LIBDIRSUFFIX}/c-client if [ -r $IMAPLIBDIR/lib${LIBDIRSUFFIX}/c-client.a ]; then echo "Using IMAP library:" ls -l $IMAPLIBDIR/lib${LIBDIRSUFFIX}/c-client.a sleep 5 else ( cd $CWD/../alpine ; ./alpine.SlackBuild || exit 1 ) || exit 1 ( cd $TMP/alpine-${ALPINE}/imap/c-client strip -g c-client.a mkdir -p $IMAPLIBDIR/lib${LIBDIRSUFFIX} cp c-client.a $IMAPLIBDIR/lib${LIBDIRSUFFIX} mkdir -p $IMAPLIBDIR/include cp *.h $IMAPLIBDIR/include ) fi
AND
--with-imap-ssl=/usr \ --with-imap=$IMAPLIBDIR \
Just above the php_configure() function add:
wget http://php-fpm.org/downloads/php-5.2.12-fpm-0.5.13.diff.gz || exit 1 gunzip php-5.2.12-fpm-0.5.13.diff.gz || exit 1 patch -f -p1 < php-5.2.12-fpm-0.5.13.diff wget http://download.suhosin.org/suhosin-patch-5.2.12-0.9.7.patch.gz || exit 1 gunzip suhosin-patch-5.2.12-0.9.7.patch.gz || exit 1 patch -f -p1 < suhosin-patch-5.2.12-0.9.7.patch ./buildconf --force
Okay, now we need to replace this:
# Make the <a class="zem_slink" title="FastCGI" rel="wikipedia" href="http://en.wikipedia.org/wiki/FastCGI">FastCGI</a> interpreter: make distclean php_configure \ --enable-fastcgi \ --enable-pcntl \ --enable-sigchild make $NUMJOBS || make || exit 1 mkdir -p $PKG/usr/bin cat sapi/cgi/php-cgi > $PKG/usr/bin/php-cgi chmod 755 $PKG/usr/bin/php-cgi
With this:
## Make the FastCGI interpreter: make distclean php_configure \ --enable-fastcgi \ --enable-discard-path \ --enable-force-cgi-redirect \ --enable-fpm \ --with-fpm-pid=/var/run/php-fpm.pid \ --with-fpm-log=/var/log/php-fpm.log \ --with-fpm-conf=/etc/httpd/php-fpm.conf \ --with-fpm-init=/etc/rc.d/rc.php-fpm \ --enable-pcntl \ --enable-sigchild make $NUMJOBS || make || exit 1 mkdir -p $PKG/usr/bin $PKG/etc/{httpd,rc.d} cat sapi/cgi/php-cgi > $PKG/usr/bin/php-cgi cat sapi/cgi/fpm/php-fpm.conf > $PKG/etc/httpd/php-fpm.conf cat sapi/cgi/fpm/php-fpm > $PKG/etc/rc.d/rc.php-fpm chmod 755 $PKG/usr/bin/php-cgi $PKG/etc/rc.d/rc.php-fpm chmod 644 $PKG/etc/httpd/php-fpm.conf
** Optional **
I added mcrypt support in for phpmyadmin. First, install mcrypt with sbopkg. Next you need to add “–with-mcrypt” in the php_configure() function, aka the “kitchen sink”.
Last think you might want to look at is the $NUMJOBS and change it from -j7 to whatever fits your current host. Execute the slackbuild and upgrade the package.
FastCGI
I’ve made a SlackBuild for this. I haven’t submitted it to SlackBuilds.org as of yet(at the time of writing this) but I will afterwards. Here is the link, http://learnix.net/slackbuilds/13.0/fcgi/. The fcgi.tar.gz contains everything in that directory. I’m working on the index script that will just hide that file but offer the download link below the source link.
APC
I’m in the process of making the slackbuild for APC. You can try to install it via:
pecl install apc
But, at least for me, it didn’t work. I got a phpize error and I didn’t feel like spending a bunch of time trying to figure out why. So I just did this:
cd /tmp/pear/download/APC-3.0.19 phpize ./configure --enable-apc-mmap --with-apxs --with-php-config=/usr/local/php/bin/php-config make && make install
This will install the php extension only. Copy the “apc.php“, found in the apc source root, to your web root. This is used to view the stats of APC, clear the cache, etc. You will also want a apc.ini in your /etc/php directory. Here is my apc.in, which mostly what is suggested withing the INSTALL file located in the source.
cat /etc/php/apc.ini ; /etc/php.d/apc.ini extension = apc.so apc.enabled = 1 apc.shm_segments = 1 apc.shm_size = 90 apc.optimization = 0 apc.num_files_hint = 4096 apc.ttl = 7200 apc.user_ttl = 7200 apc.gc_ttl = 0 apc.cache_by_default = 1 apc.filters = "" apc.mmap_file_mask = "/tmp/apc.XXXXXX" apc.slam_defense = 0 apc.file_update_protection = 2 apc.enable_cli = 0 apc.max_file_size = 5M apc.stat = 1 apc.write_lock = 1 apc.report_autofilter = 0 apc.include_once_override = 0 ;apc.rfc1867 = 0 ;apc.rfc1867_prefix = "upload_" ;apc.rfc1867_name = "APC_UPLOAD_PROGRESS" ;apc.rfc1867_freq = 0 apc.localcache = 0 apc.localcache.size = 512 apc.coredump_unmap = 0 apc.stat_ctime = 0
You may or may not need to adjust this to your settings. YMMV with this, but at least it’s a good starting point to be able to continue on with the rest of the configuration.
SUHOSIN
There are two parts to suhosin. We applied the suhosin patch to the php source which protects from format string vulnerabilities but the extension is where all the money’s at. This was on of the easier ones to install as there is a SlackBuild for it. You can get it HERE or use sbopkg to install it.
To make sure things are working, restart apache and start php-fpm.
/etc/rc.d/rc.httpd restart /etc/rc.d/rc.php-fpm start
Check your logs. Make sure everything started up correctly. View your website, make sure it displays correctly. Check your php config. There’s a couple ways of doing this. In your web root, create a file called: phpinfo.php and put this inside:
<?php phpinfo(); ?>
From your web browser you would view it by going to http://yourdomain.com/phpinfo.php. You can search for fastcgi, php-fpm and apc.ini. It will tell you that those options were compiled in and/or in use. You should also check out, http://yourdomain.com/apc.php , to check that apc is working.
This concludes Part 1 of this guide. Next we will go over all the configuration options to put all of this together.
Part 2
PS: I make mistakes. This is a long guide. If you see one, please let me know. Thanks!
Thanks for pointing those out Seth!
![Reblog this post [with Zemanta]](http://img.zemanta.com/reblog_e.png?x-id=9bae8273-2484-412a-9f15-e275ad01c1dc)
You need to delete the exit statement on your first patch for PHP:
wget http://php-fpm.org/downloads/php-5.2.12-fpm-0.5.13.diff.gz || exit 1
gunzip php-5.2.12-fpm-0.5.13.diff.gz || exit 1
patch -f -p1 < php-5.2.12-fpm-0.5.13.diff
wget http://download.suhosin.org/suhosin-patch-5.2.12-0.9.7.patch.gz || exit 1
gunzip suhosin-patch-5.2.12-0.9.7.patch.gz || exit 1
patch -f -p1 < suhosin-patch-5.2.12-0.9.7.patch
./buildconf –force
Just so newbies aren’t confused: leave off the tag for apache here:
–enable-suexec \
–with-suexec-bin=/usr/sbin/suexec \
–with-suexec-caller=apache \
–with-suexec-userdir=public_html \
–with-suexec-docroot=/home \
@Seth Miller: Thanks Thanks for pointing those out. I use Zemanta to help me provide helpful links but sometimes it places them where I don’t want it, IE: in the configure section like so.
Thanks, Very useful resource!!
@James Hancockk: You’re very welcome. I am very interested, once you’ve had it running for a while, in how well you think it preforms versus stock or just fastcgi or anything else you have noticed good or bad using this combination.
Hopefully soon, this complicated how to will be a bit outdated as phpfpm will be included with php.
Now has released a new version of php.
Hope to see:apache2.2.15+php5.3.2(FastCGI)+php-fpm