What are the different ways to run PHP on Web Server?

Web Servers themselves cannot understand and parse PHP files, the external programs to do it for them. There are many ways how you can do this, both with its pros and cons.

Posted by Darwin Biler on January 8, 2016

For developers, there is not much difference whatever PHP handler is executing their application in the web server. It simply works!. But for System Administrator view, there are wide array of options to choose from. Depending on the nature of the site, you might pick one over the other. Here is my opinionated view of what I think is the different strength and weakness of each PHP handlers:

Web Server PHP Handler Memory CPU Security Speed Run as Owner
Apache Only mod_php Low Low Low Fast No
CGI Low High Low Slow No
SuPHP Low High High Slow Yes
Nginx / Apache FastCGI High Low High Fast Yes
PHP-FPM High High High Fast Yes
HHVM Very High Very High High Very Fast Yes

Before we even go further, lets mention this very important issue that haunts down every developers on earth:

The file permission hell: Have you ever been into situation wherein you cannot access your files via FTP/SSH because its somewhat "owned" by the web server itself. For example, files uploaded through the website. This is because Web servers usually runs on another user other than yours. For example, usually Apache user is "www-data", while your FTP account might be "bob". Two different users accessing same set of files causes a lot of headaches when you are using for example CMS like WordPress, which writes files into the server.

On the following section, I'll try to elaborate the table above by mentioning special points like Pros, Cons and Bottomlines.

mod_php

Pros

  • Comes with Apache server by default
  • Runs very fast since it runs in the same process as Apache itself
  • Low CPU and Memory requirement because of above

Cons

  • Runs as the same user that your Apache user ( usually www-data)
  • File permission issues with CMS and FTP accounts

Bottomline

mod_php is ideal for situations where resources is very limited and security is not much of concern. For example running a web server for LAN connection in a very old computer with limited memory.

CGI

Pros

  • Has the ability to see the PHP as another user (through suexec)

Cons

  • Not nearly as fast as mod_php
  • Requires more CPU time

Bottomline

While it is able to solve the file permission issues associated with mod_php, it does that though by sacrificing some speed.

suPHP

Pros

  • Has the ability to run the PHP scripts as another user

Cons

  • requires more CPU and memory
  • Cannot use Opcode caching since it needs to process each file everytime

Bottomline

since the PHP scripts is being run as a different user. Any vulnerability in the site can be restricted to only the files of your website thereby providing substantial security benefits particularly on servers that run multiple websites. This is great for multi-tenant hosting wherein you need to isolate each customers from each other.

FastCGI

Pros

  • offers the benefits of suPHP
  • allows use of Opcache
  • Fast because of caching strategy

Cons

  • large memory usage

Bottomline

FastCGI speed comes with large memory usage. This might be significant when speed is important given that you had the money to feed it with memory.

PHP-FPM

Pros

  • Ability to "gracefully" stop and start PHP workers without losing any queries
  • Dynamic number of processes, depending on the load
  • Starting the workers with different uid/gid/chroot/environment and different php.ini options

Cons

  • requires high CPU power and memory (thus more cost)

Bottomline

PHP-FPM might be ideal if you have a VPS or a dedicated server. In the shared hosting though, you can quickly ran out your quota, due to the large memory and cpu consumption it would take compared to just plain apache+mod_php.

HHVM

Pros

  • JIT compilation, making PHP behave like Java wherein it is compiled to bytecodes
  • Extremely fast
  • Comes with specialized debugger, tools and syntax

Cons

  • requires high CPU power and memory (thus more cost)
  • being a new technology, has limited support for extensions and tools

Bottomline

HHVM is good for very high volume traffic wherein every millisecond matters. But unless you have some really good experience with rolling your own server, finding hosting provider that has enough experience with this technology might be a tough one.

There it is, its crazy to think that behind the seemingly simple LAMP stack, there is tons of fuzzy things going on at the back. Depending on many factors, you might choose to shuffle any combination of this, given the use-case and situation you are currently in.