For developers, there is not much difference whatever PHP handler is executing their application in the web server. It simply works!. But for System Administrator view, there are wide array of options to choose from. Depending on the nature of the site, you might pick one over the other. Here is my opinionated view of what I think is the different strength and weakness of each PHP handlers:
Web Server | PHP Handler | Memory | CPU | Security | Speed | Run as Owner |
---|---|---|---|---|---|---|
Apache Only | mod_php | Low | Low | Low | Fast | No |
CGI | Low | High | Low | Slow | No | |
SuPHP | Low | High | High | Slow | Yes | |
Nginx / Apache | FastCGI | High | Low | High | Fast | Yes |
PHP-FPM | High | High | High | Fast | Yes | |
HHVM | Very High | Very High | High | Very Fast | Yes |
Before we even go further, lets mention this very important issue that haunts down every developers on earth:
The file permission hell: Have you ever been into situation wherein you cannot access your files via FTP/SSH because its somewhat "owned" by the web server itself. For example, files uploaded through the website. This is because Web servers usually runs on another user other than yours. For example, usually Apache user is "www-data", while your FTP account might be "bob". Two different users accessing same set of files causes a lot of headaches when you are using for example CMS like WordPress, which writes files into the server.
On the following section, I'll try to elaborate the table above by mentioning special points like Pros, Cons and Bottomlines.
mod_php
Pros
- Comes with Apache server by default
- Runs very fast since it runs in the same process as Apache itself
- Low CPU and Memory requirement because of above
Cons
- Runs as the same user that your Apache user ( usually www-data)
- File permission issues with CMS and FTP accounts
Bottomline
mod_php is ideal for situations where resources is very limited and security is not much of concern. For example running a web server for LAN connection in a very old computer with limited memory.
CGI
Pros
- Has the ability to see the PHP as another user (through suexec)
Cons
- Not nearly as fast as mod_php
- Requires more CPU time
Bottomline
While it is able to solve the file permission issues associated with mod_php, it does that though by sacrificing some speed.
suPHP
Pros
- Has the ability to run the PHP scripts as another user
Cons
- requires more CPU and memory
- Cannot use Opcode caching since it needs to process each file everytime
Bottomline
since the PHP scripts is being run as a different user. Any vulnerability in the site can be restricted to only the files of your website thereby providing substantial security benefits particularly on servers that run multiple websites. This is great for multi-tenant hosting wherein you need to isolate each customers from each other.
FastCGI
Pros
- offers the benefits of suPHP
- allows use of Opcache
- Fast because of caching strategy
Cons
- large memory usage
Bottomline
FastCGI speed comes with large memory usage. This might be significant when speed is important given that you had the money to feed it with memory.
PHP-FPM
Pros
- Ability to "gracefully" stop and start PHP workers without losing any queries
- Dynamic number of processes, depending on the load
- Starting the workers with different uid/gid/chroot/environment and different php.ini options
Cons
- requires high CPU power and memory (thus more cost)
Bottomline
PHP-FPM might be ideal if you have a VPS or a dedicated server. In the shared hosting though, you can quickly ran out your quota, due to the large memory and cpu consumption it would take compared to just plain apache+mod_php.
HHVM
Pros
- JIT compilation, making PHP behave like Java wherein it is compiled to bytecodes
- Extremely fast
- Comes with specialized debugger, tools and syntax
Cons
- requires high CPU power and memory (thus more cost)
- being a new technology, has limited support for extensions and tools
Bottomline
HHVM is good for very high volume traffic wherein every millisecond matters. But unless you have some really good experience with rolling your own server, finding hosting provider that has enough experience with this technology might be a tough one.
There it is, its crazy to think that behind the seemingly simple LAMP stack, there is tons of fuzzy things going on at the back. Depending on many factors, you might choose to shuffle any combination of this, given the use-case and situation you are currently in.
Did you find this useful?
I'm always happy to help! You can show your support and appreciation by Buying me a coffee (I love coffee!).