Your next Web server will be written in... PHP

YOUR NEXT WEB SERVER
WILL BE WRITTEN
IN... PHP
MIGHT
ConFoo Montréal 2017
Montréal, QC, Canada

View Slide

David Zuelke

View Slide

View Slide

[email protected]

View Slide

@dzuelke

View Slide

CGI

View Slide

NCSA, 1993

View Slide

View Slide

RFC 3875, 1997-2004

View Slide

View Slide

/cgi-bin/counter.pl?site=8712

View Slide

View Slide

HOW CGI WORKS
1. Web server parses request from client
2. Web server sets request info into environment 
(PATH_INFO, REQUEST_METHOD, HTTP_ACCEPT, …)
3. Web server executes CGI script
4. CGI script echos status, headers, and body
5. Web server returns response to client

View Slide

slow

View Slide

(but simple)

View Slide

#!/bin/bash
cat <Content-Type: text/html

Hello World

Hello World
Your browser is ${HTTP_USER_AGENT:-unknown}
This page was served by $(hostname)

EOF

View Slide

CGI VARIABLES (SEE $_SERVER)
• Server info: 
SERVER_SOFTWARE, SERVER_NAME, GATEWAY_INTERFACE
• Request info: 
SERVER_PROTOCOL, SERVER_PORT, REQUEST_METHOD,
PATH_INFO, PATH_TRANSLATED, QUERY_STRING,
REMOTE_ADDR, CONTENT_TYPE, CONTENT_LENGTH, …
• Request headers: 
HTTP_HOST, HTTP_ACCEPT, HTTP_USER_AGENT, …

View Slide

PHP's SAPIs 
& EXECUTION MODEL

View Slide

a SAPI is the "gateway" to the PHP engine

View Slide

marshals input and output from and to the interface

View Slide

PHP WEB SAPI (SIMPLIFIED)
• populate $_SERVER and $_ENV
• parse QUERY_STRING into $_GET
• " application/x-www-form-urlencoded into $_POST
• " multipart/form-data into $_FILES
• return header() data as headers, anything echo()d as content

View Slide

PHP was built for web scripting, for CGI

View Slide

execution model modeled around statelessness "blank slate"

View Slide

PHP CGI EXECUTION LIFECYCLE 
(SIMPLIFIED)
1. core init, load extensions etc
2. MINIT for all modules (extension initialization etc)
3. SAPI ready for (one and only) request
4. RINIT for all modules (e.g. ext-session if session.auto_start)
5. script executes
6. RSHUTDOWN
7. engine cleanup (unset all variables and state)
8. MSHUTDOWN

View Slide

all of that on each CGI request

View Slide

NEIN NEIN
NEIN NEIN
DAS IST ZU
LANGSAM

View Slide

mod_php

View Slide

embeds PHP into the Apache httpd process

View Slide

mod_php EXECUTION LIFECYCLE 
(SIMPLIFIED)
1. SAPI ready for (next) request
2. RINIT for all modules (e.g. ext-session if
session.auto_start)
3. script executes
4. RSHUTDOWN
5. engine cleanup (unset all variables and state)

View Slide

but now PHP is in each httpd process

View Slide

even when serving static ﬁles

View Slide

APACHE PROCESS MODELS
• mpm_prefork creates worker processes 
(each with a PHP)
• mpm_worker uses threads 
(so you need ZTS, and stuff will generally crash a lot)
• mpm_event uses an event loop 
(best, but you can't embed something like PHP at all)

View Slide

so... what do we do?

View Slide

¯\_(ツ)_/¯

View Slide

"let's just use Nginx!"

View Slide

FastCGI

View Slide

protocol similar to CGI, but over a socket

View Slide

persistent server process

View Slide

old fcgi SAPI: web server manages FastCGI child processes

View Slide

newer FPM: PHP manages its own child processes' lifecycle

View Slide

no overhead in web server for static content

View Slide

web server can use threading or whatever

View Slide

still re-executes from ~RINIT for each request

View Slide

still bootstraps Symfony/Laravel/… on each request

View Slide

RUBY & PYTHON

View Slide

Rack & WSGI

View Slide

RUBY/RACK
app = Proc.new do |env|
['200', {'Content-Type' => 'text/plain'}, ['Hello World']]
end
def application(environ, start_response):
start_response('200 OK', [('Content-Type', 'text/plain')])
yield 'Hello World\n'
PYTHON/WSGI

View Slide

THE RACK/WSGI STACKS
1. Web server: 
Unicorn, Gunicorn, Puma, Tornado, Nginx with
Phusion Passenger, Apache with mod_wsgi, ...
2. Middlewares: 
Routing, authentication, ﬁltering, post-processing, ...
3. Application/framework: 
Rails, Django, Sinatra, Flask, ...

View Slide

NATIVE PHP WEB SERVERS

View Slide

PHP IS NOW READY
• PHP 7+ performance is amazing
• Almost all engine errors are catchable since PHP 7
• Signal handling without ticks in PHP 7.1
• Concurrency frameworks and event lib extensions

View Slide

FRAMEWORKS FOR EVENT-
DRIVEN NON-BLOCKING I/O
• http://reactphp.org
• https://icicle.io
• http://amphp.org

View Slide

IT'S ALL A REACTOR
echo "-- before run()\n";
Amp\run(function() {
Amp\repeat(function() {
echo "tick\n";
}, $msInterval = 1000);
Amp\once("Amp\stop", $msDelay = 5000);
});
echo "-- after run()\n";

View Slide

SIMPLE WEB SERVER, ReactPHP
$app = function ($request, $response) {
$response->writeHead(200, array('Content-Type' => 'text/plain'));
$response->end("Hello World\n");
};
$loop = React\EventLoop\Factory::create();
$socket = new React\Socket\Server($loop);
$http = new React\Http\Server($socket, $loop);
$http->on('request', $app);
$socket->listen(1337);
$loop->run();

View Slide

https://github.com/M6Web/PhpProcessManagerBundle & https://github.com/php-pm/php-pm

View Slide

$kernel = new AppKernel('prod', false);
$reactHttp->on('request', function ($request, $response) use ($kernel) {
$headers = $request->getHeaders();
if (in_array(strtoupper($request->getMethod()), ['POST','PUT','DELETE','PATCH'])
&& isset($headers['Content-Type'])
&& (0 === strpos($headers['Content-Type'], 'application/x-www-form-urlencoded'))
)
parse_str($request->getBody(), $post);
$sfRequest = new Symfony\Component\HttpFoundation\Request(
$request->getQuery(),
$post ?? [],
array(),
array(),
$request->getFiles(),
array(),
$request->getBody()
);
$sfRequest->setMethod($request->getMethod());
$sfRequest->headers->replace($headers);
$sfRequest->server->set('REQUEST_URI', $request->getPath());
if (isset($headers['Host']))
$sfRequest->server->set('SERVER_NAME', explode(':', $headers['Host'])[0]);
$sfResponse = $kernel->handle($sfRequest);
$response->writeHead($sfResponse->getStatusCode(), $sfResponse->headers->all());
$response->end($sfResponse->getContent());
$kernel->terminate($request, $response);
});

View Slide

WHAT BECOMES POSSIBLE

View Slide

speeeeeeeeeed :)

View Slide

http://marcjschmidt.de/blog/2014/02/08/php-high-performance.html

View Slide

processing request data while it's still uploading

View Slide

handling Web Sockets in the same process

View Slide

git clone project && cd project && composer install && php server.php

View Slide

WHAT BECOMES IMPOSSIBLE

View Slide

native session handling

View Slide

ignoring memory leaks

View Slide

MAYBE, IN A BRIGHT FUTURE...

View Slide

PSR-7 (HTTP Message Interface) + PSR-15 (HTTP Middlewares) = ultimate interop :)

View Slide

a universe of useful middlewares :)

View Slide

competition between different native web servers :)

View Slide

"legacy" server that runs in FPM SAPI and translates a request :)

View Slide

"legacy" middleware that runs in new server and populates $_GET and friends :)

View Slide

READING MATERIAL
• https://gnugat.github.io/2016/04/13/super-speed-sf-react-php.html
• http://blog.kelunik.com/2015/09/20/getting-started-with-amp.html
• http://blog.kelunik.com/2015/10/21/getting-started-with-aerys.html
• http://blog.kelunik.com/2015/10/20/getting-started-with-aerys-
websockets.html
• http://marcjschmidt.de/blog/2014/02/08/php-high-performance.html
• http://marcjschmidt.de/blog/2016/04/16/php-high-performance-reactphp-
jarves-symfony-follow-up.html

View Slide

The End

View Slide

THANK YOU FOR LISTENING!
Questions? Ask me: @dzuelke & [email protected]

View Slide

Your next Web server will be written in... PHP

Your next Web server will be written in... PHP

David Zuelke

More Decks by David Zuelke

Other Decks in Programming

Featured

Transcript