Upgrade to Pro
— share decks privately, control downloads, hide ads and more …
Speaker Deck
Features
Speaker Deck
PRO
Sign in
Sign up for free
Search
Search
nginx for SilverStripe
Search
Philipp Krenn
October 03, 2014
Programming
1
3.3k
nginx for SilverStripe
Why and how you should be using nginx for your SilverStripe sites — SilverStripe Europe 2014
Philipp Krenn
October 03, 2014
Tweet
Share
More Decks by Philipp Krenn
See All by Philipp Krenn
Full-Text Search Explained
xeraa
11
2.2k
360° Monitoring of Your Microservices
xeraa
7
3.4k
Scale Your Metrics with Elasticsearch
xeraa
4
140
YAML Considered Harmful
xeraa
0
2.1k
Scale Your Elasticsearch Cluster
xeraa
1
310
Hands-On ModSecurity and Logging
xeraa
2
190
Centralized Logging Patterns
xeraa
1
1.1k
Dashboards for Your Management with Kibana Canvas
xeraa
1
470
Make Your Data FABulous
xeraa
3
890
Other Decks in Programming
See All in Programming
「Cursor/Devin全社導入の理想と現実」のその後
saitoryc
0
770
ふつうの技術スタックでアート作品を作ってみる
akira888
0
460
Railsアプリケーションと パフォーマンスチューニング ー 秒間5万リクエストの モバイルオーダーシステムを支える事例 ー Rubyセミナー 大阪
falcon8823
5
1.1k
スタートアップの急成長を支えるプラットフォームエンジニアリングと組織戦略
sutochin26
0
4.2k
Node-RED を(HTTP で)つなげる MCP サーバーを作ってみた
highu
0
120
『自分のデータだけ見せたい!』を叶える──Laravel × Casbin で複雑権限をスッキリ解きほぐす 25 分
akitotsukahara
2
620
LINEヤフー データグループ紹介
lycorp_recruit_jp
0
2.2k
たった 1 枚の PHP ファイルで実装する MCP サーバ / MCP Server with Vanilla PHP
okashoi
1
230
PHP 8.4の新機能「プロパティフック」から学ぶオブジェクト指向設計とリスコフの置換原則
kentaroutakeda
2
750
Discover Metal 4
rei315
2
120
ソフトウェア品質を数字で捉える技術。事業成長を支えるシステム品質の マネジメント
takuya542
1
11k
GraphRAGの仕組みまるわかり
tosuri13
8
530
Featured
See All Featured
Site-Speed That Sticks
csswizardry
10
680
Practical Orchestrator
shlominoach
188
11k
The Web Performance Landscape in 2024 [PerfNow 2024]
tammyeverts
8
680
Exploring the Power of Turbo Streams & Action Cable | RailsConf2023
kevinliebholz
34
5.9k
Agile that works and the tools we love
rasmusluckow
329
21k
[RailsConf 2023 Opening Keynote] The Magic of Rails
eileencodes
29
9.5k
How to Ace a Technical Interview
jacobian
277
23k
Music & Morning Musume
bryan
46
6.6k
The Straight Up "How To Draw Better" Workshop
denniskardys
234
140k
What's in a price? How to price your products and services
michaelherold
246
12k
Imperfection Machines: The Place of Print at Facebook
scottboms
267
13k
Rebuilding a faster, lazier Slack
samanthasiow
82
9.1k
Transcript
Philipp Krenn, @xeraa
GSoC student 2007 Book 2011 GSoC mentor 2012 SilverStripe Austria
meetup
Why?
there's this russian server nginx. all the porn sites use
it. it must be decent. 1 Jonathan Vanasco, http://www.destructuring.net/2006/10/09/nginx/
Subversion vs Git
I only believe in statistics that I doctored myself. (Winston
Churchill) http://w3techs.com/technologies/ cross/web_server/ranking
None
Apache is like Microsoft Word, it has a million options
but you only need six.
nginx does those six things, and it does five of
them 50 times faster than Apache. 1 Chris Lea, http://maisonbisson.com/post/12249/chris- lea-on-nginx-and-wordpress/
What?
Public launch in 2004 by Igor Sysoev http://www.rambler.ru BSD licensed
(two-clause)
Stable 1.6.2, Preview 1.7.6 C, cross-platform Commercial support from Nginx
Inc.
Features Load balancer Reverse proxy TLS/SSL (SNI), SPDY,... support
Users WordPress.com app server + load balancer Static content on
GitHub SSL termination Wikipedia
nginx is a lightweight event-driven reverse proxy for web and
mail services. 1 http://nginx.org
Great! But...
...it doesn't work the Apache way For example .htaccess
Performance For every request, check every directory, read and parse
every file Changes effective immediately
Example http://example.com/assets/Uploads/ gallery/image.jpg
None
Apache Thread / process-oriented Spawn a process for each connection
(1MB+ RAM) Apache 2.4 multi-process mode reduces memory usage
Problem 200KB response Milliseconds to generate or retrieve 10s to
transmit at 160kbps (20KB/s) 1000 connections :(
it's time for web servers to handle ten thousand clients
simultaneously 1 Daniel Kegel
C10K challenge nginx solution: Event- driven architecture
Event-driven Single nonblocking thread (one process per core) — node.js,
Redis,... Stable memory usage, no context switches
Event-driven Receive request, trigger events in a process Process handles
events, returns output http://en.wikipedia.org/wiki/Reactor_pattern
http://www.aosabook.org/en/nginx.html#fig.nginx.arch
However... PHP is blocking node.js isn't — similar to nginx
Details "The Architecture of Open Source Applications" http://www.aosabook.org/en/ nginx.html
PHP-FPM FastCGI Process Manager, included in PHP 5.3.3+ Standalone process
like MySQL, Memcached,...
How?
Install (Ubuntu) $ sudo apt-get update && sudo apt-get install
nginx php5-fpm -y
Base nginx http { include mime.types; default_type application/octet-stream; access_log /var/log/nginx/access.log;
error_log /var/log/nginx/error.log debug; sendfile on; keepalive_timeout 65; gzip on;
SilverStripe projects server { root /Users/philipp/Sites/silverstripe-30; server_name silverstripe-30.local; include _silverstripe3;
} server { root /Users/philipp/Sites/silverstripe-31; server_name silverstripe-31.local; include _silverstripe3; }
_silverstripe3 error_page 404 /assets/error-404.html; error_page 500 /assets/error-500.html; location ~* ^.+.(htm|html|jpg|jpeg|gif|png|svg|ico|css|
zip|tgz|gz|rar|bz2|doc|docx|xls|xlsx|pdf| ppt|pptx|txt|tar|mid|midi|wav|bmp|rtf|js)$ { access_log off; expires max; }
_silverstripe3 location ~* \.php$ { fastcgi_keep_conn on; fastcgi_split_path_info ^(.+\.php)(/.+)$; fastcgi_pass
unix:/var/run/php-fpm.sock; fastcgi_index index.php; include fastcgi.conf; fastcgi_read_timeout 120; fastcgi_connect_timeout 60; fastcgi_send_timeout 120; fastcgi_buffer_size 64k; fastcgi_buffers 4 65k; fastcgi_busy_buffers_size 128k; }
_silverstripe3 location / { try_files $uri @silverstripe; } location @silverstripe
{ fastcgi_keep_conn on; fastcgi_split_path_info ^(.+\.php)(/.+)$; fastcgi_pass unix:/var/run/php-fpm.sock; fastcgi_index index.php; include fastcgi.conf; fastcgi_read_timeout 120; fastcgi_connect_timeout 60; fastcgi_send_timeout 120; fastcgi_buffer_size 64k; fastcgi_buffers 4 65k; fastcgi_busy_buffers_size 128k; fastcgi_param SCRIPT_FILENAME $document_root/framework/main.php; fastcgi_param SCRIPT_NAME /framework/main.php; fastcgi_param QUERY_STRING url=$uri&$args; }
_silverstripe3 # CMS & Framework .htaccess rules location ~ ^/(cms|framework|mysite)/.*\.(php|php[345]|phtml|inc)$
{ deny all; } location ~ ^/(cms|framework)/silverstripe_version$ { deny all; } location ~ ^/framework/.*(main|static-main|rpc|tiny_mce_gzip)\.php$ { allow all; }
_silverstripe3 # Don't execute scripts in the assets folder location
^~ /assets/ { sendfile on; try_files $uri $uri/ =404; } location ~ ^/silverstripe-cache { deny all; } location ~ ^/logs { deny all; }
_silverstripe3 location ~ ^/(vendor|composer.json|composer.lock) { deny all; } location ~
\.yml$ { deny all; } location ~ \.ss$ { satisfy any; allow 127.0.0.1; deny all; } location ~ /\. { deny all; }
Show me some benchmarks
None
http://wiki.dreamhost.com/ Web_Server_Performance_Comparison 25,000 requests, 5KB PNG $ ab -n 25000
-c 50 http://example.com/ logo.png Concurrency 50, 100, 500, 1000, 1500, 2000, 2500, 3000
None
None
Benchmark your projects Build Benchmark Repeat
Solution? Is this your bottleneck? Could you configure Apache to
be fast (enough)? Is PHP-FPM the solution?
Nevertheless...
None
Questions?
PS: PHP Secure Configuration Checker
https://github.com/sektioneins/pcc SektionEins (Suhoshin) PHP 5.4+ BSD license
Security checks Critical: Fix this NOW Example: Register globals
Security checks High: You should really look at this Example:
Allow URL fopen
Security checks Medium: This might be a problem Example: Display
errors on
Security Checks Low: Boring stuff Example: Execution time > 300s
Security checks Maybe: Not sure, check manually Example: Memory limit
> 128MB
Security checks Comment: Just mentioning it Example: Upload max filesize
is the default (8MB)
Modes CLI Web
Web security 127.0.0.1 mtime < 2d
How good / bad are the Ubuntu 14.04 defaults? nginx
+ PHP-FPM
None
Give it a try https://github.com/xeraa/ppc-test Vagrant — more tomorrow
Conclusion: Simple but gets the job done