2. Target Audience
Target Audience
• WordCamp Philippines 2010
p pp
– Developer Track talks
– Netrepreuneurs
– VPS U
VPS Users
• This is Not
This is Not
– For change‐resistant people
– For those afraid of the unix shell
– For those on shared hosting
– For those looking for a talk on MS IIS or Microsoft
Anything.
3. Why Optimize?
Why Optimize?
• Visitors Attention span is small.
p
– Need to load FAST
• Google ranks faster loading pages higher than
slow ones
l
• Be ready to get slashdott’d or digg’d
• Save money on server costs
Save money on server costs.
• Save sleep and reduce server downtime.
• Offer more value and specialization to your
Offer more value and specialization to your
clients.
• Increase your lifespan and overall happiness!
4. Serving your PHP: Quick History
Serving your PHP: Quick History
• The web outgrows CGI ‐> mod php for Apache
e eb outg o s CG od_p p o pac e
intro’d around same time as FastCGI (~1995)
p g g p
• The practice of bundling a single interpreted
instance of php with the httpd became more
prevalent and FastCGI fell to wayside.
• For the past 15 yrs Apache has dominated the
Internet’s httpd server landscape. To this day,
57.12% of all sites run on Apache. Addntly,
57 12% of all sites run on Apache Addntly
mod_php is the most popular apache module,
running on over 20mm hosts as of 4/2007.
g /
5. mod_php
mod php weaknesses
• Slow, Fat &Insecure
S o , at & secu e
• Bloated footprint.
– Every httpd process is tied to the mod_p p
y p p php
interpreter. This means all files, incl. css, js are served
with mod_php tied to httpd. Unnecessary and set
trend for development of non threaded php
trend for development of non‐threaded php
extensions
• Security
– Every php script must be run by the user defined in
your httpd.conf. Different scripts all have same non‐
privileged access creating a security vulnerability
privileged access creating a security vulnerability
6. OSS Proliferation
OSS Proliferation
• The proliferation of open source software has
The proliferation of open source software has
created netrepreneurs and a need: Affordable
Performance and Scalability.
Performance and Scalability
• There are many alternatives now to fill the
void left by Apache and mod_php. Today we
void left by Apache and mod php Today we
cover the russian NGINX (engine‐X) httpd
proxy serving to php‐fpm (forked process
proxy serving to php fpm (forked process
manager) sockets.
7. What is NGINX?
What is NGINX?
• Nginx is a lightweight high‐performance
is a lightweight, high performance
reverse proxy load balancer web server
• Best known user is Russian search engine
Best known user is Russian search engine,
rambler. 500,000,000 requests per day
• N i i
Nginx is asynchronous and event‐driven ,
h d di
‘streaming’, apache is threaded and slower
8. Performance Comparison
Performance Comparison
• First, let’s talk an Apples vs. Apples comparison,
, pp pp p ,
(OS, Hardware & benchmarking tools) both
Tested on:
– Virtual Images: Sun VirtualBox OSE v3 2 8 on debian
Virtual Images: Sun VirtualBox OSE v3.2.8 on debian‐
6.0‐unstable guest
– Intel Core Duo 1.667GHz
– 1024MB RAM
– Debian‐5.0‐STABLE, kernel 2.6.26‐2
– siege 2 66
siege 2.66
– ab 2.3
– wordpress 3.0.1
9. httpd details
• Apache Image
Apache Image
– Apache 2.2.9 mpm‐prefork
– Php 5 2 6 mod php
5.2.6 mod_php
– All installed using .deb packages
• nGINX I
GINX Image
– PHP 5.3.3 w/ php‐fpm
– Nginx/0.7.67
– Both built from source
10. Benchmark Test Details
Benchmark Test Details
• Wireless connection out to router ~50m away
y
and back to VM Image. Ping time <1ms
• Tested a medium sized wp‐blog index page with
full range of plugins
full range of plugins enabled
• Siege Tests (3 Tests ea.)
– 360s Each
360s Each
– 3 Concurrency Levels: 15, 40, 90
• ApacheBench Tests (3 Tests ea.)
– 1000 Requests
– 3 Concurrency Levels, 15, 40, 90
16. Siege Test: 90 Concurrent Connections
Total MB Transf’rd – Shortest – Longest Response
400
350
300
250
200 apache
nginx
150
100
50
0
data transferred (MB) shortest response time (ms) longest response time (ms)
90 apache nginx
data transferred
(MB) 0.04 6.47
shortest response
time (ms) 0 1.55
Apache Image
Apache Image
longest response
time (ms) 360 20.82 Crashed!!!!
17. Apache ….. Come on!
Apache ….. Come on!
• Apache used so much memory, drove load avg
beyond 40, here you see mysqld kernel panic
18. A Quick Word on Virtualized
Development
l
• Since I’ve been in the RP I easily get frustrated when on a
remote ssh developing and my internet or power goes out.
Or, I need to work and the venues wifi isn’t working.
– Use VirtualBox images for ‘local development’
– Build a standard wordpress image – You can use it over and over
again.
– Edit your local /etc/hosts file to match the intended hostname
of the final product; point at the IP of your image.
of the final product; point at the IP of your image
– Develop and have fun.
– You WILL save time, hair and your health this way. You’ll also be
able to get more work done.
able to get more work done
– When you’re done then dump your db, tar your wp dir up and
scp her over to the target server.
19. Build nginx from source
Build nginx from source
• Instructions conf files and init scripts up at
Instructions , conf files and init scripts up at
• Dependencies
– Lib
Libevent t
– Init.d script
– Fastcgi_params.conf
– Wordpress_params.conf (for clean urls)
– Debian‐style vhost dir’s /sites‐available /sites‐
enabled
20. Build php & php fpm from source
Build php & php‐fpm from source
• Cool points about php‐fpm:
– Can run as many php instances as you want on different ports, users, mem
h d ff
limits, timeouts, etc, etc. Each application can have it’s own ‘virtualized’ php
installation. These php processes are totally de‐coupled from the webserver.
This leaves the webserver to do what it does best – SERVE to the appropriate
handler.
handler
• Dependencies, Instructions , conf files and init scripts up at
http://bit.ly/9vkDBA
• Long story short is
– Download 5.3.3‐stable, the fpm is built‐in.
– Use ./configure –help to see all build flags
– At the end you’re going to want to look over and customize the php‐fpm.conf,
p p ,
php.ini , and build an init.d script
p
• Php‐fpm.conf
– Change default log location to your liking
– Change pid to match your init.d script
– Tweak the process manager. Set the ‘harakiri’ process suicide timeout
21. Install memcached
Install memcached
• Instructions conf files and init scripts up at
Instructions , conf files and init scripts up at
http://bit.ly/9vkDBA
• Dependencies
– libmemcached‐0.41
– sqlite3
li 3
22. Optimizations for Wordpress
Optimizations for Wordpress
• Plugins
– Quotemarks replacer
• Disables wptexturize function Saves cpu from constant
Disables wptexturize function. Saves cpu from constant
regex search.
• http://wordpress.org/extend/plugins/quotmarks‐
replacer/
– FlexiCache
• http://wordpress.org/extend/plugins/flexicache/
• Use memcached
23. Common Security Exploits
Common Security Exploits
• mysql not behind iptables
not behind iptables
• Php internal port not behind iptables
• ssh allowing password and keyless access
h ll i d dk l
• ssh not on a non‐standard port
25. Thank you
Thank you
• Thank you to the sponsors and to you for
Thank you to the sponsors and to you for
attending WordCamp Philippines.
• Go get ‘em!
• ‐Eric Malloy
• AT
A‐Team Solution
S l ti
• Revision 0.01 01/10/2010