There have always been many different ways of setting up Apache and php. Whether it is with SuPHP, a multi-process-module, or simply using the Apache module, each way has pros and cons.
Up until a few days ago I usually stuck with SuPHP – as it was the easiest to setup. However, I got adventurous and tried out the MPM-ITK module – which lets you run a virtual host under a specific username. Unlike SuPHP – ITK will also make apache run as the specified user for everything – static content or dynamic. This will let you close up your public html folders and help keep rogue scripts from editing other users’ files. As an added bonus it also supports other Apache modules, such as Python.
Oh, I almost forgot – it is also fast. Much faster than SuPHP – since it uses the built-in apache module to run php scripts and not a cgi binary. In fact, on my dev box (a custom Intel Atom server) it went from 32 to 75 requests per second for a simple PHP script with ApacheBench (10 concurrent, 500 requests if you’re curious). My production server (the one that hosts this site) went from 100 to 350 for the same script!
While those are artificial benchmarks – the result is undeniable: ITK is faster than SuPHP. While code execution itself is the same – if you get a sudden burst of traffic the speed at which ITK can initialize and load in PHP is much faster than the CGI binary.
So now let’s get into it – how to install, setup, and test MPM-ITK in Ubuntu server:
First off, you have to install the programs:
sudo apt-get install apache2-mpm-itk libapache2-mod-php5
Well, that was easy, no? Now to test it:
echo "<?php system('/usr/bin/id'); ?>" > test.php
For this example I setup a really simple port-based virtual host:
sudo nano /etc/apache2/sites-enabled/me.conf
AssignUserID your_username your_username
Save with ctrl-o and exit with ctrl-x
sudo service apache2 restart
And then load it up in your browser of choice:
If it all went well – it should show your username.
To really test it, simply chmod the file as 600 so it has to be run as the user (or root) to even read it.
chmod 600 ~/public_html/test.php
If it still loads – then you’re all set. MPM-ITK is setup and loading both static and php files as your user.
Now how does it work? The magic line in all of this is “AssignUserID” – in the virtual host declaration. That forces apache to load any files for the host as a specific user and group.