Image may be NSFW.
Clik here to view.
What’s the preferred way to setup a privilege separated, shared environment with Apache2 security and performance wise? I’d like to run each virtualhost under a different user/group and handle PHP requests as fast as possible.
Image may be NSFW.
Clik here to view.
I’d favour FastCGI + php-fpm for this. With php-fpm you can set each pool to listen on a separate port (or socket) and define the user/group as well as additional parameters of the pool (e.g. chroot directory, php_openbasedir, servers to start, environment variables, memory limit, etc). Setup FastCGI in Apache, and use FastCGIExternalServer to point to the specific php-fpm pool you wish to use. (Create one pool per virtualhost, with the correct user/group, and other restrictions (open_basedir, chroot, etc).
(I believe the previous option would have been FastCGI with suexec, but php-fpm does offer quite an improvement over this).
It is worth nothing that FastCGI is actually slower than mod_php for serving a single request – however, it is usually sufficiently fast, and can handle concurrency fast better than mod_php.
Check more discussion of this question.
