On 07/26/2018 04:48 PM, Arun Khan wrote:
<preamble> I have deployed Linux/Apache/PHP (node1) + MySQL (node2) with Security Groups (AWS) or iptables controlling who can connect to the MySQL server. In topology terms -- a 2 Tier architecture. In AWS - one can deploy several such instances behind a ELB. Each LAP instance talks to a MySQL RDS. The LAP instances are either mod_php or PHP-FPM. OS -- CentOS, Ubuntu. Debian </preamble>
For one of my client's end user customer, their InfoSec team is asking if Apache and the PHP application can run in separate nodes (3 Tier arch).
To the best of my knowledge Apache + PHP (mod_php) have to be in the same node.
With PHP-FPM it is conceivable to have Apache talk to PHP-FPM running on a separate node (see diagram https://goo.gl/xTfbjg). But I have not done it myself and I am not sure if it is feasible.
With my Apache httpd documentation hat on ...
Yes, and this is the recommended way to do it (ie, php-fpm vs mod_php). FPM lets you run the Event MPM with confidence, and that's what you *should* be running. Whereas with mod_php, we still recommend prefork, due to threading issues, and prefork sucks.
If it is feasible then what's the best practice to distribute the *.html *.css and *.php files between the Apache + the PHP-FPM nodes and how to achieve load balance between Apache and PHP-FPM nodes. I have searched but not found any reference setups.
Would appreciate suggestions / references from anyone who has done a 3 Tier Apache + PHP + MySQL deployment in production.
We (the httpd docs team) recommend *.php on the php node, and everything else on the httpd node.
Configure as shown here: https://wiki.apache.org/httpd/PHP-FPM
This is how I run all my websites, although I only do one httpd and one fpm, because my websites aren't exactly high traffic.
For balancing, I guess you can use mod_proxy_balancer to balance between multiple fpm nodes: https://httpd.apache.org/docs/2.4/mod/mod_proxy_balancer.html