[CentOS] Is decoupling Apache + PHP into separate nodes possible?

Thu Jul 26 21:03:32 UTC 2018
Rich Bowen <rbowen at redhat.com>


On 07/26/2018 04:48 PM, Arun Khan wrote:
> <preamble>
> I have deployed Linux/Apache/PHP (node1) + MySQL (node2) with Security
> Groups (AWS) or iptables controlling who can connect to the MySQL
> server.   In topology terms -- a 2 Tier architecture.  In AWS - one
> can deploy several such instances behind a ELB.  Each LAP instance
> talks to a MySQL RDS.  The LAP instances are either mod_php or
> PHP-FPM.  OS -- CentOS, Ubuntu. Debian
> </preamble>
> 
> For one of my client's end user customer, their InfoSec team is asking
> if Apache and the PHP application can run in separate nodes (3 Tier
> arch).
> 
> To the best of my knowledge Apache + PHP (mod_php) have to be in the same node.
> 
> With PHP-FPM it is conceivable to have Apache talk to PHP-FPM running
> on a separate node (see diagram https://goo.gl/xTfbjg).
> But I have not done it myself and I am not sure if it is feasible.

With my Apache httpd documentation hat on ...

Yes, and this is the recommended way to do it (ie, php-fpm vs mod_php). 
FPM lets you run the Event MPM with confidence, and that's what you 
*should* be running. Whereas with mod_php, we still recommend prefork, 
due to threading issues, and prefork sucks.

> If it is feasible then what's the best practice to  distribute the
> *.html *.css and *.php files between the Apache + the PHP-FPM nodes
> and how to achieve load balance between Apache and PHP-FPM nodes.  I
> have searched but not found any reference setups.

> Would appreciate suggestions / references from anyone who has done a 3
> Tier Apache + PHP + MySQL deployment in production.

We (the httpd docs team) recommend *.php on the php node, and everything 
else on the httpd node.

Configure as shown here: https://wiki.apache.org/httpd/PHP-FPM

This is how I run all my websites, although I only do one httpd and one 
fpm, because my websites aren't exactly high traffic.

For balancing, I guess you can use mod_proxy_balancer to balance between 
multiple fpm nodes: 
https://httpd.apache.org/docs/2.4/mod/mod_proxy_balancer.html

-- 
Rich Bowen - rbowen at redhat.com
@CentOSProject // @rbowen
859 351 9166