Slashdot Mirror

← Back to Stories (view on slashdot.org)

Is Apache 2.0 Worth the Switch for PHP?

Posted by michael on from the play-nicely-children dept.

An anonymous reader writes "It seems like some of the members of the Apache Software Foundation are a little angry with the PHP Community because they don't recommend using Apache 2.0 with PHP. Since PHP is installed on half of all Apache servers this is a major issue for them. A number of high-profile PHP community members such as John Coggeshall and Chris Shiflett have blogged about this decision in light of a recent posting by Apache Software Foundation Member Rich Bowen which called PHP's anti-Apache2 stance FUD. Is there any real reason for the PHP community to start recommending Apache 2.0, especially when the 1.3.x series of Apache is rock solid and proven? Note Rich did later commend PHP for being a great product, so it's not all flames."

14 of 465 comments (clear)

  1. PHP used to be an ASF project by gtrubetskoy · · Score: 5, Interesting

    I should probably be noted that PHP used to be an official Apache Software Foundation project until it was mutually agreed to end this relationship. I have no clue as to what the underlying reasons were and as an ASF member myself would rather not speculate on this. See ASF Board Meeting Minutes for Feb 2004 (section 5.G).

    P.S. Apache 2.0 is great and there is no reason not to use it IMO.

    1. Re:PHP used to be an ASF project by Bert64 · · Score: 3, Interesting

      This would be a huge headache for people who provide webhosting tho..
      For instance, i am unable to upgrade my server to php5 because many customer code won't run correctly on it.. But before too long, we will have customers demanding php5 because their code doesn't work on 4..

      --
      http://spamdecoy.net - free throwaway anonymous email - avoid spam!
  2. It's a threading issue by Bruce+Perens · · Score: 5, Interesting
    Either PHP itself, or many PHP applications, are not written to deal with the multi-threading offered by Apache 2.0 . So, it seems, you will do best if you install one of the less optimal threading models. And then you lose much of the benefit of Apache 2.

    Apache 2 and a recent Linux kernel come pretty close to the theoretical limits of the hardware when it comes to serving static content. It just loafs along while saturating whatever net connection you give it. It's worth trying out.

    Bruce

    --
    Bruce Perens.
  3. No need to switch ... by Anonymous Coward · · Score: 5, Interesting

    I run a FreeBSD server with Apache 1.3.33 and PHP 4.3.10. When I was upgrading it a week or two ago to FreeBSD 5.3, I thought about making the switch to Apache 2.0. But then I thought ... What is that going to bring me?

    Apache 1.3 has been working flawlessly for me. Until I have a compelling need to switch to Apache 2.0, I'm not going to. I understand that there are some nifty new features in Apache 2.0, but not a single one of them is something that I want/need.

    This, I think, is the primary reason why people aren't going to Apache 2.0 in droves, not the PHP team's "FUD".

  4. Re:FUD in it's purest form ... by Raxxon · · Score: 3, Interesting

    This was the major reason that PHP has been said not to be used with Apache2. It has NOTHING to do with Apache, it's potential security issues with PHP and some non-thread-safe **EXTERNAL** libs. 95% of it is security related issues. If you're willing to pay attention to your server (like all good admins are supposed to do) there's no real problems that I've seen.

  5. Using PHP on Apache 2.0 right now. by suso · · Score: 4, Interesting

    I'm using PHP on Apache 2.0 production servers right now. Honestly, I can say that PHP is more at fault for its own problems. I think that having lots of configurable options for a programming language is a bad idea. It leads to applications working on one installation of PHP, but not another. Administrators who enable things like safe_mode and turn off register_globals on shared servers are made fun of by ignorant programmers who don't understand what safe_mode is for and its usefulness. I have encountered all of this.

    The one thing that I wish PHP would take advantage of in Apache 2.0 is the ability to run code as a user other than the web server. Every time I bring this up with the PHP developers, nobody really runs with it. A feature like this would make PHP much better in shared systems and prevent people from having to do weird things to ensure security. I guess PHP is not that great for shared systems right now.

  6. What extensions? by bucky0 · · Score: 3, Interesting

    Is there a list somewhere of extensions that are known to be non-thread safe? Or do I need to just test them one by one?

    --

    -Bucky
  7. Re:Homegrown apps are one thing... by Bruce+Perens · · Score: 3, Interesting
    I suspect, and here I'm out on a limb, that it's a fundamental architecture issue. PHP simply did not have global thread-safety as a design goal. And thus it could be difficult to remedy at this late date, especially if it's to be done without breaking things.

    Bruce

    --
    Bruce Perens.
  8. I think they're right by jeif1k · · Score: 3, Interesting

    PHP prides itself on being an easy-to-use language for web applications, and it succeeds. Unfortunately, Apache hasn't become any easier to install and configure between 1.x and 2.x; in fact, if anything, I think it has gotten overall worse. That's why Apache 1.x is a better match to PHP than Apache 2.x. If Apache wants 2.x to be a better match with PHP, then Apache needs to address the problems the PHP community sees with 2.x.

    Personally, I'd like to see more server alternatives to Apache anyway. I think there should be a handful of FOSS web servers capable of hosting PHP, web servers that make different kinds of tradeoffs between performance, security, and ease-of-use. The huge market share that Apache has, from my point of view, is a problem, just like the huge market share that Microsoft has in other areas.

  9. Apache Tweak. by DarkHelmet · · Score: 5, Interesting
    I've been running Apache 2.0 for the past year or so, without any problems whatsoever.

    The problem is running apache in WORKER or PERCHILD MPM modes. Those are the ones that are using threading.

    What I'd recommend to anyone who wants to have a robust, fast apache implementation is to do the following:

    • Setup a version of Apache on port 80 that runs worker MPM. Use this version for serving images and html files.
    • Setup a separate version of apache (port 9000 or whatever) on prefork that runs all CGI / PHP based stuff.
    • Proxy requests matching PHP / CGI / etc to the port 9000 version of apache.

    There you go... performance increase for 75% of serving requests.

    P.S: Avoid perchild at all costs!

    --
    /^[A-Z0-9._%+-]+@[A-Z0-9.-]+\.[A-Z]{2,4}$/i
  10. Re:Apache2: The only choice for Win32 by JimDabell · · Score: 3, Interesting

    I'd gladly ask the Apache and PHP guys to fix their "nobody" user problem, and start PHP with separate accounts.

    Apache 2 threaded MPMs can run different vhosts under different users, so this has been fixed for over two years. If PHP was thread-safe, you wouldn't have a problem, but as this story highlights, PHP doesn't play nice with threads.

  11. Re:FUD in it's purest form ... by Matt+Perry · · Score: 4, Interesting

    Because v2 is more powerful. Filter chains for one. You can have the output routed through various modules and even shell commands before it's served up to the user. For example, if you want the output of a CGI to then go through server side includes expansion, then gzipped and served to the user. Apache 1.x doesn't have that kind of flexability.

    --
    Slashdot: Failed Car Analogies. Amateur Lawyering. Anecdote Battles.
  12. Re:FUD in it's purest form ... by JabberWokky · · Score: 4, Interesting
    Several of the libraries are commercial software interfaces. I have no idea how many (if any) are unsafe, but they are things like interfaces to Oracle, commercial layout software, etc.

    As for putting a lock around them, I'd imagine that when that happens, it would be considered thread safe *except*...

    PHP has a user contributed library system similar to CPAN called PEAR. Some of the libraries in PEAR aren't threadsafe... and even if somebody went through and updated them, next week there will be several new one that are not threadsafe.

    Now, all of this would be moot if there were a compelling reason to push to Apache2. The impetus would be there to do the work. But, right now, the last of the 1.x series is just as stable and performs as well as Apache2. That means that there's simply no reason to do the work, and Open Source doesn't like to do unnecessary work.

    When there is a benefit to the ongoing work necessary to make it and *keep* it threadsafe, it will likely be done.

    --
    Evan "And yes, I realize the irony of saying how Open Source works in this reply"

    --
    "$30 for the One True Ring. $10 each additional ring!" -- JRR "Bob" Tolkien
  13. Re:apache2 is essential for Windows by Evil+Grinn · · Score: 3, Interesting

    However, the issue is that many PHP extensions are not threadsafe. This becomes an issue on Windows because the default MPM is multithreaded, while the default MPM for UNIX is multiprocess.

    It all goes back to Windows NT being designed from the beginning to enourage the use of threads, while Unix always favored multiple processes.

    --
    where there's fish, there's cats