CentOS - Jul 2018 - Is decoupling Apache + PHP into separate nodes possible?

<preamble>
I have deployed Linux/Apache/PHP (node1) + MySQL (node2) with Security
Groups (AWS) or iptables controlling who can connect to the MySQL
server.   In topology terms -- a 2 Tier architecture.  In AWS - one
can deploy several such instances behind a ELB.  Each LAP instance
talks to a MySQL RDS.  The LAP instances are either mod_php or
PHP-FPM.  OS -- CentOS, Ubuntu. Debian
</preamble>

For one of my client's end user customer, their InfoSec team is asking
if Apache and the PHP application can run in separate nodes (3 Tier
arch).

To the best of my knowledge Apache + PHP (mod_php) have to be in the same node.

With PHP-FPM it is conceivable to have Apache talk to PHP-FPM running
on a separate node (see diagram https://goo.gl/xTfbjg).
But I have not done it myself and I am not sure if it is feasible.

If it is feasible then what's the best practice to  distribute the
*.html *.css and *.php files between the Apache + the PHP-FPM nodes
and how to achieve load balance between Apache and PHP-FPM nodes.  I
have searched but not found any reference setups.

Would appreciate suggestions / references from anyone who has done a 3
Tier Apache + PHP + MySQL deployment in production.

Thanks in advance.

--
Arun Khan
"Everyone has an expiration date"

On 07/26/2018 04:48 PM, Arun Khan wrote:
> <preamble>
> I have deployed Linux/Apache/PHP (node1) + MySQL (node2) with Security
> Groups (AWS) or iptables controlling who can connect to the MySQL
> server.   In topology terms -- a 2 Tier architecture.  In AWS - one
> can deploy several such instances behind a ELB.  Each LAP instance
> talks to a MySQL RDS.  The LAP instances are either mod_php or
> PHP-FPM.  OS -- CentOS, Ubuntu. Debian
> </preamble>
> 
> For one of my client's end user customer, their InfoSec team is asking
> if Apache and the PHP application can run in separate nodes (3 Tier
> arch).
> 
> To the best of my knowledge Apache + PHP (mod_php) have to be in the same
node.
> 
> With PHP-FPM it is conceivable to have Apache talk to PHP-FPM running
> on a separate node (see diagram https://goo.gl/xTfbjg).
> But I have not done it myself and I am not sure if it is feasible.
With my Apache httpd documentation hat on ...

Yes, and this is the recommended way to do it (ie, php-fpm vs mod_php). 
FPM lets you run the Event MPM with confidence, and that's what you 
*should* be running. Whereas with mod_php, we still recommend prefork, 
due to threading issues, and prefork sucks.
> If it is feasible then what's the best practice to  distribute the
> *.html *.css and *.php files between the Apache + the PHP-FPM nodes
> and how to achieve load balance between Apache and PHP-FPM nodes.  I
> have searched but not found any reference setups.
> Would appreciate suggestions / references from anyone who has done a 3
> Tier Apache + PHP + MySQL deployment in production.
We (the httpd docs team) recommend *.php on the php node, and everything 
else on the httpd node.

Configure as shown here: https://wiki.apache.org/httpd/PHP-FPM

This is how I run all my websites, although I only do one httpd and one 
fpm, because my websites aren't exactly high traffic.

For balancing, I guess you can use mod_proxy_balancer to balance between 
multiple fpm nodes: 
https://httpd.apache.org/docs/2.4/mod/mod_proxy_balancer.html

-- 
Rich Bowen - rbowen at redhat.com
@CentOSProject // @rbowen
859 351 9166

On Thu, Jul 26, 2018 at 2:03 PM, Rich Bowen <rbowen at redhat.com>
wrote:
>
Thanks very much for your reply.
> On 07/26/2018 04:48 PM, Arun Khan wrote:
>>
>>
>> With PHP-FPM it is conceivable to have Apache talk to PHP-FPM running
>> on a separate node (see diagram https://goo.gl/xTfbjg).
>> But I have not done it myself and I am not sure if it is feasible.
>
>
> With my Apache httpd documentation hat on ...
>
> Yes, and this is the recommended way to do it (ie, php-fpm vs mod_php). FPM
> lets you run the Event MPM with confidence, and that's what you
*should* be
> running. Whereas with mod_php, we still recommend prefork, due to threading
> issues, and prefork sucks.
>
That's what I have read and lately I've been deploying PHP-FPM (v/s
the default mod_PHP) but  Apache+PHP-FPM have been on the same node.
>> If it is feasible then what's the best practice to  distribute the
>> *.html *.css and *.php files between the Apache + the PHP-FPM nodes
>> and how to achieve load balance between Apache and PHP-FPM nodes.  I
>> have searched but not found any reference setups.
>
>
>> Would appreciate suggestions / references from anyone who has done a 3
>> Tier Apache + PHP + MySQL deployment in production.
>
>
> We (the httpd docs team) recommend *.php on the php node, and everything
> else on the httpd node.
>
I was thinking in similar lines but was not sure if it would work.
Your recommendation helps clarify the setup.
> Configure as shown here: https://wiki.apache.org/httpd/PHP-FPM
>
Yes.  I got started with Apache + PHP-FPM from this link and it has
been a bookmark for a few months :)
> This is how I run all my websites, although I only do one httpd and one
fpm,
> because my websites aren't exactly high traffic.
>
I do not anticipate heavy traffic.  I could probably get by with
single nodes in each tier.  But I would like keep the setup scalable,
so when the traffic load goes up, I am not scrambling for a fix (under
pressure).
> For balancing, I guess you can use mod_proxy_balancer to balance between
> multiple fpm nodes:
> https://httpd.apache.org/docs/2.4/mod/mod_proxy_balancer.html
>
I'll take a look at it.

Thanks again for your insight.

-- Arun Khan