对于使用 php 设置共享服务器,您有何建议
从安全/性能的角度来看,您对使用 php 设置共享服务器有何建议?
- Apache mod_php(你如何保护它?除了 safe_mode 之外,因为它不会在 PHP6 中)
- Apache CGI + suexec
- Lighttpd 并为每个用户生成一个 FastCGI
LE:我对使用已经制作的控制面板不感兴趣,因为我尝试编写自己的内容,所以我想知道自己设置此内容的最佳方法是什么。 我正在考虑使用 Lighttpd 并为每个托管用户生成一个 fastcgi,使 fcgi 进程在他的凭据下运行(lighttpd wiki 上有一个关于此的教程)。 这在某种程度上是安全的,但这是否会影响性能(每个 fcgi 所需的大量用户/内存)以至于它不是一个可行的解决方案?
What do you recommend for setting up a shared server with php from a security/performance point of view?
- Apache mod_php (how do you secure that? other than safe_mode as it won't be in PHP6)
- Apache CGI + suexec
- Lighttpd and spawn a FastCGI per user
LE: I'm not interested in using an already made control panel as i'm trying to write my own so i want to know what's the best way to setup this myself.
I was thinking in using Lighttpd and spawn a fastcgi for every hosted user making the fcgi process run under his credentials (there is a tutorial for this on lighttpd wiki).
This would be somewhat secure but would this affect performance (lots of users / memory needed for every fcgi) so much that it's not a viable solution?
如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。
绑定邮箱获取回复消息
由于您还没有绑定你的真实邮箱,如果其他用户或者作者回复了您的评论,将不能在第一时间通知您!
发布评论
评论(4)
就我个人而言,虽然 Lighttpd 还可以,但如果您最终选择轻量级 Web 服务器 + FastCGI 解决方案,我会选择 Nginx + FastCGI。 我已经运行了基准测试并阅读了所有代码,Nginx 在负载下速度更快/更稳定一个数量级——这非常好。
但是,这不是你问的。 本质上,我想说,在您列出的三个选项中存在一系列安全性/可扩展性与速度权衡,您只需要决定您想要的位置。 如果您是共享托管提供商,且不受信任的用户安装了天知道是什么 PHP 应用程序,您将更倾向于安全性,如果这是在更受信任的用户之间共享,您可能会更倾向于性能。 以下是我的想法:
CGI + suexec:就共享托管环境中的用户/站点数量而言,这是迄今为止最安全、最高效/最可扩展的。 仅当请求传入时才会生成进程并使用内存。当然,CGI 生成使其成为单个脚本执行时间最慢的情况。 慢了多少? 好吧,你必须进行基准测试,但通常如果人们运行长时间运行的应用程序(即像 WordPress 这样的应用程序,只需 0.25-0.5 秒即可加载其库并在每个请求上进行初始化),那么 CGI 生成的惩罚开始看起来很漂亮在上下文中可以忽略不计。
FastCGI:这里的问题(无论你的网络服务器是 Apache、Lighttpd 还是 Nginx)是计算出你让每个用户运行多少个 FCGI 子进程,因为每个进程占用的内存相等PHP 解释器的大小(在 Linux 中当然不是所有解释器都是有线的,但我离题了)。 而且,与 mod_php 不同,这些进程不在用户之间共享,因此您必须限制每个用户。 例如,Dreamhost 将其客户的上限设置为 3,现在,对于运行每秒超过 2-5 个页面浏览量的网站的客户来说,这实际上非常糟糕,因为这些请求会堆积起来,导致网站挂起。 现在,当我在专用服务器/集群上运行应用程序时,我喜欢带有轻量级网络服务器的 FastCGI,当我可以为应用程序提供数百个 FCGI 子级时(当然,所有这些都具有网络服务器特权,就像 Apache 那样) /prefork + mod_php)。 但是,我认为这对于共享托管没有意义,您必须为每个用户分配/限制 FCGI 子项。
Apache + mod_php: 最不安全,因为所有内容都通过网络服务器特权运行,但您的实时 PHP 进程池是共享的,因此在性能方面是最好的。 从开发人员的角度来看,我无法容忍 php_safe 模式,从系统管理员的角度来看,这实际上只是安全的幻觉(它可以减轻愚蠢的用户,但不能防止实际的攻击),所以如果我的其他选项必须包括安全模式。
Dreamhost 是一种混合体,他们默认使用 Apache CGI + suexec,但如果他们愿意的话,让一小部分经验丰富的用户选择使用 FCGI,但要遵守上限和他们自己对内存使用情况的监控。 与默认情况下为每个人启用 FCGI 相比,这可以节省大量内存资源。
如果您谈论标准商业共享托管,另一个问题是,Apache 功能齐全,具有几乎所有功能的模块(包括您可能想要的 mod_security 之类的东西),并且您的用户会喜欢它,因为他们所有的 .htaccess 配置都可以工作等等——当他们安装 Drupal 或 WordPress 或其他任何东西时,您会遇到其他任何支持问题(如果我们谈论的是内部用户,那么问题就少得多)。
就我个人而言,我建议保持简单的启动方式,并使用 CGI + suexec 以获得最佳的安全性和可扩展性。 如果您的用户想要 FCGI 或 mod_php,并且您有一个良好的渠道可供建议/与他们沟通,他们会提出要求,但这些对您来说都是一个更头痛的问题,而对他们来说只有边际性能改进,所以我的建议就是一开始就不做其中任何一个,但如果他们大声要求的话,就会做出回应。
我确实同情做一些“有趣”的事情,比如 Lighttpd + FCGI,而不是标准的 Apache + CGI + suexec,但我内心深处真的不能推荐它。
如果您运行多个服务器,您最终可能会在某些服务器上放置 CGI,而在其他服务器上为高级用户放置其他服务器。 并且一定要使用 cron grep 所有 www 目录来查找旧版 phpBB 之类的内容!
Personally, while Lighttpd is OK, I would go with Nginx + FastCGI if you end up going with a lightweight webserver + FastCGI solution. I've run benchmarks and read all the code, and Nginx is an order of magnitude faster/more stable under load -- it's very good.
But, that's not what you asked. Essentially, I would say there's a spectrum of security/scaleability vs. speed tradeoffs in the three options you list, and you just need to decide where you want to be. If you're a shared hosting provider with untrusted users installing god-knows-what PHP apps you'll lean more toward security, if this is shared amongst more trusted users you might lean toward performance. Here are my thoughts:
CGI + suexec: This is by far the most secure, and most efficient/scaleable for you in terms of numbers of users/sites in a shared hosting environment. Processes are spawned and memory used only as requests come in. Of course, the CGI-spawning makes this the slowest for execution time of individual scripts. How much slower? Well you would have to benchmark, but generally if people are running long-running apps (i.e. something like WordPress which takes 0.25-0.5 seconds just to load its libs and initialize on each request), then the CGI-spawning penalty starts to look pretty negligible in context.
FastCGI: The issue here (and it doesn't matter if your webserver is Apache, Lighttpd or Nginx) is figuring out how many FCGI child processes you let each user leave running, because each process eats memory equal to the size of the PHP interpreter (in Linux not all of it is wired of course, but I digress). And, unlike mod_php, these processes aren't shared among users so you have to limit per user. For instance, Dreamhost caps this at 3 for their customers -- now, for a customer running a website that gets bursts of more than 2-5 page views a second, that's actually pretty bad because those requests just stack up and the site hangs. Now, I like FastCGI with a lightweight webserver when I'm running apps on a dedicated server/cluster, when I can give the app hundreds of FCGI children (all with webserver privs of course, à la Apache/prefork + mod_php). But, I don't think it makes sense for shared hosting where you have to allocate/cap the FCGI children per user.
Apache + mod_php: Least secure since everything running with webserver privs, but your pool of live PHP processes is shared so it's best on the performance end. From a developer perspective, I can't tolerate php_safe mode, and from a sysadmin perspective it's really only an illusion of security (it mitigates against stupid users but doesn't protect from an actual attack) so I would actually rather have CGI if my other option has to include safe_mode.
Dreamhost does sort of a hybrid, they do Apache CGI + suexec by default, but let the (small) percentage of their more users who are sophisticated elect to do FCGI if they want to, subject to a cap and their own monitoring of memory usage. That saves a ton of memory resources versus enabling FCGI for everyone by default.
Another issue if you're talking about standard commercial shared hosting is, Apache is full-featured, has modules for just about anything (including stuff like mod_security you might want), and your users will like it because all their .htaccess configs will work etc. -- you will run into support headaches with anything else when they go to install Drupal or WordPress or whatever (a lot less of an issue if we're talking internal users).
Personally I would recommend just keeping it simple to start and going with CGI + suexec for best security and scaleability. If your users want FCGI or mod_php and you have a good channel open for suggestions/communication with them, they'll ask for it, but either of these are a much bigger headache for you with only marginal performance improvements for them, so my suggestion would be to not do either of them initially but be responsive if they clamor for it.
I do sympathize with the desire to do something "interesting" like Lighttpd + FCGI instead of the standard Apache + CGI + suexec, but I deep down I really can't recommend it.
If you're running multiple servers, you could end up putting CGI on some and something else for the power users on the others. And be sure to have cron grep all the www dirs for things like old-ass versions of phpBB!
我推荐 Suhosin
I recommend Suhosin
关于 PHP + FastCGI 和安全性,请查看 这篇博文。
With regard to PHP + FastCGI and security, check this blog post.
我已经使用 InterWorx 大约一年了,给我留下了深刻的印象。 它维护一个 LAMP 服务器,并为您的脚本进行 chroot 以确保安全。
我也使用过 Ensim,但没有发现它那么友好、快速,而且它没有许多功能。 而且它的成本要高得多。
I have been using InterWorx for about a year now and have been very impressed. It maintains a LAMP server with chroots your scripts for security.
I have also used Ensim, but haven't found it as friendly, fast and it doesn't have as many features. Plus it costs a lot more.