Yes, FPM is the way to go here. In fact, it is also now preferred over mod_php even if you don’t separate nodes. In that scenario, one of the main advantages is that you can have several PHP versions simultaneously.

 
If you put PHP on a separate server from Apache, you have a few different options for the content.

 
The easiest is to share the document root via NFS. Check with your Infosec team on that – they may not like such a configuration. You can even put the NFS share on a third server, and have both Apache and FPM mount the volume as read-only.

 
A second option is to have two completely independent document roots that just have the same content. You could use rsync to keep them in sync, or you could use git or some other deployment solution.

 
A third option might be to design the application from the ground up to be deployed on separate nodes – in that case, you would only put HTML and other static content on the Apache server, and only PHP and other essentials on the FPM server. But if the application isn’t designed that way, this is extremely brittle – for instance, what if some JPEG assets are served from HTML, and others are served by PHP?

 
But, yes, FPM is the solution to separating Apache and PHP. It was created for exactly that purpose, and in my experience it works very well.

 
Sent from Mail for Windows 10

 
From: Arun Khan <mailto:***@gmail.com>
Sent: Thursday, July 26, 2018 1:50 PM
To: KPLUG SD <mailto:kplug-***@kernel-panic.org>
Subject: Is decoupling Apache + PHP into separate nodes possible?

 


<preamble>
I have deployed Linux/Apache/PHP (node1) + MySQL (node2) with Security
Groups (AWS) or iptables controlling who can connect to the MySQL
server.   In topology terms -- a 2 Tier architecture.  In AWS - one
can deploy several such instances behind a ELB.  Each LAP instance
talks to a MySQL RDS.  The LAP instances are either mod_php or
PHP-FPM.  OS -- CentOS, Ubuntu. Debian
</preamble>

For one of my client's end user customer, their InfoSec team is asking
if Apache and the PHP application can run in separate nodes (3 Tier
arch).

To the best of my knowledge Apache + PHP (mod_php) have to be in the same node.

With PHP-FPM it is conceivable to have Apache talk to PHP-FPM running
on a separate node (see diagram https://goo.gl/xTfbjg).
But I have not done it myself and I am not sure if it is feasible.

If it is feasible then what's the best practice to  distribute the
*.html *.css and *.php files between the Apache + the PHP-FPM nodes
and how to achieve load balance between Apache and PHP-FPM nodes.  I
have searched but not found any reference setups.

Would appreciate suggestions / references from anyone who has done a 3
Tier Apache + PHP + MySQL deployment in production.

Thanks in advance.
--
Arun Khan
"Everyone has an expiration date"


--
KPLUG-***@kernel-panic.org
http://www.kernel-panic.org/cgi-bin/mailman/listinfo/kplug-list