Looking for more information on how to do PHP the right way? Check out PHP: The Right Way

Symfony Finland:
Serving PHP on HTTP/2 with H2O and HHVM (Symfony, WordPress, Drupal...)
Jun 23, 2015 @ 11:48:27

On the Symfony Finland blog there's a new post showing you how to serve PHP over HTTP/2 with HHVM and H2O. H2O describes itself as a "new generation HTTP server providing quicker response to users when compared to older generation of web servers".

This article is not about improvements made in HTTP/2 - as there are plenty of locations for you to read up on the internals. It's a hands on article to get started using HTTP/2 today with popular tools such as Symfony, WordPress and Drupal with the HHVM PHP runtime from Facebook. You can just as well use PHP-FPM.

They start with a bit of a look at the current state of PHP and HTTP/2 on the various major web server types. H2O, while younger, natively supports HTTP/2, he does offer the caveat that "waiting won't kill you". Despite this, they go on to show you how to set up the PHP+H2O+HHVM combination complete with configuration examples and what to look for in the logs to ensure HTTP/2 functionality.

tagged: serve http2 h2o hhvm tutorial webserver configuration

Link: https://www.symfony.fi/entry/serving-php-on-http-2-with-h2o-and-hhvm-symfony-wordpress-drupal

ClanCats Station:
Writing a webserver in pure PHP - Tutorial
Mar 26, 2015 @ 11:27:42

On the Clancats.com blog there's a recent post showing how to create a web server in pure PHP, an interesting experiment but definitely not recommended for any kind of higher load situation.

Well, this is pretty useless, but it is possible. But again its pretty.. uesless. This tutorial will hopefully help you to better understand how a simple webserver could work and that it's no problem writing one in PHP. But again using this in production would be trying to eat a soup with a fork. So just, .... just don't. Let me shortly explain why this is not a that good idea.

PHP is a scripting language that simply is not really designed for such tasks. A webserver is a long running process which PHP is not made for. Also PHP does not natively support threading ( pthreads ), which will make developing a good performing webserver a really hard task.

He walks you through all the code needed to create the web server (also available on GitHub) by making:

  • A "server" that does the listening for incoming and sends outgoing requests
  • A request object that parses the incoming request and makes header and body content available
  • A response object that allows for the setting of response codes, body content and headers
  • Exception handling for problems encountered during the request/response process

The full code is provided during the process along with explanations of what each part does. There's also a basic introduction to what a typical web server is and how the process of request/response usually flows.

tagged: webserver tutorial version request response server

Link: http://station.clancats.com/writing-a-webserver-in-pure-php

Get a Handle on PHP Handlers
Mar 25, 2015 @ 10:25:47

On DZone.com today there's a post covering the different kinds of handlers that can execute PHP - those pieces of code that work with the web servers we use every day to interpret and execute PHP code.

PHP Handlers? mod_php? FPM? How do we make sense of the inner workings of PHP outside of our lines of code? We know we can run PHP on the server to build web applications swiftly, but how can we optimize our environment and configurations to reach maximum scale? We know that PHP has its drawbacks for not being asynchronous or event-driven, which is all the more reason to ensure maximum optimization. The impact of your server environment on your PHP application performance can be more than you think you can afford. A careful examination of your PHP ecosystem will help you avoid suffering performance loss in areas you can otherwise solve for easily.

They provide a brief summary of what PHP handers, well, handle and where they fit in the overall architecture of execution. They then get into the details on some of them:

  • CGI – mod_cgi
  • suPHP – mod_suphp
  • DSO – mod_php
  • FastCGI – mod_fcgid
  • FPM (FastCGI Process Manager) – php-fpm

Included in each is an overview of how it works and some of the main advantages (and disadvantages) of their use. He also mentions two of the most popular web servers that work with these handlers: Apache and Nginx.

tagged: handlers webserver execute modcgi modphp modsuphp modfcgi phpfpm

Link: http://php.dzone.com/articles/get-handle-php-handlers

Mattias Geniar:
The PHP circle: from Apache to Nginx and back
Nov 20, 2014 @ 10:26:28

In this new post to his site Mattias Geniar goes in circles...from Apache to Nginx and back in terms of how it relates to PHP.

As with many technologies, the PHP community too evolves. And over the last 6 or 7 years, a rather remarkable circle has been made by a lot of systems administrators and PHP developers in that regard.

He talks about the "early days" and the rise of Apache as the "A" in the LAMP stack. Then Nginx was created/released and PHP developers saw it as a viable option. He talks about how PHP worked with this server and the solutions that were found to "hack" them together. There were issues around the relationship, though, and - in the author's perspective - the circle has come back around to Apache, just with a bit more smarts about how it's configured.

tagged: circle apache webserver nginx opinion configuration phpfpm

Link: http://ma.ttias.be/php-circle-apache-nginx-back/

Pascal Martin:
PHP Version Statistics - October 2014
Oct 28, 2014 @ 11:23:13

Pascal Martin's latest post (in French, but the English version is coming soon) shares some statistics he's gathered around the usage of various software around the web, more specifically those involved in web-based applications.

I've collected statistics about the use of different PHP versions several times. The first time was in September 2011 and the most recent was in November 2013. At this point, PHP 5.2 still accounted for 34.4% of all PHP installations with PHP 5.3 moving up to 48.7%. This new data was collected the weekend of October 19th, 2014. At this point, the current stable versions of PHP are 5.4.34, 5.5.18 and 5.6.2. PHP 5.3 is no longer maintained (since August 14th 2014) and PHP 5.2 hasn't been supported for 4 years now.

He's broken up the statistics into a few different sections:

  • Web server software
  • Usage of major versions of PHP
  • Usage of minor versions of PHP
  • Versions in use under each of the major version numbers

He includes both the raw numbers (percentages) and some graphs showing the results in a bit more consumable fashion. It's interesting to see that, despite it being quite an old version now, PHP 5.3.x still has the largest share in the usage results.

UPDATE: He's posted the English version now as well.

tagged: usage statistics oct2014 version major minor webserver

Link: http://blog.pascal-martin.fr/post/statistiques-versions-php-2014-10

SitePoint PHP Blog:
Asset Access Restriction Methods – Block Unwanted Visitors
Sep 05, 2014 @ 10:11:45

In a new tutorial from the SitePoint PHP blog today Jeroen Meeus looks at a way to protect parts of your application from being used and abused. He shows you how to protect various parts of you site, including images and actual pages, with the help of either your web server or bits of code.

When building an awesome web app or website, we sometimes want people to be able to embed parts of our web app/website into their own. That could be an iframe holding a ‘like’ button, a simple image that they want to reuse or even our entire app embedded in an iframe. But how do we control who has access, who is allowed to use up our bandwidth and query our service? We define the problem as controlling access to assets. By assets we mean: anything that can be queried from our site.

He talks about the problem of "lifting" content and how to fall back to a "deny all, allow some" mentality. He starts with examples of Apache configurations that use mod_rewrite to only allow requests that come from the current domain (trusted) and the "files" directive coupled with Deny/Allow. He also includes an nginx example, showing the same request handling. The code examples show how to use PHP and Javascript to prevent access the same way.

tagged: asset protection method webserver configuration code tutorial

Link: http://www.sitepoint.com/asset-access-restriction-methods-block-unwanted-visitors/

Master Zend Framework:
Running the ZF2Skeleton with PHP’s Built-in Webserver
Apr 24, 2014 @ 09:25:07

The Master Zend Framework site has posted the first in their screencast series with a look at running the ZF2Skeleton with PHP’s built-in webserver.

In this screencast we’ll go through the creating an application from the ZF2Skeleton project on Github and getting it up and running, using PHP’s built-in web server. [It requires] PHP 5.4 or higher and Curl.

The screencast, coming in just over 3 minutes, briefly introduces you to the ZF2Skeleton project and shows you how to run it as a single process though PHP's own web server (useful for debugging). As a part of the installation, he also helps you get Composer installed as that's what Zend Framework 2 uses to install its packages correctly.

tagged: screencast tutorial webserver builtin zf2skeleton

Link: http://www.masterzendframework.com/casts/001

OpenSSL Serious Security Bug: Does it Affect Your PHP sites?
Apr 10, 2014 @ 11:55:37

In the wake of the announcement of the Heartbleed vulnerability in the widely used OpenSSL software, the PHPClasses blog has posted a look at how it relates to PHP applications and how you can see if your application is effected.

Just a few days ago it was publicly announced a serious security bug called Heartbleed that affects secure sites based on the OpenSSL library. Read this article to learn more about this security problem, how to test if your Web server or SSH server is vulnerable, how it may affect your PHP sites, what you should do to fix the problem.

They start with a look at the bug, what it is and why it's such a big problem. It talks about what kinds of applications are vulnerable (hint: it has nothing to do with the PHP) and how you can test to see if your server is secure. The rest of the post talks about how to resolve the issue and how it relates to OpenSSL connections to other servers and SSH.

tagged: openssl bug heartbleed security effect webserver

Link: http://www.phpclasses.org/blog/post/231-OpenSSL-Serious-Security-Bug-Does-it-Affect-Your-PHP-sites.html

Create The Perfect PHP Development Environment In Android
Mar 05, 2014 @ 10:39:17

On the MakeUseOf site there's a recent post showing how you can create the "perfect PHP development environment" on your Android-based device. Obviously, it's much more useful on a tablet, but in theory it could be used on a smartphone.

It turns out you can actually code on Android productively. For the longest time, it has been accepted that whilst computers are for productivity and creativity, Tablets exist purely to allow the passive consumption of content. I believed that as well. I’m a software developer by trade, and I use a 13" Macbook Pro to write all my code. I wouldn’t have it any other way. OS X comes with everything I need to be productive as a developer, and I’ve built my workflow around that. Android on the other hand? I’ve never really thought about writing code on Android. [...] But then I bought a decent Bluetooth keyboard, and everything changed. I’ve now built a PHP development environment around my 2012 Nexus 7 tablet, and I love it.

He breaks it down and shows some of the tools he uses for his development including the use of VIM Touch for editing and the Palapa Web Server for local hosting of his applications. Screenshots of the setup and configuration are also included.

tagged: development environment android vimtouch palapa webserver

Link: http://www.makeuseof.com/tag/create-perfect-php-development-environment-android/

Inviqa techPortal:
Speedy Sites: Nginx and PHP
Feb 21, 2014 @ 11:55:17

On the Inviqa techPortal site today they have a new post from Barney Hanlon in his "Speedy Sites" series. This time he looks at using nginx to speed up your PHP applications.

In the previous article in this series, we looked at using Apache with mod_pagespeed to perform on-the-fly enhancements to decrease page load times. Getting an optimised page is only half the battle however; we need to ensure that our backend is doing as little work as possible in order to be highly scalable. In this article, we look at how we can achieve this while improving performance – all with nginx.

He starts with an introduction to nginx for those not familiar with this alternative web server and how it integrates with PHP. He walks you through the installations and configuration of a basic setup and running some benchmarks with siege. Finally, he shows how to enable PHP support on the install via the "php5-fpm" package (FastCGI).

tagged: speed webserver nginx fastcgi fpm install configure tutorial

Link: http://techportal.inviqa.com/2014/02/20/speedy-sites-nginx-and-php/