PHP: What are the advantages of FastCGI over mod_php?

It was recently suggested to me that I use FastCGI with PHP. Now I went to the FastCGI page and read it but I don't really understand what the advantages are.


Solution 1:

Using mod_php each Apache worker has the entire PHP interpreter loaded into it. Because Apache needs one worker process per incoming request, you can quickly end up with hundreds of Apache workers in use, each with their own PHP interpreter loaded, consuming huge amounts of memory.

(Note, this isn't exactly true, Apache's worker_mpm allows you to serve many requests with a single threaded Apache worker. However, even in 2009, this is not the recommended way to deploy PHP because of suspected threading issues with the PHP extensions.)

By using PHP in fast_cgi mode (using something like spawn-fcgi from the lighttpd package) has the following benefits

  • tune the number of PHP workers separately from the number of incoming connections
  • allow you to put you PHP workers on a different server, or scale across many servers without changing you web tier
  • gives you flexibility to choose a different web server, like nginx, or lighttpd
  • allow you to run your PHP application in a different security domain on your web server

Solution 2:

FastCGI means that the php bits aren't running in the same process as the apache bits, unlike with mod_php. This separation can have some definite advantages when it comes to restarting the server or dealing with runaway applications - in the mod_php case that means that it's the apache process that's "runaway", but under fastcgi it's just a process that apache is talking to, so the entire server doesn't have to be taken down.

Solution 3:

Another advantage not yet mentioned is the fact that with mod_fcgid (which is a newer implementation for using FastCGI on Apache) and suexec you can realize setups where different vhosts use different Linux users for execution, which can be a real security benefit in a shared hosting szenario.

With mod_php, all vhosts share the same user, which is Apache's user. This can lead to security issues.