[#MBH-245] Consider apache + mod_php or nginx + php-fpm instead of apache + php-cgi for forums (and wiki, etc., once upgraded). - MusicBrainz JIRA

MusicBrainz Hosting

Consider apache + mod_php or nginx + php-fpm instead of apache + php-cgi for forums (and wiki, etc., once upgraded).

Created: 07/Jun/12 06:27 AM Updated: 10/Jun/12 11:04 PM

Component/s:

None

Affects Version/s:

None

Fix Version/s:

None

Description

« Hide

php-cgi is an old and usually quite unencouraged way to deploy PHP; the vulnerability that we think took down the forums (and which the wiki was susceptible to) only applied to it, for example.

The standard way, with Apache, is to use mod_php, though there may be a reason we aren't (I've heard of concerns about running e.g. {some jpg image which exploits a PHP flaw}.php.jpg accidentally as PHP by this route). A more modern way, which certainly alleviates the concerns I mention (and to boot, it's what I use for my own PHP deployments), is to use nginx with fcgi backed by php-fpm.

We may not want to change existing things, but as we update we may want to migrate slowly to a more modern PHP deployment scheme.

Sort Order:

[ Permalink | « Hide ]

Dave Evans added a comment - 07/Jun/12 06:39 AM

Forums seems like an ideal place to start. It's on its own server now, and has only recently been installed (hence, whoever did that presumably has some memory of how it was done). Plus maybe we can use Xen goodness for backups, cloning etc.

[ Permalink | « Hide ]

Ian McEwen added a comment - 10/Jun/12 11:04 PM

The wiki rebuild (~~MBH-201~~) is using nginx + php-fpm (available on ubuntu precise, at least), and can serve as an example of how to implement this.