Tag Archives: web server

Thread Safety in php

Thread safety is a computer programming concept applicable in the context of multi-threaded programs. A piece of code is thread-safe if it only manipulates shared data structures in a manner that guarantees safe execution by multiple threads at the same time.

There have been a few options available for a while to get PHP performing well on linux or IIS.
One solution is to configure web service to use PHP in FastCGI mode which allows PHP processes to be recycled rather than killed off after each PHP request and also allows you to run several PHP processes at once, making PHP much much faster with the added bonus that as it is using the CGI interface there is little or no incompatibility issues with PHP extensions.

The utilization of non thread safe binaries does not allow to use FastCGI mode!

On debian/ubuntu
Thread Safety enable.
# aptitude install apache2-mpm-worker libapache2-mod-fcgid php5-cgi && a2enmod fcgid && /etc/init.d/apache2 restartThread Safety disable.
# aptitude install apache2-mpm-prefork libapache2-mod-php5 && a2dismod fcgid && /etc/init.d/apache2 restart

If your non thread safe binaries software not works, it was because installing apache2-dev package on my system automatically installs apache2-thread-dev whose apxs2 tells the PHP build system to build with thread-safety on. Therefore, the solution was to directly install apache2-prefork-dev package.

Reference: Wikipedia, Tnread Safety dis/able, Install/Purge package

open_basedir restriction in effect

PHP open_basedir protection tweak is a Safe Mode security measure that prevents users from opening files or scripts located outside of their home directory with PHP, unless the folder has specifically excluded. PHP open_basedir setting if enabled, will ensure that all file operations to be limited to files under certain directory, and thus prevent php scripts for a particular user from accessing files in unauthorized user’s account. When a script tries to open a file with, for example, fopen() or gzopen(), the location of the file is checked. When the file is outside the specified or permissible directory-tree, PHP will refuse to open it and the following errors may occur:
Warning: file_exists() [function.file-exists]: open_basedir restriction in effect. File ...
The above error message appears on a Apache httpd web server error log (error_log). However, the problem may happen to all system or websites that use PHP as scripting language.
The solution or workaround to open_basedir restriction problem is that disable the PHP open_basedir protection altogether, or to exclude the protection for certain privileged user accounts, or to allow access to the additional directory for PHP scripts.

If you’re using cPanel WebHost Manager (WHM), you can easily disable PHP open_basedir protection or exclude certain users from the protection with WHM. Simply go to “Tweak Security” under the “Security” section, then select “Configure” link for “Php open_basedir Tweak”. Inside it, you can enable or disable php open_basedir Protection, or exclude and include hosts from the protection.

If you’re using Plesk hosting control panel, you may need to manually edit Apache configuration file of vhost.conf and vhost_ssl.conf, and add in or edit the following php_admin_value open_basedir lines to the following:

php_admin_value open_basedir none

php_admin_value open_basedir /full/path/to/dir:/full/path/to/directory/httpdocs:/tmp

Note: For SSL hosts in the vhost_ssl.conf file, the Directory path will end with “httpsdocs” instead of “httpdocs”.

The paths (above is example only and to be replaced with real path) that behind open_basedir are the directories that specifically allowed for the PHP scripts in the vhost domain account to access, so you can add in more directories that files are been stored and needed to be opened by PHP, each seperated by color “:”. But be careful as it might expose your system to security fraud.

Once done, restart Apache httpd web server (apache2ctl restart or httpd restart). If you have to manually edit the Apache configuration file to disable PHP open_basedir protection, simply open up the httpd.conf file, and search for the lines that starts with the following characters:
php_admin_value open_basedir …..
Replace the whole line under the virtual host for the domain user account that you want to disable protection with the following line to disable it:
php_admin_value open_basedir none
You can also opt to allow your PHP scripts to access additional directory instead without disabling the protection. Additional directory can be added to the line, separated with color “:”. For example, to add /new_directory to the allow list:
php_admin_value open_basedir “/home/user_account/:/usr/lib/php:/usr/local/lib/php:/tmp”
php_admin_value open_basedir “/home/user_account/:/usr/lib/php:/usr/local/lib/php:/tmp:/new_directory”

Restart the Apache after finished editing. Note that the directory allowed list restriction above is actually a prefix, not a directory name. This means that “open_basedir = /dir/incl” also allows access to “/dir/include” and “/dir/incls” if they exist. When you want to restrict access to only the specified directory, end with a slash. For example: “open_basedir = /dir/incl/”.

Reference: mydigitallife.info

lighthttpd h264 streaming module installation on CentOS

wget http://packages.sw.be/lighttpd/lighttpd-1.4.28-1.el5.rf.i386.rpm
wget http://packages.sw.be/lighttpd/lighttpd-fastcgi-1.4.28-1.el5.rf.i386.rpm
wget http://ftp.heanet.ie/mirrors/pld-linux/dists/2.0/updates/general/i386/lighttpd-mod_h264_streaming-1.4.28-1.i386.rpm
rpm -ivh lighttpd-1.4.28-1.el5.rf.i386.rpm
rpm -ivh lighttpd-fastcgi-1.4.28-1.el5.rf.i386.rpm
rpm -ivh --nodeps lighttpd-mod_h264_streaming-1.4.28-1.i386.rpm

Edit file /etc/lighttpd/lighttpd.conf and modify server.use-ipv6 value in disable. I f you could dedicate one IP, uncomment server.bind and change localhost with IP dedicated.
Edit file /etc/lighttpd/modules.conf and:

  • comment all modules in server.modules
  • in server.modules, add line:
  • below server.modules, add lines:
    h264-streaming.extensions = ( ".mp4", ".f4v" )
    h264-streaming.buffer-seconds = 10

Start your new web server:
service lighthttpd start
Add web server in runlevel:
chkconfig --add lighttpd
For testing purposes we recommend a tool like wget, or curl):

  • upload one f4v video to the document root of your website:
    wget sample.f4v
    cp sample.f4v /srv/www/lighttpd/
  • download the full file:
    wget -O test.f4v "http://localhost/sample.f4v"
  • download file with specify start time:
    wget -O test.f4v "http://localhost/sample.f4v?start=45.5"
    This saves a file (test.f4v) on your local disk that will have the first 45.5 seconds removed from the original (sample.f4v) video

You can use your favorite player to see if worked okay.

Reference: installation and testing


lighttpd – a fast, secure and flexible web server
lighttpd [-ptDvVh] -f configfile [-m moduledir]


service lighthttpd start
service lighthttpd stop
/etc/init.d/lighthttpd start
/etc/init.d/lighthttpd stop

MaxClients directive

The MaxClients directive sets the limit on the number of simultaneous requests that will be served. Any connection attempts over the MaxClients limit will normally be queued, up to a number based on the ListenBacklog directive. Once a child process is freed at the end of a different request, the connection will then be serviced.

For non-threaded servers (i.e., prefork), MaxClients translates into the maximum number of child processes that will be launched to serve requests. The default value is 256; to increase it, you must also raise ServerLimit.

For threaded and hybrid servers (e.g. beos or worker) MaxClients restricts the total number of threads that will be available to serve clients. The default value for beos is 50. For hybrid MPMs the default value is 16 (ServerLimit) multiplied by the value of 25 (ThreadsPerChild). Therefore, to increase MaxClients to a value that requires more than 16 processes, you must also raise ServerLimit.

  • Set it on CentOS server:
    • digit this command line to test how modules are activated:
      httpd -l

    • edit /etc/httpd/conf/httpd.conf and add/modify ServerLimit directive on active module
    • ServerLimit 20000

    • apachectl -t
    • apachectl graceful
    • edit /etc/httpd/conf/httpd.conf and modify MaxClients directive on active module
    • MaxClients 20000

    • apachectl -t
    • apachectl graceful
  • Set it on Debian server:
    • digit this command line to test how modules are activated:
      apache2 -l

    • edit /etc/apache2/apache2.conf and add/modify ServerLimit directive on active module
    • ServerLimit 20000

    • apachectl -t
    • apachectl graceful
    • edit /etc/apache2/apache2.conf and modify MaxClients directive on active module
    • MaxClients 20000

    • apachectl -t
    • apachectl graceful

Reference: apache2