Apache & Nginx. Tied by one chain (part 2)
Shared hosting (Shared hosting) assumes that multiple customer accounts are hosted on one server. As a rule, one client’s account contains several websites. Websites work both on ready-made CMS (for example, Bitrix) and on custom ones. Thus, the technical requirements for all systems are different, therefore, it is necessary to manage several PHP versions within one server.
We use Nginx as the main web server: it accepts all connections from the outside and serves static content. We proxy the rest of the requests further to the Apache web server. This is where the magic begins: for each PHP version, a separate Apache instance is started, listening on a specific port. This port is registered in the virtual host of the client site.
You can read about the work of the Shared schema in more detail in the first part of the article.
Shared schema
It is important to note that we put PHP packages under different versions, because usually all distributions have only one PHP version.
Safety first!
One of the main tasks of shared hosting is to ensure the security of customer data. Different accounts, being on the same server, are independent and independent. How it works?
Site files are stored in the home directories of the users themselves, and the necessary paths are specified in the virtual host of the web servers. In doing so, it is important that the web servers, Nginx and Apache, have access to the final files of a particular client, since the web server is launched from only one user.
For Nginx, a security patch developed by the Timeweb team is used: this patch changes the user to the one specified in the web server configuration file.
Other hosting providers can solve this problem, for example, through manipulation with extended file system rights (ACL).
Apache uses the multiprocessing module mpm-itk… It allows each VirtualHost to run with its own user ID and group ID.
Thus, thanks to the operations described above, we get a secure isolated environment for each client. At the same time, we also solve the problems of scaling for Shared hosting.
You can read how the Apache and Nginx bindings are implemented in the first part of our article. In addition, an alternative configuration through the Dedicated scheme is also described there.
If you still have questions for our experts, write in the comments. We will try to answer everything or describe the solution to the problem in more detail in the following articles.