Apache & Nginx. Tied by one chain (part 2)

Last week, in the first part of this article, we described how the Apache and Nginx bundle is built in Timeweb. We are very grateful to the readers for their questions and active discussion! Today we will tell you how the availability of several PHP versions on one server is realized and why we guarantee the security of data to our clients.

Shared hosting (Shared hosting) assumes that multiple customer accounts are hosted on one server. As a rule, one client’s account contains several websites. Websites work both on ready-made CMS (for example, Bitrix) and on custom ones. Thus, the technical requirements for all systems are different, therefore, it is necessary to manage several PHP versions within one server.

We use Nginx as the main web server: it accepts all connections from the outside and serves static content. We proxy the rest of the requests further to the Apache web server. This is where the magic begins: for each PHP version, a separate Apache instance is started, listening on a specific port. This port is registered in the virtual host of the client site.

You can read about the work of the Shared schema in more detail in the first part of the article.


Shared schema

It is important to note that we put PHP packages under different versions, because usually all distributions have only one PHP version.

Safety first!

One of the main tasks of shared hosting is to ensure the security of customer data. Different accounts, being on the same server, are independent and independent. How it works?

Site files are stored in the home directories of the users themselves, and the necessary paths are specified in the virtual host of the web servers. In doing so, it is important that the web servers, Nginx and Apache, have access to the final files of a particular client, since the web server is launched from only one user.

For Nginx, a security patch developed by the Timeweb team is used: this patch changes the user to the one specified in the web server configuration file.

Other hosting providers can solve this problem, for example, through manipulation with extended file system rights (ACL).

Apache uses the multiprocessing module mpm-itk… It allows each VirtualHost to run with its own user ID and group ID.

Thus, thanks to the operations described above, we get a secure isolated environment for each client. At the same time, we also solve the problems of scaling for Shared hosting.

You can read how the Apache and Nginx bindings are implemented in the first part of our article. In addition, an alternative configuration through the Dedicated scheme is also described there.

If you still have questions for our experts, write in the comments. We will try to answer everything or describe the solution to the problem in more detail in the following articles.

Similar Posts

Leave a Reply

Your email address will not be published. Required fields are marked *