WordPress with apache in fastcgi


WordPress is the content management system most used for creating web sites. It’s a php web application based with MySql database hosted under apache or nginx.

The web site is stored in the mysql database; the images and other files like java scripts are stored in the file system. The php is the logical part that returns the right web page in function of uri requested.

In this article I will show how configure wordpress under apache 2.4 for the best perfomance possible with Centos 7.2 as SO.

Apache WordPress Configuration

Apache 2.4 for managing the http requests provides three type of workers:

  1. mpm_prefork_module: This Multi-Processing Module (MPM) implements a non-threaded, pre-forking web server. This is the defauld configuration. For any request one http process is created.
  2. mpm_worker_module: This Multi-Processing Module (MPM) implements a hybrid multi-process multi-threaded server. This approach is most performance than the first.
  3. event_worker_module: The event Multi-Processing Module (MPM) is designed to allow more requests to be served simultaneously by passing off some processing work to the listeners threads, freeing up the worker threads to serve new requests. This is the best performance approach available with 2.4 apache version.

The default configuration with 2.4 apache is the prefork worker. For best performance the event worker is suggested: for changing the configuration modify the following file:

[root@kali conf.modules.d]# cd /etc/httpd/conf.modules.d
[root@kali conf.modules.d]# vi 00-mpm.conf 
# one of the following LoadModule lines:
#LoadModule mpm_prefork_module modules/mod_mpm_prefork.so
#LoadModule mpm_worker_module modules/mod_mpm_worker.so
LoadModule mpm_event_module modules/mod_mpm_event.so

After restarting apache, it’s possible to check the new module inside it:

root@kali conf.modules.d]#systemctl restart httpd
[root@kali conf.modules.d]# httpd -M|grep event
mpm_event_module (shared)

The configuration parameters for this module are:

ThreadsPerChild = 25 (Number of maximum thread for process)
ServerLimit = 16 (Number of maximum apache processes)

Above they are the default values: in this way the maximum number of parallel connections are 25*16=400. Don’t forget to high the maximum number of open files for apache user:

[root@kali ~]# vi /etc/security/limits.conf
* hard nofile 16384
* soft nofile 16384
[apache@kali ~]$ ulimit -a |grep open
open files                      (-n) 16384

With this worker, the php module inside apache, as generally is used, it not suggested (http://php.net/manual/en/faq.installation.php#faq.installation.apache2): the only possibility is to use apache with fast-cgi configuration.

In this configuration the apache works as proxy for all php page versus a php-fpm daemon that parses every php page. Following how to install and configure php-fpm daemon:

[apache@kali ~]# yum install php-fpm
[apache@kali ~]# yum install php-mysql
[apache@kali ~]# vi /etc/php-fpm.d/www.conf
; Unix user/group of processes
; Note: The user is mandatory. If the group is not set, the default user’s group
; will be used.
; RPM: apache Choosed to be able to access some dir as httpd
user = apache
; RPM: Keep a group allowed to write in log dir.
group = apache
[apache@kali ~]#systemctl start php-fpm

Now the configuration for the wordpress virtual host:

[root@nikto conf.d]# pwd
[root@nikto conf.d]# vi nikto.sysandnetsecurity.conf
<VirtualHost *:80>
DocumentRoot “/var/www/html/nikto.sysandnetsecurity.com”
ServerName nikto.sysandnetsecurity.com
ProxyPassMatch ^/(.*\.php(/.*)?)$ fcgi://$1.
DirectoryIndex index.php
<Directory /var/www/html/nikto.sysandnetsecurity.com>
Options -Indexes
AllowOverride File
Allow all

The ProxyPassMatch proxies all php request to php-fpm daemon. Inside the Document Root of WordPress don’t forget to put the following htaccess.

[root@nikto nikto.sysandnetsecurity.com]# pwd
[root@nikto nikto.sysandnetsecurity.com]#vi .htaccess
<IfModule mod_rewrite.c>
RewriteEngine On
RewriteBase /
RewriteRule ^index\.php$ – [L]
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteRule . /index.php [L]

This htaccess contains the main logic of wordpress: if the uri requested doesn’t exit as directory or file, then rewrite it to index.php. The request is then intercepted by the ProxyPass directive and proxied to to php-fpm daemon that connecting to mysql database provides the right web page.

Another important directive is “DirectoryIndex index.php“: if the directory exits (wp-admin,wp-include, etc), the request is managed by index.php inside it. Without this directive the admin web page would not work.

With this approach, there is some issue with htaccess because the php-fpm doesn’t support it. If the uri requested ends with *.php, the ProxyPassMatch directive routes it immediately to php-fpm without checking any htaccess.

I hope that I helped you to configure wordpress with apache fast-cgi.

In another article I will explain how to configure wordpress in security.

Don’t hesitate to contact me for any questions.