Last week at In this article, we have described how Apache and Nginx are built in Timeweb. We are very grateful to the readers for their questions and active discussion! Today we tell you how the availability of several PHP versions on one server is implemented and why we guarantee data security for our customers.
Shared hosting (Shared hosting) assumes that many customer accounts are hosted on one server. On the account of one client, as a rule, there are several sites. Sites work both on ready-made CMS (for example, Bitrix) and on custom ones. Thus, the technical requirements of all systems are different, so several versions of PHP must be managed within the same server.
We use Nginx as the main web server: it accepts all connections from the outside and serves static content. We proxy the rest of the requests further to the Apache web server. This is where the magic begins: for each version of PHP, a separate instance of Apache is running, listening on a specific port. This port is assigned to the virtual host of the client site.
You can read more about how the Shared schema works in .
Shared schema
It is important to note that we install PHP packages under different versions, because usually there is only one version of PHP in all distributions.
Safety first!
One of the main tasks of virtual hosting is to ensure the security of client data. Different accounts, being on the same server, are independent and independent. How it works?
Site files are stored in the home directories of the users themselves, and the necessary paths are specified in the virtual host of the web servers. At the same time, it is important that the web servers, Nginx and Apache, get access to the final files of a specific client, since the web server is started by only one user.
For Nginx, a security patch developed by the Timeweb team is used: this patch changes the user to the one specified in the web server configuration file.
With other hosting providers, this problem can be solved, for example, by manipulating the extended file system permissions (ACL).
Apache uses a multiprocessing module . It allows each VirtualHost to run with its own user ID and group ID.
Thus, thanks to the operations described above, we get a secure isolated environment for each client. At the same time, we also solve scaling problems for Shared hosting.
How Apache and Nginx are implemented can be found in our article. In addition, an alternative configuration through the Dedicated scheme is also described there.
If you have any questions for our experts, write in the comments. We will try to answer everything or describe the solution of the problem in more detail in the following articles.
Source: habr.com