Have multiple and some server related but hereby:

I forcefully quit php on the server I use for devRant related stuffs because I wanted to quit the bakgrounded php process I had running for the dns proxy thingy since I somehow couldn't find the pid.

Two days later I noticed that none of my sites on that server where running anymore and started looking at nginx error logs.

It took me way too long to figure out that I had PHP-FPM installed which runs as a service and by forcefully quitting php the other day.... Yeah, you get it I think.

Started the process again and remembered that one 😅

I showed a friend of mine a project I made in two days in Docker and Symfony php. It is a rather simple app, but it did involve my usual setup: Nginx with gzip/cache/security headers/ssl + redis caching db + php-fpm for symfony. I also used php7.4 for the lolz

He complained that he didn't like using Docker and would rather install dependencies with composer install and then run it with a Laravel command. He insisted that he wanted a non-docker installation manual.

I advised him to first install Nginx and generate some self-signed certificates, then copy all the config files and replace any environment-injected values (I use a self-made shell script for this) with the environment values in the docker-compose files.

Then I told him to download php-fpm with php 7.4 alpha, install and configure all the extensions needed, download and set up a local Redis database and at last re-implement a .env file since I removed those to replace them with a container environment.

He sent an angry emoji back (in a funny way)

God bless containerized applications, so easy to spin up entire applications (either custom or vendor like redis/mysql) and throw them away after having played with them. No need to clutter up your own pc with runtime environments.

I wonder if he relents :p

In the Ruhr area (Germany) we have some very old, very strange words with strange meanings. One of those words is ‚Prutscher‘.
A Prutscher refers to a person who does things but never gets a good result, due to lack of knowledge or simple carelessness. Most of the time, Prutschers are people who are interested in certain subjects and often work in the related jobs, but who lack the motivation to properly train themselves, learn what there is to learn and to always keep up with their technologies .
Here are a few examples I've stumbled upon so far in my career:

- Developers in their 60's who read a book about PHP 25 years ago and decided to become a software developer. Since then haven't read anything about it. Who then now build huge spaghetti monoliths for large companies, in which they prefix every function, every variable and constant with their initials and, of course, use Hungarian notation.

- People who read half a fucking tutorial about <insert any fancy js framework here> and start blogging/tweeting about it

- Senior web developers who need to be told what the fuck CORS is and who can't even recognize CORS related errors in their browser console.

- People who have done nothing else for 18 years than building websites for companies on Wordpress 1.x and writing few lines of PHP and Javascript from time to time. Those who are now applying as a frontend dev due to the difficult economic situation and are surprised that they are not accepted due to a lack of experience.

- Developers who are the only ones working on Windows in the team and ask their Linux colleagues for help when Windows starts bitchin.

- People who have been coding for 30 years, have worked with ~42 languages ​​and don't know the difference between compiled and interpreted languages ​​in the job interview.

- Chief developers at a large newsletter-publisher who think it's a good idea to build your own CMS (due to a lack of good existing ones, of course).

- Developers who have been writing PHP applications for multinational corporations for 25 years and cannot explain how PHP is executed. They don't even know what the fucking OPcache is, let alone fpm. FML

- People who call themselves professional developers but never ever heard of DRY, KISS, boy-scout rule, 12-Factor App, SOLID, Clean Code, Design Patterns, ...

- Senior developers wondering why the bash script won't run on their fucking Windows machine.

- Developers who consider Typescript to be a hindrance and see no value in it.

- Developers using ftp for deployments in 2022

- Senior Javascript Developer applying for a job and for whom Integer is a primitive data type in JS.

- Developers who prefer to code without frameworks and libraries because they are only an unnecessary burden/overhead and you can quickly code everything up yourself.

- Developers who think configuring their server(s) manually is a good idea.

You fucking Prutscher. What you have already cost me in terms of work and nerves. I can't even put it into words how deeply I despise you. I have more respect for the chewing gum that has been stuck in my damn trash can for the past 3 years than I do for you guys. You are the disgrace of our profession. I will haunt you in your dreams and prefix every fucking synapse of your brain with MY initials.

As a well-known german band once sang in a very fitting song: I wouldn't even piss on you if you were on fire.

If you recognized yourself in one of the examples here: FUCK YOU!

"let's quickly compile php by hand and get php-fpm running!"

All is compiled well but I can't, for the love of what-the-fuck-ever figure out how to load extensions within the configuration and the internet isn't helping out much either.

How fucking difficult can this be?!

When your websites start returning 502 errors all of a sudden and you can't figure out why. Clear PHP artisan cache, restart Nginx, make sure PHP-FPM is running. Still 502 errors. Then you find out Cloudflare is down. 😐😐😐

This was me last night.

I get an email about an hour before I get into work: Our website is 502'ing and our company email addresses are all spammed! I login to the server, test if static files (served separately from site) works (they do). This means that my upstream proxy'd PHP-FPM process was fucked. I killed the daemon, checked the web root for sanity, and ran it again. Then, I set up rate limiting. Who knew such a site would get hit?

Some fucking script kiddie set up a proxy, ran Scrapy behind it, and crawled our site for DDoS-able URLs - even out of forms. I say script kiddie because no real hacker would hit this site (it's minor tourism in New Jersey), and the crawler was too advanced for joe shmoe to write. You're no match for well-tuned rate-limiting, asshole!

You know what, let me jump in on the "I hate PHP" bandwagon.

A couple months ago I upgraded my mail servers unattended. Roundcube got fucked for a couple of months, and I figured.. fuck it, I can still use Dovecot for authenticating with desktop mail clients like K-9.
Recently I unfucked it, turns out that it was an issue with the sock file in php-fpm. That's also when I noticed that PHP apparently hardcodes in its current version in the bloody socket file. Because why the fuck wouldn't you? It makes upgrades so much fucking easier!!! Said no fucking sysadmin ever!!!

And today I upgraded one of my mail servers to Ubuntu Server 18.04, finally, after a lot of hesitation. Bad decision, because now PHP got fucked YET AGAIN.
Again an issue with socket files? I have no fucking idea. systemctl shows no failed services (because you know PHP, why would you fail your service with an error message instead of throwing a meaningless 502 Bad Gateway, right?!!) and looking at the config files, well the socket file got its new php-fpm 7.2 file (still got the fucking version number hardcoded in) and thus I changed that socket file location in /etc/php/7.0...

devRant may just have been my rubber duck.

WHY THE FUCK DO YOU STINKING FUCKING PILE OF SHIT CALLED FUCKING PHP KEEP THE FUCKING 7.0 DIRECTORY OUT THERE WHEN YOU'VE UPGRADED, WITHOUT EVEN HAVING THE FUCKING BALLS TO RENAME THE MOTHERFUCKING DIRECTORY TO 7.2, IF YOU'RE GOING TO HARDCODE IN YOUR VERSION NUMBERS ANYWAY?!!!!!

Bloody fucking pile of fucking junk!!!!

"Our supplier asks that you double the number of php child processes for this fpm pool"

"Are you aware, that that would lead to about 100% of memory overcommit, taken the current limit of 128MB/child, and that if a lot of them started at once, the system would probably go for OOM-Kill, which would most probably kill your database, that still runs on 100% MyISAM tables that do not support transactions, and you'd have to kiss your data integrity goodbye, right?"

"Uh... Nevermind then"

I get that some people are not IT-versed, but really... Hire someone who knows what they are doing and doesn't live 20 years in the past, god damn it!

FUCKING SYSTEMD PIECE OF CRAP.
*Punches a wall or something*

Ugh, newest version of PHP-FPM apparently has a dependency on a Systemd package. The package doesn't change the system's init daemon to systemd, but just the fact that it has that, that more and more stuff is becoming dependent on that crap of a bloated piece of software is driving me crazy.

I hate systemd from the bottom of my soul, not for being a bad piece of software by any means. The systemd environment is quite well fitted together, but for being a monolithic monstrosity that is taking over more and more of the traditionally independent system services.

It would be absolutely good in my book, if it allowed a user or admin to choose which parts of SystemD they are going to install, and so, in the core, it would be a mere init daemon.

But noooooo, systemd has to take over cron, system dns resolver, home and user management and I bet its not the end.

GNU/Linux is becoming GNU/SystemD/Linux...

Never “try” to optimise just a bit more just for your own sake if the customer doesn’t ask you too. The next day you may be working on getting the service up and stable again on your holiday day :-(

Spent about 5 hours trying to figure out why php-fpm 7.2 was sending a timeout to nginx inside a CentOS 7 container. In the end I couldn't figure it out, downgraded to PHP 7.1 and then everything start working fine. I really hate using CentOS for containers since it also requires privileged mode to be able to start services. Hopefully I can move away from using CentOS for containers soon since the base image is also quite fat.

been fighting with nginx and php-fpm becuase the dev makes php scripts that run longer than 1 minutes even the connection between nginx and the php socks is giving up on life.

>Finds an URL that causes some sort of internal bug in a client's webapp
>Subsequent requests fill up the server's PHP-FPM slots, waiting for a session exclusive lock that never comes
>Effectively DoS's the server
>Sends it to a colleague to discuss the possible causes
>Uses slack
>Forgets Slack happily indexes any link it's given
>Slack almost DoS the service

FUN

I do not understand how event loop of node is faster than per request new php fpm process or similar.

Imagine you have 10 users surfing your website. In PHP there will be 10 process working on each request.

Where as in NodeJS there is only 1 process taking each request one by one.

Now for the I/O part, it is going to take same time on completion. By the time the IO is completed and the control is back to NodeJs, It will eventually take the same time (the actual response delivered).

Am I missing something here ?

These god damn idiots!11!!

Why, for duck sake, php-fpm and xdebug are using the same standard port 9000?

There are thousands of different ducking ports you could choose from!

So each developer who wants to debug his php app served by php-fpm, has to adjust the port for xdebug on something like 9001 or 10000.

Whyyyyyyyyyyyyy!?!??

: /

I just want to shoot php and fpm and apache in the face! its so convoluted. You have to touch like 837 files just to upgrade php56 to php70... oh and the twist is it still doesn't work...

I have a small NUC-like machine in my home with an old external hdd connected to it. I use it to run my local gitlab, nextcloud and to test a few websites I build for the lolz.
If you too have a homelab, whether it's a single raspberry or an entire room full or racks, you know damn well that everything you have running locally as a web service keeps going until it doesn't, for whatever fucking reason. This time, it was the turn of my nextcloud.
The machine has arch linux running, I chose it since I already use it on my coding laptop and being a rolling release means I don't have to manually upgrade to a newer version, risking various fuck-ups and consequent screaming of profanity.
The downside is that arch is a bleeding-edge distro, so, despite being pretty good for what concerns security, as updates are pushed out some packages may still require legacy software to work as intended, since obviously not all developers for all packages can release simultaneously.
The problem was that php reached 8.2.x but nextcloud couldn't use anything beyond 8.1, so the highlighted solution was to download php-legacy, a package with a set of utilities which the cloud could use instead of mainline php.

Pretty easy, right? fuck my life, here we go.

I edited apache-httpd's configurations to link the new libraries, updated every reference in every virtual host that could possibly screw up the web server.

Done.

Then I went on and disabled the php-fpm mainline, creating a new systemd unit that would instead run the legacy executable and afterwards I edited nextcloud's additional configs so they use that instead.

Done, getting a bit dizzy, but I reboot everything and breathe.

At this point the migration should be complete, but wait, the server returns an error saying that the application is still trying to use php 8.2+...wait, what in the sysadmin Christ?

Back to nextcloud config, everything is set, everything else in every other fucking php-legacy and web server is fine, the old fpm service is disabled, I am confused, and why in the FUCKING FUCK is the new php-fpm unit failing to start at boot with "error 78/config - directory not found"? Hello? Am I being trolled by a shitty dual-core amazon fake NUC?
Maybe yes, cause it turns out that the unit was referencing a directory in the external hdd, which gets mounted at boot time after the unit itself starts, so nothing much, just a matter of tinkering with cron jobs, a reboot and at least this one is off my balls.

But why still isn't the server responding correctly? why? WHY?

After slamming my cock on the keyboard here and there scrolling back through all the config files I think to myself, hmmm, my gitlab is working flawlessly, well yeah, I didn't need to install the whole web stack, everything was nice and easy wrapped in a docker container...so why am I even here, why the fuck am I bothering with all this layered web-app bullshit, why don't I just run the up-to-date docker image that someone else has already set up for me, back up all the data and reupload them on the application?

Oh joy, you can't imagine, after 3...almost 4 hours of pure computer-touching the relief I had from seeing the blue web page with the "welcome to nextcloud" title.

Right now it's copying back all the files, and the external hdd is now linked to include the data folder.
Like really, everything was solved in two lines of bash.

I am still fuming, but at least I learned a valuable lesson, if you want a service up for yourself, implement it and deploy it as fucking easy straight-forward as you can, giving MAXIMUM priority to already fully-working options that are out there just waiting to be downloaded and used. I swing my scrotal sack on web-apps elegance as long as it's MY homelab in MY place.

Eat a fat dick php.

sudo pacman -Rns nextcloud
sudo systemctl disable --now php-fpm-legacy
sudo pacman -Rns php-legacy
sudo pacman -Rns $(sudo pacman -Qdtq)

I challenge you to start a process from php.

The following criteria must be fulfilled:

- php-fpm
- the process is started on http request by user
- the response does not wait for the process to be finished
- the process must finish, possibly after the response reached the user
- the running process does not block a fpm thread/worker from handling further requests

Simple, right?

I've been wondering about renting a new VPS to get all my websites sorted out again. I am tired of shared hosting and I am able to manage it as I've been in the past.

With so many great people here, I was trying to put together some of the best practices and resources on how to handle the setup and configuration of a new machine, and I hope this post may help someone while trying to gather the best know-how in the comments. Don't be scared by the lengthy post, please.

The following tips are mainly from @Condor, @Noob, @Linuxxx and some other were gathered in the webz. Thanks for @Linux for recommending me Vultr VPS. I would appreciate further feedback from the community on how to improve this and/or change anything that may seem incorrect or should be done in better way.

1. Clean install CentOS 7 or Ubuntu (I am used to both, do you recommend more? Why?)
2. Install existing updates
3. Disable root login
4. Disable password for ssh
5. RSA key login with strong passwords/passphrases
6. Set correct locale and correct timezone (if different from default)
7. Close all ports
8. Disable and delete unneeded services
9. Install CSF
10. Install knockd (is it worth it at all? Isn't it security through obscurity?)
11. Install Fail2Ban (worth to install side by side with CSF? If not, why?)
12. Install ufw firewall (or keep with CSF/Fail2Ban? Why?)
13. Install rkhunter
14. Install anti-rootkit software (side by side with rkhunter?) (SELinux or AppArmor? Why?)
15. Enable Nginx/CSF rate limiting against SYN attacks
16. For a server to be public, is an IDS / IPS recommended? If so, which and why?
17. Log Injection Attacks in Application Layer - I should keep an eye on them. Is there any tool to help scanning?

If I want to have a server that serves multiple websites, would you add/change anything to the following?
18. Install Docker and manage separate instances with a Dockerfile powered base image with the following? Or should I keep all the servers in one main installation?
19. Install Nginx
20. Install PHP-FPM
21. Install PHP7
22. Install Memcached
23. Install MariaDB
24. Install phpMyAdmin (On specific port? Any recommendations here?)

I am sorry if this is somewhat lengthy, but I hope it may get better and be a good starting guide for a new server setup (eventually become a repo). Feel free to contribute in the comments.

Any one running Symfony on a Docker container in production? I currently try to migrate our dev env to a docker compose setup (from a "monolith" vagrant vm). I'm atually not stuck at a Symfony specific thing, but on a, I guess Docker specific one(?), The issue is, I need to read and write with two users to one folder (in my case the /application/var/cache folder). Since I mount my whole code into the docker container (to use an IDE on the local files), I've got a volume (not mounted to the outside world) for that folder. (As far, as good). Now this folder is owned by root and root is also the user I get when I enter the container. When I then run a cli script, that writes to this folder, every thing works (as it's run by root) and the resulting entries in the cache dir are owned by root. Trouble starts when the php fpm process tries to write stuff in there too (as it's run by www-data).
If I add `USER www-data` (or create a new user foobar and add `USER foobar`) the container exits with status 0

So I guess the question is, is anyone running an Symfony app on Docker in Prod, if so how do you solve this? Or another question would be what is the best practice to do this? Sure on dev I could just `chmod 777` the whole folder or run the php-fpm process as root, but if that thing ever goes to prod, I wouldn't sleep very well...

Wasted a night on building a docker image of Magento over php-fpm7 alpine, stuck.

I was determined PHP advocate, always ready for debate with PHP criticizers. I am stacking with dozen other languages so I used to think I have all right to do just that. My code is fully OO, I used to scale FPM horizontally, eventually, with help of pthreds even vertically. With help of redis and chaching, I thought I was sorcerer, as I always find a way (or way around) to make things work, things that no one used to beleive it's possible. One day I started to work for language engineering company, when I suddenly realized how PHP often fails with it's come to localizations, translation, exotic charsets and over all multibyte operations. :( Whole this thing collapses. Wholes everywhere...

I'm teaching a couple of classes where students (~18 years old) work on their own projects. I just deleted two of those from my machine: one Angular and one Spring Boot, but just boilerplate. Together, they were about 500 MB. I spent 2-3 hours working on a little Go tool to make concurrent HTTP requests and to report statistics on the response time. The entire repository is roughly 500 kB in size, but solves a genuine problem. My students have a bloat ratio of 1000 compared to me as a baseline, but my stuff actually does things. Today, I programmed prime factorization in PHP for some load tests (mod_php vs. PHP-FPM). The PHP script is 1148 bytes long (but the file system reports 4 kB). My students could learn more from such a script than from their overblown "projects", but "PHP sucks" I hearsay, so let's bloat on.

our team need to be chef by this week to bake a cake.....

Does anyone have experience with load balancing PHP-FPM?

Why the fuck does php fpm cache requests? Without any cache module installed...

Just want to ask a question here to avoid the downvote on stackoverflow.

Does apache + mpm_event + PHP-FPM capable of handling 500 simultanous requests, on a server with 4CPU cores and 16Gb of RAM?

mod-php is weird and should never have existed.

I hate having to deal with it, even if it's only still in use in years old legacy systems. FPM is so much nicer.