I have to admit, I really loved Apache with ModSecurity (with the CoreRuleSet), it gave me “peace at night”. But then I noticed that this actually eats quite a lots of memory… and as a heavy TinyTinyRSS user I noticed that TTRSS is sometimes quite sluggish loading articles. So I had another look on Nginx again. I did have a look at it in the past, but I gave up on it, as the provided version from Debian Lenny didnt support IPv6, the version for Squeeze does though.
So initially I installed Nginx with PHP-FASTCGI. It was good, fast, memory problems were sorted. The sluggishness with TTRSS was solved as well. (Now after some weeks running it, I still notice “phew, memory isnt used at all, how does this work actually?”.)
(Preface: I wont be posting configuration details on here, just my experience and some pointers. I dont like repetition and with the search engine of your choice speckled with some common “sysadmin sense”, you will find what you need.)
I already found some hints that PHP-FPM is much better than PHP-FASTCGI. (I was surprised that this was not good enough.) And so I came recently across dotdeb.org (again), which gives you the ability
- to install a more recent Nginx than Debian Squeeze one
- Update PHP to 5.3.6
- install PHP-FPM
which is even better. I also enabled APC as an PHP opcode cache which helps further (I actually configured the latter one that it does write a logfile (I still want to know when something goes wrong), but the actual service is not restarted, just the new logfile is opened. You can do this by sending SIGUSR1 to the php5-fpm master process. This doesnt empty the cache. At the time of writing I have 473362 Hits vs. 656 Misses (99.9% / 0.1%), I wonder when I have 100%.).
Tests and results
If I did some tests to show you some fancy numbers which prove that this is faster? I am sorry, but I have to disappoint you.
I can give you some hard facts:
- The system never ran out of memory with Nginx and it is now running for maybe 5+ weeks.
- The sluggishness with TTRSS (ie. browsing quickly through different RSS articles is much faster, as TTRSS is loading everytime the article and if I did this fast enough, TTRSS was locked up for some time, as Apache didnt deliver the actual article fast enough). On a subjective note: it is definitely faster.
I am happy with my choice. Anything on the internet should be kept up2date anyway – despite the fact you are running ModSec.
And it is faster and uses less memory – what more does a sysadmin want?
PS: I forgot: Next step is enabling the Caching plugin in Nginx this should speed it up even further. When you are serving a lots of static objects, like pictures, Varnish is your friend and very easy to configure.
Post-PS: WordPress optimizations are the next thing! CDN – here I come!