Posted: November 10th, 2016 | Author: Alex Iordache | Filed under: General | No Comments »
PHP (Symfony) Profiling with XHProf and XHGui
- Verify if PECL is installed. If it is not installed, install PEAR then PECL:
#which pecl
#which pear
#port search –name –line –glob 'php*' |grep -i pear
php5-pear 20161027 php www Obsolete port, replaced by php55-pear
php53-pear 20161027 php www Optional port adds the PEAR repository to the include path for php53.
php54-pear 20161027 php www Optional port adds the PEAR repository to the include path for php54.
php55-pear 20161027 php www Optional port adds the PEAR repository to the include path for php55.
php56-pear 20161027 php www Optional port adds the PEAR repository to the include path for php56.
php70-pear 20161027 php www Optional port adds the PEAR repository to the include path for php70.
#sudo port install php55-pear
No trace of PECL on the system yet so try another PEAR installation:
#sudo curl -o /usr/local/bin/pear http://pear.php.net/go-pear.phar
#sudo chmod +x /usr/local/bin/pear
#which pecl
It seems that PECL did not install with the methods above so take the third approach:
#sudo php /usr/lib/php/install-pear-nozlib.phar -d /usr/local/lib/php -b /usr/local/bin
#which pecl
/usr/local/bin/pecl
2. Install the modules for PHP starting with XHProf:
#php -v
PHP 5.5.38 (cli)
#port search –name –line –glob 'php*' |grep -i xh
php-xhprof 0.9.4 php devel A Hierarchical Profiler for PHP
php53-xhprof 0.9.4 php devel A Hierarchical Profiler for PHP
php54-xhprof 0.9.4 php devel A Hierarchical Profiler for PHP
php55-xhprof 0.9.4 php devel A Hierarchical Profiler for PHP
php56-xhprof 0.9.4 php devel A Hierarchical Profiler for PHP
#sudo port install php55-xhprof
3. Before installing the XHGui module for php, install its requirements: MongoDB and its PHP modules:
#port search –name –line –glob 'php*' |grep -i mongo
php-mongo 1.6.14 php databases devel Mongo Database Driver
php-mongodb 1.1.9 php databases devel MongoDB Database Driver
php53-mongo 1.6.14 php databases devel Mongo Database Driver
php53-mongodb 1.0.1 php databases devel MongoDB Database Driver
php54-mongo 1.6.14 php databases devel Mongo Database Driver
php54-mongodb 1.1.9 php databases devel MongoDB Database Driver
php55-mongo 1.6.14 php databases devel Mongo Database Driver
php55-mongodb 1.1.9 php databases devel MongoDB Database Driver
php56-mongo 1.6.14 php databases devel Mongo Database Driver
php56-mongodb 1.1.9 php databases devel MongoDB Database Driver
php70-mongodb 1.1.9 php databases devel MongoDB Database Driver
#sudo port install php55-mongodb
#sudo port install php55-mongo
#ls /opt/local/lib/php55/extensions/no-debug-non-zts-20121212/
mongo.so mongodb.so
On my system the modules were placed in another folder than the one where PHP is configured so a copy is needed:
#sudo cp /opt/local/lib/php55/extensions/no-debug-non-zts-20121212/mongo* /usr/lib/php/extensions/no-debug-non-zts-20121212/
#sudo cp /opt/local/lib/php55/extensions/no-debug-non-zts-20121212/xhprof.so /usr/lib/php/extensions/no-debug-non-zts-20121212/
Continue by enabling the extensions:
#sudo vi /etc/php.ini
extension=mongo.so
extension=mongodb.so
extension=xhprof.so
This command actually installs the MongoDB database. The ones above installed the php driver only :
#brew install mongodb
#sudo chgrp staff /usr/local/var/log/mongodb /usr/local/var/mongodb
#sudo chmod 0775 /usr/local/var/log/mongodb /usr/local/var/mongodb
Add this to /usr/local/etc/mongod.conf:
processManagement:
fork: true
#mongod –config /usr/local/etc/mongod.conf
Optional, use a tool to install Pref into System Preferences in order to start mongodb
#cd <downloads>
#wget https://github.com/remysaissy/mongodb-macosx-prefspane/raw/master/download/MongoDB.prefPane.zip
#unzip MongoDB.prefPane.zip
double-click on MongoDB.prefPane to install it and launch it
4. Install XHGui and configure it as a Virtual Server:
#cd <some directory for xhgui>
#git clone https://github.com/perftools/xhgui.git
#cd xhgui/
#chmod 0777 cache/
#php install.php
#sudo vi /etc/apache2/extra/httpd-vhosts.conf
<VirtualHost *:80>
ServerAdmin [email protected]
DocumentRoot "/Sites/xhgui/webroot"
ServerName xhgui.lh
ServerAlias www.xhgui.lh
ErrorLog "/private/var/log/apache2/xhgui.lh-error_log"
CustomLog "/private/var/log/apache2/xhgui.lh-access_log" common
</VirtualHost>
#sudo vi /etc/hosts
127.0.0.1 xhgui.lh www.xhgui.lh
#sudo apachectl restart
Optional, but recommended: Add indexes to MongoDB to improve performance. (https://github.com/perftools/xhgui)
# mongo
use xhprof
db.results.ensureIndex( { 'meta.SERVER.REQUEST_TIME' : -1 } )
db.results.ensureIndex( { 'profile.main().wt' : -1 } )
db.results.ensureIndex( { 'profile.main().mu' : -1 } )
db.results.ensureIndex( { 'profile.main().cpu' : -1 } )
db.results.ensureIndex( { 'meta.url' : 1 } )
exit
5. Add this to VirtualHost of the site needing profiling (/etc/apache2/extra/httpd-vhosts.conf):
php_admin_value auto_prepend_file "/Sites/xhgui/external/header.php"
That's it. See it in browser:
http://www.xhgui.lh/
Posted: August 14th, 2014 | Author: admin | Filed under: General | No Comments »
Background
On linux machines (Mac too) the default installation of Apache+PHP is sometime not suitable for modern script due to at least two reasons:
While the first is obvious, the second one needs some explanations and the best way is by giving a real-world example. In the Symfony framework the content is prepared under a "cache" folder for achieving a very good speed in processing requests. The framework also uses some command prompt statements for achieving various tasks such as database structure update, warming up the cache, etc. As one knows, all requests processed by Apache runs by default under its user, be it "apache", "www" or "nobody". On the other hand the command line statements run under the current logged-in user, let's call it "myuser". Both actions above uses the same cache folder and here is where the conflict appears, since one cannot update the other's files. Hence the need to run the script under the same user, both withing the Apache and from the command prompt. Plus that is faster (developers would like this).
Goal & solution
One recommended configuration for achieving the speed is to replace the standard mod_php with mod_fcgid, meaning that the process won't run anymore inside Apache but as an external process called by Apache when needed.
As for running the process as another user than Apache's, there is suexec which consists of a module running under apache and a binary executable acting as a wrapper.
The configuration presented here uses virtual hosts, a know feature of Apache letting one run multiple websites on the same computer, each with its own configuration, folder and user account. The process of configuring the server is split in two parts, first for configuring the mod_fcgid module then adding suexec mechanism.
Configuring mod_fcgid
The configuration starts by disabling the standard php module and installing the mod_fcgid module. The steps differs based on the linux distribution therefore the steps below will be given for Ubuntu and Mac so the reader will have to figure out how it works for other ditributions.
Ubuntu:
sudo apt-get install libapache2-mod-fcgid php5 php5-cgi
Note that this article assume that apache is already installed. If php5 is also installed is even better, just be sure php5-cgi is also.
Mac
sudo port install php5 +fastcgi
sudo port install mod_fcgid
Then disable mod_php end enable mod_fcgid:
Ubuntu:
sudo a2dismod php5
sudo a2enmod fcgid
Mac:
sudo vi /private/etc/apache2/httpd.conf
Comment this line: #LoadModule php5_module libexec/apache2/libphp5.so
Add/uncomment this line: LoadModule fcgid_module libexec/apache2/mod_fcgid.so
Add this line to your php.ini (Ubuntu: /etc/php5/cgi/php.ini, Mac: /etc/php.ini)
cgi.fix_pathinfo=1
Tip: the location of php.ini differs and not only that, there may be two different files, one for PHP as module and the other for PHP as CGI. Locate them in the system with:
locate php.ini
A better approach can be to use php itself to tell where is its ini file:
php -i |grep php.ini
Result:
Loaded Configuration File => /etc/php.ini
Additional useful information, in case one needs to know what PHP version runs from command line, especially where there are two PHP versions installed:
#which php
/usr/bin/php
#php -v
PHP 5.4.24 (cli) (built: Jan 19 2014 21:32:15)
Now is the time to configure mod_fcgid and this is done in two places: one global place inside apache's own confguration files and the other in each site. The global configuration file looks like this:
Ubuntu (/etc/apache2/mods-enabled/fcgid.conf):
<IfModule mod_fcgid.c>
AddHandler fcgid-script .fcgi
FcgidConnectTimeout 20
FcgidFixPathinfo 1
FcgidMaxRequestLen 2097152
</IfModule>
Mac (/etc/apache2/other/fcgid.conf):
<IfModule mod_fcgid.c>
FcgidIPCDir /usr/lib/apache2/fcgid/sock
FcgidProcessTableFile /usr/lib/apache2/fcgid/fcgid_shm
FcgidConnectTimeout 20
FcgidFixPathinfo 1
# fix for: mod_fcgid: read data timeout in 40 seconds
FcgidIdleTimeout 3000
FcgidMinProcessesPerClass 100
FcgidConnectTimeout 120
FcgidIOTimeout 400
FcgidMaxProcesses 150
FcgidBusyTimeout 600
# to get around upload errors when uploading images increase the MaxRequestLen size to 15MB
FcgidMaxRequestLen 15728640
FcgidProcessLifeTime 7200
</IfModule>
Although the Mac configuration seems more complex, it is only because more configuration directives have been used. Normally the two may look the same, except the paths of FcgidIPCDir and FcgidProcessTableFile
Tip: Be aware that the names of the directives were changed since mod_fcgid 2.3.2 (it is currently at version 2.3.9). The reason you're warned here is because many answers online uses PHP_Fix_Pathinfo_Enable instead of FcgidFixPathinfo. (all changes in the table here). The most important directives to use are: FcgidFixPathinfo, FcgidMaxRequestLen and FcgidBusyTimeout.
The site configuration file should include the followings somewhere inside <VirtualHost> tags:
Ubuntu (/etc/apache2/sites-available/yoursite.com.conf) & Mac (/etc/apache2/extra/httpd-vhosts.conf):
<IfModule mod_fcgid.c>
#SuexecUserGroup myuser mygroup
<Directory /var/www/yoursite.com/ >
Options +ExecCGI
AllowOverride All
AddHandler fcgid-script .php
FcgidWrapper /var/www/php-fcgi-scripts/php-fcgi-starter .php
Order allow,deny
Allow from all
</Directory>
</IfModule>
Tip: Note that in the above configuration the line with SuexecUserGroup had been commented. This is to avoid seeing errors caused by Suexec while setting up fcgid. Later the line will be un-commented. Or, if you feel lucky, un-comment it now.
Once the above are set, restart apache:
Ubuntu: sudo service apache2 restart
Mac: sudo apachectl restart
Now is is time to talk about the log files because they tell valuable information about the problems which may occur.
Apache's log file to watch is named "error_log" and there you may find issues related to why the server does not start, when some SSL configuration is broken or when suexec has issues.
Suexec has its own log in the same folder as Apache's and there you will find issues related to user rights or problems when running the executable.
Each site is recommended to have its own access and error log files. There you will find errors related to the script or accessing the script, acting as a starting point in solving the issues. In case of errors related to suexec you will find here only some indications, while the details have to be found in the suexec file above
Configuring suexec
This executable binary usually comes with Apache but on a Mac installation this binary was missing. With or without it, sometimes is necessary to adjust its default settings, e.g. those it has been compiled with. Below all these situations will be covered so one can skip some steps if the default installation fits the needs.
Begin with checking the location end existence of suexec:
# which suexec
If the binary is not in the path you won't get any result. Try this:
# locate suexec
The output should be a path like /usr/lib/apache2/suexec on Ubuntu or /usr/bin/suexec on Mac, but the location may vary.
Once you located it, run it to see its current settings. Since it is supposed to be run by root only, you need to use "sudo":
Ubuntu:
# sudo /usr/lib/apache2/suexec -V
-D AP_DOC_ROOT="/var/www"
-D AP_GID_MIN=100
-D AP_HTTPD_USER="www-data"
-D AP_LOG_EXEC="/var/log/apache2/suexec.log"
-D AP_SAFE_PATH="/usr/local/bin:/usr/bin:/bin"
-D AP_UID_MIN=100
-D AP_USERDIR_SUFFIX="public_html"
Mac:
#sudo /usr/bin/suexec -V
Password:
-D AP_DOC_ROOT="/Users"
-D AP_GID_MIN=10
-D AP_HTTPD_USER="_www"
-D AP_LOG_EXEC="/var/log/apache2/suexec_log"
-D AP_SAFE_PATH="/usr/local/bin:/usr/bin:/bin"
-D AP_UID_MIN=500
-D AP_USERDIR_SUFFIX="Sites"
Pay attention to DOC_ROOT : it is the only path allowed to run executable (wrapper) from. The HTTPD_USER is useful in verifying that the wrapper is accessible by this user Finally, UID and GID are constraints for minimum user and group IDs, as they are defined in the /etc/passwd file.
The wrapper file is being launched by Apache for any request whose extension ends in PHP, as defined in the site's configuration file above and suexec must have the rights to access it. Also, the file must be inside DOC_ROOT. The file looks like this:
#!/bin/sh
PHPRC=/etc/php5/cgi/
export PHPRC
export PHP_FCGI_MAX_REQUESTS=5000
export PHP_FCGI_CHILDREN=8
exec /usr/lib/cgi-bin/php
Tip: PHPRC is the path up to php.ini. The executable on the last line must be the cgi version of php binary. Sometimes (on Mac) it is called "php-cgi" and is under /opt/local/bin/. Just check yours using "which" or "locate" and run it as "php-cgi -v" to verify that it is ok and has the expected version.
So, create the file under DOC_ROOT, let's say "/var/www/php-fcgi-scripts/php-fcgi-starter" with the above content and make it executable (chmod a+x /var/www/php-fcgi-scripts/php-fcgi-starter). Take care yourself of creating the folder php-fcgi-scripts and assigning it the proper user and group (myuser and mygroup).
Tip: an easy way to verify that a user can access that file is to add "-v" as parameter for php on the last line then call it with:
su myuser -c "/var/www/php-fcgi-scripts/php-fcgi-starter"
In other words: "run this command as user myuser" and it will display the PHP version. Remove the parameter afterward. Repeat: remove the parameter afterward (so it will run whatever PHP file will be send by Apache as parameter)
Back on track now, if everything goes well you should remove the comment to SuexecUserGroup and restart Apache. Prepare a simple PHP file in the site's root folder with the following content:
<?php phpinfo();
If everything was setup successfully then you'll get the nice long listing with PHP's current configuration. Among those lines you will find references to mod_fcgid and all other features configured.
Additional info
Sometime installing on MacOS using brew or port is not enough due to missing packages. In this case compiling from sources is a good alternative and it is not that difficult. Here is a sample of configuring PHP but also making use of "port" for installing supporting libraries
Download PHP from sources first then run this from the folder where the files were unpacked:
$ sudo port install libpng freetype mcrypt
$ sudo './configure' '–prefix=/opt/local' '–mandir=/opt/local/share/man' '–infodir=/opt/local/share/info' '–program-suffix=55' '–includedir=/opt/local/include/php55' '–libdir=/opt/local/lib/php55' '–with-config-file-path=/opt/local/etc/php55' '–with-config-file-scan-dir=/opt/local/var/db/php55' '–disable-all' '–enable-bcmath' '–enable-ctype' '–enable-dom' '–enable-filter' '–enable-hash' '–enable-json' '–enable-libxml' '–enable-pdo' '–enable-session' '–enable-simplexml' '–enable-tokenizer' '–enable-xml' '–enable-xmlreader' '–enable-xmlwriter' '–with-bz2=/opt/local' '–with-mhash=/opt/local' '–with-pcre-regex=/opt/local' '–with-libxml-dir=/opt/local' '–with-zlib=/opt/local' '–without-pear' '–enable-fileinfo' '–enable-phar' '–disable-fpm' '–enable-cgi' –with-freetype-dir –enable-mbstring –with-curl –with-mcrypt=/opt/local –with-zlib –with-gd –with-pdo-mysql –with-mysqli –with-openssl –with-gettext=/opt/local –with-xmlrpc –with-xsl –with-png-dir=/opt/local –with-jpeg-dir=/opt/local –with-freetype-dir=/opt/local
Downloading Apache from sources requires this configuration:
./configure –with-layout=Darwin –enable-suexec –with-suexec-caller=_www –with-suexec-uidmin=500 –with-suexec-gidmin=10 –with-suexec-docroot=/Users/ –with-suexec-userdir=Sites \
–prefix=/usr/local/apache2 –enable-so \
–enable-rewrite –enable-ssl –enable-mods-shared='rewrite ssl'
Posted: March 23rd, 2012 | Author: Alex Iordache | Filed under: General | No Comments »
Mercurial is a cross-platform, distributed revision control tool for software developers. In this article will be presented a handy way to install and configure Mercurial on a server with cPanel . All operations presented will only need a standard FTP/SSH access to a user account, except the initial installation of the Mercurial RPM which needs root rights. This installation procedure is very suitable for those creating websites and wanting a quick solution to track the changes in their source code using a repository stored right next to the website.
The information below were compiled from several sources with some modifications to suit the above needs. The aim is to use only cPanel and SSH with user rights (e.g. no root required !) and have a repository ready in 5 minutes. The repository will then be accessed securely as hg.yoursite.com
Intial preparation: install the Mercurial package as root http://mercurial.selenic.com/wiki/HgWebDirStepByStep
Here is a sample installation from a RPM on an OpenSuse linux:
wget http://download.opensuse.org/repositories/devel:/tools:/scm/openSUSE_10.2/x86_64/mercurial-1.0-1.2.x86_64.rpm
$ sudo rpm -ihv mercurial-1.0-1.2.x86_64.rpm
Step 1. Create subdomain
Login in cPanel and create hg.yourdomain.com. Do not create the directory under /public_html so the repository won't mix with the files of the website
Step 2. Create the configuration file of the repository
Use a FTP client and navigate into the directory of the subdomain. Create a folder for your repo, i.e. projectrepo . Use some name other than the one you want to access the repo with because later there will be some URL rewiting rules added into a .htaccess file which won't work otherwise. In this example the repo url will be made as hg.yourdomain.com/project
Continue navigating into cgi-bin where two files has to be be uploaded: hgweb.config containing the repository configuration and hgwebdir.cgi containing the code needed to run the repository. Create the two files on your computer and upload them into /cgi-bin:
/cgi-bin/hgweb.config
[paths]
#VIRTUAL_PATH = /REAL/PATH
project = ~/hg/projectrepo
/cgi-bin/hgwebdir.cgi
#!/usr/bin/env python
from mercurial import demandimport; demandimport.enable()
import cgitb
cgitb.enable()
import os
os.environ["HGENCODING"] = "UTF-8"
from mercurial.hgweb.hgwebdir_mod import hgwebdir
import mercurial.hgweb.wsgicgi as wsgicgi
application = hgwebdir('hgweb.config')
wsgicgi.launch(application)
Change the attributes of hgwebdir.cgi to be executable (0755). This can be made within the FTP client (at least TotalCommander implements it and probably many other such applications have that option. It is under Files->Change attributes).
Step 3. Initialize repository
Using a SSH console go into the ~/hg folder and run these commands:
hg init
find . -type f -exec chmod 0666 "{}" \;
find . -type d -exec chmod 0777 "{}" \;
The last two commands are needed when the web server (Apache) runs the scripts under a different user than the owner of the account. In order to create files and folder full write rights are needed for user apache or nobody.
A configuration file will have to be created and uploaded into the new repository. For this , create a file named hgrc with the following content:
~/hg/project/.hg/hgrc
[web]
description = My repository
push_ssl = false
allow_push = john
# enable snapshot downloads
allow_archive = gz zip bz2
baseurl = /
In this configuration the ssl is disabled which may be a security problem. If your host allows https connections then you may set this to true later. However, the repository is protected through HTTP Basic authentication – see below.
Upload the file above under ~/hg/project/.hg/
Step 4. Secure the repository
Create a .htaccess file with the following content for uploading in the root of your subdomain:
~/hg/.htaccess
# Taken from http://www.pmwiki.org/wiki/Cookbook/CleanUrls#samedir
# Used at http://ggap.sf.net/hg/
Options +ExecCGI
RewriteEngine On
#write base depending on where the base url lives
RewriteBase /cgi-bin
RewriteRule ^$ hgwebdir.cgi [L]
# Send requests for files that exist to those files.
RewriteCond %{REQUEST_FILENAME} !-f
# Send requests for directories that exist to those directories.
RewriteCond %{REQUEST_FILENAME} !-d
# Send requests to hgwebdir.cgi, appending the rest of url.
RewriteRule (.*) /cgi-bin/hgwebdir.cgi/$1 [QSA,L]
The rules above allows accessing the repository with an url like hg.yourdomain.com/project instead of hg.yourdomain.com/cgi-bin/hgwebdir.cgi/project and is a replacement for the original procedure described in the Mercurial documentation where one has to modify httpd.conf, as root.
Finally, password protect the repository within cpanel. The operations below will update .htaccess, adding the necessary lines for basic authentication:
Finish
Access your repository within a browser with an URL like:
http://john:[email protected]/hg/project
Use the URL above in your Mercurial client too.
Referrences