• Linux

    Running different PHP applications as different users

    Often you run different web applications on the same web servers. For security reasons, it is strongly recommended to run them in separate PHP-FPM processes under different user accounts. This way permissions can be set so that the user account of one PHP application, cannot access the files from another PHP application. Also open_basedir can be set so that accessing any files outside the base directory becomes impossible. To create a separate PHP-FPM process for a PHP application on Debian Stretch with PHP 7.0, create a file /etc/php/7.0/fpm/pool.d/webapp.conf with these contents: Replace webapp by a unique name for your web application. You can actually copy the default www.conf file and…

  • Linux

    Improving Mediawiki performance

    Now that I am on the subject of improving performance, I configured some performance improvements for a Mediawiki installation here: Make sure you run the latest Mediawiki version. Mediawiki 1.16 introduced a new localisation caching system which is supposed to improve performance, so you definitely want this to get the best performance. Create a directory where Mediawiki can store the localisation cache (make sure it is writable by your web server). By preference store it on a tmpfs (at least if you are sure it will be big enough to store the cache), and configure it in LocalSettings.php: $wgCacheDirectory = "/tmp/mediawiki"; Iif /tmp is on a tmpfs, you might add…

  • Linux

    A wise server migration

    Yesterday I migrated two servers at work to a new machine. The old machines were pretty underpowered: a Pentium III 1 Ghz system (with 384 MB RAM if I remember correctly) and a Pentium 4 system. The new machine is a Dell Poweredge R410 with a Xeon E5504 processor, 12 GB RAM and a PERC H700 RAID controller (which is actually a LSI MegaSAS 9260) with 3 750 GB SATA disks in RAID 5. The hardware is pretty nice (although I am not happy at all with the way Dell treats its customers, so I will rather prefer other vendors in the future, but maybe more about that in a…