Modified lemp stack with Mariadb instead and hhvm with php5-fmp as fallback and SSL
We call this project for the hipsterwebbstack
We will assume you have a Linux system up and running and this guide assumes its Ubuntu 14.04 we choose yo use the latest LTS of Ubuntu because of newer packages in the main repository.
Start with installing software-properties-common since we will be adding a few extra repositories
apt-get install software-properties-commonInstall Nginx
install just like any other package
apt-get install nginxInstall MariaDB
To install MariaDB the repository for it need to be added to the system and singed with a trusted key this is done by running following commands. Depending on what type of account your using you might need to do this with sudo.
apt-get install software-properties-common
apt-key adv --recv-keys --keyserver hkp://keyserver.ubuntu.com:80 0xcbcb082a1bb943db
add-apt-repository ‘deb http://mirror.stshosting.co.uk/mariadb/repo/10.0/ubuntu trusty main'
apt-get update
apt-get install mariadb-serverThe installation only asks for you to put in a root password during the install, type in your desired password. Not harder than that.
Install HHVM
Just like with the installation of MariaDB we need to add the repository the processes is pretty much the same
sudo apt-key adv --recv-keys --keyserver hkp://keyserver.ubuntu.com:80 0x5a16e7281be7a449
sudo add-apt-repository 'deb http://dl.hhvm.com/ubuntu trusty main'
sudo apt-get update
sudo apt-get install hhvm After the installation is done there will be a script in
/usr/share/hhvm/install_fastcgi.sh
Run that one and it will sort out the basic config for Nginx and hhvm for you
a file called hhmv.conf will be created in /etc/nginx/
Its content should look like this
location ~ \.(hh|php)$ {
fastcgi_keep_conn on;
fastcgi_pass 127.0.0.1:9000;
fastcgi_index index.php;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
include fastcgi_params;
}Install php5-fpm
We will also need to install php5-fpm so it can be used as a fallback if for whatever reason hhvm stops, it sometimes does that and if it does that it wont restart on its own so will we have to have something ruing to take care of the php, we will also make sure that hhvm will restart again, we will cover that later.
apt-get install php5-fpmInstall ps-watcher
One easy way to not have to worry about if hhmv is up and running or not is to use ps-wacther.
It will detect if hhvm is running or not and start it if it not running
apt-get install ps-watcherAfter the installation edit the file
/etc/ps-watcher.conf (don’t worry if its a new file)
add the following to the file
[hhvm]
occurs = none
action = service hhvm restartsave the file and then do this so that ps-watcher will be able to start
sed -i -e 's/# startup=1/startup=1/g' /etc/default/ps-watcherAfter that is done ps-watcher will check every 150th second if hhvm is running to change the check time change
DAEMON_OPTS=”–sleep 150″ to the value you want instead for example DAEMON_OPTS=”–sleep 45” For ps-watcher to make the check every 45 seconds.
Nginx Config
For this site we use a bit of custom config that I wont get into, I will keep this as basic as posible
One of the most important things in times like these is to make sure the server is not vulnerable to some of the SSL exploits out there.
In your /etc/nginx/nginx.conf you need to specify what versions of SSL will be ok to use, this is done in the http block by adding this:
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
#Now for some config for the virtual-host
#The redirect from http to https
#Replace example.com with your domain
server {
listen *:80;
server_name example.com
rewrite ^ http://$example.com$request_uri? permanent;
}
#That cares of every call on port 80 and sends it to port 443
SSL
#Quick notes on how to use a certificate with nginx.
#Add the following directive under your server block for 443
ssl on;
ssl_certificate certfile.crt ;
ssl_certificate_key keyfile.key;
Replace certfile.crt with the path to your crt file and replace keyfile.key with the path to your key file, This will work for both selfsigned and issued certificates
#To use HHVM instead of php5-fpm as fast-cgi
include hhvm.conf;
#or if yon need more custom config for your php use something like this
location ~ \.php$ {
fastcgi_split_path_info ^(.+\.php)(/.+)$;
fastcgi_pass 127.0.0.1:9000;
fastcgi_index index.php;
include fastcgi_params;
}
php5-fpm as fallback
#Add the following directive so that all 502 errors will result in doing what is defined under location @fallback
error_page 502 = @fallback;
The fallback block
just like a normal fastcgi config
location @fallback {
try_files $uri =404;
fastcgi_split_path_info ^(.+\.php)(/.+)$;
include fastcgi_params;
fastcgi_index index.php;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
fastcgi_param SERVER_NAME $host;
fastcgi_pass unix:/var/run/php5-fpm.sock;
}After this add the other directives you need for your site and then restart nginx
service nginx restart
Testing the fallback
An easy way to test the server is to check the response headers
curl -i example.com |grep ‘X-Powered-By’
will show you if its hhvm or php-fpm that’s compiling the php on the server
If hhvm is running you will get something like
”X-Powered-By: HHVM/3.5.1”
to see if the fallback works just stop the hhvm service
service hhvm stop
run curl -i example.com |grep ‘X-Powered-By’
you will get something like ”X-Powered-By: PHP/5.5.9-1ubuntu4.6”
That means that the fallback is working then just wait the chosen time set in ps-watcher and run curl -i example.com |grep ‘X-Powered-By’ again, hhvm should be up and runing again.
Conclusion
This was something that was real fun to able to do, when do one get the chance to use software that is on the edge of being the latest and then mix them together to make them even better and even run it on a live server.
The best part is the joy and satisfaction of seeing how much faster the website became after the migration to this new web stack.
A guide on how to get a issued SSL Certificate will come along in not to distant future.