在生产中使用 PHP 内置服务器 [英] Using the PHP built-in server in production
问题描述
我最近对 PHP 5.4 的内置网络服务器很好奇.从表面上看,虽然相当准系统,但通过足够的工作,可以将传统上依赖于单独 Web 服务器(如 WordPress)的 PHP 应用程序分发为独立脚本,您只需使用 php -S 即可运行localhost:80 app.php(或者,更有可能是 './wordpress.sh').他们甚至可能附带自己的 PHP 解释器,该解释器具有应用程序所需的所有功能,从而无需针对该语言的许多不同版本.
I was recently curious about PHP 5.4's built-in webserver. On the surface it seems as though, while rather barebones, with enough work it could be possible to distribute PHP applications that traditionally depend on a separate web server, like WordPress, as standalone scripts that you could just run with php -S localhost:80 app.php (or, more likely, './wordpress.sh'). They might even ship with their own PHP interpreter that has all the features the application needs, which would obviate the need for targeting many different versions of the language.
它在某种程度上重新发明了轮子,但它肯定会增加便携性并降低最终用户的复杂性.
It's re-inventing the wheel somewhat, but it would certainly increase portability and reduce complexity for the end user.
但是,我在文档页面上看到了以下内容:
However, I saw the following on the documentation page:
此网络服务器旨在帮助开发应用程序.它也可用于测试目的或在受控环境中运行的应用程序演示.它不是一个功能齐全的网络服务器.不应在公共网络上使用.
This web server was designed to aid application development. It may also be useful for testing purposes or for application demonstrations that are run in controlled environments. It is not intended to be a full-featured web server. It should not be used on a public network.
这显然是指适当的文件系统安全性和提供正确的 HTTP 标头等问题,这些问题可以解决.然而,还有更多吗?在无法解决的生产环境中使用 PHP 的内置 Web 服务器是否存在固有的安全问题和/或技术限制?如果有,它们是什么?
This would obviously refer to issues like proper filesystem security and serving the correct HTTP headers, which can be worked through. However, is there more to it? Are there inherent security concerns and/or technical limitations with using PHP's built-in web server in a production environment that can't be worked around? If so, what are they?
推荐答案
我能想到很多操作问题,为什么你不想这样做:
I can think of plenty of operational issues why you wouldn't want to do this:
- 记录
- 重写
- 节流
- 效率(未经测试,但我猜 Nginx 比 PHP 的内置非优化服务器快很多)
- 与您拥有的任何其他扩展 Nginx、Apache 和 IIS(例如 New Relic)的集成
但是,有一种解决方案可以让您获得运行 PHP 及其内置 Web 服务器的大部分好处,同时获得运行 Web 服务器的大部分好处.也就是说,您可以使用像 Nginx 这样的服务器作为 PHP 内置 Web 服务器的反向代理.在这种情况下,HTTP 成为 FastCGI 的替代品,类似于 Node.js 应用程序中内置 HTTP 服务器的常见用法.
However, there is a solution where you get most of the benefit of running PHP with its built-in web server while getting most of the benefit of running a web server out front. That is, you could use a server like Nginx as a reverse proxy to PHP's built-in web server. In this situation, HTTP becomes a replacement for FastCGI, analogous to common usages of the built-in HTTP server in Node.js applications.
现在,我无法谈论文档中警告的细节,因为我不是 PHP 的作者之一.如果是我,由于上述原因,我不会单独运行 PHP,但我可能考虑在像 Nginx 这样的真实 Web 服务器后面运行它.不过,对我来说,使用 PHP-FPM 设置 PHP 并没有那么困难,我会猜测内置服务器的适航性,该服务器记录为仅供测试使用.
Now, I can't speak to the specifics of the warning in the documentation as I am not one of the PHP authors. If it were me, I'd not run PHP alone for the reasons above, but I might consider running it behind a real web server like Nginx. For me though, setting up PHP with PHP-FPM and what not isn't that difficult, and I'll take that over guessing at the seaworthiness of a built-in server that is documented to be for testing only.
这篇关于在生产中使用 PHP 内置服务器的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
