We heard this week about The New York Times being hacked by the Chinese government in retaliation for articles they have written. These remind me that we live in unsafe times. Waiting for the government to make us safe from the outside world is silly. We need to be more thoughtful about security issues. We need to see that our applications are properly secured, and our networks are secured. Many companies use software like Java, or open source applications like Joomla, WordPress, PhpMyAdmin, Drupal, osCommerce, Zend Cart, X Cart, Openx Adserver, which if not updated frequently and properly secured can allow hackers to exploit or corrupt systems.
In order to address performance issues we have seen, our company has been switching from apache with mod_php to nginx with php-fpm.
Given that apache httpd webserver is an older code base and does not take advantage of event driven and asyncronous technology this seems to be the future. There are numbers of differences between these two.
Nginx webserver is product that came out of Russia, it had been more obscure, though now it is the #2 webserver. Apache webserver has been an important product in web based technologies for many years, and has been the dominant webserver. Php as a technology is often used in a module in apache (mod_php) or run through a cgi type where php runs in a separate process. To improve performance of cgi type operations the php supports fastcgi. Fastcgi runs a server which keeps a number of php processes live and waiting for traffic and runs them as a server, there are numerous advantages to using this.
At high load apache has been shown to not manage memory as efficiently as possible.
Where nginx really shines is in serving static content, where it’s asynchronous technology allows it to serve more content than other webservers.
Switching to Nginx has required changes, for instance taking out use of apache specific functions like getallheaders() which provides the headers in normal http header form, not in the cgi name scheme that you find in the $_SERVER variable, for instance User-Agent vs HTTP_USER_AGENT, and switching configuration from .htacess files to nginx rewrites.
Configuration of Nginx is different from apache, and ins more scripted than the style of apache.
As far as performance, the verdict is mixed, it can take time to tune nginx and php-fpm. If you are switching thinking it will be a fast win for php applications with peformance problems, think again, you need to look at your code. If you serve a lot of static assets, this might be a boost for you.