Security & PHP-FPM running on a different server

Forum Moderators: coopster

Message Too Old, No Replies

Security & PHP-FPM running on a different server

justpassing

9:12 am on Oct 27, 2018 (gmt 0)

Hi,

Server A (fontend) running Nginx, doing the HTTPS encryption and serving static files, dynamically generated pages (PHP) are achieved by called PHP-FPM, on a "different" server (Server B). (Both running in the same Datacenter)

I mean, Nginx, when calling the PHP-FPM on the distant server has to transmit information, and in return the PHP-FPM is sending back the page.

How to secure the connection between Server A & Server B ?

Regards,

robzilla

10:00 am on Oct 27, 2018 (gmt 0)

Can you set up a private network between your servers? Alternatively, you could tunnel the traffic via SSH; I use that for MySQL replication across datacenters, not sure I'd use it for php though, latency will be worse. I'm not aware of any other means of securing data exchanged by nginx and php-fpm, I generally have both on the same host.

[edited by: robzilla at 11:04 am (utc) on Oct 27, 2018]

justpassing

11:04 am on Oct 27, 2018 (gmt 0)

you could tunnel the traffic via SSH

Okay, thank you, I'll study this.

I generally have both on the same host.

Yes me too. I was considering doing things differently, I need to weight the complexity with the profits. That's why I am studying :)

robzilla

1:47 pm on Oct 27, 2018 (gmt 0)

Not sure it's a good fit for php-fpm, it'll probably add some latency and reduce throughput, but that's something you can test/benchmark. I generally prefer to scale up vs. out (if indeed scaling is what you're after). Splitting things up will increase odds of something breaking unless you add redundancy for everything.

justpassing

4:32 pm on Oct 27, 2018 (gmt 0)

I am trying to figure if this can optimize a reverse proxy to called directly PHP-FPM instead of another instance of nginx running on a different server which will itself called PHP-FPM.