Thanks to Solaris 10 privileges you can run web servers that have to bind to port privileged ports as non-root users. This is one of the first things I did with my Webserver 7 setup. The internet is a dangerous place.

Add the privilege:

# usermod -K defaultpriv=basic,net_privaddr webservd

su to webservd and start the process. Wait.. no need to do this if you are running this under SMF. Here’s my SMF for Sun Java System Web 7 (http instance only, not admin server).

UPDATE: After testing this with SMF, its kind of annoying. Sun Java System Web uses a “watchdog” process that will restart the web processes if they get killed. If you kill the web processes, they restart fine through watchdog. If you kill the watchdog process, SMF picks it up the kill but can’t restart it because its already gone. It would be nice to be able to disable this watchdog process. I wonder if anyone has got this to work.. a search around google reveals nothing.

Setting up PHP on Sun Web 7 is really simple. My small sized Accelerator has no issues running it, only that I had to tune down the threading and make sure the admin server is disabled when you are not using it because it takes up around 200MB of memory. So before you go running anything, I’d recommend clicking through the admin web console and disabling things that aren’t needed: webdav, java, check thread pools, check caching.

There are a few different ways you can run PHP on Sun Java System Web. NSAPI, Fastcgi, and Cgi. Each one has pros and cons explained here. In this config, I use the NSAPI plugin.

To get started download the PHP Plugin pack and extract it in your webserver7/plugins directory. The PHP pack comes already compiled with MySQL and PostgreSQL support. Here’s the steps:

# cd /opt/webserver7/plugins
# gzip -dc phppack-5_2_0-solaris-amd64.zip | tar xvf -
# cp php/php.ini-recommended php/php.ini

Add these lines to your magnus.conf file:

Init fn=”load-modules” shlib=”libphp5.so” funcs=”php5_init,php5_close,php5_execute,php5_auth_trans”
Init fn=”php5_init” errorString=”PHP Initialization Failed!”

In your https-server-name/config/obj.conf under Object name=”default” section, add:

* There may be more than one file with obj.conf, to find out which one you are using you can use the wadm command line: webserver7/bin/wadm get-virtual-server-prop –user=admin –config=server-name –vs=server-name object-file

Service type=”magnus-internal/php” fn=”php5_execute”

Also in the obj.conf, modify your PathCheck to include index.php

Finally, add the mime type to https-server-name/config/mime.types:

type=magnus-internal/php exts=php,php3,php4,php5

and now restart your web instance for changes to take effect. You should see something like this when it starts:

info: php5_init reports: Initialized PHP Module (20 threads exspected)

If you have any issues, check the README in the plugins/php dir, it has troubleshooting information.

I finally got around to doing something cool with my blog. A new look and image, a new webserver, and also now serving it up from my Joyent Accelerator.

Becoming familiar with something other than Apache has been really exciting. Running my blog on Sun Java System Web 7 will help me become more familiar with the product and what it has to offer, so be on the look for cool stuff I may post about it. I already know that setting PHP up on it is a breeze.

If anyone could tell me how to get rid of this favicon that would be great though, disabling it in the config doesn’t seem to do anything.

An update to my previous post, here are some results for Apache/PHP/MySQL. I used Apache 2.2.3 (prefork), PHP 5.2.1, MySQL 5.0.27, and APC 3.0.13. These were custom compiled pretty much the same options the CoolStack uses, with Sun Studio 11.

APC is the PHP caching extension for PHP, and the apc.stat setting in the php.ini tells it to check if the php file has changed and if it has, recompile it and cache it. Using apc.stat on or off didn’t seem to make much of a difference. These tests were done with apc.stat on. For Apache I have mem_cache turned on as well.

5 rows and 1 column of MySQL returning:

# ./ab -n 50000 -c 500 http://x.x.x.x:30000/test.php
This is ApacheBench, Version 2.0.41-dev < $Revision: 1.121.2.12 $> apache-2.0
Copyright (c) 1996 Adam Twiss, Zeus Technology Ltd, http://www.zeustech.net/
Copyright (c) 2006 The Apache Software Foundation, http://www.apache.org/

Server Software: Apache/2.2.3
Server Hostname: x.x.x.x
Server Port: 30000

Document Path: /test.php
Document Length: 67 bytes

Concurrency Level: 500
Time taken for tests: 4.793971 seconds
Complete requests: 50000
Failed requests: 48583
(Connect: 0, Length: 48583, Exceptions: 0)
Write errors: 0
Total transferred: 11475208 bytes
HTML transferred: 823930 bytes
Requests per second: 10429.77 [#/sec] (mean)
Time per request: 47.940 [ms] (mean)
Time per request: 0.096 [ms] (mean, across all concurrent requests)
Transfer rate: 2337.52 [Kbytes/sec] received

Connection Times (ms)
min mean[+/-sd] median max
Connect: 0 4 3.8 4 30
Processing: 15 41 59.6 29 1036
Waiting: 14 40 59.1 28 1032
Total: 23 46 59.7 33 1042

36 rows and 6 columns of MySQL returning:

Requests per second: 10448.16 [#/sec] (mean)

134 rows and 7 columns of MySQL returning:

Requests per second: 801.05 [#/sec] (mean)

Performance really degrades on the 134 row test and I think MySQL is the bottleneck here. More to come on this when I get MySQL recompiled.

UPDATE: This is the results without APC cache turned on at all, with 36 rows and 6 columns:

Requests per second: 2242.18 [#/sec] (mean)

As you can see APC cache helps a lot, it went from 10,000 req/sec to 2,000 req/sec.

Â

These tests were done with 2.2.3 prefork and 2.2.4 with worker. Both of them were tested with mem_cache and without. mem_cache seemed to really improve the performance of prefork but it didn’t do anything for worker, it actually hurt the performance by a little bit. Worker also seemed to drop a core file when it got too much traffic. The index.html is a small 175 byte file that loads a 5 of the apache powered by gif files and the httpd.conf were both stripped with minimal modules loaded. From the transfer rate apache bench shows I think the bottleneck here is the network.

The mem_cache settings:

CacheEnable mem /
MCacheSize 320000
MCacheMaxObjectCount 1000
MCacheMinObjectSize 1
MCacheMaxObjectSize 4048

Apache 2.2.3, prefork with mem_cache (-n 100000 -c 1000):

Requests per second: 11566.21 [#/sec] (mean)

Apache 2.2.3, prefork without mem_cache (-n 100000 -c 1000):

Requests per second: 9492.40 [#/sec] (mean)

Apache 2.2.4, worker with mem_cache (-n 100000 -c 1000):

Requests per second: 12118.41 [#/sec] (mean)

Apache 2.2.4, worker without mem_cache (-n 100000 -c 1000):

Requests per second: 12413.07 [#/sec] (mean)

Too bad its only evaluation for 30 days. I really like this software.. and it only takes a few minutes to install. For those of you who don’t know what it is:

Sun Global Desktop (or tarantella) lets you run apps from a web browser just as if you were sitting infront of the server. It has a full screen mode, you can print to your local printer, and you can setup multiple servers so you can run certain apps off certain servers.. including Windows apps. Installation is simple:

Add the users and group it needs:

# groupadd ttaserv
# useradd -g ttaserv -s /bin/sh ttaserv
# useradd -g ttaserv -s /bin/sh ttasys
# passwd -l ttaserv
# passwd -l ttasys

Download the software from sun.com, you want atleast the base component and the security pack if you want secure connections.

# pkgadd -d /path/to/ttai3so.pkg

It is installed in /opt/tarantella and you can use:

# /opt/tarantella/bin/tarantella stop
# /opt/tarantella/bin/tarantella start
# /opt/tarantella/bin/tarantella status

to stop, start, and check the status of the server.

After install is done, it will have fired up the webserver automatically, and you can browse to http://server and login as Administrator with the root password. When you login this is what is called your “webtop”. Like your desktop but on the web. From here you can already start running apps and configuring it to what apps you want to run. Here’s a shot of my screen running startconsole to manage my ldapzone:

Accidentally close your browser or your browser just crashed? have no fear.. your sessions are still saved, just re-login through the browser and resume the apps. I have tested this at it works well, just as long as you don’t logout. For an app to be resumeable it has to be setup that way.. you can check this by resting the mouse on the application listed on the left and the popup window will tell you if its resumeable or not.

To enable SSL connections (SSL only works if you have a valid license key for the security pack.. I failed to realize this after I had already done all of this, so I’m posting this anyway):

You need to first install the Sun Secure Global Desktop Security Pack:

# pkgadd -d /path/to/ttasecurei3so.pkg

Now for the certificate stuff. This is for people who don’t have access to Verisign or other major Certificate Authority. Here’s what I did:

This creates your CSR and key and puts them in /opt/tarantella/var/tsp

# /opt/tarantella/bin/tarantella security certrequest –country US –state TX –orgname “Mofos Local”

Install self signed cert:

# cd /opt/tarantella/var/tsp
# /usr/sfw/bin/openssl req -x509 -days 3650 -key key.pem -in csr.pem > cert.pem

Install to tarantella:

# /opt/tarantella/bin/tarantella security certuse < cert.pem

It should say that key and cert are compatible.

Start tarantella with security:

# /opt/tarantella/bin/tarantella security start

- unknown.mofos.local: Security is enabled but has failed to start.
Trying to restart the security.
If this fails check that you have the correct certificates installed
and that you have a valid license key for the Secure Global Desktop Security Pack.

That is where it fails for me because I have no license
But.. if you’ve been bored and looking for something cool to play with, Sun Secure Global Desktop is ideal. Maybe one day they will make it free.

If you’re looking for a quick way to get Apache/MySQL/PHP running on Solaris in no time then SAMP is for you. While it is probably not the most secure production ready solution, it is a good way to get started quickly. SAMP is installed off the Solaris Companion CD and getting it running only takes a few minutes. The package is SFWsampc and a good place for information on SAMP is /opt/sfw/READMEs. I’ve broken it down into two parts, let’s get started..

————- Configuring MySQL

First we will start with MySQL. Check the /etc/sfw/mysql/README.solaris.mysql file, this file very simply explains how to get MySQL started:

Initialize the database tables:

# /usr/sfw/bin/mysql_install_db

After you run this command take note of the command it gives you to change the MySQL root user. We are going to run this at the end. Ignore what it says about starting the MySQL daemon, we will use the start/stop script they supply with a manifest later.

Create mysql user and group and change data directory group:

# groupadd mysql
# useradd -g mysql mysql
# chgrp -R mysql /var/mysql
# chmod -R 770 /var/mysql
# installf SUNWmysqlr /var/mysql d 770 root mysql

Copy a mysql daemon configuration to /var/mysql:


# cp /usr/sfw/share/mysql/my-medium.cnf /var/mysql/my.cnf


Grab benr’s mysql manifest so we don’t have to use those horrible init scripts. This manifest is already configured to use the /etc/sfw/mysql/mysql.server start/stop script.

# wget http://cuddletech.com/opensolaris/smf/mysql.xml

Move it to the manifest directory, validate it, and import it.

# mv mysql.xml /var/svc/manifest/network
# svccfg validate /var/svc/manifest/network/mysql.xml
# svccfg import /var/svc/manifest/network/mysql.xml

Start MySQL and change the root password.

# svcadm enable mysql
# /usr/sfw/bin/mysqladmin -u root password ‘new-password’

————- Configuring Apache/PHP

Check the /opt/sfw/READMEs/README.SFWmphp file, this tells us how to get PHP running with Apache:

Run post install script. This script copies over our php.ini, libphp4.so module, and sets up our httpd.conf to be PHP aware:

# /opt/sfw/apache/x_postinstall

Use the default PHP aware Apache configuration:

# mv /etc/httpd.conf-php-example /etc/httpd.conf

Grab an Apache manifest, validate, and import it:

# wget http://hell.jedicoder.net/files/http-apache.xml
# mv http-apache.xml /var/svc/manifest/network
# svccfg validate /var/svc/manifest/network/http-apache.xml
# svccfg import /var/svc/manifest/network/http-apache.xml

Browse to http://localhost/phpinfo.php and you’re done.

I’ve included a txt file here.

Some interesting results here.

Machine: Dell Optiplex GX50 192MB ram
Both were on ZFS filesystems, both were default installs with no tweaking.

Sun Java System Web Server 6.1 SP5 (Sun ONE web 6.1) out performed Apache 1.3.33 over 50% in the 10000 and 50000 tests but failed miserably on the multiple requests tests. I think maybe because of the size of box I was using wasn’t enough for Sun ONE. I did tweak Sun ONE web to try and get better results but it wasn’t enough of a boost to come near to Apaches results. Also, I tried both of these on UFS and ZFS filesystems and didn’t see much of a difference. What was interesting was when the machine booted up with Apache running, I would run a test on Apache and see 100 requests per second, but if I shut Apache down then started it back up I would continuously get in the 200+ requests per second. I also tested Apache 2 default install and it didn’t come near to what Apache 1.3.33 was doing.

– TEST #1 - Sending 10000 requests to each webserver.

Sun Java System Web 6.1 SP5:
# ./ab -n 10000 http://192.168.0.1/test.html

Time taken for tests: 18.766986 seconds
Complete requests: 10000
Requests per second: 532.85 [#/sec] (mean)
Time per request: 1.877 [ms] (mean)
Time per request: 1.877 [ms] (mean, across all concurrent requests)
Transfer rate: 115.47 [Kbytes/sec] received

Apache 1.3.33:
# ./ab -n 10000 http://192.168.0.2/test.html

Time taken for tests: 41.324907 seconds
Complete requests: 10000
Requests per second: 241.98 [#/sec] (mean)
Time per request: 4.132 [ms] (mean)
Time per request: 4.132 [ms] (mean, across all concurrent requests)
Transfer rate: 61.20 [Kbytes/sec] received

– TEST #2 - Sending 50000 requests to each webserver.

Sun Java System Web 6.1 SP5:
# ./ab -n 50000 http://192.168.0.1/test.html

Time taken for tests: 104.39602 seconds
Complete requests: 50000
Requests per second: 480.59 [#/sec] (mean)
Time per request: 2.081 [ms] (mean)
Time per request: 2.081 [ms] (mean, across all concurrent requests)
Transfer rate: 104.18 [Kbytes/sec] received

Apache 1.3.33:
# ./ab -n 50000 http://192.168.0.2/test.html

Time taken for tests: 211.475598 seconds
Complete requests: 50000
Requests per second: 236.43 [#/sec] (mean)
Time per request: 4.230 [ms] (mean)
Time per request: 4.230 [ms] (mean, across all concurrent requests)
Transfer rate: 59.80 [Kbytes/sec] received

– TEST #3 - Sending 700 requests with 50 multiple requests.

Sun Java System Web 6.1 SP5:
# ./ab -c 50 -n 700 http://192.168.0.1/test.html

Time taken for tests: 303.792244 seconds
Complete requests: 700
Requests per second: 2.30 [#/sec] (mean)
Time per request: 21699.445 [ms] (mean)
Time per request: 433.989 [ms] (mean, across all concurrent requests)
Transfer rate: 0.50 [Kbytes/sec] received

Apache 1.3.33:
# ./ab -c 50 -n 700 http://192.168.0.2/test.html

Time taken for tests: 48.288760 seconds
Complete requests: 700
Requests per second: 14.50 [#/sec] (mean)
Time per request: 3449.197 [ms] (mean)
Time per request: 68.984 [ms] (mean, across all concurrent requests)
Transfer rate: 3.67 [Kbytes/sec] received

– TEST #4 - Sending 700 requests with 20 multiple requests.

Sun Java System Web 6.1 SP5:
# ./ab -c 20 -n 700 http://192.168.0.1/test.html

Time taken for tests: 210.536258 seconds
Complete requests: 700
Requests per second: 3.32 [#/sec] (mean)
Time per request: 6015.322 [ms] (mean)
Time per request: 300.766 [ms] (mean, across all concurrent requests)
Transfer rate: 0.72 [Kbytes/sec] received

Apache 1.3.33:
# ./ab -c 20 -n 700 http://192.168.0.2/test.html

Time taken for tests: 6.209052 seconds
Complete requests: 700
Requests per second: 112.74 [#/sec] (mean)
Time per request: 177.401 [ms] (mean)
Time per request: 8.870 [ms] (mean, across all concurrent requests)
Transfer rate: 28.51 [Kbytes/sec] received

– TEST #5 - Sending 700 requests with 10 multiple requests.

Sun Java System Web 6.1 SP5:
# ./ab -c 10 -n 700 http://192.168.0.1/test.html

Time taken for tests: 51.20231 seconds
Complete requests: 100
Requests per second: 1.96 [#/sec] (mean)
Time per request: 5102.023 [ms] (mean)
Time per request: 510.202 [ms] (mean, across all concurrent requests)
Transfer rate: 0.41 [Kbytes/sec] received

Apache 1.3.33:
# ./ab -c 10 -n 700 http://192.168.0.2/test.html

Time taken for tests: 0.170248 seconds
Complete requests: 100
Requests per second: 587.38 [#/sec] (mean)
Time per request: 17.025 [ms] (mean)
Time per request: 1.702 [ms] (mean, across all concurrent requests)
Transfer rate: 146.84 [Kbytes/sec] received