[peruser] Status of peruser and other questions

cal at foxwhisper.co.uk cal at foxwhisper.co.uk
Thu Aug 27 09:21:14 MDT 2009


Hi guys,

I would be able to donate an account on one of my webapp servers if needed.
I would 
probably be able to put you on 'courtney', which is a dual core AMD64, 1gb
ram, 100mbit 
dedicated server in bluesquares Maidenhead, UK data center.

If this is needed, just let me know.

Cal

Original Message:
-----------------
From: Taavi Sannik taavi at kood.ee
Date: Thu, 27 Aug 2009 16:12:48 +0300
To: peruser at telana.com
Subject: Re: [peruser] Status of peruser and other questions


stefan.klingner at mephisto23.com wrote:
> if we have a list with all patches, someone who knows how to do it should
> create a new release, which we can use as a base for further development.
> again i will ask, if someone is interested in a fork...:)
>   

Hi, guys!

Just for all of you to know, Sean contacted me last week and asked if I 
want to become the maintainer of this project. At that time, I did, but 
due to unforeseen circumstances, I will be gone in a month and will 
return in a year - I may be able to have a peek in the mailing lists in 
the mean time, but that's it. So unfortunately I cannot accept this 
position, but it seems that Stefan is a good candidate for a new 
maintainer :).

This still leaves us with one problem and that is project hosting. I 
think Sean wouldn't mind if we move it to somewhere else (I personally 
would prefer Google Code, but we must upgrade peruser license to Apache 
Software License 2.0 to host there). I just hope Sean comes around and 
has the time to accept this and forward the old peruser page to a new 
one. Any ideas on this one is greatly appreciated.

I am currently working on a 0.4.0 release which would include the dc3 
patch, the freebsd 7.2 fixes and other bugfixes. I will also try to 
squeeze in the SSL NameVirtualhost patch and better configuration 
validation. Hopefully I will get it ready by the end of the week.


andyukguy at gmail.com wrote:
> Judging from these lists the current consensus is that dc3 is the best  
> current implementation/extension of the peruser code base? Is this  
> correct? Is there a different branch that offers more?
The dc3 indeed is currently the most up-to-date branch of peruser, but  
I would suggest waiting for peruser 0.4.0 as the current dc3 (and older) 
don't really have a good configuration validation - so if you are new to 
peruser, it may be hard to get it running if all you see is seg faults.

> SSL support is now possible, but again I see it's best achieved with a  
> patch. Where can I get this patch? Is it maintained by anyone at a  
> particular site or is it best to just see what gets posted to the  
> mailing list?
dc3 peruser should work with SSL as long as you don't set 
NameVirtualhost on the SSL listen ip/port combination. The mentioned 
patch adds support for NameVirtualhost.

> - One process runs as root and passes requests to the multiplexer.  
> Does this not introduce the same problems that MPM-itk has with  
> potential full root security holes if say mod_ssl gets exploited?
Although the main process runs under root, it does no connection 
handling. All it does, is maintenance on the children and (re)spawns 
them if necessary. The multiplexers all sit directly on the accept 
socket(s) (pretty much like prefork has all it's children sitting on the 
accept socket).

> - What sort of performance should I be expecting to see from peruser?  
> I was lead to believe by
http://blog.stuartherbert.com/php/2008/03/20/using-mpm-peruser-
to-secure-a-shared-server/ 
>   that peruser gave very similar performance to mod_php + prefork.  
> However my experience is very much different, ab (simplistic as it is)  
> running 100 or 1000 requests typically sees peruser being a lot slower  
> e.g. 1000 requests in 0.8s for mod_php + prefork but 7s for peruser. I  
> tried tweaking various settings but couldn't change the results in any  
> significant way. Perhaps this is typical performance and I shouldn't  
> be worried that I'm doing something wrong?
Currently peruser does not spawn all the required children at startup. 
This is to reduce memory overhead, if the server has some processors 
defined that nobody uses. So if you benchmarked peruser without running 
any other requests on it before, it may take some time for the server to 
spawn the first children.

Running ab for 1000 requests with concurrency at 1 on my test machine 
gave 1.21s for prefork and 1.36s for peruser.

--
Taavi Sannik
DataCode OY
_______________________________________________
Peruser mailing list
Peruser at telana.com
http://www.telana.com/mailman/listinfo/peruser


--------------------------------------------------------------------
mail2web.com – Enhanced email for the mobile individual based on Microsoft®
Exchange - http://link.mail2web.com/Personal/EnhancedEmail




More information about the Peruser mailing list