High Performance PHP with Serversaurus

This post outlines a number of infrastructure-level strategies that can be employed to improve the performance of PHP web applications hosted with Serversaurus.

Note that the best results will come from profiling and optimizing the web application before it hits the servers. However, the following strategies are services that Serversaurus can offer you at a server management level.


^Degree of improvement is relative to PHP 5.x via Apache (mpm_worker). Combining strategies is possible and recommended for best results.


PHP received a very significant performance bump in the upgrade from version 5.6 to 7.x.

There are very minor improvements between PHP versions 5.4, 5.5, and 5.6. These are generally not worth pursuing for performance, but we suggest not using EOL PHP versions nonetheless.

Upgrading to PHP 7.x is a practically free way of buying performance, if the web application supports it.


  • Unrivalled performance
  • Web application agnostic


  • Does not know about the web application – it is entirely up to the developer to ensure the application does not exhibit behaviour that is cache-busting or otherwise pathological from Varnish’s perspective.
  • Requires fairly solid understanding of Varnish, the web application at the HTTP protocol level to leverage correctly.

PHP-FPM/Execution Model/Runtime

The traditional execution model for PHP is to exist as independent runtimes alongside forked Apache (mpm_worker) workers.

This is convenient because it permits use of Apache features such as .htaccess. However, this convenience incurs a very high overhead in comparison to other models.

Consider alternative execution models:


  • Provides improved execution model while remaining compatible with .htaccess
  • Familiar cPanel environment
  • No difference to regular shared hosting from developer point of view
  • Can be combined with Varnish and PHP 7.x.


  • No operational risks.
  • May not meet performance requirement for extremely high traffic sites.


HHVM is a rewrite of the PHP runtime that is capable of optimizing and executing PHP 5.x code, much more efficiently than the official PHP runtime. It is a kind of “application server”, which exposes a FCGI interface, similar to PHP-FPM.

Like PHP-FPM, it is persistent, but is a single, threaded process.

Because HHVM is essentially a rewrite of the PHP runtime and all of its functions and modules, there are minor incompatibilities compared to the stock 5.x runtime. It is extremely important to test when using HHVM.

For this reason, it is also recommended, in a production deployment, to layer HHVM with PHP-FPM, and have the web server fall-back to PHP-FPM if the request fails to be served via HHVM.

If the web application is already PHP 7.x native, it is usually better to just deploy PHP 7.x with PHP-FPM.

Otherwise, it is very much recommended to ensure that the application works with PHP 5.6 before transitioning to HHVM.

In Serversaurus’ case study of a real-world Expression Engine/PHP-FPM 5.4 website, HHVM achieved a 10x increase in throughput (from 2.x req/sec to 25-30 req/sec), and a 8-10x reduction in TTFB (from 2-3sec to 200-300ms). This was with no code changes.


  • Extremely high (10x) performance improvement compared to PHP 5.x with PHP-FPM
  • Targets PHP 5.x compatibility
  • Ability to fail-over (and swap-in/out with PHP-FPM)


  • Some probability of edge cases coming from minor compatibility issues
  • Some minor functions and modules may be missing from HHVM
  • Suffers from warm-up time when booting, but there are mitigations.
  • Almost total rewrite of PHP runtime means that total extent of risk is unknown

Varnish Cache

This strategy will not increase PHP performance. In fact, does not affect PHP whatsoever, but it is worth a mention due to its effectiveness.

Varnish cache is a web server which takes responses from PHP (or other backend), and stores them in their entirety for re-transmission to subsequent visitors.

It is capable of extremely high throughput (much more than any PHP runtime will ever be capable of), limited only by hardware interface. It is also extremely flexible and configurable.

However, it also has the highest developer overhead of any solution.

Many PHP frameworks and applications (e.g. WordPress and ExpressionEngine) exhibit behavior that makes their pages difficult to cache. i.e. they cache-bust by default.

For this reason, Varnish is best suited to web applications that are largely:

  • Brochureware
  • Festival websites that do not have a high degree of interactivity
  • Well-understood by their developers, specifically regarding the use of sessions, partials that are unique to specific visitors etc.

As a rule of thumb, Varnish should not be used when:

  • Sessions are always present AND used
  • Pages contain content unique to specific visitors
  • Page contents do not stay the same over subsequent requests
  • Web application has low traffic, since cache will be cold

It is perfectly possible to use Varnish in those cases, and sometimes necessary given a volume of traffic. However the configuration complexity tends to grow very quickly at that point, and the use of Varnish becomes a development exercise rather than an infrastructure exercise.

It is possible to use Varnish on a white-list basis or a black-list basis, which can mitigate some of the risk.


  • Unrivalled performance
  • Web application agnostic


  • Does not know about the web application – it is entirely up to the developer to ensure the application does not exhibit behaviour that is cache-busting or otherwise pathological from Varnish’s perspective.
  • Requires fairly solid understanding of Varnish, the web application at the HTTP protocol level to leverage correctly.

Performance Shared Hosting

Serversaurus’ Performance Shared hosting provides an improved environment compared to Business Shared hosting with practically zero developer overhead.

It leverages ideas from the PHP-FPM solution, and provides users with a low contention, high CPU/Memory allocation, persistent execution model environment that remains compatible with .htaccess usage.

It is also likely to be more affordable than many of the solutions that are only compatible with Cloud Hosting services.


  • Provides improved execution model while remaining compatible with .htaccess
  • Familiar cPanel environment
  • No difference to regular shared hosting from developer point of view
  • Can be combined with Varnish and PHP 7.x.


  • No operational risks.
  • May not meet performance requirement for extremely high traffic sites.

Simple scaling with Serversaurus

From the trenches: Custom high traffic applications, devops, management & technical insights from Serversaurus projects.


If you’re a small to medium sized web development agency used to working primarily in single-node environments (often utilising off-the-shelf-CMS platforms in traditional LAMP environments), where do you go to achieve some semblance of scale, when you land a large project without completely changing tack? Often, to scale within a more traditional PaaS / 12 Factor Application environment, developers are forced into a complex deployment and development methodology to scale their applications. This is perfectly fine if you are developing a product/application from the ground up which will be locked to a PaaS provider’s application ecosystem, however, many web agencies are building on top of their existing CMS platforms, or utilising off the shelf CMS solutions such as Expression Engine, Craft, etc.

We recently worked on a fairly large website with a difficult traffic profile (ticketing, high profile media announcements, etc), built in a standard LAMP based CMS stack, which required a simple solution both from a technical and management perspective – a solution we could configure & setup which could still provide enough control for developers to do their work, without having to interact with us for cluster management or requiring the developers to necessarily customise their application for the environment itself.

To achieve simplicity of deployment which was familiar to the developers, along with an architecture the application itself could function in, we developed an application cluster which was completely controllable via a custom management UI. This solution featured traditional web service technologies including load balancing, MySQL, nginx and Varnish caching, which could be completely managed by the web dev agency independently of us.

Deployment Groups

Special requirements included two deployment groups of web nodes (Deployment Groups app-a, app-b), allowing the developers to transparently pull a two-node group offline for management/code deployments, without disrupting the live website. This deployment architecture still left two parallel web nodes live online at any one time in order to cope with high traffic, even if a code re-deployment was required during a busy period.



Because of the expected high traffic profile of the site, Varnish caching was a mandatory requirement to ‘protect’ the dynamic infrastructure from unnecessary work. As anyone who has worked with any kind of caching will know, there are times when caching needs to be eliminated to debug – we provided a caching ‘switch’ to pass-thru all traffic at the click of a button.

Cache Invalidation

Additional caching management tools included an invalidation dropdown for the live and staging environments, allowing developers to easily flush/ban the Varnish cache on demand.

VCL Includes

As a means to provide a simplified method for developer access to custom VCL rules, we provided an interface for the developers to easily append their custom Varnish rules to the main Varnish configuration.


The primary nodes were built using CentOS templates, managed by a suite of customised Serversaurus Ansible recipes which were distributed across a range of physical hypervisors for redundancy. The entire cluster sits behind a HAProxy loadbalancer, utilising the Consul key value store for dynamic service configuration management, managed by a customised Go-based management UI.

Internet Excavation #10

Internet Excavations is a series of posts highlighting curiosities found while driving a Delorean down the Information Superhighway.

This Internet Excavation sheds light on a gem of more recent years.

A 2D moving art representation of the state of today’s society. A paragraph below from the artist:

“Transfixed by racial, political, and socioeconomic tensions saturating the news, movement artists Jon Boogz and Lil Buck switch off the TV and release their emotions into a stirring dance that is both a lament and a spirited call to action.

In their endeavor to go out into the world and effect a positive change, they discover in a muted urban landscape the barriers which persist in society and the enduring role of artists as misfits. A universal truth rings clear: no one is immune to the injustices of society and only ACTION will pave the way to the perpetuity of art, dialogue, and the possibility of justice.”

WordPress Security Breach- Hackers targeting REST-API Vulnerability

A short but important notice for any of our clients who are managing their site with WordPress.

A brief history for those who are not aware of the recent security breaches; On the 26th of January WordPress Version 4.7.2 was released. The update included security patches which at the time of the release the importance of these updates were not disclosed to the public.

6 days after the initial release, the details of the security update were publicly disclosed. In WordPress versions 4.7 and 4.7.1 a vulnerability in the REST API plug-in (enabled by default) would allow an unauthenticated user to modify the content of any post or page within a WordPress site.

Since the vulnerability was public acknowledgement, thousands of WordPress sites have been targeted and defaced by hackers.

“This vulnerability has resulted in a kind of feeding frenzy where attackers are competing with each other to deface vulnerable WordPress websites,” said Mark Maunder, Wordfence Founder and CEO. “During the past 48 hours we have seen over 800,000 attacks exploiting this specific vulnerability across the WordPress sites we monitor.”

We highly recommend any of our clients using vulnerable WordPress versions to update as soon as possible and as a further security measure, install a site security software such as Wordfence.

Internet Excavation #10

Internet Excavations is a series of posts highlighting curiosities found while driving a Delorean down the Information Superhighway.

This morning we flicked the switch on one of our oldest servers Barney.
Thank you to all of our former Barney clients who have made the migration to the new servers smooth sailing. R.I.P Barney ⚰

If you like.. Bizarre.

Until next time Winter.. Hello Spring!..

One of the ironies of courage, and the reason why we prize it so highly, is that we find it easier to be brave for someone else than we do for ourselves alone.
― Gregory David Roberts

Serversaurus makes first acquisition


Melbourne, Victoria, 2nd August, 2016 – Serversaurus, a Melbourne-based green cloud computing company, has purchased the customers and infrastructure of Brisbane based cloud hosting company Tract.com.

Serversaurus co-founder Martin Gleeson said he was proud to be making the company’s first acquisition since its inception in 2005:

The purchase of the Tract.com customer base and assets is our first foray into acquired expansion outside of our organic growth over the last 11 years. This expansion brings with it both an existing customer base, as well as necessary infrastructure to upgrade and expand our services in Melbourne

Like Serversaurus, Tract.com is built on the OnApp cloud stack, offering a range of SSD powered hosting services, premium DNS and shared hosting. This acquisition will provide the base for Serversaurus’ next generation cloud platform, allowing for a seamless upgrade path from the original platform which went online in 2010.

Serversaurus co-founder Nick Jaffe looks forward to the infrastructure and reliability benefits of the acquisition:

In the last 6 years Serversaurus has maintained unprecedented uptime, outperforming the likes of Amazon Web Services and other major cloud players. This acquisition from an infrastructure perspective, will provide Serversaurus with the base platform necessary to upgrade and continue our high level of reliability, while causing the minimum amount of customer disruption.

Serversaurus will continue to provide the quality of service Tract.com customers have been used to, and looks forward to being able to offer additional products and services, such as proven high-traffic and high-availability solutions.

Serversaurus is proud to be able to grow and continue it’s mission in providing both world-class cloud services from its Melbourne based headquarters, while also continuing its environmental and sustainable business practices.

– ENDS –

About Serversaurus

Serversaurus is headquartered at Electron Workshop, their purpose-built coworking space, which is shared with other like-minded businesses and entrepreneurs.

Serversaurus and Electron Workshop were co-founded under the parent company Arktisma, by Melbourne-based entrepreneurs Nick Jaffe and Martin Gleeson in 2005.

Serversaurus is a 100% Melbourne, Australian based green web hosting company, offering email, domains, web hosting, management, content delivery (CDN), Anycast DNS, and cloud hosting services.

Serversaurus is Australia’s first certified web hosting B Corporation, and one of the exclusive group of Founding Australian B Corporations in 2014. In 2007 Serversaurus was the first Australian hosting company to carbon-offset its emissions, and donates 1% of its annual turnover to environmental charities through the 1% For The Planet program.

For more information on Arktisma projects, visit: serversaurus.com.au and electronworkshop.com.au

About B Corporation

B Corps are certified by the nonprofit B Lab. To become a B Corp a company must complete a B Impact Assessment to demonstrate how they voluntarily meet higher standards of social and environmental performance, accountability, and transparency.

B Lab provides tools for companies to measure, compare and improve their social and environmental performance.

For more information on B Corp, visit www.bcorporation.net

Internet Excavation #8

Internet Excavations is a series of posts highlighting curiosities found while driving a Delorean down the Information Superhighway.

The explorations of Doge.

Ever wondered what the deal is behind these ‘Aussie’ posters that seem to be popping up everywhere? Over 1000 have been plastered through the cities of Australia to tell the story of Monga Khan who was one of the thousands of people who applied for exemptions to the White Australia Policy. The photo taken 100 hundred years ago is being used as a representation/acknowledgement of all who played an important part roll to Australia’s growing economy during this time.

landb4timeThe land before time…classic.

Quote from the wise Lucretius
‘The fall of dropping water wears away the Stone.’

Coen Brothers Retrospective comes to the Electron Workshop

A slightly belated post to highlight the Coen Brothers Retrospective which is being hosted each Saturday night for the month of May at our own Electron Workshop Cinema!

Join us this weekend to celebrate Good Beer Week 2016, doors and bar will open at 7pm in time to get comfortable for the classic motion picture ‘The Big Lebowski’ which will begin screening at 8pm followed by ‘Barton Fink’ at 11pm.


The following weekend will feature the legendary films ‘Fargo’ and ‘No Country for Old Men’, sessions starting at 7pm and 9:30pm.

For more details and ticket purchases for these events, check out the Electron Workshop website for further details, here!


Serversaurus Co-founder Martin Gleeson features on The Toxic Fox Radio Show.

The Toxic Fox Radio Show focuses on the Australian and International community of businesses who are committed to making environmentally positive decisions in order to live in a greener, cleaner and toxic free environment.

Diana Barnett, founder of The Toxic Fox Radio speaks with Martin Gleeson, Co-founder of The Electron Workshop and Serversaurus to discuss a range of topics that include and elaborate on how & why practising Equality, Autonomy and Justice in the workspace is key, the journey of becoming B-Corp accredited, the influential factors behind Martins ethos and increasing business productivity= Quality vs Quantity.

Martin Gleeson | equality | social justice & a 4 day week | TFS011 – The Toxic Fox
To listen to the interview, read the article or to find more about The Toxic Fox Show, follow the link above ‘Read the article on thetoxicfox.com’.

The Serversaurs would like to acknowledge our gratitude to Diana Barnett for being an amazing host and facilitator, to the rest of the Toxic Fox crew for helping make this happen and to Martin Gleeson for welcoming and embracing the opportunity to share with us his thoughts, practises & insights.

Interview Quote from Martin Gleeson:
“Don’t be afraid. Be prepared to be yourself and to put your values and your ethics way upfront. Sometimes people may be fearful about how they may be perceived by other businesses, and I just say forget particularly about the thoughts of businesses that you don’t like. It’s often funny that we worry more about the opinions of people that we don’t respect than those that we do.
So if you are worried that another business will think that you arent serious enough because you are supporting environmental issues and so forth then you really shouldn’t be worried about what they think because they’re not on your same wave length re: values.”