Mod_spdy problems and speculations

apache-2.2fastcgimod-phpmod-sslspdy

I'm trying out mod_spdy and I've run into a problem – it seems to be incompatible with AJAX requests and mod_php as in this: https://www.modspdy.com/blog/2012/04/15/using-mod_spdy-with-php/

The solution seems to be to run php scripts through fastCGI. Now my first question is, why is that? Is there maybe some sort of a workaround? Is this incompatibility just temporary? I would not want to switch the whole production server to fastCGI just because of this. What would be the advantages/disadvantages of that?

Also, I do not understand why it needs https. Why can't a simple, let's say static, website gain speed from mod_spdy? I'm looking for plain speculation here – do you think mod_spdy will be sometime available without the mod_ssl requirement, or is the architecture so different that I should not expect it at any time?

I hope I'm expressing my thoughts clearly. Thank you for your thoughts.

Best Answer

I'm trying out mod_spdy and I've run into a problem - it seems to be incompatible with AJAX requests and mod_php as in this: https://www.modspdy.com/blog/2012/04/15/using-mod_spdy-with-php/

The solution seems to be to run php scripts through fastCGI. Now my first question is, why is that? Is there maybe some sort of a workaround? Is this incompatibility just temporary?

Can you clarify what you mean regarding AJAX?

mod_php doesn't play nice with mod_spdy because SPDY multiplexes multiple requests into a single connection with threading, which can cause problems with mod_php. It's put well in the mod_spdy documentation:

Much like the Apache Worker MPM, mod_spdy serves requests using an internal thread pool (in order to implement SPDY multiplexing), which may interact badly with non-thread-safe Apache modules. In particular, if you'd like to serve PHP over mod_spdy, it is highly recommended that you use mod_fcgid rather than mod_php, as some PHP libraries are not thread-safe; using mod_fcgid will run PHP in a separate process, thus avoiding the thread safety issues.

What would be the advantages/disadvantages of that?

See this Stack Overflow question for discussion of that subject.

Also, I do not understand why it needs https. Why can't a simple, let's say static, website gain speed from mod_spdy? I'm looking for plain speculation here - do you think mod_spdy will be sometime available without the mod_ssl requirement, or is the architecture so different that I should not expect it at any time?

No - SPDY is intentionally built to require SSL. Of course, telling you that it'll never drop the SSL requirement is speculation as well.. but there are a couple of big reasons it's not going anywhere:

  1. It's necessary for the protocol's operation.

    The TLS Next Protocol Negotiation extension is necessary for the client and the server to let each other know that they both support SPDY.

  2. It's good for the internet.

    A lot of big players on the internet, Google included, have come around to the idea that sites should be running SSL even if you're not giving them your credit card number right that instant.

    Firesheep made cookie hijacking simple, which is why you'll notice that your Facebook or Twitter connection is always encrypted these days. The same request has been made of the Stack Exchange network that you're reading this on. And connection security is even more of a concern for people living under regimes that don't allow free use of the internet.

Related Topic