PHP / Memcache with DirectAdmin

yapadu

Verified User
Joined
Jun 26, 2009
Messages
38
I am trying to setup two direct admin servers, with one website able to run on both. With PHP session storage in memcache, spead across the two servers for redundancy.

If traffic is load balanced to both, and one box goes down I don't want the user to loose their session.

I found some a nice article on how to go about it on this page:

PHP Sessions On Multiple Memcached Servers

The article is good, but it is specifically for Ubuntu, and I have not been able to get it working on DirectAdmin/Debian 7. Some of the configuration files they mention do not exist on my install.

Essentially they say to setup multiple Memcache servers, and add some config to your php.ini file.

To my php.ini I added the following:

session.save_handler = memcache
session.save_path = 'tcp://serverA:11211,tcp://serverB:11211'

They talk about adding a couple lines to memcache.ini, which I do not have.

memcache.allow_failover=1
memcache.session_redundancy=3

I added those to my php.ini as they appear to be PHP options, according to the PHP documentation.

Anyway, I can set my save handler to memcache, and I can point to either serverA or serverB... individually. Individually they work, but if I try and chain them together I get an error in the logs:

PHP Fatal error: session_start(): Failed to initialize storage module: memcache (path: tcp://serverA:11211,tcp:serverB:11211) in /home/ikbb/domains/widg.com/public_html/index.php on line 30

It obviously has something to do with the redundancy aspect since they both work individually.

Anyone got an idea where the memcache.allow_failover command is supposed to go, since DirectAdmin does not have a memcache.ini file.


Rob
 
Last edited:
Hello,

Firewalled? Did you try to connect serverB:11211 from serverA, and serverA:11211 from serverB with telnet?
 
Nope, no firewall. I can actually use both of them successfully individually, like

session.save_path = 'tcp://serverA:11211'

or

session.save_path = 'tcp://serverB:11211'

Both servers work, the problem is when trying to use both for redundancy that I get the error.
 
OK,

let's check these lines

Code:
memcache.allow_failover=1
memcache.session_redundancy=3
?

Do you see these lines with these values in phpinfo() output?

Try to put those lines (if they are not loaded by php) into

/usr/local/php53/lib/php.conf.d/99-memcache.ini

where change 53 with your actual version number. And depending on what mode of PHP you use restart apache or php-fpm.
 
Sorry for bumping such old thread but I think new users should consider reading this before "optimizing" their system with memcached session storage.

Briefly: DO NOT DO IT if you are running a shared hosting!

Memcached will definitely optimize the system a lot - it's fast in memory hash table and it's hugely faster compared to the default disk io setup. But it's not designed with security in mind - it's just a cache. When you connect to Memcached server you do not supply any username or password - you just... connect and you can start reading everything it stores.

Sure you will limit it in the configs to allow connections only from localhost and you'll firewall it just in case, BUT...

DirectAdmin is a shared hosting system by design. If you have multiple users, they can eventually upload a script in their own public_html which will let them connect to the memcached server (their scripts executes from the same machine as the memcached server so it is able to connect to it) and may dump the session data for all other websites. Then you can imagine the attack vectors - session hijacking will be almost trivial for example.

By contrast the default PHP configuration stores the sessions as files in the /tmp folder. Sure everyone can write to the /tmp, but the session files inside are owned by the user who created them (php-fpm runs with the user credentials) and PHP stores them with 700 permissions (not readable by group and other). Therefore one user can't read the files of another.
 
Last edited:
Back
Top