WingNews logo WingNews
top | item 41165887

(no title)

ecjhdnc2025 | 1 year ago

FrankenPHP doesn't proxy to the PHP dev server. It is a PHP SAPI process manager itself.

You should be able to run FrankenPHP as the front end server just fine -- Caddy is excellent and it's my production front-end almost everywhere anyway (the Let's Encrypt support alone is worth it).

Though depending on the deployment I sometimes use Apache and mod_php still for the backend; this is still modestly less painful if you want to use WordPress in the same environment.

There is absolutely no way I would put node at the front of any server; I'd reverse proxy to it as a matter of principle, with very locked-down routing. The security situation with node package dependencies is hilariously bad, and some other server should be managing HTTPS.

Personally I consider the NPM ecosystem to be a horrific side-road in web development, and I think by contrast PHP is at least honest about what it is and what it is not. The amount of cargo-culting advice around package management in NPM is frightening.

discuss

order

throwitaway1123|1 year ago

> FrankenPHP doesn't proxy to the PHP dev server.

I didn't say FrankenPHP proxies to the PHP dev server. I'm saying FrankenPHP is a Frankenstein amalgamation of the Caddy reverse proxy server and PHP, which is necessitated by the lack of a production server built in to PHP. Some languages/runtimes like Go (which Caddy is written in) and Node have production ready servers built in to their standard libraries.

> I'd reverse proxy to it as a matter of principle [...] some other server should be managing HTTPS.

I've used Caddy and it's great, but if I have Cloudflare or some other service terminating SSL and serving static assets, then I don't necessarily need Apache, Nginx, or Caddy acting as a middleman.

> The security situation with node package dependencies is hilariously bad

Most of the security issues involving NPM are related to client side JS, not server side JS. PHP doesn't run client side at all, so it's a bit of an apples to oranges comparison. If you're just doing traditional server side templating then there are plenty of rock solid frameworks. Hapi has zero third party dependencies and was designed by one of the authors of the OAuth spec for example.