Edit: Steve Reynolds posted a great followup focusing on how to do this in EC2.

So my brother recently asked me how to best go about configuring a WAMP (Windows, Apache, MySQL, PHP) stack for production. I’m sure there’s a ton of things you should do, but here were some intial thoughts that sprang to mind. I may update the post with others as I think of them.

All of this applies to a single server environment, once you start scaling out different rules apply. Ideally your architecture should be designed so that you can scale horizontally though, so that if things do take off you don’t find yourself re-writing everything.

Feel free to add other tips in the comments …

Windows

• Turn off uneccessary “stuff”
  Windows runs a bunch of services by default that you don’t need. Bin them. Especially the following:
  – Windows Firewall (will mess with your inbound/outbound traffic)
  – Indexing service (will thrash your hard drive trying to be “helpful”)
  – Any anti-virus services (use your discretion here, but generally they can cause a lot of unecessary disk activity.)
• Sort the startup folder and app tray
  Blitz everything from the startup folder and app tray that isn’t absolutely necessary.

Apache

• Grab the right copy
  Always get the most recent copy for bug fixes and features. At the time of writing v2.2 has some nice load-balancing configuration features for instance. Also, make sure you download the SSL-enabled version of http server, it may come in handy.
• Set cache settings
  Take a look at the ExpiresActive and ExpiresByType config options to setup caching for your images and files that won’t change that much (css, js). This will make your site more performant in the eyes of the user and save you money on bandwith charges.
• Sort out your logging
  In test mode you probably want LogLevel set to “debug”, in production you’ll want this at something like “warn” to avoid unecessary logfile activity. Also make sure you use CustomLog to grab all the info you can about your end users and rotatelogs to manage your logfiles.
• Disable directory browsing
  An absolute must, see this howto.
• Setup custom error pages
  Use the ErrorDocument directive to setup nicer looking error pages. They look better, and don’t give outyour sensitive environment info.
• Enable compression
  It’s well worth doing and straightforward.

MySQL

• Write to a seperate disk
  Do data writes on a different disk to the webserver and application processing. You want to ensure that you don’t have disk contention issues.
• Consider RAID
  If uptime is crucial consider implementing something like RAID 1 to mirror your data across multiple disks.
• Backup the DB data
  Do this at least every 12 hours, using something like S3.
• Tweak configuration options
  There are hundreds of config options for MySQL, probably worthy of a seperate post in their own right, but by far the most important is your upfront decision about which table-type to use, as it’s difficult to change afterwards. Check out this lowdown on some of the different options.

PHP

• Enable extensions
  PHP works quite nicely out of the box, but remember to enable any extra extensions (the bits with “extension=” in your PHP.ini file)
• Tweak post rules
  You might want to set the “post_max_size” variable if you’re accepting large (or want to limit) file uploads.

Miscellaneous musings

• Consider S3 for storage
  Storage is hard. Doing it yourself is hard. If you’re doing it a lot let Amazon worry about it for you, by building on top of S3. In your application design it’s easier to bake this in upfront rather than retrofit it. And it’s cheap.