What can be a good device for Apache/PHP/SQL?

I need a device (router or also other devices) that have at least:

  • 4 gigabit ports
  • 1 USB port
  • Wireless not needed
  • Modem not needed

It should be one where I can flash the latest OpenWrt without opening it phisically.

I need to install on the device Apache (with TLS 1.3 support) on port 8080, PHP 7.2 (if possible 7.3) and an SQL server.
I need to setup my custom root certificate on both the device interface and on Apache.

I would like to have suggestion on good devices that can do it and on Apache/PHP/SQL setup.

Best regards,

15 devices with 4x Gbit + USB, supported by OpenWrt (either snapshot, 17.01 or 18.06)

1 Like

That would most likely be a device that runs a full blown distro of some kind as at least Apache is a bit broken on OpenWrt and the only databases packaged are Maria and SQLite (you "propbably" want Postgre or something else). I think you wont find it ideal to keep track of security updates as there are no facilities at all apart from the uscan site and due to the fact that updating packages is far from ideal but that's more or less a design choice given the targeted devices.

Some general advice:

  • You probably want at least 2Gbyte of RAM, you might get away with 1Gbyte but it will most likely be an issue further down the road but it will do if you have a fairly low traffic/non intensive site you might get away with just 1Gb.
  • You most likely want storage attached via PCIe (SATA controller) rather than USB due to reliability concerns. If it's a fairly low traffic site you might get way with USB.
  • You should probably go for 64-bit as that's pretty much where "all" are headed
  • Marvell and Allwinner have by far the most "mature" support in Linux/BSD, RK3399 is looking good but it's not there yet by quite a margin if you're looking at mainline.

Given the above this severly limits your choices and becomes a matter if/what you can compromise.

The closest you'd get is a ClearFog GT 8K which checks all boxes, SATA needs to be provided by miniPCIe card but that's a very easy "fix". I don't know how well it's supported in mainline/BSD yet, especially the switch however.

A rather well supported board is the MACCHIATObin which is very similar but no integrated switch so you need an external.

...going further down the line
Espressobin 1/2Gbyte versions (only eth 3-ports)
PINE A64-LTS (1-port, eMMC available)

I can only personally say that as far as I've tested full grown distros that FreeBSD works surpringly well as its pretty much flawless (for me at least) using a Orange Pi PC (Allwinner H5) which is more or less the same as PINE A64-LTS but with only 1Gb of RAM and without eMMC. You will need to run -CURRENT more or less which may sound nuts but it's very solid (and Netflix did a talk about it since they use it in production) however I'm not sure of the status with eMMC. It's also recommended as you're running -CURRENT to either run Poudriere or selfhost (I do this and it's doable with 1Gb of RAM but it's painfully slow so I would only recommend this on at least 2Gb devices). You might also want to checkout ArchArmLinux, Armbian and Alpine.

I know work is being done of both RK3399 and A8040 but I don't know the current status of those.

So in conclusion, you need to do some research about the board you're looking at and be prepared to run "bleeding edge".

1 Like

I know I can look at the list but I would prefer personal experience.

How can I know if it can take the load of a web server and an sql server (with many connection without being slow)?

How can I know if I can switch from original firmware to OpenWrt without JTAG or a procedure that require dismounting it?

The majority of ARM boards (yes, that's your best bet) doesn't come with software preinstalled.
If you want to evaluate the performance characterists of ARM I'd suggest that you try Scaleway first unless you're willing to grab a board.

If you're unsure, just grab a SFF x86-based system.

Basically you want to keep router/ routing functions and the webserver separate for security and maintenance reasons alone, at least if the webserver is supposed to be accessible from the outside (or untrusted parties on the inside). That also makes choosing the best option easier, as devices with high CPU performance/ RAM don't necessarily have the best I/O options - and the reverse as well. Depending on your expectations a 'cheap' ARM based SBC might fit the bill for your webserving needs, even though they generally suck as router (not enough ethernet ports, not reaching full 1 GBit/s linespeed, bad wlan options - but everything necessary to be a good webserver), but entry level x86_64 shouldn't be ignored either.


ARM boards can be used for such applications on slower connections but you'd need at least a VLAN capable switch.

Just for fun I ran some quick tests on my Orange Pi PC

OS: FreeBSD 13.0-CURRENT r346043 GENERIC-NODEBUG  arm64
Orange Pi PC @ 816Mhz
No CPU scaling due to missing AR100 magic

iperf3 -c -n 2G
~CPU:  0.2% user,  0.0% nice, 14.8% system, 24.9% interrupt, 60.1% idle (TOP)
 ID] Interval           Transfer     Bitrate         Retr
[  5]   0.00-42.57  sec  2.00 GBytes   404 Mbits/sec    0             sender
[  5]   0.00-43.02  sec  2.00 GBytes   399 Mbits/sec                  receiver

iperf3 -c -n 2G -P 4
[ ID] Interval           Transfer     Bitrate         Retr
[  5]   0.00-28.76  sec   661 MBytes   193 Mbits/sec  611             sender
[  5]   0.00-29.65  sec   661 MBytes   187 Mbits/sec                  receiver
[  7]   0.00-28.76  sec  39.9 MBytes  11.6 Mbits/sec  101             sender
[  7]   0.00-29.65  sec  39.9 MBytes  11.3 Mbits/sec                  receiver
[  9]   0.00-28.76  sec   664 MBytes   194 Mbits/sec  587             sender
[  9]   0.00-29.65  sec   664 MBytes   188 Mbits/sec                  receiver
[ 11]   0.00-28.76  sec   683 MBytes   199 Mbits/sec  615             sender
[ 11]   0.00-29.65  sec   683 MBytes   193 Mbits/sec                  receiver
[SUM]   0.00-28.76  sec  2.00 GBytes   597 Mbits/sec  1914             sender
[SUM]   0.00-29.65  sec  2.00 GBytes   579 Mbits/sec                  receiver

iperf3 -c -n 2G -R
~CPU:  1.4% user,  0.0% nice, 17.5% system, 25.0% interrupt, 56.1% idle (TOP)
[ ID] Interval           Transfer     Bitrate         Retr
[  5]   0.00-28.75  sec  2.00 GBytes   598 Mbits/sec  197             sender
[  5]   0.00-28.30  sec  2.00 GBytes   607 Mbits/sec                  receiver

iperf3 -c -n 2G -R -P 4
[ ID] Interval           Transfer     Bitrate         Retr
[  5]   0.00-29.67  sec   528 MBytes   149 Mbits/sec  561             sender
[  5]   0.00-28.90  sec   528 MBytes   153 Mbits/sec                  receiver
[  7]   0.00-29.67  sec   530 MBytes   150 Mbits/sec  505             sender
[  7]   0.00-28.90  sec   530 MBytes   154 Mbits/sec                  receiver
[  9]   0.00-29.67  sec   499 MBytes   141 Mbits/sec  493             sender
[  9]   0.00-28.90  sec   499 MBytes   145 Mbits/sec                  receiver
[ 11]   0.00-29.67  sec   492 MBytes   139 Mbits/sec  469             sender
[ 11]   0.00-28.90  sec   492 MBytes   143 Mbits/sec                  receiver
[SUM]   0.00-29.67  sec  2.00 GBytes   580 Mbits/sec  2028             sender
[SUM]   0.00-28.90  sec  2.00 GBytes   595 Mbits/sec                  receiver

Apache/SQL server is rather vague requirement. How much traffic, how big the DB and how complex is the Website are probably important factors.

I am running nginx, PHP, mysql (wordpress) etc. on APU2
nginx seems to need lees RAM than apache

MariaDB (with InnoDB Storage Engine) may be fine.
I would prefer OpenWrt instead of a full linux distribution for simplictiy.

The DB (about 80KB) and the site (about 30MB) aren't big, but I want it to be able to take the load of 100 concurrent users with a fast page response.

It's going to be more complex as you have no way of tracking vulns and there's no facility to update packages (at least timely) unless you plan to host your own package repo but if you don't care about security go head.
Also, you might want to keep some statistics of some sort which you will need to port yourself like AWStats or GoAccess (might not be ideal on ARM however) or some security modules for PHP/Apache.

To overlay clear about this matter:
OpenWrt is still at 2.4.37, just sayin...