php5-fpm
Documentation
1 aptitude install php5-fpm libapache2-mod-fastcgi
1 root@mail /etc/apache2 # adduser --system --group --disabled-login --disabled-password --home /var/lib/www-mail www-mail
2 Lege Systembenutzer »www-mail« (UID 118) an ...
3 Lege neue Gruppe »www-mail« (GID 124) an ...
4 Lege neuen Benutzer »www-mail« (UID 114) mit Gruppe »www-mail« an ...
5 Erstelle Home-Verzeichnis »/var/lib/www-mail« ...
Test vHost
/etc/apache2/sites-available/initial_test.conf
1 <VirtualHost *:80>
2 # The ServerName directive sets the request scheme, hostname and port that
3 # the server uses to identify itself. This is used when creating
4 # redirection URLs. In the context of virtual hosts, the ServerName
5 # specifies what hostname must appear in the request's Host: header to
6 # match this virtual host. For the default virtual host (this file) this
7 # value is not decisive as it is used as a last resort host regardless.
8 # However, you must set it for any further virtual host explicitly.
9 #ServerName www.example.com
10
11 # ServerAdmin webmaster@localhost
12 DocumentRoot /var/www/html
13
14 # Available loglevels: trace8, ..., trace1, debug, info, notice, warn,
15 # error, crit, alert, emerg.
16 # It is also possible to configure the loglevel for particular
17 # modules, e.g.
18 #LogLevel info ssl:warn
19
20 ErrorLog ${APACHE_LOG_DIR}/error.log
21 CustomLog ${APACHE_LOG_DIR}/access.log combined
22
23 # For most configuration files from conf-available/, which are
24 # enabled or disabled at a global level, it is possible to
25 # include a line for only one particular virtual host. For example the
26 # following line enables the CGI configuration for this host only
27 # after it has been globally disabled with "a2disconf".
28 #Include conf-available/serve-cgi-bin.conf
29
30 <Directory "/var/www/html">
31 AllowOverride FileInfo Limit Options Indexes
32 Require all granted
33 </Directory>
34 </VirtualHost>
35
36 # vim: syntax=apache ts=4 sw=4 sts=4 sr noet
Please don't forget to disable this sensitive data-leak after the tests.
Testscript
/var/www/html/info.php
1 <?php phpinfo(); ?>
Pooling
- PHP-FPM-Pool
1 root@mail /home/tobias # cat /etc/php5/fpm/pool.d/www-mail.conf
2 ; Start a new pool named 'www-mail'.
3 ; the variable $pool can we used in any directive and will be replaced by the
4 ; pool name ('www-mail' here)
5 [www-mail]
6
7 ; Per pool prefix
8 ; It only applies on the following directives:
9 ; - 'access.log'
10 ; - 'slowlog'
11 ; - 'listen' (unixsocket)
12 ; - 'chroot'
13 ; - 'chdir'
14 ; - 'php_values'
15 ; - 'php_admin_values'
16 ; When not set, the global prefix (or /usr) applies instead.
17 ; Note: This directive can also be relative to the global prefix.
18 ; Default Value: none
19 ;prefix = /path/to/pools/$pool
20
21 ; Unix user/group of processes
22 ; Note: The user is mandatory. If the group is not set, the default user's group
23 ; will be used.
24 user = www-mail
25 group = www-mail
26
27 ; The address on which to accept FastCGI requests.
28 ; Valid syntaxes are:
29 ; 'ip.add.re.ss:port' - to listen on a TCP socket to a specific IPv4 address on
30 ; a specific port;
31 ; '[ip:6:addr:ess]:port' - to listen on a TCP socket to a specific IPv6 address on
32 ; a specific port;
33 ; 'port' - to listen on a TCP socket to all IPv4 addresses on a
34 ; specific port;
35 ; '[::]:port' - to listen on a TCP socket to all addresses
36 ; (IPv6 and IPv4-mapped) on a specific port;
37 ; '/path/to/unix/socket' - to listen on a unix socket.
38 ; Note: This value is mandatory.
39 listen = 127.0.0.1:9000
40 #listen = [::1]:9000
41 #listen = /var/lib/apache2/fastcgi/php5-fpm_www-mail.sock
42 #listen = /var/run/php5-fpm_www-mail.sock
43
44 ; Set listen(2) backlog.
45 ; Default Value: 65535 (-1 on FreeBSD and OpenBSD)
46 ;listen.backlog = 65535
47
48 ; Set permissions for unix socket, if one is used. In Linux, read/write
49 ; permissions must be set in order to allow connections from a web server. Many
50 ; BSD-derived systems allow connections regardless of permissions.
51 ; Default Values: user and group are set as the running user
52 ; mode is set to 0660
53 listen.owner = www-mail
54 listen.group = www-mail
55 listen.mode = 0660
56 ; When POSIX Access Control Lists are supported you can set them using
57 ; these options, value is a comma separated list of user/group names.
58 ; When set, listen.owner and listen.group are ignored
59 ;listen.acl_users =
60 ;listen.acl_groups =
61
62 ; List of addresses (IPv4/IPv6) of FastCGI clients which are allowed to connect.
63 ; Equivalent to the FCGI_WEB_SERVER_ADDRS environment variable in the original
64 ; PHP FCGI (5.2.2+). Makes sense only with a tcp listening socket. Each address
65 ; must be separated by a comma. If this value is left blank, connections will be
66 ; accepted from any ip address.
67 ; Default Value: any
68 listen.allowed_clients = 127.0.0.1
69
70 ; Specify the nice(2) priority to apply to the pool processes (only if set)
71 ; The value can vary from -19 (highest priority) to 20 (lower priority)
72 ; Note: - It will only work if the FPM master process is launched as root
73 ; - The pool processes will inherit the master process priority
74 ; unless it specified otherwise
75 ; Default Value: no set
76 ; process.priority = -19
77
78 ; Choose how the process manager will control the number of child processes.
79 ; Possible Values:
80 ; static - a fixed number (pm.max_children) of child processes;
81 ; dynamic - the number of child processes are set dynamically based on the
82 ; following directives. With this process management, there will be
83 ; always at least 1 children.
84 ; pm.max_children - the maximum number of children that can
85 ; be alive at the same time.
86 ; pm.start_servers - the number of children created on startup.
87 ; pm.min_spare_servers - the minimum number of children in 'idle'
88 ; state (waiting to process). If the number
89 ; of 'idle' processes is less than this
90 ; number then some children will be created.
91 ; pm.max_spare_servers - the maximum number of children in 'idle'
92 ; state (waiting to process). If the number
93 ; of 'idle' processes is greater than this
94 ; number then some children will be killed.
95 ; ondemand - no children are created at startup. Children will be forked when
96 ; new requests will connect. The following parameter are used:
97 ; pm.max_children - the maximum number of children that
98 ; can be alive at the same time.
99 ; pm.process_idle_timeout - The number of seconds after which
100 ; an idle process will be killed.
101 ; Note: This value is mandatory.
102 pm = dynamic
103
104 ; The number of child processes to be created when pm is set to 'static' and the
105 ; maximum number of child processes when pm is set to 'dynamic' or 'ondemand'.
106 ; This value sets the limit on the number of simultaneous requests that will be
107 ; served. Equivalent to the ApacheMaxClients directive with mpm_prefork.
108 ; Equivalent to the PHP_FCGI_CHILDREN environment variable in the original PHP
109 ; CGI. The below defaults are based on a server without much resources. Don't
110 ; forget to tweak pm.* to fit your needs.
111 ; Note: Used when pm is set to 'static', 'dynamic' or 'ondemand'
112 ; Note: This value is mandatory.
113 pm.max_children = 5
114
115 ; The number of child processes created on startup.
116 ; Note: Used only when pm is set to 'dynamic'
117 ; Default Value: min_spare_servers + (max_spare_servers - min_spare_servers) / 2
118 pm.start_servers = 2
119
120 ; The desired minimum number of idle server processes.
121 ; Note: Used only when pm is set to 'dynamic'
122 ; Note: Mandatory when pm is set to 'dynamic'
123 pm.min_spare_servers = 1
124
125 ; The desired maximum number of idle server processes.
126 ; Note: Used only when pm is set to 'dynamic'
127 ; Note: Mandatory when pm is set to 'dynamic'
128 pm.max_spare_servers = 3
129
130 ; The number of seconds after which an idle process will be killed.
131 ; Note: Used only when pm is set to 'ondemand'
132 ; Default Value: 10s
133 ;pm.process_idle_timeout = 10s;
134
135 ; The number of requests each child process should execute before respawning.
136 ; This can be useful to work around memory leaks in 3rd party libraries. For
137 ; endless request processing specify '0'. Equivalent to PHP_FCGI_MAX_REQUESTS.
138 ; Default Value: 0
139 pm.max_requests = 1024
140
141 ; The URI to view the FPM status page. If this value is not set, no URI will be
142 ; recognized as a status page. It shows the following informations:
143 ; pool - the name of the pool;
144 ; process manager - static, dynamic or ondemand;
145 ; start time - the date and time FPM has started;
146 ; start since - number of seconds since FPM has started;
147 ; accepted conn - the number of request accepted by the pool;
148 ; listen queue - the number of request in the queue of pending
149 ; connections (see backlog in listen(2));
150 ; max listen queue - the maximum number of requests in the queue
151 ; of pending connections since FPM has started;
152 ; listen queue len - the size of the socket queue of pending connections;
153 ; idle processes - the number of idle processes;
154 ; active processes - the number of active processes;
155 ; total processes - the number of idle + active processes;
156 ; max active processes - the maximum number of active processes since FPM
157 ; has started;
158 ; max children reached - number of times, the process limit has been reached,
159 ; when pm tries to start more children (works only for
160 ; pm 'dynamic' and 'ondemand');
161 ; Value are updated in real time.
162 ; Example output:
163 ; pool: www
164 ; process manager: static
165 ; start time: 01/Jul/2011:17:53:49 +0200
166 ; start since: 62636
167 ; accepted conn: 190460
168 ; listen queue: 0
169 ; max listen queue: 1
170 ; listen queue len: 42
171 ; idle processes: 4
172 ; active processes: 11
173 ; total processes: 15
174 ; max active processes: 12
175 ; max children reached: 0
176 ;
177 ; By default the status page output is formatted as text/plain. Passing either
178 ; 'html', 'xml' or 'json' in the query string will return the corresponding
179 ; output syntax. Example:
180 ; http://www.foo.bar/status
181 ; http://www.foo.bar/status?json
182 ; http://www.foo.bar/status?html
183 ; http://www.foo.bar/status?xml
184 ;
185 ; By default the status page only outputs short status. Passing 'full' in the
186 ; query string will also return status for each pool process.
187 ; Example:
188 ; http://www.foo.bar/status?full
189 ; http://www.foo.bar/status?json&full
190 ; http://www.foo.bar/status?html&full
191 ; http://www.foo.bar/status?xml&full
192 ; The Full status returns for each process:
193 ; pid - the PID of the process;
194 ; state - the state of the process (Idle, Running, ...);
195 ; start time - the date and time the process has started;
196 ; start since - the number of seconds since the process has started;
197 ; requests - the number of requests the process has served;
198 ; request duration - the duration in µs of the requests;
199 ; request method - the request method (GET, POST, ...);
200 ; request URI - the request URI with the query string;
201 ; content length - the content length of the request (only with POST);
202 ; user - the user (PHP_AUTH_USER) (or '-' if not set);
203 ; script - the main script called (or '-' if not set);
204 ; last request cpu - the %cpu the last request consumed
205 ; it's always 0 if the process is not in Idle state
206 ; because CPU calculation is done when the request
207 ; processing has terminated;
208 ; last request memory - the max amount of memory the last request consumed
209 ; it's always 0 if the process is not in Idle state
210 ; because memory calculation is done when the request
211 ; processing has terminated;
212 ; If the process is in Idle state, then informations are related to the
213 ; last request the process has served. Otherwise informations are related to
214 ; the current request being served.
215 ; Example output:
216 ; ************************
217 ; pid: 31330
218 ; state: Running
219 ; start time: 01/Jul/2011:17:53:49 +0200
220 ; start since: 63087
221 ; requests: 12808
222 ; request duration: 1250261
223 ; request method: GET
224 ; request URI: /test_mem.php?N=10000
225 ; content length: 0
226 ; user: -
227 ; script: /home/fat/web/docs/php/test_mem.php
228 ; last request cpu: 0.00
229 ; last request memory: 0
230 ;
231 ; Note: There is a real-time FPM status monitoring sample web page available
232 ; It's available in: /usr/share/php5/fpm/status.html
233 ;
234 ; Note: The value must start with a leading slash (/). The value can be
235 ; anything, but it may not be a good idea to use the .php extension or it
236 ; may conflict with a real PHP file.
237 ; Default Value: not set
238 pm.status_path = /status
239
240 ; The ping URI to call the monitoring page of FPM. If this value is not set, no
241 ; URI will be recognized as a ping page. This could be used to test from outside
242 ; that FPM is alive and responding, or to
243 ; - create a graph of FPM availability (rrd or such);
244 ; - remove a server from a group if it is not responding (load balancing);
245 ; - trigger alerts for the operating team (24/7).
246 ; Note: The value must start with a leading slash (/). The value can be
247 ; anything, but it may not be a good idea to use the .php extension or it
248 ; may conflict with a real PHP file.
249 ; Default Value: not set
250 ping.path = /ping
251
252 ; This directive may be used to customize the response of a ping request. The
253 ; response is formatted as text/plain with a 200 response code.
254 ; Default Value: pong
255 ;ping.response = pong
256
257 ; The access log file
258 ; Default: not set
259 ;access.log = log/$pool.access.log
260
261 ; The access log format.
262 ; The following syntax is allowed
263 ; %%: the '%' character
264 ; %C: %CPU used by the request
265 ; it can accept the following format:
266 ; - %{user}C for user CPU only
267 ; - %{system}C for system CPU only
268 ; - %{total}C for user + system CPU (default)
269 ; %d: time taken to serve the request
270 ; it can accept the following format:
271 ; - %{seconds}d (default)
272 ; - %{miliseconds}d
273 ; - %{mili}d
274 ; - %{microseconds}d
275 ; - %{micro}d
276 ; %e: an environment variable (same as $_ENV or $_SERVER)
277 ; it must be associated with embraces to specify the name of the env
278 ; variable. Some exemples:
279 ; - server specifics like: %{REQUEST_METHOD}e or %{SERVER_PROTOCOL}e
280 ; - HTTP headers like: %{HTTP_HOST}e or %{HTTP_USER_AGENT}e
281 ; %f: script filename
282 ; %l: content-length of the request (for POST request only)
283 ; %m: request method
284 ; %M: peak of memory allocated by PHP
285 ; it can accept the following format:
286 ; - %{bytes}M (default)
287 ; - %{kilobytes}M
288 ; - %{kilo}M
289 ; - %{megabytes}M
290 ; - %{mega}M
291 ; %n: pool name
292 ; %o: output header
293 ; it must be associated with embraces to specify the name of the header:
294 ; - %{Content-Type}o
295 ; - %{X-Powered-By}o
296 ; - %{Transfert-Encoding}o
297 ; - ....
298 ; %p: PID of the child that serviced the request
299 ; %P: PID of the parent of the child that serviced the request
300 ; %q: the query string
301 ; %Q: the '?' character if query string exists
302 ; %r: the request URI (without the query string, see %q and %Q)
303 ; %R: remote IP address
304 ; %s: status (response code)
305 ; %t: server time the request was received
306 ; it can accept a strftime(3) format:
307 ; %d/%b/%Y:%H:%M:%S %z (default)
308 ; %T: time the log has been written (the request has finished)
309 ; it can accept a strftime(3) format:
310 ; %d/%b/%Y:%H:%M:%S %z (default)
311 ; %u: remote user
312 ;
313 ; Default: "%R - %u %t \"%m %r\" %s"
314 ;access.format = "%R - %u %t \"%m %r%Q%q\" %s %f %{mili}d %{kilo}M %C%%"
315
316 ; The log file for slow requests
317 ; Default Value: not set
318 ; Note: slowlog is mandatory if request_slowlog_timeout is set
319 ;slowlog = log/$pool.log.slow
320
321 ; The timeout for serving a single request after which a PHP backtrace will be
322 ; dumped to the 'slowlog' file. A value of '0s' means 'off'.
323 ; Available units: s(econds)(default), m(inutes), h(ours), or d(ays)
324 ; Default Value: 0
325 ;request_slowlog_timeout = 0
326
327 ; The timeout for serving a single request after which the worker process will
328 ; be killed. This option should be used when the 'max_execution_time' ini option
329 ; does not stop script execution for some reason. A value of '0' means 'off'.
330 ; Available units: s(econds)(default), m(inutes), h(ours), or d(ays)
331 ; Default Value: 0
332 ;request_terminate_timeout = 0
333
334 ; Set open file descriptor rlimit.
335 ; Default Value: system defined value
336 rlimit_files = 8192
337
338 ; Set max core size rlimit.
339 ; Possible Values: 'unlimited' or an integer greater or equal to 0
340 ; Default Value: system defined value
341 ;rlimit_core = 0
342
343 ; Chroot to this directory at the start. This value must be defined as an
344 ; absolute path. When this value is not set, chroot is not used.
345 ; Note: you can prefix with '$prefix' to chroot to the pool prefix or one
346 ; of its subdirectories. If the pool prefix is not set, the global prefix
347 ; will be used instead.
348 ; Note: chrooting is a great security feature and should be used whenever
349 ; possible. However, all PHP paths will be relative to the chroot
350 ; (error_log, sessions.save_path, ...).
351 ; Default Value: not set
352 ;chroot =
353
354 ; Chdir to this directory at the start.
355 ; Note: relative path can be used.
356 ; Default Value: current directory or / when chroot
357 chdir = /
358
359 ; Redirect worker stdout and stderr into main error log. If not set, stdout and
360 ; stderr will be redirected to /dev/null according to FastCGI specs.
361 ; Note: on highloaded environement, this can cause some delay in the page
362 ; process time (several ms).
363 ; Default Value: no
364 ;catch_workers_output = yes
365
366 ; Clear environment in FPM workers
367 ; Prevents arbitrary environment variables from reaching FPM worker processes
368 ; by clearing the environment in workers before env vars specified in this
369 ; pool configuration are added.
370 ; Setting to "no" will make all environment variables available to PHP code
371 ; via getenv(), $_ENV and $_SERVER.
372 ; Default Value: yes
373 ;clear_env = no
374
375 ; Limits the extensions of the main script FPM will allow to parse. This can
376 ; prevent configuration mistakes on the web server side. You should only limit
377 ; FPM to .php extensions to prevent malicious users to use other extensions to
378 ; exectute php code.
379 ; Note: set an empty value to allow all extensions.
380 ; Default Value: .php
381 ;security.limit_extensions = .php .php3 .php4 .php5
382
383 ; Pass environment variables like LD_LIBRARY_PATH. All $VARIABLEs are taken from
384 ; the current environment.
385 ; Default Value: clean env
386 ;env[HOSTNAME] = $HOSTNAME
387 ;env[PATH] = /usr/local/bin:/usr/bin:/bin
388 ;env[TMP] = /tmp
389 ;env[TMPDIR] = /tmp
390 ;env[TEMP] = /tmp
391
392 ; Additional php.ini defines, specific to this pool of workers. These settings
393 ; overwrite the values previously defined in the php.ini. The directives are the
394 ; same as the PHP SAPI:
395 ; php_value/php_flag - you can set classic ini defines which can
396 ; be overwritten from PHP call 'ini_set'.
397 ; php_admin_value/php_admin_flag - these directives won't be overwritten by
398 ; PHP call 'ini_set'
399 ; For php_*flag, valid values are on, off, 1, 0, true, false, yes or no.
400
401 ; Defining 'extension' will load the corresponding shared extension from
402 ; extension_dir. Defining 'disable_functions' or 'disable_classes' will not
403 ; overwrite previously defined php.ini values, but will append the new value
404 ; instead.
405
406 ; Note: path INI options can be relative and will be expanded with the prefix
407 ; (pool, global or /usr)
408
409 ; Default Value: nothing is defined by default except the values in php.ini and
410 ; specified at startup with the -d argument
411 ;php_admin_value[sendmail_path] = /usr/sbin/sendmail -t -i -f www@my.domain.com
412 ;php_flag[display_errors] = off
413 ;php_admin_value[error_log] = /var/log/fpm-php.www.log
414 ;php_admin_flag[log_errors] = on
415 ;php_admin_value[memory_limit] = 32M
416
417 ; php garbage collection for file-based sessions on debian is done via
418 ;cronjob but roundcubemail uses mysql as storage during runtime which is
419 ;not cleaned up by the cronjob. So reenable the default php gc method
420 php_admin_value[session.gc_probability] = 1
421 ;php_admin_value[error_reporting] = 6135
422 ;php_admin_value[display_errors] = 1
423
424 ; Secure handling of cookies
425 php_admin_value[session.cookie_secure] = 1
426 php_admin_value[session.cookie_httponly] = 1
427
428 ; vim: set filetype=dosini:
Integration into apache2
- /etc/apache2/conf-enabled/php5-fpm.conf
1 <IfModule mod_fastcgi.c>
2 AddHandler php5-fcgi .php
3 Action php5-fcgi /php5-fcgi
4 Alias /php5-fcgi /usr/lib/cgi-bin/php5-fcgi
5 # FastCgiExternalServer php5-fpm_www-mail -host 127.0.0.1:9000 -pass-header Authorization
6 FastCgiExternalServer /usr/lib/cgi-bin/php5-fcgi -host 127.0.0.1:9000 -pass-header Authorization
7 # FastCgiExternalServer /usr/lib/cgi-bin/php5-fcgi -socket /var/run/php5-fpm_www-mail.sock -pass-header Authorization
8 # FastCgiExternalServer /usr/lib/cgi-bin/php5-fcgi -socket /var/lib/apache2/fastcgi/php5-fpm_www-mail.sock -pass-header Authorization
9
10 ### Only for status websites
11 <Location /status>
12 order deny,allow
13 allow from all
14 </Location>
15 </IfModule>
- running