PHP-FPM – config improvements

We’ve already installed Nginx web server, PHP, run wrappers and configure php.ini settings. Next step will be some small improvements on global PHP-FPM configuration and also, additional settings on websites wrappers. Today we will edit /etc/php-fpm/version/fpm/php-fpm.conf file. It’s PHP-FPM main configuration file. Not PHP like php.ini from last chapter, but for FastCGI Process Manager. There is no time for unnecessary descriptions, let’s edit this file.

Nginx installation and first configuration

Nginx virtual host configuration

Use PHP-FPM with Nginx

Describe and change php.ini settings

PHP-FPM – config improvements

Use strong Nginx encryption settings

Nginx optimizations, tips and tricks

php-fpm.conf file

log_level = warning

First step is to decrease logging level. Default is notice – not but, I like to have logs and possibility to check everything, but notice means a lot of completely unnecessary logs and troubles with filtering. I recommend to use higher level – warning, or if you want, error.

emergency_restart_threshold = 20
emergency_restart_interval = 1m
process_control_timeout = 10s

These three settings prevent our PHP-FPM processes to corruptions, memory leaks or unwanting suspending. PHP will automatically restart such processes and free memory if it will needed. You can change time limits, but there are default, secure values. Important note: it’s default, but default configuration has disable this feature (limits are commented).

Edit wrappers config files

Next step is to set some additional settings on our wrappers, so, fox example /etc/php/your-version/fpm/pool.d/mywebsite.conf:

[myuser]
user = $pool
group = $pool

listen = /var/run/php-$pool.sock
php_admin_value[error_log] = /home/$pool/php_error_log

If you have a lot of webistes with different wrappers, you do not have to write this website/wraper name every and every time in wrapper configuration. You can use $pool variable to to this. It’s very comfortable to create new wrappers with the same settings – just change first line.

php_admin_value[open_basedir] = /home/$pool/www:/tmp

Second, and last thing is to set open_basedir for each wrapper. This setting limit PHP to use this and nested directory, but not any in higher level – for security purporses and isolate all website in their directories. Simple, but very effective. As you can see, it’s very simple to overwrite global php.ini configuration using php_admin_value array. You can simply create completely different environments with one global PHP.

Happy New Year!

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.