We’ve already installed Nginx web server, PHP, run wrappers and configure php.ini settings. Next step will be some small improvements on global PHP-FPM configuration and also, additional settings on websites wrappers. Today we will edit /etc/php-fpm/version/fpm/php-fpm.conf file. It’s PHP-FPM main configuration file. Not PHP like php.ini from last chapter, but for FastCGI Process Manager. There is no time for unnecessary descriptions, let’s edit this file.
log_level = warning
First step is to decrease logging level. Default is notice – not but, I like to have logs and possibility to check everything, but notice means a lot of completely unnecessary logs and troubles with filtering. I recommend to use higher level – warning, or if you want, error.
emergency_restart_threshold = 20 emergency_restart_interval = 1m process_control_timeout = 10s
These three settings prevent our PHP-FPM processes to corruptions, memory leaks or unwanting suspending. PHP will automatically restart such processes and free memory if it will needed. You can change time limits, but there are default, secure values. Important note: it’s default, but default configuration has disable this feature (limits are commented).
Edit wrappers config files
Next step is to set some additional settings on our wrappers, so, fox example /etc/php/your-version/fpm/pool.d/mywebsite.conf:
[myuser] user = $pool group = $pool listen = /var/run/php-$pool.sock php_admin_value[error_log] = /home/$pool/php_error_log
If you have a lot of webistes with different wrappers, you do not have to write this website/wraper name every and every time in wrapper configuration. You can use $pool variable to to this. It’s very comfortable to create new wrappers with the same settings – just change first line.
php_admin_value[open_basedir] = /home/$pool/www:/tmp
Second, and last thing is to set open_basedir for each wrapper. This setting limit PHP to use this and nested directory, but not any in higher level – for security purporses and isolate all website in their directories. Simple, but very effective. As you can see, it’s very simple to overwrite global php.ini configuration using php_admin_value array. You can simply create completely different environments with one global PHP.
Happy New Year!