The default configuration of PHP-FPM

preface

I didn't explain too much. I just moved the default PHP-FPM configuration item.

start

(1) The properties that can be configured are described as follows:

; Per pool prefix
; It only applies on the following directives:
; - 'access.log' 
; - 'slowlog'
; - 'listen' (unixsocket)
; - 'chroot'
; - 'chdir'
; - 'php_values'
; - 'php_admin_values'
; When not set, the global prefix (or /usr) applies instead.
; Note: This directive can also be relative to the global prefix.
; Default Value: none
;prefix = /path/to/pools/$pool

listen configuration

  1. listen = 127.0.0.1:9000 by default. The configuration of this attribute corresponds to fastcgi in nginx_ pass. The configuration of listen is described as follows:

    ; The address on which to accept FastCGI requests.
    ; Valid syntaxes are:
    ;   'ip.add.re.ss:port'    - to listen on a TCP socket to a specific IPv4 address on
    ;                            a specific port;
    ;   '[ip\:6\:addr\:ess]:port' - to listen on a TCP socket to a specific IPv6 address on
    ;                            a specific port;
    ;   'port'                 - to listen on a TCP socket to all IPv4 addresses on a
    ;                            specific port;
    ;   '[::]:port'            - to listen on a TCP socket to all addresses
    ;                            (IPv6 and IPv4-mapped) on a specific port;
    ;   '/path/to/unix/socket' - to listen on a unix socket.
    ; Note: This value is mandatory.

    The supported formats are: ip:port, ip6:port, port, [::]: port and / path/to/unix/socket. If it is configured locally, socket is preferred because it is the fastest. If you choose ip:port, you can forward the request to the server where the IP is located to respond. Load balancing can be realized by configuring the upstream module in nginx.

  1. Some other configurations of listen
; Set listen(2) backlog.
; Default Value: 65535 (-1 on FreeBSD and OpenBSD)
; listen.backlog = 65535

; Set permissions for unix socket, if one is used. In Linux, read/write
; permissions must be set in order to allow connections from a web server. Many
; BSD-derived systems allow connections regardless of permissions. 
; Default Values: user and group are set as the running user
;                 mode is set to 0660
;listen.owner = nobody
;listen.group = nobody
;listen.mode = 0660

; List of addresses (IPv4/IPv6) of FastCGI clients which are allowed to connect.
; Equivalent to the FCGI_WEB_SERVER_ADDRS environment variable in the original
; PHP FCGI (5.2.2+). Makes sense only with a tcp listening socket. Each address
; must be separated by a comma. If this value is left blank, connections will be
; accepted from any ip address.
; Default Value: any
;listen.allowed_clients = 127.0.0.1
  • listen.backlog = 65535:

    If the web request involves reading and writing, the permission must be set. The default is the starting user and user group, and the reading and writing permission is 0660.

  • listen. User readable setting of socket = nobody.

  • listen.group = nobody: set the read-write user group of unix socket.

  • listen.mode = 0660: set the read / write permission of unix socket

  • listen.allowed_clients = 127.0.0.1: restrict accessible IP. The default value is any, which allows requests from any IP source.

    pm module

    The tuning of pm module can be referred to Optimizing PHP-FPM for high performance
    I'm just a brick loader with default configuration!

  1. pm related configurations are described below
    ; Choose how the process manager will control the number of child processes.
    ; Possible Values:
    ;   static  - a fixed number (pm.max_children) of child processes;
    ;   dynamic - the number of child processes are set dynamically based on the
    ;             following directives. With this process management, there will be
    ;             always at least 1 children.
    ;             pm.max_children      - the maximum number of children that can
    ;                                    be alive at the same time.
    ;             pm.start_servers     - the number of children created on startup.
    ;             pm.min_spare_servers - the minimum number of children in 'idle'
    ;                                    state (waiting to process). If the number
    ;                                    of 'idle' processes is less than this
    ;                                    number then some children will be created.
    ;             pm.max_spare_servers - the maximum number of children in 'idle'
    ;                                    state (waiting to process). If the number
    ;                                    of 'idle' processes is greater than this
    ;                                    number then some children will be killed.
    ;  ondemand - no children are created at startup. Children will be forked when
    ;             new requests will connect. The following parameter are used:
    ;             pm.max_children           - the maximum number of children that
    ;                                         can be alive at the same time.
    ;             pm.process_idle_timeout   - The number of seconds after which
    ;                                         an idle process will be killed.
    ; Note: This value is mandatory.
    pm = dynamic
    pm optional values: static, dynamic, ondemand.
    The value in the default configuration is dynamic. Therefore, you should also refer to the following configuration:
  • pm.max_children = 5: how many child processes can survive at the same time
  • pm.start_servers = 2: the number of child processes started at the beginning of startup
  • pm.min_spare_servers = 1: at least how many child processes exist when idle. If the current number of processes is less than this, some child processes will be started.
  • pm.max_spare_servers = 3: how many child processes exist at most when idle. If the current number of redundant processes, some child processes will be killed.
    Note that the dynamic note mentions that the management of child processes will be used as a reference according to the following configuration, but there is at least one child process.

static: fixed number of child processes.
ondemand: there are no child processes at the beginning, and the child processes are started with the number of requests. Affected by PM max_ Children and PM process_ idle_ Timeout impact.

ondemand configuration

; The number of seconds after which an idle process will be killed.
; Note: Used only when pm is set to 'ondemand'
; Default Value: 10s
;pm.process_idle_timeout = 10s;

; The number of requests each child process should execute before respawning.
; This can be useful to work around memory leaks in 3rd party libraries. For
; endless request processing specify '0'. Equivalent to PHP_FCGI_MAX_REQUESTS.
; Default Value: 0
; pm.max_requests = 500
  • pm.process_idle_timeout = 10s: if the child process is idle for more than 10s, the child process will be killed. PM is only valid if it is ondemand.
  • pm.max_requests = 500: the maximum number of child processes surviving at the same time. 0 means infinite. For the third-party library, there may be memory leakage, which is a good solution.

pm.status_path configuration

Since there are too many default introductions, try to move less.

; Default Value: not set 
; pm.status_path = /status
  • pm.status_path: records the status of the processing request to the specified file. It is not set by default. Must start with / and preferably not php ends to prevent mixing with real php scripts. It can be output in json, xml and html formats. The default is text/plain. Add the request format after the request, such as: www.foo.bar/status?json , you can also add the parameter full to obtain more detailed values, such as: www.foo.bar/status?json&full

The output value without the full parameter is described as follows:

;   pool                 - the name of the pool;
;   process manager      - static, dynamic or ondemand;
;   start time           - the date and time FPM has started;
;   start since          - number of seconds since FPM has started;
;   accepted conn        - the number of request accepted by the pool;
;   listen queue         - the number of request in the queue of pending
;                          connections (see backlog in listen(2));
;   max listen queue     - the maximum number of requests in the queue
;                          of pending connections since FPM has started;
;   listen queue len     - the size of the socket queue of pending connections;
;   idle processes       - the number of idle processes;
;   active processes     - the number of active processes;
;   total processes      - the number of idle + active processes;
;   max active processes - the maximum number of active processes since FPM
;                          has started;
;   max children reached - number of times, the process limit has been reached,
;                          when pm tries to start more children (works only for
;                          pm 'dynamic' and 'ondemand');

The output with full parameter is as follows:

;   pid                  - the PID of the process;
;   state                - the state of the process (Idle, Running, ...);
;   start time           - the date and time the process has started;
;   start since          - the number of seconds since the process has started;
;   requests             - the number of requests the process has served;
;   request duration     - the duration in µs of the requests;
;   request method       - the request method (GET, POST, ...);
;   request URI          - the request URI with the query string;
;   content length       - the content length of the request (only with POST);
;   user                 - the user (PHP_AUTH_USER) (or '-' if not set);
;   script               - the main script called (or '-' if not set);
;   last request cpu     - the %cpu the last request consumed
;                          it's always 0 if the process is not in Idle state
;                          because CPU calculation is done when the request
;                          processing has terminated;
;   last request memory  - the max amount of memory the last request consumed
;                          it's always 0 if the process is not in Idle state
;                          because memory calculation is done when the request
;                          processing has terminated;

ping related configuration

; The ping URI to call the monitoring page of FPM. If this value is not set, no
; URI will be recognized as a ping page. This could be used to test from outside
; that FPM is alive and responding, or to
; - create a graph of FPM availability (rrd or such);
; - remove a server from a group if it is not responding (load balancing);
; - trigger alerts for the operating team (24/7).
; Note: The value must start with a leading slash (/). The value can be
;       anything, but it may not be a good idea to use the .php extension or it
;       may conflict with a real PHP file.
; Default Value: not set
; ping.path = /ping

; This directive may be used to customize the response of a ping request. The
; response is formatted as text/plain with a 200 response code.
; Default Value: pong
; ping.response = pong
  • ping.path = /ping: used to monitor whether the FPM is alive. It is not set by default.
  • ping.response = pong: output of customized Ping

access.log and slowlog

; Default: not set
;access.log = log/$pool.access.log

; Default: "%R - %u %t \"%m %r\" %s"
;access.format = "%R - %u %t \"%m %r%Q%q\" %s %f %{mili}d %{kilo}M %C%%"

; The log file for slow requests
; Default Value: not set
; Note: slowlog is mandatory if request_slowlog_timeout is set
;slowlog = log/$pool.log.slow

; The timeout for serving a single request after which a PHP backtrace will be
; dumped to the 'slowlog' file. A value of '0s' means 'off'.
; Available units: s(econds)(default), m(inutes), h(ours), or d(ays)
; Default Value: 0
;request_slowlog_timeout = 0
  • access.log: supports many kinds of placeholders. Don't paste it first. The space is limited.
  • slowlog = log/$pool.log.slow: request timeout will be recorded here, and request needs to be configured_ slowlog_ Timeout is valid.
  • request_slowlog_timeout = 0: sets the timeout time of the request. The unit is: s(econds)(default), m(inutes), h(ours), or d(ays)

request_terminate_timeout

; The timeout for serving a single request after which the worker process will
; be killed. This option should be used when the 'max_execution_time' ini option
; does not stop script execution for some reason. A value of '0' means 'off'.
; Available units: s(econds)(default), m(inutes), h(ours), or d(ays)
; Default Value: 0
;request_terminate_timeout = 0
  • request_terminate_timeout = 0: if a request times out, the process will be killed, especially when Max is configured_ execution_ Time attribute, but I don't know what causes the process to fail to end. The default is 0, which is not enabled.

rlimit_files and rlimit_core

; Set open file descriptor rlimit.
; Default Value: system defined value
;rlimit_files = 1024

; Set max core size rlimit.
; Possible Values: 'unlimited' or an integer greater or equal to 0
; Default Value: system defined value
;rlimit_core = 0
  • rlimit_files = 1024: sets the limit for opening file descriptors. The default value is the system value.
  • rlimit_core = 0: set the maximum file occupancy limit. The default is the system value.

chroot

; Chroot to this directory at the start. This value must be defined as an
; absolute path. When this value is not set, chroot is not used.
; Note: you can prefix with '$prefix' to chroot to the pool prefix or one
; of its subdirectories. If the pool prefix is not set, the global prefix
; will be used instead.
; Note: chrooting is a great security feature and should be used whenever 
;       possible. However, all PHP paths will be relative to the chroot
;       (error_log, sessions.save_path, ...).
; Default Value: not set
;chroot = 
  • chroot: replace the root directory with the specified destination directory, which must be an absolute path. You can use the $pool or $prefix variables.

chdir

; Chdir to this directory at the start.
; Note: relative path can be used.
; Default Value: current directory or / when chroot
;chdir = /var/www
  • chdir: change the current directory, similar to cd. The default is the current path. If chroot is enabled, it is /.

catch_workers_output

; Redirect worker stdout and stderr into main error log. If not set, stdout and
; stderr will be redirected to /dev/null according to FastCGI specs.
; Note: on highloaded environement, this can cause some delay in the page
; process time (several ms).
; Default Value: no
;catch_workers_output = yes
  • catch_workers_output = yes: no by default. If it is not set, the error and output will be discarded, and if it is set, it will be written to the main error log.

environment related

; Clear environment in FPM workers
; Prevents arbitrary environment variables from reaching FPM worker processes
; by clearing the environment in workers before env vars specified in this
; pool configuration are added.
; Setting to "no" will make all environment variables available to PHP code
; via getenv(), $_ENV and $_SERVER.
; Default Value: yes
;clear_env = no

; Limits the extensions of the main script FPM will allow to parse. This can
; prevent configuration mistakes on the web server side. You should only limit
; FPM to .php extensions to prevent malicious users to use other extensions to
; exectute php code.
; Note: set an empty value to allow all extensions.
; Default Value: .php
;security.limit_extensions = .php .php3 .php4 .php5

; Pass environment variables like LD_LIBRARY_PATH. All $VARIABLEs are taken from
; the current environment.
; Default Value: clean env
;env[HOSTNAME] = $HOSTNAME
;env[PATH] = /usr/local/bin:/usr/bin:/bin
;env[TMP] = /tmp
;env[TMPDIR] = /tmp
;env[TEMP] = /tmp
  • clear_env = no: the default value is yes. When enabled, the child process can get getenv$_ ENV,$_ The value of SERVER.
  • security.limit_extensions = .php .php3 .php4 .php5: the default value is php. Limit the script format that FPM can parse. If it is set to blank, it means that all format files can be parsed. The main purpose is to restrict malicious users from executing other scripts through some extensions.
  • env: set the environment variable. It is not set by default.

Some other PHP Ini configuration

; Additional php.ini defines, specific to this pool of workers. These settings
; overwrite the values previously defined in the php.ini. The directives are the
; same as the PHP SAPI:
;   php_value/php_flag             - you can set classic ini defines which can
;                                    be overwritten from PHP call 'ini_set'. 
;   php_admin_value/php_admin_flag - these directives won't be overwritten by
;                                     PHP call 'ini_set'
; For php_*flag, valid values are on, off, 1, 0, true, false, yes or no.

; Defining 'extension' will load the corresponding shared extension from
; extension_dir. Defining 'disable_functions' or 'disable_classes' will not
; overwrite previously defined php.ini values, but will append the new value
; instead.

; Note: path INI options can be relative and will be expanded with the prefix
; (pool, global or /usr)

; Default Value: nothing is defined by default except the values in php.ini and
;                specified at startup with the -d argument
;php_admin_value[sendmail_path] = /usr/sbin/sendmail -t -i -f www@my.domain.com
;php_flag[display_errors] = off
;php_admin_value[error_log] = /var/log/fpm-php.www.log
;php_admin_flag[log_errors] = on
;php_admin_value[memory_limit] = 32M

Define some and PHP Ini configuration related properties only work for the current child process. The relevant configuration will override PHP Ini configuration.

  • php_value/php_flag: can be ini_set redefinition.
  • php_admin_value/php_admin_flag: cannot be ini_set redefinition. Will not overwrite

    Note: PHP_* Acceptable values of Flag: on, off, 1, 0, true, false, yes or no. if extension is defined, it will start from extension_dir read extension. If disable is defined_ Functions or disable_classes will not overwrite the original settings, but will be added on the original basis.

Tags: PHP

Posted by crazykid on Wed, 18 May 2022 14:36:12 +0300