Join the community today
Register Now

PHP-FPM php.ini per site?

Discussion in 'Nginx, PHP-FPM & MariaDB MySQL' started by joshuah, Apr 27, 2017.

  1. joshuah

    joshuah Member

    121
    14
    18
    Apr 3, 2017
    Ratings:
    +17
    Local Time:
    5:18 AM
    Hello,

    Is it possible to run a custom php.ini per website? i.e. if I want to add a auto_prepend_file for one website only?

    i.e. upload a php.ini into the /home/nginx/domains/abc.tld root directory?


    Thanks.
     
  2. eva2000

    eva2000 Administrator Staff Member

    54,524
    12,211
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +18,780
    Local Time:
    4:18 AM
    Nginx 1.27.x
    MariaDB 10.x/11.4+
    To have per nginx vhost php.ini custom settings, you need to setup a separate php-fpm pool for that specific web host's nginx vhost

    1. enable multiple php-fpm support by editing /usr/local/etc/php-fpm.conf and uncommenting the line below removing the semi-colon
    Code (Text):
    ;include=/usr/local/nginx/conf/phpfpmd/*.conf
    

    to become
    Code (Text):
    include=/usr/local/nginx/conf/phpfpmd/*.conf
    


    2. make use of the 5th pre-existing phpfpm_pool5.conf within /usr/local/nginx/conf/phpfpmd/ directory at /usr/local/nginx/conf/phpfpmd/phpfpm_pool5.conf

    it's contents shows this 5th pool is named pool5 and listens on TCP 9005 port with predefined php_admin_value[error_log] = /var/log/php-fpm/www-php.error-pool5.log error log location

    Code (Text):
    [pool5]
    user = nginx
    group = nginx
    
    listen = 127.0.0.1:9005
    listen.allowed_clients = 127.0.0.1
    listen.backlog = 65535
    
    ;listen = /tmp/php5-fpm-pool5.sock
    listen.owner = nginx
    listen.group = nginx
    listen.mode = 0660
    
    pm = ondemand
    pm.max_children = 4
    ; Default Value: min_spare_servers + (max_spare_servers - min_spare_servers) / 2
    pm.start_servers = 4
    pm.min_spare_servers = 2
    pm.max_spare_servers = 6
    pm.max_requests = 1000
    
    ; PHP 5.3.9 setting
    ; The number of seconds after which an idle process will be killed.
    ; Note: Used only when pm is set to 'ondemand'
    ; Default Value: 10s
    pm.process_idle_timeout = 10s;
    
    rlimit_files = 65536
    rlimit_core = 0
    
    ; The timeout for serving a single request after which the worker process will
    ; be killed. This option should be used when the 'max_execution_time' ini option
    ; does not stop script execution for some reason. A value of '0' means 'off'.
    ; Available units: s(econds)(default), m(inutes), h(ours), or d(ays)
    ; Default Value: 0
    ;request_terminate_timeout = 0
    ; Default Value: 0
    ;request_slowlog_timeout = 0
    slowlog = /var/log/php-fpm/www-slow-pool5.log
    
    pm.status_path = /phpstatus-pool5
    ping.path = /phpping-pool5
    ping.response = pong
    
    ; Limits the extensions of the main script FPM will allow to parse. This can
    ; prevent configuration mistakes on the web server side. You should only limit
    ; FPM to .php extensions to prevent malicious users to use other extensions to
    ; exectute php code.
    ; Note: set an empty value to allow all extensions.
    ; Default Value: .php
    security.limit_extensions = .php .php3 .php4 .php5
    
    ; catch_workers_output = yes
    php_admin_value[error_log] = /var/log/php-fpm/www-php.error-pool5.log
    php_admin_value[disable_functions] = shell_exec
    

    notice that certain settings have their own unique filename with suffix of the pool number i.e. = 5. If you want to replicate this for other sites, you will need to make copies of /usr/local/nginx/conf/phpfpmd/phpfpm_pool5.conf i.e. /usr/local/nginx/conf/phpfpmd/phpfpm_pool6.conf and so on and increment the suffix i.e. to 6 and increase listen port by 1 so 127.0.0.1:9006 for 6th pool etc
    Code (Text):
    [pool5]
    listen = 127.0.0.1:9005
    
    ;listen = /tmp/php5-fpm-pool5.sock
    
    slowlog = /var/log/php-fpm/www-slow-pool5.log
    
    pm.status_path = /phpstatus-pool5
    ping.path = /phpping-pool5
    
    php_admin_value[error_log] = /var/log/php-fpm/www-php.error-pool5.log
    


    3. make a copy of global default php include file which exists in all nginx vhost config files /usr/local/nginx/conf/php.conf and name that copy /usr/local/nginx/conf/phpcustom-yourdomain.com.conf and then in yourdomain.com.conf nginx vhost and/or yourdomain.com.ssl.conf replace the include like for php.conf with one of phpcustom-yourdomain.conf
    Code (Text):
    cp /usr/local/nginx/conf/php.conf /usr/local/nginx/conf/phpcustom-yourdomain.conf
    

    Code (Text):
    #include /usr/local/nginx/conf/php.conf;
    include /usr/local/nginx/conf/phpcustom-yourdomain.conf;
    


    4. then edit /usr/local/nginx/conf/phpcustom-yourdomain.conf and

    change these 2 lines from
    Code (Text):
        fastcgi_pass   127.0.0.1:9000;
        #fastcgi_pass   unix:/tmp/php5-fpm.sock;
    

    to the corresponding ones in /usr/local/nginx/conf/phpfpmd/phpfpm_pool5.conf
    Code (Text):
        fastcgi_pass   127.0.0.1:9005;
        #fastcgi_pass   unix:/tmp/php5-fpm-pool5.sock;
    

    or on newer 123.09beta01 change to
    Code (Text):
       #fastcgi_pass dft_php;
       fastcgi_pass   127.0.0.1:9005;
       #fastcgi_pass   unix:/tmp/php5-fpm-pool5.sock;
    


    5. now to add your custom php.ini settings specific to just yourdomain.com site you need to use the php_admin_value method within /usr/local/nginx/conf/phpfpmd/phpfpm_pool5.conf. There is already 2 existing examples of customising php.ini settings in the file at
    Code (Text):
    php_admin_value[error_log] = /var/log/php-fpm/www-php.error-pool5.log
    php_admin_value[disable_functions] = shell_exec
    

    So if you want to enable for yourdomain.com only auto_preappend_file php setting PHP: Description of core php.ini directives - Manual
    Code (Text):
    php_admin_value[error_log] = /var/log/php-fpm/www-php.error-pool5.log
    php_admin_value[disable_functions] = shell_exec
    php_admin_value[auto_append_file] = filename
    


    6. Restart Nginx + PHP-FPM
    Code (Text):
    nprestart
    


    Summary

    End result is yourdomain.com nginx vhosts will reference new php include file
    Code (Text):
    include /usr/local/nginx/conf/phpcustom-yourdomain.conf;
    

    which tells you to use fastcgi_pass 127.0.0.1:9005
    Code (Text):
        fastcgi_pass   127.0.0.1:9005;
        #fastcgi_pass   unix:/tmp/php5-fpm-pool5.sock;
    

    and 127.0.0.1:9005 php-fpm pool is controlled by /usr/local/nginx/conf/phpfpmd/phpfpm_pool5.conf which has your custom php.ini settings added via php_admin_value
     
  3. alagmouch

    alagmouch New Member

    6
    4
    3
    May 19, 2018
    Dubai
    Ratings:
    +5
    Local Time:
    7:18 PM
    Nginx 1.15.0
    MariaDB 10.1.33
    Thanks for the guide on how to setup the above. A few question I appreciate your help with if possible:

    1. Are the pre-existing pools already reserved or can they be used also?
    2. In case I wish to setup the separate settings for either 1 site or several sites (pooled), is it mandatory that I should use the file phpfpm_pool5.conf or can I go ahead and create a new one (which will be phpfpm_pool6.conf) instead?
    3. In case I wish to provide for the new pool(s) some identification, can I use something like this:
      • phpfpm_pl6_espocrm.conf
      • phpfpm_pl7_typo3.conf
      • Etc... (and of course adjust accordingly in the respective files also)
    Thanks in advance for your prompt response.

    Regards,
    Hakeem
     
  4. eva2000

    eva2000 Administrator Staff Member

    54,524
    12,211
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +18,780
    Local Time:
    4:18 AM
    Nginx 1.27.x
    MariaDB 10.x/11.4+
    Ppre existing multiple php-fpm pools are idle and not used out of box so when enabled, you can setup as needed. More details of what you could do with them at Beta Branch - Centmin Mod .08 beta03+ Multiple PHP-FPM pools support added

    not mandatory, pools 2-5 are just examples you can create as many pools as you like with their own custom config and TCP port etc

    As per Guide to learning more about Centmin Mod, if you setup a test VPS, you can try what you want without fear of messing up :)
     
  5. JoeDer

    JoeDer Member

    82
    19
    8
    Feb 22, 2015
    Ratings:
    +48
    Local Time:
    8:18 PM
    Nginx 1.21.x
    MariaDB 10.3.x
    Hello,

    I have done everything in this guide and I have an issue when php-fpm and nginx restart, actually when nginx restart.
    Code:
    $ nprestart
    Restarting nginx (via systemctl):  Job for nginx.service failed because the control process exited with error code. See "systemctl status nginx.service" and "journalctl -xe" for details.
                                                               [FAILED]
    Restarting php-fpm (via systemctl) [  OK  ]
    
    From the systemctl status nginx.service I saw about the fastcgi_pass 127.0.0.1:9005; is reported as duplicate.
    Code:
    $ systemctl status nginx.service
    ● nginx.service - SYSV: Nginx is an HTTP(S) server, HTTP(S) reverse proxy and IMAP/POP3 proxy server
       Loaded: loaded (/etc/rc.d/init.d/nginx; bad; vendor preset: disabled)
       Active: failed (Result: exit-code) since Sun 2020-09-27 13:23:03 UTC; 1min 42s ago
         Docs: man:systemd-sysv-generator(8)
      Process: 63387 ExecStart=/etc/rc.d/init.d/nginx start (code=exited, status=1/FAILURE)
     Main PID: 57839 (code=exited, status=0/SUCCESS)
    
    Sep 27 13:23:03 my.hostname.com systemd[1]: Starting SYSV: Nginx is an HTTP(S) server, HTTP(S) reverse proxy and IMAP/POP3 proxy server...
    Sep 27 13:23:03 my.hostname.com nginx[63387]: Starting nginx: nginx: [emerg] "fastcgi_pass" directive is duplicate in /usr/local/nginx/conf/phpcustom-mydomain.conf:9
    Sep 27 13:23:03 my.hostname.com nginx[63387]: [FAILED]
    Sep 27 13:23:03 my.hostname.com systemd[1]: nginx.service: control process exited, code=exited status=1
    Sep 27 13:23:03 my.hostname.com systemd[1]: Failed to start SYSV: Nginx is an HTTP(S) server, HTTP(S) reverse proxy and IMAP/POP3 proxy server.
    Sep 27 13:23:03 my.hostname.com systemd[1]: Unit nginx.service entered failed state.
    Sep 27 13:23:03 my.hostname.com systemd[1]: nginx.service failed.
    
    My phpcustom-mydomain.conf
    Code:
    location ~ [^/]\.php(/|$) {
      include /usr/local/nginx/conf/503include-only.conf;
        fastcgi_split_path_info ^(.+?\.php)(/.*)$;
        if (!-f $document_root$fastcgi_script_name) {
            return 404;
        }
        #fastcgi_keep_conn on;
        fastcgi_pass dft_php;
        fastcgi_pass   127.0.0.1:9005;
        #fastcgi_pass   unix:/var/run/php-fpm/php-fpm-pool5.sock;
        fastcgi_index  index.php;
        #fastcgi_param  SCRIPT_FILENAME  $document_root$fastcgi_script_name;
        fastcgi_param  SCRIPT_FILENAME    $request_filename;
        fastcgi_param PHP_ADMIN_VALUE open_basedir=$document_root/:/usr/local/lib/php/:/tmp/;
    
    # might shave 200+ ms off PHP requests
    # which don't pass on a content length header
    # slightly faster page response time at the
    # expense of throughput / scalability
    #sendfile on;
    #tcp_nopush off;
    #keepalive_requests 0;
    
    fastcgi_connect_timeout 360s;
    fastcgi_send_timeout 360s;
    fastcgi_read_timeout 360s;
    fastcgi_buffer_size 32k;
    fastcgi_buffers 512 32k;
    fastcgi_busy_buffers_size 1m;
    fastcgi_temp_file_write_size 4m;
    fastcgi_max_temp_file_size 4m;
    fastcgi_intercept_errors off;
    
    # next 3 lines when uncommented / enabled
    # allow Nginx to handle uploads which then 
    # passes back the completed upload to PHP
    #fastcgi_pass_request_body off;
    #client_body_in_file_only clean;
    #fastcgi_param  REQUEST_BODY_FILE  $request_body_file;
    
    #new .04+ map method
    fastcgi_param HTTPS $server_https;
    
    # comment out PATH_TRANSLATED line if /usr/local/lib/php.ini sets following:
    # cgi.fix_pathinfo=0 
    # as of centminmod v1.2.3-eva2000.01 default is set to cgi.fix_pathinfo=1
    
    fastcgi_param  PATH_INFO          $fastcgi_path_info;
    fastcgi_param  PATH_TRANSLATED    $document_root$fastcgi_path_info;
    
    fastcgi_param  QUERY_STRING       $query_string;
    fastcgi_param  REQUEST_METHOD     $request_method;
    fastcgi_param  CONTENT_TYPE       $content_type;
    fastcgi_param  CONTENT_LENGTH     $content_length;
    
    fastcgi_param  SCRIPT_NAME        $fastcgi_script_name;
    fastcgi_param  REQUEST_URI        $request_uri;
    fastcgi_param  DOCUMENT_URI       $document_uri;
    fastcgi_param  DOCUMENT_ROOT      $document_root;
    fastcgi_param  SERVER_PROTOCOL    $server_protocol;
    fastcgi_param  REQUEST_SCHEME     $scheme;
    fastcgi_param  HTTPS              $https if_not_empty;
    fastcgi_param  HTTP_PROXY         "";
    
    fastcgi_param  GATEWAY_INTERFACE  CGI/1.1;
    fastcgi_param  SERVER_SOFTWARE    nginx/$nginx_version;
    
    fastcgi_param  REMOTE_ADDR        $remote_addr;
    fastcgi_param  REMOTE_PORT        $remote_port;
    fastcgi_param  SERVER_ADDR        $server_addr;
    fastcgi_param  SERVER_PORT        $server_port;
    fastcgi_param  SERVER_NAME        $server_name;
    
    # Set php-fpm geoip variables
    fastcgi_param GEOIP_COUNTRY_CODE $geoip_country_code;
    fastcgi_param GEOIP_COUNTRY_CODE3 $geoip_country_code3;
    fastcgi_param GEOIP_COUNTRY_NAME $geoip_country_name;
    fastcgi_param GEOIP_CITY_COUNTRY_CODE $geoip_city_country_code;
    fastcgi_param GEOIP_CITY_COUNTRY_CODE3 $geoip_city_country_code3;
    fastcgi_param GEOIP_CITY_COUNTRY_NAME $geoip_city_country_name;
    fastcgi_param GEOIP_REGION $geoip_region;
    fastcgi_param GEOIP_CITY $geoip_city;
    fastcgi_param GEOIP_POSTAL_CODE $geoip_postal_code;
    fastcgi_param GEOIP_CITY_CONTINENT_CODE $geoip_city_continent_code;
    fastcgi_param GEOIP_LATITUDE $geoip_latitude;
    fastcgi_param GEOIP_LONGITUDE $geoip_longitude;
    
    # PHP only, required if PHP was built with --enable-force-cgi-redirect
    fastcgi_param  REDIRECT_STATUS    200;
    
                       }
    
    Is it something I missing about this issue?

    Thanks
     
  6. eva2000

    eva2000 Administrator Staff Member

    54,524
    12,211
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +18,780
    Local Time:
    4:18 AM
    Nginx 1.27.x
    MariaDB 10.x/11.4+
    when you get nginx restart errors, run nginx config check command to see what the issue is
    Code (Text):
    nginx -t
     
  7. eva2000

    eva2000 Administrator Staff Member

    54,524
    12,211
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +18,780
    Local Time:
    4:18 AM
    Nginx 1.27.x
    MariaDB 10.x/11.4+
    oh you have duplicate as you have 2 fastcgi_pass directives
    Code (Text):
       fastcgi_pass dft_php;
       fastcgi_pass   127.0.0.1:9005;
    

    the 1st one is default used in latest 123.09beta01 which references /usr/local/nginx/conf/default_phpupstream.conf include file in /usr/local/nginx/conf/nginx.conf
    Code (Text):
    include /usr/local/nginx/conf/default_phpupstream.conf;

    so comment out and disable the first one
    Code (Text):
       #fastcgi_pass dft_php;
       fastcgi_pass   127.0.0.1:9005;
    
     
  8. JoeDer

    JoeDer Member

    82
    19
    8
    Feb 22, 2015
    Ratings:
    +48
    Local Time:
    8:18 PM
    Nginx 1.21.x
    MariaDB 10.3.x
    Thank you! It works!

    From the guide, I think the step #4 must have a small edit for this useful detail.

    Before this, I was able to "temporary" manage this issue by adding in my nginx vhost config file the /usr/local/nginx/conf/php-pool5.conf as it is, instead of a copy of usr/local/nginx/conf/php.conf
     
  9. eva2000

    eva2000 Administrator Staff Member

    54,524
    12,211
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +18,780
    Local Time:
    4:18 AM
    Nginx 1.27.x
    MariaDB 10.x/11.4+
    cheers I updated that post with extra info now :)