Beta Branch update php-fpm configuration in 123.09beta01

eva2000 · Jan 29, 2019

update php-fpm configuration in 123.09beta01

1. update default pm.max_children value from 20 to 30 in PHP-FPM config file /usr/local/etc/php-fpm.conf for fresh installs only. Existing installs not changed as it may override existing install's custom settings users may have made.
2. update nginx.conf add /usr/local/nginx/conf/default_phpupstream.conf in 123.09beta01

add /usr/local/nginx/conf/default_phpupstream.conf include file to /usr/local/nginx/conf/nginx.conf which contains the new default PHP-FPM upstream configuration named dft_php containing
Code (Text):
upstream dft_php {
  zone dftphp_zone 128k;
  server 127.0.0.1:9000;
  keepalive 2;
}
The global php include file at /usr/local/nginx/conf/php.conf in every generated nginx vhost is responsible for serving PHP to visitors. In the /usr/local/nginx/conf/php.conf include file the setting
Code (Text):
fastcgi_pass   127.0.0.1:9000;
is responsible for telling Nginx which PHP-FPM server to communicate with - the default PHP-FPM server is located on 127.0.0.1 port 9000.

with newly added /usr/local/nginx/conf/default_phpupstream.conf include file to /usr/local/nginx/conf/nginx.conf in place, you can edit /usr/local/nginx/conf/php.conf to change the referenced fastcgi_pass setting to talk to a upstream called dft_php
Code (Text):
fastcgi_pass dft_php;
#fastcgi_pass   127.0.0.1:9000;
with old setting commented out with a hash # in front of it. New 123.09beta01 installs only will default to this configuration in /usr/local/nginx/conf/php.conf with added /usr/local/nginx/conf/default_phpupstream.conf include file in /usr/local/nginx/conf/nginx.conf. Existing installs will have added /usr/local/nginx/conf/default_phpupstream.conf include file in /usr/local/nginx/conf/nginx.conf but /usr/local/nginx/conf/php.conf include is not changed as it may override existing install's custom settings.

dft_php upstream references the server that nginx will communicate with which is same default PHP-FPM 127.0.0.1 on port 9000 while upstream has additional settings for keepalive. Switching to such a setup might have slight benefit for PHP-FPM latency response times and performance.

Continue reading...

123.09beta01 branch

Branch: centminmod/centminmod

Commit History: centminmod/centminmod

rdan · Jan 30, 2019

Maybe we can expand this update to:

Code:

upstream dft_php {
        server unix:/var/run/php/php-fpm.sock;
        server 127.0.0.1:9000 backup;
        zone dftphp_zone 128k;
        keepalive 2;
    }

eva2000 · Jan 30, 2019

unix sockets are disabled by default for TCP port 9000 usage - you can only set one not both at same time so setting that to unix sockets default with TCP 9000 backup = 502 errors for php

rdan · Jan 30, 2019

eva2000 said: ↑

while upstream has additional settings for keepalive. Switching to such a setup might have slight benefit for PHP-FPM latency response times and performance.
Click to expand...

Any benchmark/articles to read about this Eva?
Thanks!

eva2000 · Jan 30, 2019

rdan said: ↑

Any benchmark/articles to read about this Eva?
Thanks!
Click to expand...

Just my own private testing for past few years

Of course you can do your own comparison testing of the new configuration versus previous one too

rdan · Jan 30, 2019

Some info I've read:
Does using fastcgi_keep_conn in nginx increase performance for php-fpm?

Seems your missing fastcgi_keep_conn on also.

eva2000 · Jan 30, 2019

indeed true.. my custom setups do have fastcgi_keep_conn set as does experimental wordpress fastcgi_cache routine for centmin.sh menu option 22 that i have been working on. Will add it to the defaults now too

rdan · Jan 30, 2019

eva2000 said: ↑

you can only set one not both at same time so setting that to unix sockets default with TCP 9000 backup = 502 errors for php
Click to expand...

Possible if I will enable/create another 1 pool on unix socket as mention here: Beta Branch - Centmin Mod .08 beta03+ Multiple PHP-FPM pools support added ?

eva2000 · Jan 30, 2019

yes fastcgi_pass/server upstream is 1 per php-fpm pool. So if you have multiple PHP-FPM pools, you can list each in upstream as a separate server directive entry. But you want to create your own upstream instead of using this default one which will override with 123.09beta01 updates right now

rdan · Jan 30, 2019

I think I got it working fine.

1st I created: /usr/local/nginx/conf/php_poolunix.conf

Code (Text):

[poolunix]
user = nginx
group = nginx

;listen = 127.0.0.1:9002
listen.allowed_clients = 127.0.0.1
;listen.backlog = -1

listen = /tmp/php-fpm-unix.sock
listen.owner = nginx
listen.group = nginx
listen.mode = 0660

pm = static
pm.max_children = 32
pm.start_servers = 8
pm.min_spare_servers = 4
pm.max_spare_servers = 16
pm.max_requests = 5000

; PHP 5.3.9 setting
; The number of seconds after which an idle process will be killed.
; Note: Used only when pm is set to 'ondemand'
; Default Value: 10s
pm.process_idle_timeout = 10s;

rlimit_files = 65536
rlimit_core = 0

; The timeout for serving a single request after which the worker process will
; be killed. This option should be used when the 'max_execution_time' ini option
; does not stop script execution for some reason. A value of '0' means 'off'.
; Available units: s(econds)(default), m(inutes), h(ours), or d(ays)
; Default Value: 0
request_terminate_timeout = 90s
; Default Value: 0
;request_slowlog_timeout = 0
slowlog = /var/log/php-fpm/www-slow-poolunix.log

pm.status_path = /phpstatus-poolunix
ping.path = /phpping-poolunix
ping.response = pong

; Limits the extensions of the main script FPM will allow to parse. This can
; prevent configuration mistakes on the web server side. You should only limit
; FPM to .php extensions to prevent malicious users to use other extensions to
; exectute php code.
; Note: set an empty value to allow all extensions.
; Default Value: .php
security.limit_extensions = .php

; catch_workers_output = yes
php_admin_value[error_log] = /var/log/php-fpm/www-php.error-poolunix.log
;php_admin_value[disable_functions] = shell_exec
php_admin_value[memory_limit] = 2048M

2nd edited: /usr/local/etc/php-fpm.conf

3rd include this code inside [global]:

Code (Text):

include=/usr/local/nginx/conf/php_poolunix.conf

4th modify the content of: /usr/local/nginx/conf/default_phpupstream.conf to

Code (Text):

upstream dft_php {
    #ip_hash;
    zone dftphp_zone 128k;
    server unix:/tmp/php-fpm-unix.sock;
    server 127.0.0.1:9000 backup;
    keepalive 5;
}

Please let me know what else I missed :|.
Seems to work fine.

eva2000 · Jan 30, 2019

rdan said: ↑

2nd edited: /usr/local/etc/php-fpm.conf

3rd include this code inside [global]:
Click to expand...

no need to do that as you can use existing directory in php-fpm.conf uncomment
Code (Text):
;include=/usr/local/nginx/conf/phpfpmd/*.conf
to become
Code (Text):
include=/usr/local/nginx/conf/phpfpmd/*.conf
then add custom php-fpm pool, php_poolunix.conf into directory /usr/local/nginx/conf/phpfpmd/php_poolunix.conf but this will enable the extra pools Centmin Mod 123.09beta01 has too in /usr/local/nginx/conf/phpfpmd

so if you don't want that then yes do
Code (Text):
include=/usr/local/nginx/conf/php_poolunix.conf
don't edit default /usr/local/nginx/conf/default_phpupstream.conf but create your own i.e. /usr/local/nginx/conf/default_phpunixupstream.conf and include into /usr/local/nginx/conf/nginx.conf

also as per Beta Branch - Centmin Mod .08 beta03+ Multiple PHP-FPM pools support added upstream php-fpm needs to add to /usr/local/nginx/conf/php.conf or create copy of php.conf to include/replace in nginx vhost with
Code (Text):
fastcgi_next_upstream error timeout http_500 http_503;
but setting this will on xenforo forum closures result in alternating 503 and 502 bad gateway errors for visitors as xenforo reports 503 when closed and all php-fpm pools would send 503 to nginx which nginx would see as php-fpm pools all being down

Module ngx_http_fastcgi_module

Specifies in which cases a request should be passed to the next server:
error
an error occurred while establishing a connection with the server, passing a request to it, or reading the response header;
timeout
a timeout has occurred while establishing a connection with the server, passing a request to it, or reading the response header;
invalid_header
a server returned an empty or invalid response;
http_500
a server returned a response with the code 500;
http_503
a server returned a response with the code 503;
http_403
a server returned a response with the code 403;
http_404
a server returned a response with the code 404;
http_429
a server returned a response with the code 429 (1.11.13);
Click to expand...

rdan · Jan 30, 2019

eva2000 said: ↑

also as per Beta Branch - Centmin Mod .08 beta03+ Multiple PHP-FPM pools support added upstream php-fpm needs to add to /usr/local/nginx/conf/php.conf or create copy of php.conf to include/replace in nginx vhost with
Click to expand...

Specifies in which cases a request should be passed to the next server:
Click to expand...

Is this the same or necessary even if I just use the TCP as backup server?

eva2000 · Jan 30, 2019

rdan said: ↑

Is this the same or necessary even if I just use the TCP as backup server?
Click to expand...

If you don't set it, it has it's defaults for just error and timeout instances where it will move to next upstream i.e. backup.

Syntax: fastcgi_next_upstream error | timeout | invalid_header | http_500 | http_503 | http_403 |http_404 | http_429 | non_idempotent | off ...;
Default:
fastcgi_next_upstream error timeout;
Context: http, server, location
Specifies in which cases a request should be passed to the next server:
Click to expand...

rdan · Jan 30, 2019

eva2000 said: ↑

but setting this will on xenforo forum closures result in alternating 503 and 502 bad gateway errors for visitors as xenforo reports 503 when closed and all php-fpm pools would send 503 to nginx which nginx would see as php-fpm pools all being down
Click to expand...

I hope someone can create an addon for this:
Add-on - XF 2.1 Request - Change Inactive board status code 503 to 200

eva2000 · Jan 30, 2019

rdan said: ↑

I hope someone can create an addon for this:
Add-on - XF 2.1 Request - Change Inactive board status code 503 to 200
Click to expand...

Yeah tricky as Chris stated 503 status is valid for temporarily unavailable for forum closed inactive status. You don't want 200 status as search engines will index the closed state of your forums.

rdan · Jan 30, 2019

Maybe 403 is fine.

eva2000 · Jan 30, 2019

rdan said: ↑

Maybe 403 is fine.
Click to expand...

Yeah that might work

rdan · Jan 31, 2019

eva2000 said: ↑

but setting this will on xenforo forum closures result in alternating 503 and 502 bad gateway errors for visitors as xenforo reports 503 when closed and all php-fpm pools would send 503 to nginx which nginx would see as php-fpm pools all being down
Click to expand...

I encounter this now on devsite.
True indeed.

Edit: With 403 works fine for guest.

rdan · Feb 6, 2019

rdan said: ↑

I think I got it working fine.

1st I created: /usr/local/nginx/conf/php_poolunix.conf

Code (Text):

[poolunix]
user = nginx
group = nginx

;listen = 127.0.0.1:9002
listen.allowed_clients = 127.0.0.1
;listen.backlog = -1

listen = /tmp/php-fpm-unix.sock
listen.owner = nginx
listen.group = nginx
listen.mode = 0660

pm = static
pm.max_children = 32
pm.start_servers = 8
pm.min_spare_servers = 4
pm.max_spare_servers = 16
pm.max_requests = 5000

; PHP 5.3.9 setting
; The number of seconds after which an idle process will be killed.
; Note: Used only when pm is set to 'ondemand'
; Default Value: 10s
pm.process_idle_timeout = 10s;

rlimit_files = 65536
rlimit_core = 0

; The timeout for serving a single request after which the worker process will
; be killed. This option should be used when the 'max_execution_time' ini option
; does not stop script execution for some reason. A value of '0' means 'off'.
; Available units: s(econds)(default), m(inutes), h(ours), or d(ays)
; Default Value: 0
request_terminate_timeout = 90s
; Default Value: 0
;request_slowlog_timeout = 0
slowlog = /var/log/php-fpm/www-slow-poolunix.log

pm.status_path = /phpstatus-poolunix
ping.path = /phpping-poolunix
ping.response = pong

; Limits the extensions of the main script FPM will allow to parse. This can
; prevent configuration mistakes on the web server side. You should only limit
; FPM to .php extensions to prevent malicious users to use other extensions to
; exectute php code.
; Note: set an empty value to allow all extensions.
; Default Value: .php
security.limit_extensions = .php

; catch_workers_output = yes
php_admin_value[error_log] = /var/log/php-fpm/www-php.error-poolunix.log
;php_admin_value[disable_functions] = shell_exec
php_admin_value[memory_limit] = 2048M

2nd edited: /usr/local/etc/php-fpm.conf

3rd include this code inside [global]:

Code (Text):

include=/usr/local/nginx/conf/php_poolunix.conf

4th modify the content of: /usr/local/nginx/conf/default_phpupstream.conf to

Code (Text):

upstream dft_php {
    #ip_hash;
    zone dftphp_zone 128k;
    server unix:/tmp/php-fpm-unix.sock;
    server 127.0.0.1:9000 backup;
    keepalive 5;
}

Please let me know what else I missed :|.
Seems to work fine.

Click to expand...

Just an FYI for those who want to try, this isn't working great on Large/Active sites.

Mine having 30+ average PHP-FPM request per seconds, and produce a lot of errors/lag :/.

eva2000 · Feb 6, 2019

rdan said: ↑

Mine having 30+ average PHP-FPM request per seconds, and produce a lot of errors/lag :/.
Click to expand...

that's because php-fpm unix sockets do not scale - see high concurrency traffic PHP-FPM benchmarks where oneinstack LEMP stack uses php-fpm unix sockets at PHP - PHP 7.x Benchmarks Centmin Mod vs Easyengine vs Webinoly vs VestaCP vs OneInStack

Log in / Register

Forums

Learn about Centmin Mod LEMP Stack today

Beta Branch update php-fpm configuration in 123.09beta01

eva2000 Administrator Staff Member

rdan Well-Known Member

eva2000 Administrator Staff Member

rdan Well-Known Member

eva2000 Administrator Staff Member

rdan Well-Known Member

eva2000 Administrator Staff Member

rdan Well-Known Member

eva2000 Administrator Staff Member

rdan Well-Known Member

eva2000 Administrator Staff Member

rdan Well-Known Member

eva2000 Administrator Staff Member

rdan Well-Known Member

eva2000 Administrator Staff Member

rdan Well-Known Member

eva2000 Administrator Staff Member

rdan Well-Known Member

rdan Well-Known Member

eva2000 Administrator Staff Member

.

Log in / Register

Useful Searches

Learn about Centmin Mod LEMP Stack today

Beta Branch update php-fpm configuration in 123.09beta01

eva2000 Administrator Staff Member

rdan Well-Known Member

eva2000 Administrator Staff Member

rdan Well-Known Member

eva2000 Administrator Staff Member

rdan Well-Known Member

eva2000 Administrator Staff Member

rdan Well-Known Member

eva2000 Administrator Staff Member

rdan Well-Known Member

eva2000 Administrator Staff Member

rdan Well-Known Member

eva2000 Administrator Staff Member

rdan Well-Known Member

eva2000 Administrator Staff Member

rdan Well-Known Member

eva2000 Administrator Staff Member

rdan Well-Known Member

rdan Well-Known Member

eva2000 Administrator Staff Member

.