Configure pools for each domain/vhost to separate the domains and run scripts as separte user. This works well with ssh-sftp setup.because scripts are owned by the same user as the sftp user - not www-data.
Pool per domain config:
cd /etc/php5/fpm/pool.d/ cp www.conf {user1.conf,user2.conf}
replace all appearances of “www” in user.conf
/etc/init.d/php-fpm restart
Add a user for each pool:
The username must be an exisiting user in the system. e.g.:
adduser --disabled-login USERNAME adduser www-data USERNAME mkdir /var/www/USERNAME chown -R USERNAME:USERNAME /var/www/USERNAME chmod 750 /var/www/USERNAME
PHP-FPM can run over a http connection or a unix socket. unix socket is faster.
vhost php config via unix socket:
server { ... location ~ \.php$ { fastcgi_split_path_info ^(.+\.php)(/.+)$; include fastcgi_params; fastcgi_intercept_errors on; fastcgi_index index.php; fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; # replace USERNAME by system/php-fpm-pool user: fastcgi_pass unix:/var/run/php5-fpm-USERNAME.sock; }
Wordpress required:
apt install php-iconv php-exif php-memcached php-soap php-yaml php-imap php-markdown php-readline php-curl php-opcache php-zip php-dom php-mbstring php-imagick php-fileinfo php-json php-xml php-simplexml
Use php-fpm for better performance and better security: run each domain in its own “pool” - processes per user. This way you also have less permission problems with sftp.
apt-get install apache2 libapache2-mod-fastcgi php5-fpm a2enmod actions cp /etc/apache2/mods-enabled/fastcgi.conf /etc/apache2/mods-enabled/fastcgi.conf.backup mcedit /etc/apache2/mods-enabled/fastcgi.conf <IfModule mod_fastcgi.c> AddType application/x-httpd-fastphp5 .php Action application/x-httpd-fastphp5 /php5-fcgi Alias /php5-fcgi /usr/lib/cgi-bin/php5-fcgi FastCgiExternalServer /usr/lib/cgi-bin/php5-fcgi -socket /var/run/php5-fpm.sock -pass-header Authorization <Directory /usr/lib/cgi-bin> Require all granted </Directory> </IfModule>
apache2ctl configtest /etc/init.d/apache2 restart
check if a phpfpm “www” pool process is running
You need to edit your vhosts to use the new pool. Replace USERNAME by the poolname you just created and VHOSTNAME by a dfifferent name in each vhost:
<VirtualHost *:80> ... <IfModule mod_fastcgi.c> Alias /php5-fcgi /usr/lib/cgi-bin/php5-fcgi-${USERNAME}-VHOSTNAME FastCgiExternalServer /usr/lib/cgi-bin/php5-fcgi-${USERNAME}-VHOSTNAME -socket /var/run/php5-fpm-${USERNAME}.sock -pass-header Authorization </IfModule> ...
Links:
For PHP-FPM the same optimization as for default php modules apply.
These settings with initial pm.start_servers = 5 is quite good for a server with 32gb RAM and up to 20-30 sites. This starts 5 processes, which take up to php_admin_value[memory_limit] = 512M each, but usually around 100mb per process when running a small wordpress. So this pool always uses 5*100mb = 500mb and may required much more, if the site is busy and more servers are started.
On small servers, use pm = ondemand, which starts servers only when used. This is slower than pm = dynamic
pm = dynamic pm.max_children = 50 pm.start_servers = 5 pm.min_spare_servers = 2 pm.max_spare_servers = 5
High performance server with one busy site:
pm = dynamic pm.max_children = 50 pm.start_servers = 25 pm.min_spare_servers = 20 pm.max_spare_servers = 25
Test how much RAM your site needs. This is the max, not the regular used memory. Most sites run with ~100mb, but require more for special tasks.
php_admin_value[memory_limit] = 512M
apt-get install libfcgi0ldbl SCRIPT_NAME=/status SCRIPT_FILENAME=/status QUERY_STRING= REQUEST_METHOD=GET cgi-fcgi -bind -connect /var/run/php5-fpm-$VHOSTNAME.sock
APC is deprecated and incompatible with latest php verions. Just use opache. Install, enable module and configure:
/etc/php5/mods-available/opcache.ini
zend_extension=opcache.so opcache.enable=1 ; moooore cache: opcache.memory_consumption=1024 opcache.max_accelerated_files=50000 ; php script changes will appear after one minute, but this is faster than the default: opcache.revalidate_freq=60 opcache.interned_strings_buffer=16
; required for nextcloud / paypal sdk / ..: opcache.save_comments=1 opcache.load_comments=1 opcache.validate_timestamps=1 opcache.consistency_checks=0 opcache.error_log=/var/log/php5-opcache.log opcache.log_verbosity_level=1
rocks! It's much faster than PHP-FPM, but not considered completly stable. Setup is easy, debian packages are available somewhere.
in nginx vhost config, just disable the fpm block and include the included config in the vhost:
include hhvm.conf;
On debian jessie this works very well. Just install all php7.0 packages from backports.
apt-get install php7.0-mbstring php7.0-apcu php7.0-cli php7.0-common php7.0-curl php7.0-fpm php7.0-gd php7.0-imagick php7.0-imap php7.0-intl php7.0-json php7.0-mcrypt php7.0-memcache php7.0-memcached php7.0-mysqlnd php7.0-pspell php7.0-readline php7.0-recode php7.0-snmp php7.0-sqlite php7.0-tidy php7.0-xmlrpc php7.0-xsl
php -v update-alternatives --co==== Headline ====
nfig php
fastcgi_pass unix:/run/php/php7.0-fpm.sock;
fastcgi.conf, etc ~should~ be compatible
edit or copy configs from php5:
Pools: Move a site-pool from php5 or create a new one in: /etc/php/7.0/fpm/pool.d/
You only need to adjust the socket line, to point to /var/run/php7.0-fpm-SITENAME.sock
Check, if all required php modules are installed and configured.. good luck :)
php7.4-fpm needs systemd :(
Add Sury Repo:
apt -y install lsb-release apt-transport-https ca-certificates wget -O /etc/apt/trusted.gpg.d/php.gpg https://packages.sury.org/php/apt.gpg echo "deb https://packages.sury.org/php/ $(lsb_release -sc) main" | sudo tee /etc/apt/sources.list.d/php.list apt update apt install php7.4
Install Modules:
apt-get install php7.4-{fpm,bcmath,bz2,intl,gd,mbstring,mysql,zip,mysql,memcache,memcached,xml,json,curl}
/etc/init.d/php7.4-fpm restart