User Tools

Site Tools






Configure pools for each domain/vhost to separate the domains and run scripts as separte user. This works well with ssh-sftp setup.because scripts are owned by the same user as the sftp user - not www-data.

Pool per domain config:

cd /etc/php5/fpm/pool.d/
cp www.conf {user1.conf,user2.conf}

replace all appearances of “www” in user.conf

/etc/init.d/php-fpm restart

Add a user for each pool:

The username must be an exisiting user in the system. e.g.:

adduser --disabled-login USERNAME
adduser www-data USERNAME
mkdir /var/www/USERNAME
chmod 750 /var/www/USERNAME

nginx & PHP-FPM

PHP-FPM can run over a http connection or a unix socket. unix socket is faster.

vhost php config via unix socket:

server {

  location ~ \.php$ {
    fastcgi_split_path_info ^(.+\.php)(/.+)$;
    include fastcgi_params;
    fastcgi_intercept_errors on;
    fastcgi_index index.php;
    fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
    # replace USERNAME by system/php-fpm-pool user:
    fastcgi_pass unix:/var/run/php5-fpm-USERNAME.sock;

PHP Modules

Wordpress required:

 apt install php-iconv php-exif php-memcached php-soap  php-yaml php-imap php-markdown php-readline php-curl  php-opcache  php-zip php-dom php-mbstring php-imagick php-fileinfo php-json php-xml php-simplexml

Apache & PHP-FPM

Use php-fpm for better performance and better security: run each domain in its own “pool” - processes per user. This way you also have less permission problems with sftp.

apt-get install apache2 libapache2-mod-fastcgi php5-fpm
a2enmod actions

cp /etc/apache2/mods-enabled/fastcgi.conf /etc/apache2/mods-enabled/fastcgi.conf.backup

mcedit /etc/apache2/mods-enabled/fastcgi.conf

<IfModule mod_fastcgi.c>
  AddType application/x-httpd-fastphp5 .php
  Action application/x-httpd-fastphp5 /php5-fcgi
  Alias /php5-fcgi /usr/lib/cgi-bin/php5-fcgi
  FastCgiExternalServer /usr/lib/cgi-bin/php5-fcgi -socket /var/run/php5-fpm.sock -pass-header Authorization
  <Directory /usr/lib/cgi-bin>
      Require all granted
apache2ctl configtest
/etc/init.d/apache2 restart

check if a phpfpm “www” pool process is running

You need to edit your vhosts to use the new pool. Replace USERNAME by the poolname you just created and VHOSTNAME by a dfifferent name in each vhost:

<VirtualHost *:80>
  <IfModule mod_fastcgi.c>
      Alias /php5-fcgi /usr/lib/cgi-bin/php5-fcgi-${USERNAME}-VHOSTNAME
      FastCgiExternalServer /usr/lib/cgi-bin/php5-fcgi-${USERNAME}-VHOSTNAME -socket /var/run/php5-fpm-${USERNAME}.sock -pass-header Authorization



For PHP-FPM the same optimization as for default php modules apply.

Configure pool

These settings with initial pm.start_servers = 5 is quite good for a server with 32gb RAM and up to 20-30 sites. This starts 5 processes, which take up to php_admin_value[memory_limit] = 512M each, but usually around 100mb per process when running a small wordpress. So this pool always uses 5*100mb = 500mb and may required much more, if the site is busy and more servers are started.

On small servers, use pm = ondemand, which starts servers only when used. This is slower than pm = dynamic

pm = dynamic
pm.max_children = 50
pm.start_servers = 5
pm.min_spare_servers = 2
pm.max_spare_servers = 5

High performance server with one busy site:

pm = dynamic
pm.max_children = 50
pm.start_servers = 25
pm.min_spare_servers = 20
pm.max_spare_servers = 25

Test how much RAM your site needs. This is the max, not the regular used memory. Most sites run with ~100mb, but require more for special tasks.

php_admin_value[memory_limit] = 512M 

PHP-FPM Status Page in Console

apt-get install libfcgi0ldbl

SCRIPT_NAME=/status SCRIPT_FILENAME=/status QUERY_STRING= REQUEST_METHOD=GET cgi-fcgi -bind -connect /var/run/php5-fpm-$VHOSTNAME.sock

php.ini settings

  • zlib.output_compression = On # + test compression setting from 1-9
  • short_tags = Off


APC is deprecated and incompatible with latest php verions. Just use opache. Install, enable module and configure:



; moooore cache:

; php script changes will appear after one minute, but this is faster than the default:

; required for nextcloud / paypal sdk / ..:



rocks! It's much faster than PHP-FPM, but not considered completly stable. Setup is easy, debian packages are available somewhere.

in nginx vhost config, just disable the fpm block and include the included config in the vhost:

include hhvm.conf;

PHP5-FPM and PHP7.0 parallel Setup

On debian jessie this works very well. Just install all php7.0 packages from backports.

Install packages:

 apt-get install php7.0-mbstring php7.0-apcu php7.0-cli php7.0-common php7.0-curl php7.0-fpm php7.0-gd php7.0-imagick php7.0-imap php7.0-intl php7.0-json php7.0-mcrypt php7.0-memcache php7.0-memcached php7.0-mysqlnd php7.0-pspell php7.0-readline php7.0-recode php7.0-snmp php7.0-sqlite php7.0-tidy php7.0-xmlrpc php7.0-xsl

Check which version is the default now and adjust:

php -v
update-alternatives --co==== Headline ====

nfig php

Nginx Config - just replace the socket:

fastcgi_pass unix:/run/php/php7.0-fpm.sock;

fastcgi.conf, etc ~should~ be compatible

PHP7.0-FPM Config:

edit or copy configs from php5:

  • /etc/php/7.0/fpm/php-fpm.conf
  • /etc/php/7.0/fpm/php.ini
  • all configs in /etc/php/7.0/mods-available/

Pools: Move a site-pool from php5 or create a new one in: /etc/php/7.0/fpm/pool.d/

You only need to adjust the socket line, to point to /var/run/php7.0-fpm-SITENAME.sock

Check, if all required php modules are installed and configured.. good luck :)

Install PHP 7.4 in Debian Buster / SURY REPO

php7.4-fpm needs systemd :(

Add Sury Repo:

apt -y install lsb-release apt-transport-https ca-certificates 
wget -O /etc/apt/trusted.gpg.d/php.gpg
echo "deb $(lsb_release -sc) main" | sudo tee /etc/apt/sources.list.d/php.list
apt update
apt install php7.4

Install Modules:

apt-get install php7.4-{fpm,bcmath,bz2,intl,gd,mbstring,mysql,zip,mysql,memcache,memcached,xml,json,curl}
/etc/init.d/php7.4-fpm restart
linux/webserver/php.txt · Last modified: 2023/03/25 10:58 by tkilla