====== PHP ======



===== PHP-FPM Setup =====

Configure pools for each domain/vhost to separate the domains and run scripts as separte user. This works well with ssh-sftp setup.because scripts are owned by the same user as the sftp user - not www-data.

**Pool per domain config:**

  cd /etc/php5/fpm/pool.d/
  cp www.conf {user1.conf,user2.conf}

replace all appearances of "www" in user.conf
  /etc/init.d/php-fpm restart

**Add a user for each pool:**

The username must be an exisiting user in the system. e.g.:
  adduser --disabled-login USERNAME
  adduser www-data USERNAME
  mkdir /var/www/USERNAME
  chown -R USERNAME:USERNAME /var/www/USERNAME
  chmod 750 /var/www/USERNAME


===== nginx & PHP-FPM =====

PHP-FPM can run over a http connection or a unix socket. unix socket is faster.

**vhost php config via unix socket:** 

  server {
    ...
  
    location ~ \.php$ {
      fastcgi_split_path_info ^(.+\.php)(/.+)$;
      include fastcgi_params;
      fastcgi_intercept_errors on;
      fastcgi_index index.php;
      fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
      
      # replace USERNAME by system/php-fpm-pool user:
      fastcgi_pass unix:/var/run/php5-fpm-USERNAME.sock;
    }


===== PHP Modules =====

Wordpress required:

   apt install php-iconv php-exif php-memcached php-soap  php-yaml php-imap php-markdown php-readline php-curl  php-opcache  php-zip php-dom php-mbstring php-imagick php-fileinfo php-json php-xml php-simplexml

===== Apache & PHP-FPM =====

Use php-fpm for better performance and better security: run each domain in its own "pool" - processes per user. This way you also have less permission problems with sftp.

  apt-get install apache2 libapache2-mod-fastcgi php5-fpm
  a2enmod actions
  
  cp /etc/apache2/mods-enabled/fastcgi.conf /etc/apache2/mods-enabled/fastcgi.conf.backup
  
  mcedit /etc/apache2/mods-enabled/fastcgi.conf
  
  <IfModule mod_fastcgi.c>
    AddType application/x-httpd-fastphp5 .php
    Action application/x-httpd-fastphp5 /php5-fcgi
    Alias /php5-fcgi /usr/lib/cgi-bin/php5-fcgi
    FastCgiExternalServer /usr/lib/cgi-bin/php5-fcgi -socket /var/run/php5-fpm.sock -pass-header Authorization
    <Directory /usr/lib/cgi-bin>
        Require all granted
    </Directory>
  </IfModule>

  apache2ctl configtest
  /etc/init.d/apache2 restart

check if a phpfpm "www" pool process is running



You need to edit your vhosts to use the new pool.
Replace USERNAME by the poolname you just created and VHOSTNAME by a dfifferent name in each vhost:


  <VirtualHost *:80>
  ...
    <IfModule mod_fastcgi.c>
        Alias /php5-fcgi /usr/lib/cgi-bin/php5-fcgi-${USERNAME}-VHOSTNAME
        FastCgiExternalServer /usr/lib/cgi-bin/php5-fcgi-${USERNAME}-VHOSTNAME -socket /var/run/php5-fpm-${USERNAME}.sock -pass-header Authorization
    </IfModule>
  ...

Links:
  * https://www.linode.com/docs/websites/apache/install-php-fpm-and-apache-on-debian-8
  * http://www.dimitri.eu/php-fpm-apache-split-config-per-site/


===== Performance =====

For PHP-FPM the same optimization as for default php modules apply.

==== Configure pool ====

These settings with initial pm.start_servers = 5 is quite good for a server with 32gb RAM and up to 20-30 sites. This starts 5 processes, which take up to php_admin_value[memory_limit] = 512M each, but usually around 100mb per process when running a small wordpress. So this pool always uses 5*100mb = 500mb and may required much more, if the site is busy and more servers are started.

On small servers, use pm = ondemand, which starts servers only when used. This is slower than pm = dynamic

  pm = dynamic
  pm.max_children = 50
  pm.start_servers = 5
  pm.min_spare_servers = 2
  pm.max_spare_servers = 5


High performance server with one busy site:
  pm = dynamic
  pm.max_children = 50
  pm.start_servers = 25
  pm.min_spare_servers = 20
  pm.max_spare_servers = 25

Test how much RAM your site needs. This is the max, not the regular used memory. Most sites run with ~100mb, but require more for special tasks.
  php_admin_value[memory_limit] = 512M 


==== PHP-FPM Status Page in Console ====

  apt-get install libfcgi0ldbl
  
  SCRIPT_NAME=/status SCRIPT_FILENAME=/status QUERY_STRING= REQUEST_METHOD=GET cgi-fcgi -bind -connect /var/run/php5-fpm-$VHOSTNAME.sock


  * https://www.thatsgeeky.com/2012/02/directly-connecting-to-php-fpm/


==== php.ini settings ====

  * zlib.output_compression = On # + test compression setting from 1-9
  * short_tags = Off
  * ...


==== Opcache ====

APC is deprecated and incompatible with latest php verions. Just use opache. Install, enable module and configure:

/etc/php5/mods-available/opcache.ini

  zend_extension=opcache.so
  
  opcache.enable=1
  
  ; moooore cache:
  opcache.memory_consumption=1024
  opcache.max_accelerated_files=50000
  
  ; php script changes will appear after one minute, but this is faster than the default:
  opcache.revalidate_freq=60
  
  opcache.interned_strings_buffer=16

  ; required for nextcloud / paypal sdk / ..:
  opcache.save_comments=1
  opcache.load_comments=1
  
  opcache.validate_timestamps=1
  opcache.consistency_checks=0
  opcache.error_log=/var/log/php5-opcache.log
  opcache.log_verbosity_level=1



===== HHVM =====

rocks!  It's much faster than PHP-FPM, but not considered completly stable. Setup is easy, debian packages are available somewhere.

in nginx vhost config, just disable the fpm block and include the included config in the vhost:

  include hhvm.conf;


===== PHP5-FPM and PHP7.0 parallel Setup =====

On debian jessie this works very well. Just install all php7.0 packages from backports.

==== Install packages: ====

   apt-get install php7.0-mbstring php7.0-apcu php7.0-cli php7.0-common php7.0-curl php7.0-fpm php7.0-gd php7.0-imagick php7.0-imap php7.0-intl php7.0-json php7.0-mcrypt php7.0-memcache php7.0-memcached php7.0-mysqlnd php7.0-pspell php7.0-readline php7.0-recode php7.0-snmp php7.0-sqlite php7.0-tidy php7.0-xmlrpc php7.0-xsl
   
==== Check which version is the default now and adjust: ====

  php -v
  update-alternatives --co==== Headline ====
nfig php

==== Nginx Config - just replace the socket: ====

  fastcgi_pass unix:/run/php/php7.0-fpm.sock;

fastcgi.conf, etc ~should~ be compatible

==== PHP7.0-FPM Config: ====

edit or copy configs from php5: 
  * /etc/php/7.0/fpm/php-fpm.conf
  * /etc/php/7.0/fpm/php.ini
  * all configs in /etc/php/7.0/mods-available/

Pools:
Move a site-pool from php5 or create a new one in: /etc/php/7.0/fpm/pool.d/

You only need to adjust the socket line, to point to /var/run/php7.0-fpm-SITENAME.sock

Check, if all required php modules are installed and configured.. good luck :)

===== Install PHP 7.4 in Debian Buster / SURY REPO =====

php7.4-fpm needs systemd :(

Add Sury Repo:
  apt -y install lsb-release apt-transport-https ca-certificates 
  wget -O /etc/apt/trusted.gpg.d/php.gpg https://packages.sury.org/php/apt.gpg
  echo "deb https://packages.sury.org/php/ $(lsb_release -sc) main" | sudo tee /etc/apt/sources.list.d/php.list
  apt update
  apt install php7.4

Install Modules:
  apt-get install php7.4-{fpm,bcmath,bz2,intl,gd,mbstring,mysql,zip,mysql,memcache,memcached,xml,json,curl}

  /etc/init.d/php7.4-fpm restart