August 21, 2013

Beginner

How To Optimize Nginx with PHP Pools on an Ubuntu 13.04 VPS

Introduction


One of the benefits of PHP-FPM is that you can run different websites and applications under its own user. These are referred to as pools and are quite easy to setup. This can be a handy way to help establish securities amongst different servers as well as different users you may have setup, thus preventing security holes. This also allows you to give ownership to user directories and files and prevents server errors, because a different PHP pool is trying to write to files it doesn’t own.

This is a rather easy and painless setup and is especially helpful if you're planning to run multiple framework installs on an Nginx server block (virtual host).

DISCLAIMER: This does however allow you to start idle PHP threads that consume memory. Thus you should monitor and balance your servers PHP processes. Setting up too many pools can cause interesting things to happen when data swapping starts.

Setup


The steps in this tutorial require the user to have root privileges on the virtual private server. Please refer to steps 3 and 4 in the Initial Server Setup Tutorial.

Required installations for this tutorial are Nginx and PHP-FPM. It is recommended that you install a properly configured LEMP stack (Linux, Nginx, MySQL, PHP-FPM). This should cover all the necessary requirements.

Step One: Create a New PHP-FPM Memory Pool


For Nginx, to create a new pool, we need to copy the default pool which belongs to www-data. You probably will remember configuring this pool when you did your initial install of PHP-FPM and Nginx.

WARNING: Do not delete the default pool. It is considered standard practice to let www-data to run it's own pool and to add pools as necessary for different users, to keep system privileges separate from user privileges.

To do so, we simply copy the default www.conf and rename the copy to the user we want to associate it with (replace username with the name of the user):
sudo cp /etc/php5/fpm/pool.d/www.conf /etc/php5/fpm/pool.d/username.conf

Next, open it up in nano:
sudo nano /etc/php5/fpm/pool.d/username.conf

Now work through the file and change the options as follows:
; Start a new pool named 'www'.
; the variable $pool can we used in any directive and will be replaced by the
; pool name ('www' here)
[username]

; Note: The user is mandatory. If the group is not set, the default user's group
;       will be used.
user = username

listen = /var/run/php5-fpm.username.sock

Note: There are other settings you can adjust in this file, however for the sake of brevity, we will just adjust what we need to setup a basic pool quickly.

Then save and close the file and restart PHP-FPM:
sudo service php5-fpm restart

Step Two: Adjust your Server Blocks


If you spent some time setting up server blocks (virtual hosts) then the VPS will need to adjust to the correct sockets to allow access to the newly created pool.

Open your server configuration file:
sudo nano /etc/nginx/sites-available/default

Or if you setup server blocks (virtual hosts), then:
sudo nano /etc/nginx/sites-available/example.com

Then edit the following line and replace username:
fastcgi_pass unix:/var/run/php5-fpm.username.sock;

Finally restart Nginx:
sudo service nginx restart

If everything restarts correctly, then you have successfully setup another PHP-FPM pool!

Share this Tutorial

Vote on Hacker News

Try this tutorial on an SSD cloud server.

Includes 512MB RAM, 20GB SSD Disk, and 1TB Transfer for $5/mo! Learn more

Create an account or login:

3 Comments

Write Tutorial
  • Gravatar Alex Kavon 8 months

    Woot!

  • Gravatar Asterix 7 months

    Is this similar to how suPHP works? Since I changed to suPHP I had no more file access issues for my Wordpress and Joomla sites. Will this have the same effect, as I now will run nginx with php5-fpm (instead of Apache)? Or shall I follow this instruction? --> http://rajibpaudyal.com/blog/suphp-alternative-php-fpm

  • Gravatar Kamal Nasser 7 months

    I believe using suPHP is more secure than just allowing the user to write to every single file.

Leave a Comment

Create an account or login:
Ajax-loader