Nginx with php fpm23.03.20

nginx with php fpm
Michael Kaufmann edited this page on Mar 29, 2017 · 1 revision
1. Introducion

With PHP 5.3.3 a new PHP SAPI handler was added to PHP. Its called PHP-FPM (FastCGI Process Manager). PHP-FPM is an alternative PHP FastCGI implementation with some additional features useful for sites of any size, especially busier sites.

More Infos can be found here:

http://php-fpm.org/
    http://www.php.net/manual/install.fpm.php

Pros:

Fast + Secure.
    No permission problems between the FTP- and Webserver-users

Cons:

More difficult to setup.

I assume that you have Froxlor already running and the database set up.
2. Setting up the environment

First of all you should install all needed packages.

apt-get install libnss-mysql-bg nscd php5-fpm

3. Setting up username <-> user ID mappings

You should ensure that the Froxlor cronjob isn't executed while you set up fastcgi. This could produce unwanted results!

/etc/init.d/cron stop

In order to have php-fpm work as intended you need real usernames since php-fpm cannot work with the virtual user IDs Froxlor uses by default. We must get 'libnss-mysql' to read usernames from MySQL. The FTP table in the Froxlor database provides us with every information we need. To avoid any bottlenecks that might happen with big directories we install the name service caching daemon 'nscd'.

Now copy and paste the actual configuration files from the Froxlor panel (Configuration -> Debian Wheezy -> Others -> libnss) and apply them to your file system. You'll need the to create or update the following files:

/etc/libnss-mysql.cfg
/etc/libnss-mysql-root.cfg
/etc/nsswitch.conf

Make sure that only root can read those configuration files since they include your Froxlor database password!

chmod 600 /etc/libnss-mysql-root.cfg /etc/libnss-mysql.cfg

Restard nscd now

/etc/init.d/nscd restart

Now it should already work. To find out if it really works just go to a directory that was created by Froxlor and check if the user ID got replaced by the username.

ls -al /var/customers/webs/

This should produce a result like:

drwxr-xr-x  3 web1      web1       4096 2008-06-13 17:18 web1
drwxr-xr-x  8 web2      web2       4096 2009-01-02 17:40 web2
drwxr-xr-x 10 web3      web3       4096 2009-01-25 13:33 web3

If you don't see a result like this or just the virtual user IDs, re-check your configuration and whether these users really exist using the getent passwd command. If nscd isn't working properly you cannot continue with the next steps.
4. Enable PHP-FPM in Froxlor

You must now instruct Froxlor to create the FPM configuration and to add related directives to Nginx's VirtualHost configurations.

In order to use FPM you need to create a user froxlorlocal and a group of the same name:

addgroup --gid 9999 froxlorlocal
adduser --no-create-home --uid 9999 --ingroup froxlorlocal --shell /bin/false --disabled-password --gecos '' froxlorlocal

Make sure that the user nginx runs as (e.g. www-data) is in the group froxlorlocal.

adduser www-data froxlorlocal

Now activate the PHP-FPM option in the Settings section on the Froxlor admin web panel and hit save.

When you load the settings overview page (compact overview) again, you'll see a new link to configure PHP-FPM.

Make sure the checkbox for Enable php-fpm and Enable PHP-FPM for the Froxlor vHost are checked

Local user to use for PHP-FPM (Froxlor vHost) and Local group to use for PHP-FPM (Froxlor vHost) should be froxlorlocal

Click it, then set the configuration directory of php-fpm - this is where Froxlor stores the PHP-FPM configuration. The default value of /etc/php5-fpm will not work on Debian (unless you make further customizations), so use this instead:

/etc/php5/fpm/pool.d

Adjust the command to start on of php5-fpm: (by default there is only "/etc/init.d/php-fpm restart" - without 5)

/etc/init.d/php5-fpm restart

Check whether the temporary directory is correct and check "Use PHP-FPM in Froxlor Vhost".

In /etc/init.d/php5-fpm, edit the line starting # Required-Start to look like this:

# Required-Start:    $remote_fs $network mysql nscd

Finally, in /etc/init.d/nscd, edit the line starting # Required-Start to look like this:

# Required-Start:    $remote_fs $network mysql

this ensures it is started later than mysql and nscd. This is essential to receive the correct UID/GUI to start php5-fpm! If there are any problems with this during boot (check /var/log/boot).
5. Final Steps

Run Froxlor's global cron job once to immediately produce fastcgi configurations for all VirtualHosts:

/usr/bin/php5 /var/www/froxlor/scripts/froxlor_master_cronjob.php --force --debug

Start the system cron demon again.

/etc/init.d/cron start

If you have set up all correctly it should be now possible to open the customer domains in your browser. If there are a php-fpm master process and some php-fpm pools it should be working fine. You can also check that by running phpinfo(); from a file within a customer domain.

https://github.com/Froxlor/Froxlor/wiki/nginx-with-php-fpm

Anonymous

Nginx with php fpm23.03.20

Information Epoch 1745975923