php-fpm configuration
Unlike lamp, in the lnmp architecture, php-fpm exists as an independent service. Since it exists as an independent service, it has its own configuration file. The configuration file for php-fpm is /usr/local/php-fpm/etc/.
php-fpm's pool (pool)
Nginx supports multiple virtual hosts, and php-fmp also supports configuring multiple pools. Each pool can monitor a port or a socket (socket). For example, our nginx has multiple sites, then each site can use a pool. The advantage of this is that when one of the php displays 502 (502 may be that our php resources are not enough), if all our websites use the same pool, when one of the sites displays 502, then the sites in the same pool will be will all fail. So it is necessary for us to isolate each site and use a separate pool.
To set up multiple pools
, first go to the directory /usr/local/php-fpm/etc/. Then edit vim php-fpm.conf
[root@linletao-001 etc]# vim php-fpm.conf
[global]
pid=/usr/local/php-fpm/var/run/php-fpm.pid
error_log=/usr/local/php-fpm/var/log/php-fpm.log
[www]
listen=/tmp /php-fcgi.sock
#listen=127.0.0.1
:9000 listen.mode=666
user=php-fpm
group=php-fpm
pm=dynamic
pm.max_children=50
pm.start_servers=20
pm.min_spare_servers=5
pm.max_spare_servers = 35
pm.max_requests = 500
rlimit_files = 1024
We can continue to append the same content as above. But it should be noted that the pool in [] needs to be changed, and the following listen should be the same as the name above. After saving, we test to see if there is a syntax error
/usr/local/php-fpm/sbin/php-fpm -t
If there is no error, we restart php-fpm
/etc/init.d/php-fpm reload
and then we check
ps aux|grep php-fpm
php-fpm 4666 0.0 0.4 227204 4724 ?S 23:31 0:00 php-fpm: pool www
php-fpm 4667 0.0 0.4 227204 4724 ?S 23:31 0:00 php-fpm: pool www
php-fpm 4668 0.0 0.4 227204 4724 ?S 23:31 0:00 php-fpm: pool www
php-fpm 4669 0.0 0.4 227204 4720 ?S 23:31 0:00 php-fpm: pool aming.com
php-fpm 4670 0.0 0.4 227204 4720 ?S 23:31 0:00 php-fpm: pool aming.com
php-fpm 4671 0.0 0.4 227204 4720 ? S 23:31 0:00 php-fpm: pool aming.com
php-fpm 4672 0.0 0.4 227204 4724 ? 31 0:00 php-fpm: pool aming.com
php-fpm 4673 0.0 0.4 227204 4728 ? S 23:31 0:00 php-fpm: pool aming.com
At this time, we found that there is already a pool of aming.com.
Then we can configure different pools for different URLs. For
example, if we configure the pool of aaa.com as aming.com, we can configure it like this.
First open the configuration file of aaa.com, and then add the following content.
location ~ .php$
{
include fastcgi_params;
fastcgi_pass unix:/tmp/aming.sock;
fastcgi_index index.php;
fastcgi_param SCRIPT_FILENAME /data/wwwroot/default$fastcgi_script_name;
access_log /tmp/test.com.log aming;
}
In nginx, it supports include vhost/ .conf;, then in php-fpm it also supports.
This saves and exits.
We can also do this
first edit php-fpm.conf
and then add include = etc/php-fpm.d/ .conf
[root@linletao-001 etc]# vim php-fpm.conf
[global]
pid in the last line of global = /usr/local/php-fpm/var/run/php-fpm.pid
error_log = /usr/local/php-fpm/var/log/php-fpm.log
include = etc/php-fpm.d/ . conf
and then copy all the following contents and delete them, ready to paste them into the other two configuration files.
Because include = etc/php-fpm.d/ .conf, we need to create a php-fpm.d directory under /usr/local/php-fpm/etc/.
Then we will create configuration files in the directory. For example, we want to create www.com and aming.com,
and then put the configuration files that were just copied and deleted into the corresponding two configuration files.
Such a configuration is similar to the vhost in nginx, which is concise and convenient.
php-fpm slow execution log
如果有一天我们的网站访问非常慢,这时我们既可以通过php-fpm的慢执行日志进行分析,在这里我们可以非常清晰的了解到php的脚本中哪里执行时间长,他可以定位到具体的行,这就是php-fpm慢执行日志的好处。
我们用刚才的www.conf做实验,首先打开配置文件/usr/local/php-fpm/etc/php-fpm.d/www.conf
and then add two lines at the end to configure
request_slowlog_timeout = 1 (more than 1 second to write the log, but we usually write for two seconds)
slowlog = /usr/local/php-fpm/var/log/www-slow.log (log directory)
Then we query to see if the log generates
ls /usr/local/php-fpm/var/log
php-fpm .log www-slow.log
log has been generated
Then we do an experiment, write a script to simulate slow execution
vim /data/wwwroot/test.com/sleep.php
and then write the content
<?php echo
"test slow log";
sleep(2);
echo "done";
? >
save and exit
Then we run curl -x127.0.0.1:80 test.com/sleep.php
but find that it is not executed, then we have to make some mistakes. Check the error log.
The log shows a syntax error, so we re-edit the script.
After re-editing, we run the script again, check the slow execution log
cat /usr/local/php-fpm/var/log/www-slow.log
and generate the following content in the log
[root@linletao-001 php-fpm.d] # cat /usr/local/php-fpm/var/log/www-slow.log
[01-May-2018 22:09:11] [pool www] pid 7471
script_filename = /data/wwwroot/test.com/sleep.php (this is to tell you which script is slow)
[0x00007f95ef40a2f8] sleep() /data /wwwroot/test.com/sleep.php:3 (this section tells you that the third line of the script causes slow access)
and the third section is the configuration that we purposely make it slow.
So that's the power of slow execution logs. It can tell you not only which script is wrong, but also exactly where the problem is.
open_basedir
open_basedir可将用户访问文件的活动范围限制在指定的区域,通常是其家目录的路径,也 The symbol "." can be used to represent the current directory. Note that the restrictions specified with open_basedir are actually prefixes, not directory names.
For example: If "open_basedir = /dir/user", then both directories "/dir/user" and "/dir/user1"
are accessible. So if you want to restrict access to only specified directories, end the pathname with a slash. For example, set it to:
"open_basedir = /dir/user/"
We can set open_basedir for different pools. Just add a line of configuration to the configuration file.
To configure open_basedi for www.conf,
first enter /usr/local/php-fpm/etc/php-fpm.d directory, edit www.conf
[www]
listen = /tmp/php-fcgi.sock
#listen = 127.0 .0.1:9000
listen.mode=666
user=php-fpm
group=php-fpm
pm=dynamic
pm.max_children=50
pm.start_servers=20
pm.min_spare_servers=5
pm.max_spare_servers=35
pm.max_requests=500
rlimit_files=1024
request_slowlog_timeout = 1
slowlog = /usr/local/php-fpm/var/log/www-slow.log
php_admin_value[open_basedir]=/data/wwwroot/test.com:/tmp/ (requires additional configuration)
(1) Test whether the configuration file is correct:
/usr/local/nginx/sbin/nginx -t
(2) Load the configuration file:
/usr/local/nginx/sbin/nginx -s reload
(/etc/init.d/ php-fpm reload)
and then I experiment
curl -x127.0.0.1:80 test.com/3.php -I
HTTP/1.1 200 OK
Server: nginx/1.12.1
Date: Wed, 02 May 2018 13:33 :32 GMT
Content-Type: text/html; charset=UTF-8
Connection: keep-alive
X-Powered-By: PHP/5.6.30
If the open_basedir configuration is wrong, the site cannot be accessed. We configure www.conf again, this time with open_basedir intentionally misconfigured.
Then do the experiment
curl -x127.0.0.1:80 test.com/3.php -I
HTTP/1.1 404 Not Found
Server: nginx/1.12.1
Date: Wed, 02 May 2018 13:56:57 GMT
Content- Type: text/html; charset=UTF-8
Connection: keep-alive
X-Powered-By: PHP/5.6.30
is not connected this time.
Therefore, the site we are targeting must be consistent with the newly added open_basedir below. If the multi-defined path is incorrect, he cannot access it.
To query the site it corresponds to. Go to the /usr/local/nginx/conf/vhost/ directory to find it.
We can also look at the error log.
First we have to configure the error log.
vim /usr/local/php-fpm/etc/php.ini
search for /display_errors
display_errors = Off
and then change the back of display_errors to Off, if not changed, the error log will be displayed on the web page.
Change log_errors to On
log_errors = On
We want to log the error in some file on the server.
error_log = specify error log file path
; Example:
;error_log = php_errors.log
; Log errors to syslog (Event Log on Windows).
;error_log = syslog
/usr/local/php-fpm/var/log/php_errors.log (new additional configuration)
error_reporting defines the log level
#error_reporting = E_ALL & ~E_DEPRECATED & ~E_STRICT
error_reporting = E_ALL
Comment out the above line and add the following line.
Then manually generate the log, and the permissions are changed to 777
touch /usr/local/php-fpm/var/log/php_errors.log
chmod 777 /usr/local/php-fpm/var/log/php_errors.log
Then reload php-fpm
/etc/init.d/php-fpm reload
开始做实验
curl -x127.0.0.1:80 test.com/3.php -I
HTTP/1.1 404 Not Found
Server: nginx/1.12.1
Date: Wed, 02 May 2018 14:42:05 GMT
Content-Type: text/html; charset=UTF-8
Connection: keep-alive
X-Powered-By: PHP/5.6.30
然后查看错误日志
[root@linletao-001 php-fpm.d]# cat /usr/local/php-fpm/var/log/php_errors.log
[02-May-2018 14:41:13 UTC] PHP Deprecated: Comments starting with '#' are deprecated in Unknown on line 1 in Unknown on line 0
[02-May-2018 14:41:50 UTC] PHP Warning: Unknown: open_basedir restriction in effect. File(/data/wwwroot/test.com/3.php) is not within the allowed path(s): (/data/wwwroot/aming.com:/tmp/) in Unknown on line 0
[02-May-2018 14:41:50 UTC] PHP Warning: Unknown: failed to open stream: Operation not permitted in Unknown on line 0
[02-May-2018 14:42:05 UTC] PHP Warning: Unknown: open_basedir restriction in effect. File(/data/wwwroot/test.com/3.php) is not within the allowed path(s): (/data/wwwroot/aming.com:/tmp/) in Unknown on line 0
[02 -May-2018 14:42:05 UTC] PHP Warning: Unknown: failed to open stream: Operation not permitted in Unknown on line 0
We can find through the log that the file we accessed is test.com/3.php, and we The defined open dasedir is aming.com:/tmp/, so it must be inaccessible. Only change it back to continue access.
php-fpm process management
pm = dynamic //Dynamic process management, or static
pm.max_children = 50 //Maximum number of child processes, ps aux can view
pm.start_servers = 20 //Number of processes that will be started when the service is started
pm.min_spare_servers = 5 / /Defines the minimum number of child processes during the idle period. If this value is reached, the php-fpm service will automatically fork new child processes.
pm.max_spare_servers = 35 //Defined in the idle period, the maximum number of child processes, if it is higher than this value, it will start to clean up the idle child processes.
pm.max_requests = 500 //Define the maximum number of requests a child process can handle, that is to say, a php-fpm child process can handle so many requests at most. When this value is reached, it will automatically exit