Configuration
FPM uses php.ini syntax for its configuration file - php-fpm.conf, and pool configuration files.
List of global php-fpm.conf directives
-
pidstring -
Path to PID file. Default value: none.
-
error_logstring -
Path to error log file. Default value: #INSTALL_PREFIX#/log/php-fpm.log.
-
log_levelstring -
Error log level. Possible values: alert, error, warning, notice, debug. Default value: notice.
-
emergency_restart_thresholdint -
If this number of child processes exit with SIGSEGV or SIGBUS within the time interval set by emergency_restart_interval then FPM will restart. A value of 0 means 'Off'. Default value: 0 (Off).
-
emergency_restart_intervalmixed -
Interval of time used by emergency_restart_interval to determine when a graceful restart will be initiated. This can be useful to work around accidental corruptions in an accelerator's shared memory. Available Units: s(econds), m(inutes), h(ours), or d(ays). Default Unit: seconds. Default value: 0 (Off).
-
process_control_timeoutmixed -
Time limit for child processes to wait for a reaction on signals from master. Available units: s(econds), m(inutes), h(ours), or d(ays) Default Unit: seconds. Default value: 0.
-
daemonizeboolean -
Send FPM to background. Set to 'no' to keep FPM in foreground for debugging. Default value: yes.
List of pool directives
With FPM you can run several pools of processes with different setting. These are settings that can be tweaked per pool.
-
listenstring -
The address on which to accept FastCGI requests. Valid syntaxes are: 'ip.add.re.ss:port', 'port', '/path/to/unix/socket'. This option is mandatory for each pool.
-
listen.backlogint -
Set listen(2) backlog. A value of '-1' means unlimited. Default value: -1.
-
listen.allowed_clientsstring -
List of ipv4 addresses of FastCGI clients which are allowed to connect. Equivalent to the FCGI_WEB_SERVER_ADDRS environment variable in the original PHP FastCGI (5.2.2+). Makes sense only with a tcp listening socket. Each address must be separated by a comma. If this value is left blank, connections will be accepted from any ip address. Default value: any.
-
listen.ownerstring -
Set permissions for unix socket, if one is used. In Linux, read/write permissions must be set in order to allow connections from a web server. Many BSD-derived systems allow connections regardless of permissions. Default values: user and group are set as the running user, mode is set to 0666.
-
listen.groupstring -
See listen.owner.
-
listen.modestring -
See listen.owner.
-
userstring -
Unix user of FPM processes. This option is mandatory.
-
groupstring -
Unix group of FPM processes. If not set, the default user's group is used.
-
pmstring -
Choose how the process manager will control the number of child processes. Possible values: static, ondemand, dynamic. This option is mandatory.
static - the number of child processes is fixed (pm.max_children).
ondemand - the processes spawn on demand (when requested, as opposed to dynamic, where pm.start_servers are started when the service is started.
dynamic - the number of child processes is set dynamically based on the following directives: pm.max_children, pm.start_servers, pm.min_spare_servers, pm.max_spare_servers.
-
pm.max_childrenint -
The number of child processes to be created when pm is set to static and the maximum number of child processes to be created when pm is set to dynamic. This option is mandatory.
This option sets the limit on the number of simultaneous requests that will be served. Equivalent to the ApacheMaxClients directive with mpm_prefork and to the PHP_FCGI_CHILDREN environment variable in the original PHP FastCGI.
-
pm.start_serversint -
The number of child processes created on startup. Used only when pm is set to dynamic. Default Value: min_spare_servers + (max_spare_servers - min_spare_servers) / 2.
-
pm.min_spare_serversint -
The desired minimum number of idle server processes. Used only when pm is set to dynamic. Also mandatory in this case.
-
pm.max_spare_serversint -
The desired maximum number of idle server processes. Used only when pm is set to dynamic. Also mandatory in this case.
-
pm.max_requestsint -
The number of requests each child process should execute before respawning. This can be useful to work around memory leaks in 3rd party libraries. For endless request processing specify '0'. Equivalent to PHP_FCGI_MAX_REQUESTS. Default value: 0.
-
pm.status_pathstring -
The URI to view the FPM status page. If this value is not set, no URI will be recognized as a status page. Default value: none.
-
ping.pathstring -
The ping URI to call the monitoring page of FPM. If this value is not set, no URI will be recognized as a ping page. This could be used to test from outside that FPM is alive and responding. Please note that the value must start with a leading slash (/).
-
ping.responsestring -
This directive may be used to customize the response to a ping request. The response is formatted as text/plain with a 200 response code. Default value: pong.
-
request_terminate_timeoutmixed -
The timeout for serving a single request after which the worker process will be killed. This option should be used when the 'max_execution_time' ini option does not stop script execution for some reason. A value of '0' means 'Off'. Available units: s(econds)(default), m(inutes), h(ours), or d(ays). Default value: 0.
-
request_slowlog_timeoutmixed -
The timeout for serving a single request after which a PHP backtrace will be dumped to the 'slowlog' file. A value of '0' means 'Off'. Available units: s(econds)(default), m(inutes), h(ours), or d(ays). Default value: 0.
-
slowlogstring -
The log file for slow requests. Default value: #INSTALL_PREFIX#/log/php-fpm.log.slow.
-
rlimit_filesint -
Set open file descriptor rlimit. Default value: system defined value.
-
rlimit_coreint -
Set max core size rlimit. Possible Values: 'unlimited' or an integer greater or equal to 0. Default value: system defined value.
-
chrootstring -
Chroot to this directory at the start. This value must be defined as an absolute path. When this value is not set, chroot is not used.
-
chdirstring -
Chdir to this directory at the start. This value must be an absolute path. Default value: current directory or / when chroot.
-
catch_workers_outputboolean -
Redirect worker stdout and stderr into main error log. If not set, stdout and stderr will be redirected to /dev/null according to FastCGI specs. Default value: no.
It's possible to pass additional environment variables and update PHP settings of a certain pool. To do this, you need to add the following options to the pool configuration file.
Example #1 Passing environment variables and PHP settings to a pool
env[HOSTNAME] = $HOSTNAME env[PATH] = /usr/local/bin:/usr/bin:/bin env[TMP] = /tmp env[TMPDIR] = /tmp env[TEMP] = /tmp php_admin_value[sendmail_path] = /usr/sbin/sendmail -t -i -f www@my.domain.com php_flag[display_errors] = off php_admin_value[error_log] = /var/log/fpm-php.www.log php_admin_flag[log_errors] = on php_admin_value[memory_limit] = 32M
Settings defined with php_admin_value and php_admin_flag cannot be overriden with ini_set().
As of 5.3.3, PHP settings are also possible to be set in webserver.
Example #2 set PHP settings in nginx.conf
set $php_value "pcre.backtrack_limit=424242"; set $php_value "$php_value \n pcre.recursion_limit=99999"; fastcgi_param PHP_VALUE $php_value; fastcgi_param PHP_ADMIN_VALUE "open_basedir=/var/www/htdocs";
Because these settings are passed to php-fpm as fastcgi headers, php-fpm should not be bound to a worldwide accessible address. Otherwise, anyone could alter the PHP configuration options. See also listen.allowed_clients.
Коментарии
The default value for listen.backlog isn't exactly "unlimited".
It's 128 on some operating systems, and -1 (which doesn't mean "unlimited" as well, but is an alias to a hard limit) on other systems.
Check for a sysctl value like kern.somaxconn (OpenBSD) or net.core.somaxconn (Linux).
Crank it up if you need more PHP workers than the default value. Then adjust listen.backlog in your php-fpm configuration file to the same value.
-Frank.
the doc is lacking a lot of things it seems.
The php fpm exemple config file indicate different thing, more option etc... I wonder why the main documentation is less verbose that the configuration file that user can have .. or not have ?
It seems there is no way to get informed about the access log format codes that are used or can be used. All I found is the source code.
It would really help, not to have open questions when deploying php-fpm. I constantly struggle with file paths for example, but that is another topic.
case '%': /* '%' */
case 'C': /* %CPU */
case 'd': /* duration µs */
case 'e': /* fastcgi env */
case 'f': /* script */
case 'l': /* content length */
case 'm': /* method */
case 'M': /* memory */
case 'n': /* pool name */
case 'o': /* header output */
case 'p': /* PID */
case 'P': /* PID */
case 'q': /* query_string */
case 'Q': /* '?' */
case 'r': /* request URI */
case 'R': /* remote IP address */
case 's': /* status */
case 'T':
case 't': /* time */
case 'u': /* remote user */
With Apache, mod_proxy_fcgi and php-fpm, if you want to have a generic pool and several vhost with different php configuration, you can use the ProxyFCGISetEnvIf directive and the PHP_ADMIN_VALUE environment variable. It does not work with PHP_ADMIN_FLAG even for boolean directives.
PHP directives must be separated by spaces and a \n.
ProxyFCGISetEnvIf "true" PHP_ADMIN_VALUE "open_basedir=/var/www/toto/:/tmp/ \n session.save_path=/var/www/toto/session \n display_errors=On \n error_reporting=-1"
Be very carrefull when using ProxyFCGISetEnvIf within a Apache virtual host configuration using a shared PHP-FPM pool. Values defined like this are shared across all the Apache virtual hosts within a pool worker, may resulting in strange behaviours depending on the requests chronology.
See full explanation here:
https://serverfault.com/questions/817020/stop-reusing-php-value-for-different-sites-with-php-fpm/817905#817905
The 'include' directive that is used in php-fpm.conf is not documented here. However, this directive can also be used in the pool configurations. In the included file, the $pool variable is substituted correctly.
This means that, if you have multiple pools with similar configurations, you can create a file 'default-values.inc' like so:
-----
listen.allowed_clients = 127.0.0.1
pm = dynamic
pm.max_children = X
pm.min_spare_servers = X
pm.max_spare_servers = X
access.log = /var/log/php-fpm/$pool.access
access.format = "%R %u [%t] \"%m %r\" %s %d %l"
slowlog = /var/log/php-fpm/$pool.slow
php_flag[short_open_tag] = off
-----
And then include that file in each pool configuration like so:
-----
[vhost1.example.com]
user = www-vhost1
group = www-vhost1
listen = 127.0.0.1:9001
include = /usr/local/etc/php-fpm.d/default-values.inc
-----
This makes things a bit more transparent, and it could potentially save some time if you decide to change settings.
Make sure the name of the included file does not end in '.conf', because all files with that extension are loaded from php-fpm.conf.
NOTE: "access.format" containing "%o" generate error in PHP 7.4 (don't tested in other versions); The access log format.
; The following syntax is allowed
; %%: the '%' character
; %C: %CPU used by the request
; it can accept the following format:
; - %{user}C for user CPU only
; - %{system}C for system CPU only
; - %{total}C for user + system CPU (default)
; %d: time taken to serve the request
; it can accept the following format:
; - %{seconds}d (default)
; - %{milliseconds}d
; - %{milli}d
; - %{microseconds}d
; - %{micro}d
; %e: an environment variable (same as $_ENV or $_SERVER)
; it must be associated with embraces to specify the name of the env
; variable. Some examples:
; - server specifics like: %{REQUEST_METHOD}e or %{SERVER_PROTOCOL}e
; - HTTP headers like: %{HTTP_HOST}e or %{HTTP_USER_AGENT}e
; %f: script filename
; %l: content-length of the request (for POST request only)
; %m: request method
; %M: peak of memory allocated by PHP
; it can accept the following format:
; - %{bytes}M (default)
; - %{kilobytes}M
; - %{kilo}M
; - %{megabytes}M
; - %{mega}M
; %n: pool name
; %o: output header
; it must be associated with embraces to specify the name of the header:
; - %{Content-Type}o
; - %{X-Powered-By}o
; - %{Transfert-Encoding}o
; - ....
; %p: PID of the child that serviced the request
; %P: PID of the parent of the child that serviced the request
; %q: the query string
; %Q: the '?' character if query string exists
; %r: the request URI (without the query string, see %q and %Q)
; %R: remote IP address
; %s: status (response code)
; %t: server time the request was received
; it can accept a strftime(3) format:
; %d/%b/%Y:%H:%M:%S %z (default)
; The strftime(3) format must be encapsulated in a %{<strftime_format>}t tag
; e.g. for a ISO8601 formatted timestring, use: %{%Y-%m-%dT%H:%M:%S%z}t
; %T: time the log has been written (the request has finished)
; it can accept a strftime(3) format:
; %d/%b/%Y:%H:%M:%S %z (default)
; The strftime(3) format must be encapsulated in a %{<strftime_format>}t tag
; e.g. for a ISO8601 formatted timestring, use: %{%Y-%m-%dT%H:%M:%S%z}t
; %u: remote user
;
; Default: "%R - %u %t \"%m %r\" %s"
access.format = "%R - %u %t \"%m %r%Q%q\" %s %f %{milli}d %{kilo}M %C%%"
https://github.com/php/php-src/blob/master/sapi/fpm/www.conf.in#L257-L318
PHP-FPM configuration page apparently doesn't see the need to specify what options are available with each version of PHP.
It claims that pm.status_listen is a valid directive, but that directive only exists as of php 8.0.0, which is a bummer for those of us still using PHP 7.4.
Noting this for anyone else fighting with this.