PHP-FPM questions

edited December 2022 in Help

What a beast of a software... Documentation in php.net is obscure to the max, some configs not documented at all. I have few question, which I couldn't google.

Example (Apache2 + PHP-FPM 8.1) CFG:

[global]
pid = /run/php/php8.1-fpm.dronten.pid

[dronten]
        user = dronten
        group = dronten
        listen = /run/php/php8.1-fpm.dronten.sock
        listen.owner = www-data
        listen.group = www-data
        listen.mode = 0660
        pm = dynamic
        pm.max_children = 5
        pm.start_servers = 2
        pm.min_spare_servers = 1
        pm.max_spare_servers = 3

include = /etc/php/shared-values.inc

Shared-values.inc content:

php_admin_value[session.save_path]    = "/var/lib/php/sessions/$pool"
php_admin_value[soap.wsdl_cache_dir]  = "/var/lib/php/wsdlcache/$pool"
php_admin_value[opcache.file_cache]  = "/var/lib/php/opcache/$pool"


listen.allowed_clients = 127.0.0.1

access.log = /var/log/php-fpm/$pool.access
access.format = "%{REMOTE_ADDR}e - %u %t \"%m %r%Q%q\" %s %f %{seconds}d %{mega}M %{user}C%%"

slowlog = /var/log/php-fpm/$pool.slow

Issues/questions:

  1. Is it possible to restart/reload pool instead of entire php-fpm? I have user "dronten" and separate pool cfg. I want to restart/reload only this user, leaving all other users intact.

  2. Custom session.save_path not working. There is no sessions created in that folder. PHPinfo shows correct session path. Where the f... is session files?

  3. OPcache security problem with shared pool should be resolved by setting separate session path. Am I correct?

Comments

    1. Not to my knowledge because it is a system service and not a user service.

    2. Check file permissions make sure it is writable. Make sure there are no typos in the path and hardcore it if you need.

    3. From what I can gather yes that will work.

    Thanked by (2)legendary MichaelCee

    "I would have gotten away with it too, if it wasn't for that meddling Frankz and Mason!!"

  • "I would have gotten away with it too, if it wasn't for that meddling Frankz and Mason!!"

  • skorupionskorupion Services Provider

    From openAI:

    It is possible to restart or reload a specific PHP-FPM pool without affecting the other pools. To do this, you will need to stop the PHP-FPM service and then start it again with the specific pool configuration file.

    To stop the PHP-FPM service, you can use the service command or the systemctl command, depending on your operating system. For example, on Ubuntu, you can use the following command:

    sudo service php7.4-fpm stop

    To start the PHP-FPM service with a specific pool configuration file, you can use the -p option followed by the path to the configuration file. For example, if your pool configuration file is located at /etc/php/7.4/fpm/pool.d/dronten.conf, you can use the following command to start the PHP-FPM service with this configuration file:

    sudo service php7.4-fpm start -p /etc/php/7.4/fpm/pool.d/dronten.conf

    As for your question about the custom session save path, it is possible that the user that is running the PHP-FPM process does not have permission to write to the custom session save path. You can check the user that PHP-FPM is running as by looking at the user directive in your PHP-FPM configuration file. Then, you can check the permissions on the custom session save path and make sure that the user has permission to write to that directory.

    Setting a separate session path can help to resolve security issues with the shared PHP-FPM pool, but it is not a guarantee. There may be other security measures that you need to take in order to ensure that your PHP-FPM installation is secure. It is always a good idea to consult the PHP documentation and consult with a security expert if you have concerns about the security of your PHP-FPM installation.

    Thanked by (1)legendary
Sign In or Register to comment.