I became aware of what an alternative configuration would do after reading an article titled A better way to run PHP-FPM. It was written about a year ago, so it’s kinda disappointing that I came across it while searching for a related topic just last night. If you run your own server and use PHP with PHP-FPM, you need to read that article.
After I read it, I changed the pm options in the pool configuration file to these:
1234 ; Choose how the process manager will control the number of child processes.pm = ondemandpm.max_children = 75pm.process_idle_timeout = 10spm.max_requests = 500The major change was setting pm = ondemand instead of pm = dynamic. And the impact on resource usage was drastic. Here, for example, is the output of
Related Post: Eyes in the Sky: The Rise of Gorgon Stare and How It Will Watch Us Allfree –mt after reloading php5-fpm:
1234 total used free shared buffers cachedMem: 490 196 293 28 9 70–/+ buffers/cache: 116 373Swap: 2047 452 1595Total: 2538 649 1888Compared to the output before, that’s more than a 50% drop in RAM usage. And the reason became obvious when I viewed top again:
1234 2778 mysql 20 1359152 56708 3384 S 0.0 11.3 2:11.06 mysqld26896 root 20 373828 19000 13532 S 0.0 3.8 :02.42 php5–fpm 25818 root 20 64208 4148 1492 S 0.0 0.8 :01.88 php5–fpm25818 root 20 64208 4148 1492 S 0.0 0.8 :01.88 php5–fpm17385 root 20 64208 4068 1416 S 0.0 0.8 :02.23 php5–fpm 1465 ossec 20 15592 2960 480 S 0.0 0.6 :08.60 ossec–analysisd1500 root 20 6312 2072 328 S 0.0 0.4 :45.55 ossec–syscheckd 1 root 20 33444 1940 812 S 0.0 0.4 :03.29 initDid you notice that there are no child processes? What happened to them? That’s what setting pm = ondemand does. A child process is spawned only when needed. After it’s done its job, it remains idle for 10 seconds (pm.process_idle_timeout = 10s) and then dies.
So what I have is a simple modification to the default PHP-FPM settings that saved me more than 50% of RAM. Sure, the server hasn’t come under heavy traffic, but I think it can withstand a reasonably heavy traffic, considering that it only has 512 MB of RAM. And with Nginx microcaching configured, I think it will do very well. There are other aspects of PHP-FPM and Percona MySQL that I’ve not optimized yet, so stay tuned. This was just to pass on a little tip that I found useful.
How to Install Apache with PHP-FPM on Debian 10
PHP Installation
For the PHP installation we recommend to use Ondřej Surý‘s PPA, which provides latest PHP versions for Debian systems. Add this PPA to your Debian system using the following commands:
wget -q https://packages.sury.org/php/apt.gpg -O- | sudo apt-key add - sudo echo "deb https://packages.sury.org/php/ buster main" | tee /etc/apt/sources.list.d/php.listAfter that, install the required PHP version. You can simply execute the following commands for the default PHP version installation with PHP-FPM packages.
apt update sudo apt install php php-fpmNote:- When you are using PHP-FPM. All the PHP modules configurations are residing under /etc/php/7.3/fpm/ directory. You can read more about enable/disable PHP modules.After installing the above packages php7.3-fpm service will automatically be started. You can make sure by typing below command on terminal.
sudo systemctl status php7.3-fpm ● php7.3-fpm.service - The PHP 7.3 FastCGI Process Manager Loaded: loaded (/lib/systemd/system/php7.3-fpm.service; enabled; vendor preset: enabled) Active: active (running) since Tue 2019-12-03 10:01:54 UTC; 24min ago Docs: man:php-fpm7.3(8) Main PID: 9883 (php-fpm7.3) Status: "Processes active: 0, idle: 2, Requests: 3, slow: 0, Traffic: 0req/sec" Tasks: 3 (limit: 3587) Memory: 14.2M CGroup: /system.slice/php7.3-fpm.service ├─9883 php-fpm: master process (/etc/php/7.3/fpm/php-fpm.conf) ├─9884 php-fpm: pool www └─9885 php-fpm: pool wwwDec 03 10:01:54 tecadmin-debian10 systemd[1]: Starting The PHP 7.3 FastCGI Process Manager... Dec 03 10:01:54 tecadmin-debian10 systemd[1]: Started The PHP 7.3 FastCGI Process Manager.
How To Install the Apache Web Server on Debian 10
Step 5 — Setting Up Virtual Hosts (Recommended)
When using the Apache web server, you can use virtual hosts (similar to server blocks in Nginx) to encapsulate configuration details and host more than one domain from a single server. In the following commands, replace
your_domain
with your own domain name. To learn more about setting up a domain name with DigitalOcean, see our Introduction to DigitalOcean DNS.Apache on Debian 10 has one server block enabled by default that is configured to serve documents from the
/var/www/html
directory. While this works well for a single site, it can become unwieldy if you are hosting multiple sites. Instead of modifying/var/www/html
, let’s create a directory structure within/var/www
for ouryour_domain
site, leaving/var/www/html
in place as the default directory to be served if a client request doesn’t match any other sites.Create the directory for
your_domain
as follows, using the-p
flag to create any necessary parent directories:sudo mkdir -p /var/www/<span class="highlight">your_domain</span>
Next, assign ownership of the directory with the
$USER
environmental variable:
- sudo chown -R $USER:$USER /var/www/your_domain
The permissions of your web roots should be correct if you haven’t modified your
unmask
value, but you can make sure by typing:
- sudo chmod -R 755 /var/www/your_domain
Next, create a sample
index.html
page usingnano
or your favorite editor:
- nano /var/www/your_domain/index.html
Inside, add the following sample HTML:
/var/www/your_domain/index.html<html> <head> <title>Welcome to <span class="highlight">your_domain</span>!</title> </head> <body> <h1>Success! The <span class="highlight">your_domain</span> virtual host is working!</h1> </body> </html>
Save and close the file when you are finished.
In order for Apache to serve this content, it’s necessary to create a virtual host file with the correct directives. Instead of modifying the default configuration file located at
/etc/apache2/sites-available/000-default.conf
directly, let’s make a new one at/etc/apache2/sites-available/<span class="highlight">your_domain</span>.conf
:
- sudo nano /etc/apache2/sites-available/your_domain.conf
Paste in the following configuration block, which is similar to the default, but updated for our new directory and domain name:
/etc/apache2/sites-available/your_domain.conf<VirtualHost *:80> ServerAdmin <span class="highlight">admin@your_email_domain</span> ServerName <span class="highlight">your_domain</span> ServerAlias <span class="highlight">www.your_domain</span> DocumentRoot /var/www/<span class="highlight">your_domain</span> ErrorLog ${APACHE_LOG_DIR}/error.log CustomLog ${APACHE_LOG_DIR}/access.log combined </VirtualHost>
Notice that we’ve updated the
DocumentRoot
to our new directory andServerAdmin
to an email that theyour_domain
site administrator can access. We’ve also added two directives:ServerName
, which establishes the base domain that should match for this virtual host definition, andServerAlias
, which defines further names that should match as if they were the base name.Save and close the file when you are finished.
Let’s enable the file with the
a2ensite
tool:
- sudo a2ensite your_domain.conf
Disable the default site defined in
000-default.conf
:
- sudo a2dissite 000-default.conf
Next, let’s test for configuration errors:
- sudo apache2ctl configtest
You should see the following output:
OutputAH00558: apache2: Could not reliably determine the server's fully qualified domain name, using 127.0.1.1. Set the 'ServerName' directive globally to suppress this message Syntax OK
Restart Apache to implement your changes:
- sudo systemctl restart apache2
Initial Server Setup with Debian 10
Additional Instructions: Lets Encrypt, fail2ban
To ensure that the server cannot be attacked through the HTTPOXY vulnerability, we will disable the HTTP_PROXY header in apache globally by adding the configuration file /etc/apache2/conf-available/httpoxy.conf.
Note: The vulnerability is named httpoxy (without ‘r’) and therefore the file where we add the config to prevent it is named httpoxy.conf and not httproxy.conf, so there is no ‘r’ missing in the filename.
nano /etc/apache2/conf-available/httpoxy.conf
Paste the following content to the file:
<IfModule mod_headers.c> RequestHeader unset Proxy early </IfModule>And enable the module by running:
a2enconf httpoxy systemctl restart apache2
11 Install Let’s Encrypt
ISPConfig 3.1 has support for the free SSL Certificate authority Let’s encrypt. The Let’s Encrypt function allows you to create free SSL certificates for your website from within ISPConfig.
Now we will add support for Let’s encrypt.
cd /usr/local/bin wget https://dl.eff.org/certbot-auto chmod a+x certbot-auto ./certbot-auto --install-only
The Markdown elements outlined in John Gruber’s design document.
Blockquotes with Multiple Paragraphs
Blockquotes can contain multiple paragraphs. Add a
>
on the blank lines between the paragraphs.> Dorothy followed her through many of the beautiful rooms in her castle. > > The Witch bade her clean the pots and kettles and sweep the floor and keep the fire fed with wood.
Links
To create a link, enclose the link text in brackets (e.g.,
[Duck Duck Go]
) and then follow it immediately with the URL in parentheses (e.g.,(https://duckduckgo.com)
).My favorite search engine is [Duck Duck Go](https://duckduckgo.com).