documentation

How to reduce PHP-FPM (php5-fpm) RAM usage by about 50%

I became aware of what an alternative configuration would do after reading an article titled A better way to run PHP-FPM. It was written about a year ago, so it’s kinda disappointing that I came across it while searching for a related topic just last night. If you run your own server and use PHP with PHP-FPM, you need to read that article.

After I read it, I changed the pm options in the pool configuration file to these:

Updated pool PHP-FPM values

Shell

1

2

3

4

; Choose how the process manager will control the number of child processes.

pm = ondemand

pm.max_children = 75

pm.process_idle_timeout = 10s

pm.max_requests = 500

The major change was setting pm = ondemand instead of pm = dynamic. And the impact on resource usage was drastic. Here, for example, is the output of

Related Post:  Eyes in the Sky: The Rise of Gorgon Stare and How It Will Watch Us All

free –mt after reloading php5-fpm:

Output of `free -mt`

Shell

1

2

3

4

              total       used       free     shared    buffers     cached

Mem:           490        196        293         28          9         70

–/+ buffers/cache:        116        373

Swap:         2047        452       1595

Total:        2538        649       1888

Compared to the output before, that’s more than a 50% drop in RAM usage. And the reason became obvious when I viewed top again:

Output of `top`

Shell

1

2

3

4

2778 mysql     20   1359152  56708   3384 S  0.0 11.3   2:11.06 mysqld

26896 root      20     373828  19000  13532 S  0.0  3.8   :02.42 php5–fpm                             25818 root      20      64208   4148   1492 S  0.0  0.8   :01.88 php5–fpm

25818 root      20      64208   4148   1492 S  0.0  0.8   :01.88 php5–fpm

17385 root      20      64208   4068   1416 S  0.0  0.8   :02.23 php5–fpm                              1465 ossec     20      15592   2960    480 S  0.0  0.6   :08.60 ossec–analysisd

1500 root      20       6312   2072    328 S  0.0  0.4   :45.55 ossec–syscheckd                          1 root      20      33444   1940    812 S  0.0  0.4   :03.29 init

Did you notice that there are no child processes? What happened to them? That’s what setting pm = ondemand does. A child process is spawned only when needed. After it’s done its job, it remains idle for 10 seconds (pm.process_idle_timeout = 10s) and then dies.

So what I have is a simple modification to the default PHP-FPM settings that saved me more than 50% of RAM. Sure, the server hasn’t come under heavy traffic, but I think it can withstand a reasonably heavy traffic, considering that it only has 512 MB of RAM. And with Nginx microcaching configured, I think it will do very well. There are other aspects of PHP-FPM and Percona MySQL that I’ve not optimized yet, so stay tuned. This was just to pass on a little tip that I found useful.

How to Install Apache with PHP-FPM on Debian 10

PHP Installation

For the PHP installation we recommend to use Ondřej Surý‘s PPA, which provides latest PHP versions for Debian systems. Add this PPA to your Debian system using the following commands:
wget -q https://packages.sury.org/php/apt.gpg -O- | sudo apt-key add -
sudo echo "deb https://packages.sury.org/php/ buster main" | tee /etc/apt/sources.list.d/php.list
After that, install the required PHP version. You can simply execute the following commands for the default PHP version installation with PHP-FPM packages.
apt update
sudo apt install php php-fpm
Note:- When you are using PHP-FPM. All the PHP modules configurations are residing under /etc/php/7.3/fpm/ directory. You can read more about enable/disable PHP modules.

After installing the above packages php7.3-fpm service will automatically be started. You can make sure by typing below command on terminal.
sudo systemctl status php7.3-fpm

● php7.3-fpm.service - The PHP 7.3 FastCGI Process Manager
   Loaded: loaded (/lib/systemd/system/php7.3-fpm.service; enabled; vendor preset: enabled)
   Active: active (running) since Tue 2019-12-03 10:01:54 UTC; 24min ago
     Docs: man:php-fpm7.3(8)
 Main PID: 9883 (php-fpm7.3)
   Status: "Processes active: 0, idle: 2, Requests: 3, slow: 0, Traffic: 0req/sec"
    Tasks: 3 (limit: 3587)
   Memory: 14.2M
   CGroup: /system.slice/php7.3-fpm.service
           ├─9883 php-fpm: master process (/etc/php/7.3/fpm/php-fpm.conf)
           ├─9884 php-fpm: pool www
           └─9885 php-fpm: pool www
Dec 03 10:01:54 tecadmin-debian10 systemd[1]: Starting The PHP 7.3 FastCGI Process Manager...
Dec 03 10:01:54 tecadmin-debian10 systemd[1]: Started The PHP 7.3 FastCGI Process Manager.

How To Install the Apache Web Server on Debian 10

Step 5 — Setting Up Virtual Hosts (Recommended)

When using the Apache web server, you can use virtual hosts (similar to server blocks in Nginx) to encapsulate configuration details and host more than one domain from a single server. In the following commands, replace your_domain with your own domain name. To learn more about setting up a domain name with DigitalOcean, see our Introduction to DigitalOcean DNS.

Apache on Debian 10 has one server block enabled by default that is configured to serve documents from the /var/www/html directory. While this works well for a single site, it can become unwieldy if you are hosting multiple sites. Instead of modifying /var/www/html, let’s create a directory structure within /var/www for our your_domain site, leaving /var/www/html in place as the default directory to be served if a client request doesn’t match any other sites.

Create the directory for your_domain as follows, using the -p flag to create any necessary parent directories:
sudo mkdir -p /var/www/your_domain
Next, assign ownership of the directory with the $USER environmental variable:
sudo chown -R $USER:$USER /var/www/your_domain
The permissions of your web roots should be correct if you haven’t modified your unmask value, but you can make sure by typing:
sudo chmod -R 755 /var/www/your_domain
Next, create a sample index.html page using nano or your favorite editor:
nano /var/www/your_domain/index.html
Inside, add the following sample HTML:

/var/www/your_domain/index.html
<html>
 <head>
 <title>Welcome to your_domain!</title>
 </head>
 <body>
 <h1>Success! The your_domain virtual host is working!</h1>
 </body>
</html>
Save and close the file when you are finished.

In order for Apache to serve this content, it’s necessary to create a virtual host file with the correct directives. Instead of modifying the default configuration file located at /etc/apache2/sites-available/000-default.conf directly, let’s make a new one at /etc/apache2/sites-available/your_domain.conf:
sudo nano /etc/apache2/sites-available/your_domain.conf
Paste in the following configuration block, which is similar to the default, but updated for our new directory and domain name:

/etc/apache2/sites-available/your_domain.conf
<VirtualHost *:80>
 ServerAdmin admin@your_email_domain
 ServerName your_domain
 ServerAlias www.your_domain
 DocumentRoot /var/www/your_domain
 ErrorLog ${APACHE_LOG_DIR}/error.log
 CustomLog ${APACHE_LOG_DIR}/access.log combined
</VirtualHost>
Notice that we’ve updated the DocumentRoot to our new directory and ServerAdmin to an email that the your_domain site administrator can access. We’ve also added two directives: ServerName, which establishes the base domain that should match for this virtual host definition, and ServerAlias, which defines further names that should match as if they were the base name.

Save and close the file when you are finished.

Let’s enable the file with the a2ensite tool:
sudo a2ensite your_domain.conf
Disable the default site defined in 000-default.conf:
sudo a2dissite 000-default.conf
Next, let’s test for configuration errors:
sudo apache2ctl configtest
You should see the following output:
Output
AH00558: apache2: Could not reliably determine the server's fully qualified domain name, using 127.0.1.1. Set the 'ServerName' directive globally to suppress this message
Syntax OK
Restart Apache to implement your changes:
sudo systemctl restart apache2

Initial Server Setup with Debian 10

Additional Instructions: Lets Encrypt, fail2ban

To ensure that the server cannot be attacked through the HTTPOXY vulnerability, we will disable the HTTP_PROXY header in apache globally by adding the configuration file /etc/apache2/conf-available/httpoxy.conf.

Note: The vulnerability is named httpoxy (without ‘r’) and therefore the file where we add the config to prevent it is named httpoxy.conf and not httproxy.conf, so there is no ‘r’ missing in the filename.
nano /etc/apache2/conf-available/httpoxy.conf
Paste the following content to the file:
<IfModule mod_headers.c>
 RequestHeader unset Proxy early
</IfModule>
And enable the module by running:
a2enconf httpoxy
systemctl restart apache2
11 Install Let’s Encrypt

ISPConfig 3.1 has support for the free SSL Certificate authority Let’s encrypt. The Let’s Encrypt function allows you to create free SSL certificates for your website from within ISPConfig.

Now we will add support for Let’s encrypt.
cd /usr/local/bin
wget https://dl.eff.org/certbot-auto
chmod a+x certbot-auto
./certbot-auto --install-only

The Markdown elements outlined in John Gruber’s design document.

Blockquotes with Multiple Paragraphs

Blockquotes can contain multiple paragraphs. Add a > on the blank lines between the paragraphs.
> Dorothy followed her through many of the beautiful rooms in her castle.
>
> The Witch bade her clean the pots and kettles and sweep the floor and keep the fire fed with wood.
Links
To create a link, enclose the link text in brackets (e.g., [Duck Duck Go]) and then follow it immediately with the URL in parentheses (e.g., (https://duckduckgo.com)).
My favorite search engine is [Duck Duck Go](https://duckduckgo.com).