Apache2 + PHP5-FPM + FastCGI + APC on Debian Wheezy

Posted on November 4, 2013 at 7:53 pm

Make sure to read this post before continue:
Package ‘libapache2-mod-fastcgi’ has no installation candidate

Install all the required packages:

apt-get install apache2-mpm-worker libapache2-mod-fastcgi php5-fpm php-apc

Enable needed Apache modules:

a2enmod actions alias fastcgi rewrite

Create the file /etc/apache2/conf.d/php5-fpm with this content:

# Configure all that stuff needed for using PHP-FPM as FastCGI
 
# Set handlers for PHP files.
# application/x-httpd-php                        phtml pht php
# application/x-httpd-php3                       php3
# application/x-httpd-php4                       php4
# application/x-httpd-php5                       php
<FilesMatch ".+\.ph(p[345]?|t|tml)$">
    SetHandler application/x-httpd-php
</FilesMatch>
 
# application/x-httpd-php-source                 phps
<FilesMatch ".+\.phps$">
    SetHandler application/x-httpd-php-source
    # Deny access to raw php sources by default
    # To re-enable it's recommended to enable access to the files
    # only in specific virtual host or directory
    Order Deny,Allow
    Deny from all
</FilesMatch>
 
# Deny access to files without filename (e.g. '.php')
<FilesMatch "^\.ph(p[345]?|t|tml|ps)$">
    Order Deny,Allow
    Deny from all
</FilesMatch>
 
# Define Action and Alias needed for FastCGI external server.
Action application/x-httpd-php /fcgi-bin/php5-fpm virtual
Alias /fcgi-bin/php5-fpm /fcgi-bin-php5-fpm
<Location /fcgi-bin/php5-fpm>
  # here we prevent direct access to this Location url,
  # env=REDIRECT_STATUS will let us use this fcgi-bin url
  # only after an internal redirect (by Action upper)
  Order Deny,Allow
  Deny from All
  Allow from env=REDIRECT_STATUS
</Location>
 
FastCgiExternalServer /fcgi-bin-php5-fpm -socket /var/run/php5-fpm.sock -pass-header Authorization

The above file is the configuration file for PHP-FPM and FastCGI.

Increase PHP-FPM Idle Timeout

By default PHP-FPM sets the script execution (idle) timeout to 30 seconds.

In some cases that is not enough and can generate these kind of error messages:

[Tue Nov 05 18:32:50 2013] [error] [client XX.XX.XX.XX] FastCGI: comm with server "/fcgi-bin-php5-fpm" aborted: idle timeout (30 sec)
[Tue Nov 05 18:32:50 2013] [error] [client XX.XX.XX.XX] FastCGI: incomplete headers (0 bytes) received from server "/fcgi-bin-php5-fpm"

To increase the idle timeout edit the file /etc/apache2/conf.d/php5-fpm and change this line:

FastCgiExternalServer /fcgi-bin-php5-fpm -socket /var/run/php5-fpm.sock -pass-header Authorization

To this:

FastCgiExternalServer /fcgi-bin-php5-fpm -socket /var/run/php5-fpm.sock -idle-timeout 250 -pass-header Authorization

Note the string:

-idle-timeout 250

Tweak PHP-FPM Settings

Edit the file /etc/php5/fpm/php-fpm.conf and add:

emergency_restart_threshold = 10
emergency_restart_interval = 1m
process_control_timeout = 10s

Edit the file /etc/php5/fpm/pool.d/www.conf and add:

pm = dynamic
pm.max_children = 100
pm.start_servers = 25
pm.min_spare_servers = 25
pm.max_spare_servers = 50
pm.max_requests = 500

Reload PHP-FPM:

/etc/init.d/php5-fpm reload

Tweak Apache2 Settings

Edit the file /etc/apache2/apache2.conf:

KeepAlive On
MaxKeepAliveRequests 1000
KeepAliveTimeout 3
HostnameLookups Off

Edit the file /etc/apache2/conf.d/security:

ServerTokens Prod
ServerSignature Off
TraceEnable Off

Reload Apache2:

/etc/init.d/apache2 reload

Reboot System

It is recommended to reboot the system:

shutdown -r now

Updated on February 17, 2014 at 11:28 pm

Receive updates via email

Other Posts

Updated Posts