Posted on November 4, 2013 at 7:53 pm
Make sure to read this post before continue:
Package ‘libapache2-mod-fastcgi’ has no installation candidate
Install all the required packages:
apt-get install apache2-mpm-worker libapache2-mod-fastcgi php5-fpm php-apc |
Enable needed Apache modules:
a2enmod actions alias fastcgi rewrite |
Create the file /etc/apache2/conf.d/php5-fpm with this content:
# Configure all that stuff needed for using PHP-FPM as FastCGI # Set handlers for PHP files. # application/x-httpd-php phtml pht php # application/x-httpd-php3 php3 # application/x-httpd-php4 php4 # application/x-httpd-php5 php <FilesMatch ".+\.ph(p[345]?|t|tml)$"> SetHandler application/x-httpd-php </FilesMatch> # application/x-httpd-php-source phps <FilesMatch ".+\.phps$"> SetHandler application/x-httpd-php-source # Deny access to raw php sources by default # To re-enable it's recommended to enable access to the files # only in specific virtual host or directory Order Deny,Allow Deny from all </FilesMatch> # Deny access to files without filename (e.g. '.php') <FilesMatch "^\.ph(p[345]?|t|tml|ps)$"> Order Deny,Allow Deny from all </FilesMatch> # Define Action and Alias needed for FastCGI external server. Action application/x-httpd-php /fcgi-bin/php5-fpm virtual Alias /fcgi-bin/php5-fpm /fcgi-bin-php5-fpm <Location /fcgi-bin/php5-fpm> # here we prevent direct access to this Location url, # env=REDIRECT_STATUS will let us use this fcgi-bin url # only after an internal redirect (by Action upper) Order Deny,Allow Deny from All Allow from env=REDIRECT_STATUS </Location> FastCgiExternalServer /fcgi-bin-php5-fpm -socket /var/run/php5-fpm.sock -pass-header Authorization |
The above file is the configuration file for PHP-FPM and FastCGI.
Increase PHP-FPM Idle Timeout
By default PHP-FPM sets the script execution (idle) timeout to 30 seconds.
In some cases that is not enough and can generate these kind of error messages:
[Tue Nov 05 18:32:50 2013] [error] [client XX.XX.XX.XX] FastCGI: comm with server "/fcgi-bin-php5-fpm" aborted: idle timeout (30 sec) [Tue Nov 05 18:32:50 2013] [error] [client XX.XX.XX.XX] FastCGI: incomplete headers (0 bytes) received from server "/fcgi-bin-php5-fpm" |
To increase the idle timeout edit the file /etc/apache2/conf.d/php5-fpm and change this line:
FastCgiExternalServer /fcgi-bin-php5-fpm -socket /var/run/php5-fpm.sock -pass-header Authorization |
To this:
FastCgiExternalServer /fcgi-bin-php5-fpm -socket /var/run/php5-fpm.sock -idle-timeout 250 -pass-header Authorization |
Note the string:
-idle-timeout 250 |
Tweak PHP-FPM Settings
Edit the file /etc/php5/fpm/php-fpm.conf and add:
emergency_restart_threshold = 10 emergency_restart_interval = 1m process_control_timeout = 10s |
Edit the file /etc/php5/fpm/pool.d/www.conf and add:
pm = dynamic pm.max_children = 100 pm.start_servers = 25 pm.min_spare_servers = 25 pm.max_spare_servers = 50 pm.max_requests = 500 |
Reload PHP-FPM:
/etc/init.d/php5-fpm reload |
Tweak Apache2 Settings
Edit the file /etc/apache2/apache2.conf:
KeepAlive On MaxKeepAliveRequests 1000 KeepAliveTimeout 3 HostnameLookups Off |
Edit the file /etc/apache2/conf.d/security:
ServerTokens Prod ServerSignature Off TraceEnable Off |
Reload Apache2:
/etc/init.d/apache2 reload |
Reboot System
It is recommended to reboot the system:
shutdown -r now |
Updated on February 17, 2014 at 11:28 pm
Other Posts
- Route OpenVPN Connections Through Floating IP
- How to Configure a Floating IP in a VPS (Hetzner)
- Set OpenVPN to Listed on a Specific IP Address
- Bash Trim Leading and Trailing Whitespace from a String
- Bash Get Name of Ethernet Network Interface
- VPN Providers with Dedicated Static IP Address
- OpenVPN Iptables Rules
- WireGuard VPN Iptables Rules
Updated Posts
- AMD Chipsets & Graphics Card Drivers for Windows 7, 8, 10
- AMD Radeon 7400 Drivers for Windows 10
- How to pass custom command-line parameters in InnoSetup
- Add Desktop shortcut for all Windows PC users
- Programmatically create desktop icon with InnoSetup
- GeneratePress - a Lightweight WordPress Theme 2021
- InnoSetup disable DesktopIcon via command-line
- Use cURL to authenticate with JWT Bearer tokens