Nginx and PHP-FPM Configuration and Optimizing Tips and Tricks

nginx-logoI wrote before a guide Howto install Nginx/PHP-FPM on Fedora 20/19, CentOS/RHEL 6.5/5.10, but this guide is just installation guide and many cases Nginx and PHP-FPM basic configuration is good enough, but if you want to squeeze all the juice out of your VPS or web server / servers and do your maintenance work little bit easier, then this guide might be useful. These tips are based entirely on my own experience, so they may not be an absolute truth, and in some situations, a completely different configuration may work better. It’s also good to remember leave resources for another services also if you run example, MySQL, PostgreSQL, MongoDB, Mail server, Name server and/or SSH server on same machine.

And yes here we go…

Nginx Configuration and Optimizing Tips and Tricks

Nginx Tip 1. – Organize Nginx Configuration Files

Normally Nginx configuration files are located under /etc/nginx path.
One good way to organize configuration files is use Debian/Ubuntu Apache style setup:

Virtualhost files have 2 paths, because sites-available directory can contain any stuff, like test configs, just copied/created configs, old configs and so on. And sites-enabled contains only really enabled configurations, actually just only symbolic links to sites-available directory.

Remember add following includes at the end of your nginx.conf file:

Nginx Tip 2. – Determine Nginx worker_processes and worker_connections

Default setup is okay for worker_processes and worker_connections, but these values could be little bit optimized:
max_clients = worker_processes * worker_connections

Just Nginx basic setup can handle hundreds of concurrent connection:

Normally 1000 concurrent connection / per one server is good, but sometimes other parts like disks on server might be slow, and it causes that the Nginx is locked on I/O operations. To avoid locking use example following setup: one worker_precess / per processor core, like:
Worker Processes

To check how many processor cores do you have, run following command:

So here is 4 cores and worker_processes final setup could be following:

Worker Connections
Personally I stick with 1024 worker connections, because I don’t have any reason to raise this value. But if example 4096 connections per second is not enough then it’s possible to try to double this and set 2048 connections per process.

worker_processes final setup could be following:

I have seen some configurations where server admins are used too much Apache and think if I set Nginx worker_processes to 50 and worker_connections to 20000 then my server could handle all traffic once what we get monthly…but yes it’s not true. It’s just wasting of resources and might cause some serious problems…

Nginx Tip 3. – Hide Nginx Server Tokens / Hide Nginx version number

This is good for security reasons hide server tokens / hide Nginx version number, especially, if run some outdated version of Nginx. This is very easy to do just set server_tokens off under http/server/location section, like:

Nginx Tip 4. – Nginx Request / Upload Max Body Size (client_max_body_size)

If you want to allow users upload something or upload personally something over the HTTP then you should maybe increase post size. It can be done with client_max_body_size value which goes under http/server/location section. On default it’s 1 Mb, but it can be set example to 20 Mb and also increase buffer size with following configuration:

If you get following error, then you know that client_max_body_size is too low:
“Request Entity Too Large” (413)

Nginx Tip 5. – Nginx Cache Control for Static Files (Browser Cache Control Directives)

Browser caching is import if you want save resources and bandwith. It’s easy setup with Nginx, following is very basic setup where logging (access log and not found log) is turned off and expires headers are set to 360 days.

If you want more complicated headers or some other expiration by filetypes then you could configure those separately.

Nginx Tip 6. – Nginx Pass PHP requests to PHP-FPM

Here you could use default tpc/ip stack or use directly Unix socket connection. You have to also setup PHP-FPM listen exactly same ip:port or unix socket (with Unix socket also socket permission have to be right). Default setup is use ip:port (127.0.0.1:9000) you could of course change ips and ports what PHP-FPM listens. Here is very basic configuration with Unix socket example commented out:

It’s also possible to run PHP-FPM another server and Nginx another.

Nginx Tip 7. – Prevent (deny) Access to Hidden Files with Nginx

It’s very common that server root or other public directories have hidden files, which starts with dot (.) and normally those is not intended to site users. Public directories can contain version control files and directories, like .svn, some IDE properties files and .htaccess files. Following deny access and turn off logging for all hidden files.

PHP-FPM Configuration Tips and Tricks

PHP-FPM Tip 1. – PHP-FPM Configuration files

Normally PHP-FPM configuration files are located on /etc/php-fpm.conf file and /etc/php-fpm.d path. This is normally excellent start and all pool configs goes to /etc/php-fpm.d directory. You need to add following include line on your php-fpm.conf file:

PHP-FPM Tip 2. – PHP-FPM Global Configuration Tweaks

Set up emergency_restart_threshold, emergency_restart_interval and process_control_timeout. Default values for these options are totally off, but I think it’s better use these options example like following:

What this mean? So if 10 PHP-FPM child processes exit with SIGSEGV or SIGBUS within 1 minute then PHP-FPM restart automatically. This configuration also sets 10 seconds time limit for child processes to wait for a reaction on signals from master.

PHP-FPM Tip 3. – PHP-FPM Pools Configuration

With PHP-FPM it’s possible to use different pools for different sites and allocate resources very accurately and even use different users and groups for every pool. Following is just example configuration files structure for PHP-FPM pools for three different sites (or actually three different part of same site):

Just example configurations for every pool:
/etc/php-fpm.d/site.conf

/etc/php-fpm.d/blog.conf

/etc/php-fpm.d/forums.conf

So this is just example howto configure multiple different size pools.

PHP-FPM Tip 4. – PHP-FPM Pool Process Manager (pm) Configuration

Best way to use PHP-FPM process manager is use dynamic process management, so PHP-FPM processes are started only when needed. This is almost same style setup than Nginx worker_processes and worker_connections setup. So very high values does not mean necessarily anything good. Every process eat memory and of course if site have very high traffic and server lot’s of memory then higher values are right choise, but servers, like VPS (Virtual Private Servers) memory is normally limited to 256 Mb, 512 Mb, 1024 Mb. This low RAM is enough to handle even very high traffic (even dozens of requests per second), if it’s used wisely.

It’s good to test how many PHP-FPM processes a server could handle easily, first start Nginx and PHP-FPM and load some PHP pages, preferably all of the heaviest pages. Then check memory usage per PHP-FPM process example with Linux top or htop command. Let’s assume that the server has 512 Mb memory and 220 Mb could be used for PHP-FPM, every process use 24 Mb RAM (some huge content management system with plugins can easily use 20-40 Mb / per PHP page request or even more). Then simply calculate the server max_children value:
220 / 24 = 9.17

So good pm.max_children value is 9. This is based just quick average and later this could be something else when you see longer time memory usage / per process. After quick testing it’s much easier to setup pm.start_servers value, pm.min_spare_servers value and pm.max_spare_servers value.

Final example configuration could be following:

Max request per process is unlimited by default, but it’s good to set some low value, like 200 and avoid some memory issues. This style setup could handle large amount of requests, even if the numbers seems to be small.

Do you have problems or some nice Nginx and PHP-FPM tips and trick?

Please feel free to post your questions and tips and tricks here.

Share this post

145 Comments

  1. Thanks for your tips… I’m a really newbie in setting up php-fpm.

    The status page was not enable, but I just enable it and can post it when I get some troubles.

    Respect the pm parameter, I think I had an error,

    My pm.max_spare_server was 50 but max_spare is 250… this was a limit when the load of the servers is near to this value and it don’t scale correctly, causing a 503 error.

    I set it up to 250 and I hope it resolve the problems.

    Thanks a lot for your tips again, I learn a lot about php-fpm set up, and I’ll post my conclusions when I can test it on a high load environment.

    Kind regards.

    Reply
  2. Hi,

    I enjoyed your post, thanks for detailed info, i am about to set up nginx+php-fpm+mysql on Intel Xeon 4 cores and 24 GB RAM, Do you thing this HW configuration will be enough to handle 2k simultaneous users ?, Using Custom Coded PHP app. What should i use for cache ? so that mysql queries will be cached too and wont cause bottleneck on mysql part. I have read about php-APC , nginx cache , memcached , memcahce, varnish. just cant figure out which one to use and optimize. Its gonna be a simple site, getting data from mysql and showing them using php… Thanks for your time.

    Reply
  3. Hey I’m newbie in using nginx. here i created some application. there are 27 client want access my application. everybody can access my web, but there is one left can’t log in into my apps. i’ve tried to remove some cache and cookies in mozila. i tried using another web browser and the result is nothing.
    the client access from different segments IP. is there anything i left in configuration nginx or php-fpm for this situation?
    here’s my config nginx in RHEL 6:

    user root;
    #worker_processes 4;
    worker_processes auto;

    error_log logs/error.log;
    error_log logs/error.log notice;
    error_log logs/error.log info;
    error_log logs/error.log warn;
    pid logs/nginx.pid;

    #events {
    # worker_connections 1024;
    #}

    events {
    use epoll;
    worker_connections 2048;
    multi_accept on;
    }

    http {
    include mime.types;
    default_type application/octet-stream;

    #log_format main ‘$remote_addr – $remote_user [$time_local] “$request” ‘
    # ‘$status $body_bytes_sent “$http_referer” ‘
    # ‘”$http_user_agent” “$http_x_forwarded_for”‘;

    #Logging
    #access_log off;
    #access_log /usr/local/nginx/logs/access.log;
    error_log /usr/local/nginx/logs/error.log;

    sendfile on;
    tcp_nopush on;
    tcp_nodelay on;
    types_hash_max_size 2048;

    #Timeouts
    keepalive_timeout 65;

    #Setting Buffer
    client_body_buffer_size 10K;
    client_header_buffer_size 1k;
    client_max_body_size 25m;
    large_client_header_buffers 2 1k;

    #Gzip Compression
    gzip on;

    server {
    listen 80;
    #listen 443;
    server_name localhost;
    root /usr/local/nginx/html/losqcodo/;
    index index.php;

    #proxy
    #proxy_hide_header Set-Cookie;
    #proxy_ignore_headers Set-Cookie;
    # important! Remember the special inheritance rules for proxy_set_header:
    # # http://nginx.org/ru/docs/http/ngx_http_proxy_module.html#proxy_set_header
    #proxy_set_header Cookie “”;

    #charset koi8-r;

    #access_log logs/host.access.log main;

    location / {
    try_files $uri $uri/ /index.php;
    #allow 192.168.100.0/24;
    #allow 192.168.0.0/24;
    satisfy any;
    #root html;
    #index index.html index.htm;
    }

    error_page 404 /404.html;

    # redirect server error pages to the static page /50x.html
    #
    error_page 500 502 503 504 /50x.html;
    location = /50x.html {
    root html;
    }

    # proxy the PHP scripts to Apache listening on 127.0.0.1:80
    #
    #location ~ \.php$ {
    # proxy_pass http://127.0.0.1;
    #}

    # pass the PHP scripts to FastCGI server listening on 127.0.0.1:9000
    #
    location ~ \.php$ {
    try_files $uri =404;
    fastcgi_split_path_info ^(.+\.php)(/.+)$;
    fastcgi_pass 127.0.0.1:9000;
    #fastcgi_pass unix:/var/run/php5-fpm.sock;
    fastcgi_index index.php;
    fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
    include fastcgi_params;
    include fastcgi.conf;
    }

    # deny access to .htaccess files, if Apache’s document root
    # concurs with nginx’s one
    #
    #location ~ /\.ht {
    # deny all;
    #}
    #include /usr/local/nginx/conf/*.conf;
    #include /usr/local/nginx/conf/sites-enabled/*;
    }

    # another virtual host using mix of IP-, name-, and port-based configuration
    #
    #server {
    # listen 8000;
    # listen somename:8080;
    # server_name somename alias another.alias;

    # location / {
    # root html;
    # index index.html index.htm;
    # }
    #}

    # HTTPS server
    #
    #server {
    # listen 443 ssl;
    # server_name localhost;

    # ssl_certificate cert.pem;
    # ssl_certificate_key cert.key;

    # ssl_session_cache shared:SSL:1m;
    # ssl_session_timeout 5m;

    # ssl_ciphers HIGH:!aNULL:!MD5;
    # ssl_prefer_server_ciphers on;

    # location / {
    # root html;
    # index index.html index.htm;
    # }
    #}

    }

    So i need some help to answer this problem please :(

    Reply
    • Hi Kahfi,

      So website works, but login not? Do you have tested your code with some other web server, like Apache is it working normally? Do you use PHP Sessions?

      Reply
  4. Do you recommend the VIRT RES or SHR column from top as the Measurement for memory usage of PHP-FPM?

    Reply
    • Hi ethan,

      Yes VIRT, RES or SHR column from top are good info when you try measure memory usage per php-fpm processes. Actually RES is an accurate representation of how much actual physical memory a process is consuming.

      Reply
  5. The application has running well, but there’s some problem again. Between nginx and php-fpm the connection sometimes refuse and timeout. Like occur error message in error.log :

    “upstream timed out (110: Connection timed out) while reading response header from upstream ”

    Does anybody knows how to fix this problem ? :)

    Reply
  6. Thanks for Sharing such a detailed explanations. For me Nginx + Apache has worked very well. I stored cache on tmps and it works well too.

    Reply
    • You didn’t have to do that. You can eliminate Nginx and turn on Apache’s mod_cache. Or get rid of Apache and just use Nginx. There is no performance benefit in storing the cache on tmpfs. The Linux virtual memory system is smart enough to grab frequently requested files from the disk cache and store them in the VM’s page cache.

      Reply
      • Sample httpd.conf (mod_cache):

        ..
        LoadModule cache_module modules/mod_cache.so
        LoadModule cache_disk_module modules/mod_cache_disk.so

        Sample mod_cache.conf:

        CacheDefaultExpire 60
        CacheEnable disk /
        CacheDirLevels 2
        CacheDirLength 1
        CacheIgnoreHeaders Set-Cookie
        CacheLock On
        CacheLockMaxAge 5
        CacheLockPath /tmp/mod_cache-lock
        CacheRoot “/var/cache/apache2/”

        Reply
  7. Thanks for your helpfull article, you said ‘Every process eat memory and of course if site have very high traffic and server lot’s of memory then higher values are right choise’, my server has 40GB memory, so I can set the pm.max_children=512? is it too large? my site every minute PV is 30,000, the max PV is 42,000, what is the best value to set? and value for pm.max_requests?
    the current configuration for my site:
    pm = static
    pm.max_children = 256
    pm.max_requests = 1024

    Reply
  8. My VPS eating almost all of my RAM, alway ~930/991 Mb
    SWP: 255/255
    CPU: ~1,2%
    http://imgur.com/oBNNivE
    please hellp me

    Reply
    • Hi edward,

      Could you tell little bit more about this.

      What you have running, some heavy app?
      PHP version?
      Nginx and PHP-FPM configs?
      And do you have problems with it?

      ~90 % memory usage is normal on Linux (when you have limited amount of ram), but if it cause problems, then you have to optimize your configs/processes or get more ram, cpu etc.

      Reply
    • “My god, man!” – Dr. Leonard “Bones” McCoy

      —–

      You don’t need all of those php-fpm and mysql processes.

      Two php-fpm processes per cpu is more than enough.

      Example php-fpm.conf (2 CPU):

      [global]
      error_log = /var/log/php-fpm.log
      emergency_restart_threshold = 10
      emergency_restart_interval = 1m
      process_control_timeout = 10s

      [www]
      catch_workers_output = yes
      listen = /var/run/php-fpm/php-fpm.sock
      listen.backlog = 65536
      listen.owner = apache
      listen.group = apache
      user = apache
      group = apache
      pm = static
      pm.max_children = 4
      pm.start_servers = 4
      pm.max_requests = 1024

      Configure mysql to use unix sockets and bring those connections down.

      At the mysql prompt, enter the following when you’re server is at it’s heaviest usage:

      “show status like ‘%max_used%’;”

      Example my.cnf:
      [mysqld]

      max-connections = 24 # Adjust until you no longer get “‘too many connections”. Be sure to leave a small buffer above %max_used%.

      socket = /var/run/mysqld/mysqld.sock

      Reply
      • Sorry. Auto-suggest sometimes sucks.

        Your instead of you’re.

        Reply
  9. I am using VPS 512MB and articles help me get better performance with Nginx & PHP-FPM
    Thank you!

    Reply
  10. Recently I find my application’s front server with too many TCP connections over 50000!!!!

    ~% uptime
    17:02:04 up 246 days, 23:04, 1 user, load average: 3.44, 1.73, 0.97

    ~% netstat -an | wc -l
    57118

    The service has one front-load-balancer with 3 front servers.
    Each of the 3 front servers with [4vCPU(3GHz)/4GB.

    The sysctl.conf file is as follow:

    net.ipv4.tcp_tw_recycle = 0
    net.ipv4.tcp_tw_reuse = 1
    net.ipv4.tcp_fin_timeout = 5

    Some blogs tell that “tcp_tw_recycle can not be active because of using the load-balancer”.
    And the top commend are with full screen php-fpm COMMEND,
    Does the php-fpm setting results the too many tcp connections ?
    ~% top
    PID USER PR NI VIRT RES SHR S %CPU %MEM TIME+ COMMAND
    23799 nginx 20 0 489m 17m 8088 S 5.3 0.5 0:45.52 php-fpm (90% are like this line….)

    My php-fpm configuration is as bellow:
    pm = static
    pm.max_children = 380
    pm.start_servers = 250
    pm.min_spare_servers = 250
    pm.max_spare_servers = 300
    pm.max_requests = 8000

    Can somebody give me some advice.
    I am freshman in this,…..
    Thanks !

    Reply
    • Qiang, do you really need all of those processes? That’s entirely too much. If you have Skype or another form of instant messaging, post it here so that I may contact you to see exactly what is going on.

      Reply
      • Hi Mxyzptlk!
        Thanks for your reply.

        I am really confused about the so many TCP connections….
        If you would like to help me, that help me a lot.
        My skype ID is dq881015

        Thanks!

        Qiang.

        Reply
  11. Hi, thank yuo for a good article!
    But there is a couple of things i can’t realize. The first thing is nginx connections+fpm total connecntions: as i understand you have 4 worker_processes and 1024 connections per one process = 4096 connections to nginx total/sec. If you set pm.max_children = 10 and pm.max_requests = 400 (10*400=4000) only for forum, how nginx can physically accepet other connections (blog for example) to pull them to fpm? Am i right?
    And a cecond thing. How can i exactly calcalate how many memory one worker uses? Thank’s ahead.

    Reply
    • Hello Alex and you are welcome,

      Yes, nginx can accept 4096 connections at same time with that configuration, but if you really want to process/generate 4000 php page at same time, then you will need pm.max_children = 4000 and yes you will need extreme powerful server (or actually powerful PHP-FPM cluster) to keep 4000 PHP-FPM processes up and running.

      From PHP documentation:

      pm.max_children int
      The number of child processes to be created when pm is set to static and the maximum number of child processes to be created when pm is set to dynamic. This option is mandatory.

      This option sets the limit on the number of simultaneous requests that will be served. Equivalent to the ApacheMaxClients directive with mpm_prefork and to the PHP_FCGI_CHILDREN environment variable in the original PHP FastCGI.

      pm.max_requests int
      The number of requests each child process should execute before respawning. This can be useful to work around memory leaks in 3rd party libraries. For endless request processing specify ‘0’. Equivalent to PHP_FCGI_MAX_REQUESTS. Default value: 0.

      So let’s think again that example, what this really mean.

      – Nginx with 4 worker_processes and 1024 connections per one process = 4096. Correct.
      – PHP-FPM with pm.max_children = 10 and pm.max_requests = 400 (10*400=4000). Wrong. PHP-FPM correct value is 10, not 4000.
      This means 10 requests are served simultaneously and all other PHP requests go to queue and are served when some process is available again.

      Next think how browsers work, when they load page.

      – Browser sends page request to Nginx. (This request go to PHP-FPM or alternatively nginx could return it directly from cache without PHP-FPM).
      – Then browser could send 100 new requests to load static content, like images, javascript, css, fonts, etc. Nginx handle all these without PHP-FPM.

      So if 40 user open your site exactly same time, you might get 4000 requests to nginx, but only 40 PHP-FPM requests, which are served easily with 10 PHP-FPM processes. If you have plenty of RAM, then you could of course increase PHP-FPM processess.

      If you check PHP-FPM Tip 4. – PHP-FPM Pool Process Manager (pm) Configuration you got idea how to calculate memory usage and pm. values. Normally good point to start is open top or htop and check PHP-FPM processes RES value, which tell you how much one process really use memory. Then you need to think how much memory you really have for PHP-FPM. This is easy if you have only PHP-FPM service running on this server, but if you want also run nginx, some db, ssh, mail, etc. then you need to also check how much memory all services together are using and leave some some RAM to OS. Finally you have some amount of RAM for PHP-FPM and then you divide it for PHP-FPM processes.

      Reply
      • so basically its just able to handle 10 simultaneously requests, and after each worker/children request summed up to 400, then automatically this children will respawned?

        Reply
        • Yes, exactly.

          Reply
  12. I still confusing how to adjust min and max spare server, any hint?

    Thanks

    Reply
    • Hi Ferri,

      Could you tell a little more about your server(s) and what you are running?

      Reply
      • Hi JR,

        My VPS has spec

        Since my core was 4, then i adjust my nginx.conf like this

        and my php fpm

        I’ve check that each my php fpm procces took around 40MB, and i want to allocate about 2gb of my ram, so 2gb / 40mb == arounce 50 children..

        I just use it for hosting some of my websites, any hint?

        Thanks :)

        Reply
        • Hi Ferri,

          For me this looks good. You can increase pm.max_requests or setup it to default 0 (zero), if you run good bug free code. pm.max_requests is useful work around memory leaks in 3rd party libraries.

          You can fine tune your config later, but this is very good starting point based on your VPS and php-fpm process memory usage.

          I assume that this pm = dinamyc is just typo and your real config have pm = dynamic.

          Reply

Submit a Comment

Your email address will not be published. Required fields are marked *