>>
The Complete NGINX on Ubuntu Series: Part 4B – PHP-FPM Optimization and Performance Tuning
PHP Tutorial Web Server NGINX Ubuntu

The Complete NGINX on Ubuntu Series: Part 4B – PHP-FPM Optimization and Performance Tuning

This entry is part 5 of 5 in the series The Complete NGINX on Ubuntu Series

Welcome to Part 4B of our NGINX on Ubuntu series! Building on Part 4A’s basic PHP-FPM setup, we’ll now optimize performance, configure process pools, and implement advanced features for production environments.

PHP-FPM Process Pool Architecture

Understanding PHP-FPM’s process management is crucial for optimization. PHP-FPM uses a master process that manages worker pools to handle requests efficiently.

graph TD
    A[PHP-FPM Master Process] --> B[Process Pool Management]
    B --> C[Worker Process 1]
    B --> D[Worker Process 2]
    B --> E[Worker Process N]
    
    F[Pool Settings] --> G[pm = dynamic]
    G --> H[pm.max_children = 50]
    G --> I[pm.start_servers = 5]
    G --> J[pm.min_spare_servers = 5]
    G --> K[pm.max_spare_servers = 35]
    
    L[Performance Factors] --> M[Memory Usage]
    L --> N[CPU Cores]
    L --> O[Request Load]
    L --> P[Response Time]
    
    style A fill:#e1f5fe
    style F fill:#e8f5e8
    style L fill:#fff3e0

Optimizing PHP-FPM Pool Configuration

# Backup original configuration
sudo cp /etc/php/8.3/fpm/pool.d/www.conf /etc/php/8.3/fpm/pool.d/www.conf.backup

# Edit pool configuration
sudo nano /etc/php/8.3/fpm/pool.d/www.conf

Process Manager Settings

# Process manager type (dynamic, static, ondemand)
pm = dynamic

# Maximum number of child processes
pm.max_children = 50

# Number of child processes created on startup
pm.start_servers = 5

# Minimum number of spare servers
pm.min_spare_servers = 5

# Maximum number of spare servers
pm.max_spare_servers = 35

# Number of requests each child should execute before respawning
pm.max_requests = 1000

# Timeout for serving a single request
request_terminate_timeout = 300

# Security settings
listen.owner = www-data
listen.group = www-data
listen.mode = 0660

Calculate Optimal Settings

# Check available memory
free -h

# Check CPU cores
nproc

# Calculate memory per PHP process (average 25-50MB per process)
# Example: 4GB RAM = 4000MB
# Max children = 4000MB / 40MB = 100 processes
# But leave memory for OS and other services, so use 50-70

# Monitor current PHP memory usage
ps aux | grep php-fpm | awk '{sum+=$6} END {print "Total Memory: " sum/1024 " MB"}'

PHP Configuration Optimization

# Edit PHP configuration
sudo nano /etc/php/8.3/fpm/php.ini

Memory and Performance Settings

# Memory limits
memory_limit = 256M
max_execution_time = 300
max_input_time = 300
max_input_vars = 3000

# File upload settings
upload_max_filesize = 64M
post_max_size = 64M
max_file_uploads = 20

# Session settings
session.save_handler = files
session.save_path = "/var/lib/php/sessions"
session.gc_maxlifetime = 1440
session.gc_probability = 1
session.gc_divisor = 1000

# Output buffering
output_buffering = 4096
zlib.output_compression = On

# Error handling (production settings)
display_errors = Off
display_startup_errors = Off
log_errors = On
error_log = /var/log/php/error.log
error_reporting = E_ALL & ~E_DEPRECATED & ~E_STRICT

Installing and Configuring OPcache

OPcache stores precompiled PHP bytecode in memory, significantly improving performance.

# OPcache should already be installed, but verify
php -m | grep -i opcache

# Configure OPcache in php.ini
sudo nano /etc/php/8.3/fpm/php.ini

OPcache Configuration

# Enable OPcache
opcache.enable = 1
opcache.enable_cli = 1

# Memory settings
opcache.memory_consumption = 256
opcache.interned_strings_buffer = 16
opcache.max_accelerated_files = 10000

# Validation settings
opcache.revalidate_freq = 2
opcache.validate_timestamps = 1
opcache.fast_shutdown = 1

# Advanced settings
opcache.save_comments = 1
opcache.enable_file_override = 0
opcache.optimization_level = 0x7FFFBFFF

# For production, consider:
# opcache.validate_timestamps = 0 (better performance, manual cache clearing needed)

Creating Multiple PHP-FPM Pools

For better resource isolation, create separate pools for different applications.

# Create a custom pool for high-traffic application
sudo nano /etc/php/8.3/fpm/pool.d/hightraffic.conf
[hightraffic]
user = www-data
group = www-data

# Use a different socket
listen = /var/run/php/php8.3-fpm-hightraffic.sock
listen.owner = www-data
listen.group = www-data
listen.mode = 0660

# More aggressive settings for high traffic
pm = static
pm.max_children = 30
pm.max_requests = 500

# Resource limits
php_admin_value[memory_limit] = 512M
php_admin_value[max_execution_time] = 60

# Custom error log
php_admin_value[error_log] = /var/log/php/hightraffic-error.log
# Create a pool for development/testing
sudo nano /etc/php/8.3/fpm/pool.d/development.conf
[development]
user = www-data
group = www-data

listen = /var/run/php/php8.3-fpm-dev.sock
listen.owner = www-data
listen.group = www-data
listen.mode = 0660

# Conservative settings for development
pm = ondemand
pm.max_children = 10
pm.process_idle_timeout = 60s
pm.max_requests = 100

# Development-friendly settings
php_admin_value[display_errors] = On
php_admin_value[error_reporting] = E_ALL
php_admin_value[memory_limit] = 128M

Advanced NGINX Configuration for PHP

# Update virtual host to use custom pools
sudo nano /etc/nginx/sites-available/phpapp.example.com
server {
    listen 80;
    server_name phpapp.example.com;
    root /var/www/phpapp/public_html;
    index index.php index.html;
    
    # Main location
    location / {
        try_files $uri $uri/ /index.php?$query_string;
    }
    
    # PHP processing with optimizations
    location ~ \.php$ {
        try_files $uri =404;
        fastcgi_split_path_info ^(.+\.php)(/.+)$;
        
        # Use default pool
        fastcgi_pass unix:/var/run/php/php8.3-fpm.sock;
        
        # FastCGI optimizations
        fastcgi_index index.php;
        fastcgi_buffer_size 128k;
        fastcgi_buffers 256 16k;
        fastcgi_busy_buffers_size 256k;
        fastcgi_temp_file_write_size 256k;
        fastcgi_read_timeout 300;
        fastcgi_connect_timeout 300;
        fastcgi_send_timeout 300;
        
        # Include FastCGI params
        include fastcgi_params;
        fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
        fastcgi_param PATH_INFO $fastcgi_path_info;
        
        # Additional parameters
        fastcgi_param SERVER_NAME $server_name;
        fastcgi_param HTTPS off;
    }
    
    # High-traffic PHP files use dedicated pool
    location ~ ^/(api|admin)/.+\.php$ {
        try_files $uri =404;
        fastcgi_pass unix:/var/run/php/php8.3-fpm-hightraffic.sock;
        fastcgi_index index.php;
        include fastcgi_params;
        fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
    }
    
    # Static file optimizations
    location ~* \.(css|js|png|jpg|jpeg|gif|ico|svg|woff|woff2)$ {
        expires 1y;
        add_header Cache-Control "public, immutable";
        access_log off;
        
        # Enable compression
        gzip on;
        gzip_vary on;
        gzip_types
            text/css
            text/javascript
            application/javascript;
    }
}

Performance Monitoring and Testing

flowchart TD
  A["Performance Monitoring"] --> B["Process Monitoring"]
  A --> C["Memory Usage"]
  A --> D["Response Times"]
  A --> E["Error Rates"]

  B --> F["ps aux | grep php-fpm"]
  C --> G["free -h"]
  D --> H["curl response times"]
  E --> I["error log analysis"]

  J["Optimization Results"] --> K["Faster Response"]
  J --> L["Better Resource Usage"]
  J --> M["Higher Concurrency"]

  style A fill:#e1f5fe,stroke:#0288d1,stroke-width:1px
  style J fill:#e8f5e8,stroke:#1b5e20,stroke-width:1px

Monitoring Commands

# Monitor PHP-FPM processes
sudo ps aux | grep php-fpm

# Check pool status
sudo systemctl status php8.3-fpm

# Monitor memory usage
watch -n 2 'ps aux | grep php-fpm | awk "{sum+=\$6} END {print \"Total PHP Memory: \" sum/1024 \" MB\"}"'

# Test response times
time curl -s http://phpapp.example.com/ > /dev/null

# Monitor error logs
sudo tail -f /var/log/php/error.log

# Check OPcache status (create a monitoring script)
sudo nano /var/www/phpapp/public_html/opcache-status.php
<?php
// OPcache Status Monitor
if (function_exists('opcache_get_status')) {
    $status = opcache_get_status();
    $config = opcache_get_configuration();
    
    echo "<h2>OPcache Status</h2>";
    echo "<p><strong>Enabled:</strong> " . ($status['opcache_enabled'] ? 'Yes' : 'No') . "</p>";
    echo "<p><strong>Cache Full:</strong> " . ($status['cache_full'] ? 'Yes' : 'No') . "</p>";
    echo "<p><strong>Cached Files:</strong> " . $status['opcache_statistics']['num_cached_scripts'] . "</p>";
    echo "<p><strong>Hit Rate:</strong> " . round($status['opcache_statistics']['opcache_hit_rate'], 2) . "%</p>";
    echo "<p><strong>Memory Usage:</strong> " . round($status['memory_usage']['used_memory']/1024/1024, 2) . " MB</p>";
} else {
    echo "OPcache not available";
}
?>

Load Testing

# Install Apache Bench for testing
sudo apt install apache2-utils -y

# Basic load test
ab -n 1000 -c 10 http://phpapp.example.com/

# Extended load test with results
ab -n 5000 -c 50 -g results.dat http://phpapp.example.com/

# Monitor during load test (run in another terminal)
watch -n 1 'ps aux | grep php-fpm | wc -l'

Security Hardening

PHP Security Settings

# Additional security settings in php.ini
expose_php = Off
allow_url_fopen = Off
allow_url_include = Off
enable_dl = Off
file_uploads = On
max_input_nesting_level = 64

# Disable dangerous functions
disable_functions = exec,passthru,shell_exec,system,proc_open,popen,curl_exec,curl_multi_exec,parse_ini_file,show_source

File Upload Security

# Create secure upload directory
sudo mkdir -p /var/www/phpapp/uploads
sudo chown www-data:www-data /var/www/phpapp/uploads
sudo chmod 755 /var/www/phpapp/uploads

# Add upload security to NGINX
location ^~ /uploads/ {
    location ~ \.php$ { deny all; }
    location ~ \.(jpg|jpeg|png|gif|pdf|doc|docx)$ {
        # Allow only specific file types
    }
}

Restart Services and Apply Changes

# Restart PHP-FPM to apply all changes
sudo systemctl restart php8.3-fpm

# Reload NGINX
sudo systemctl reload nginx

# Verify all pools are running
sudo systemctl status php8.3-fpm

# Check socket files
ls -la /var/run/php/

# Test configuration
sudo php-fpm8.3 -t

Performance Benchmarking

# Before and after comparison
echo "Testing default configuration..."
ab -n 1000 -c 10 http://phpapp.example.com/ | grep "Requests per second"

# Create a more intensive PHP script for testing
sudo nano /var/www/phpapp/public_html/intensive.php
<?php
// Intensive PHP script for testing
$start = microtime(true);

// Simulate some work
for ($i = 0; $i < 10000; $i++) {
    $data[] = md5($i . time());
}

$end = microtime(true);
$execution_time = $end - $start;

echo "Execution time: " . round($execution_time, 4) . " seconds\n";
echo "Memory usage: " . round(memory_get_peak_usage() / 1024 / 1024, 2) . " MB\n";
echo "Process ID: " . getmypid() . "\n";
?>

What’s Next?

Congratulations! You’ve successfully optimized PHP-FPM for production use. Your setup now includes process pool optimization, OPcache acceleration, multiple pools for different workloads, and comprehensive monitoring.

Coming up in Part 5: SSL Certificates with Certbot and Let’s Encrypt

References

This is Part 4B of our 22-part NGINX series. Your PHP applications are now production-ready and optimized! Questions about PHP-FPM optimization? Share them in the comments!

Navigate<< The Complete NGINX on Ubuntu Series: Part 4A – PHP-FPM Installation and Setup
Share

Written by:

342 Posts

View All Posts
Follow Me :

Related Posts

You May Have Missed

c#
Default Code stuffs Tweaks C#

Runtime Compile C# Code

c#
Tweaks C# Code stuffs

Lets Create a Null Checking Extension on C#

c#
Tweaks C#

How to encrypt and decrypt using cryptography (AES)?

Default Tweaks

How to auto-generate unique-identifier column in Sql?