APACHE PHP-FPM MOD_FASTCGI

Here is a guide to install Apache with PHP-FPM(PHP-FastCGI Process Manager) and mod_fastcgi

PHP-FPM is an alternative implementation of PHP-FastCGI. In PHP-FPM the PHP process runs as a standalone without the need of web server. It listens for incoming requests on either a TCP or a Unix socket. The web server we use(apache in our case) send requests and connect to PHP processes using FastCGI protocol. As PHP-FPM has its own service and runs standalone it resolves the problem with mod_php like destroying PHP instances with every request. This provides us better performance in PHP-FPM.

We have made steps for CentOS 6.X server but it should work in RHEL.

#yum install php-fpm
# chkconfig –levels 235 php-fpm on

Configure the PHP-FPM pool in /etc/php-fpm.d/www.conf to use sockets and enable some status

Comment the line with TCP socket and enable unix socket like below.

;listen = 127.0.0.1:9000
listen = /var/run/php5-fpm.sock
pm.status_path = /status
ping.path = /ping

#/etc/init.d/php-fpm start

We can configure Apache with two modules mod_fastcgi and mod_fcgid. mod_fcgid passes just one request to fcgi server but fastcgi can do several requests. It would be good to use mod_fastcgi with apache for better performance.

mod_fastcgi will not be in default CentOS repo, so please install rpmforge repo.
# wget http://pkgs.repoforge.org/rpmforge-release/rpmforge-release-0.5.3-1.el6.rf.x86_64.rpm
# rpm -ivh rpmforge-release-0.5.3-1.el6.rf.x86_64.rpm

Install yum priorities

# yum install yum-priorities
# vi /etc/yum.repos.d/epel.repo

[epel]
…………….
there will be lines like gpgcheck, repo urls etc. just add the priority=10 below gpgcheck
…………….
priority=10

Install fastcgi
#yum install mod_fastcgi

In order to configure mod_fastcgi we have to disable php first, if its enabled. Please check for php.conf file in /etc/httpd/conf.d/php.conf and move it as php.conf.bak or whatever you like.

Create a directory like below so that apache can route requests through,
#mkdir /usr/lib/cgi-bin/

Open the file "/etc/httpd/conf.d/mod_fastcgi.conf or fastcgi.conf" using your fav editor.
#vi /etc/httpd/conf.d/fastcgi.conf

Paste the below lines in the end of the file.

LoadModule fastcgi_module modules/mod_fastcgi.so
<IfModule mod_fastcgi.c>
DirectoryIndex index.php index.html index.shtml index.cgi
AddHandler php5-fcgi .php
Action php5-fcgi /php5-fcgi
Alias /php5-fcgi /usr/lib/cgi-bin/php5-fcgi
FastCgiExternalServer /usr/lib/cgi-bin/php5-fcgi -socket /var/run/php5-fpm.sock -pass-header
Authorization
# For monitoring status with e.g. Munin
<LocationMatch "/(ping|status)">
SetHandler php5-fcgi-virt
Action php5-fcgi-virt /php5-fcgi virtual
</LocationMatch>
</IfModule>

#/etc/init.d/httpd restart

If this is done and all services started correctly, then apache should serve php pages. But the thing is if you have more than one websites, all of them runs under the same ‘apache’ user and you will have to provide full permissions or assign apache ownership though you have the websites files under different
users.

Here are the steps to make php and apache runs as separate users. We are going to create separate php-fpm pools with different unix sockets and Action, Alias in fastcgi configuration.

For ex:
leo.testingphpfpm.com

We have this website created and doc root is under /home/testphpfpm/html.

Creating a separate php-fpm pool,
#cd /etc/php-fpm.d/
#cp www.conf testingphpfpm.conf

open the testingphpfpm.conf and do some changes,
#vi testingphpfpm.conf
;listen = 127.0.0.1:9000 >>> comment this
listen = /var/run/php5-fpm-testingphpfpm.sock
listen.owner = testphpfpm
listen.group = testphpfpm
user = testphpfpm
group = testphpfpm

leave the rest as it is.

Open the Virtual host file you have created for the website ‘webair.testingphpfpm.com’ and modify the "Action, Alias, FastCgiExternalServer, fpmsocket’.

#vi /etc/httpd/conf.d/virtualhost/webair.testingphpfpm.com.conf
<Virtualhost x.x.x.x:80>
ServerName leo.testingphpfpm.com
ServerAlias www.leo.testingphpfpm.com
DocumentRoot /home2/testphpfpm/public_html
ErrorLog logs/leo.testingphpfpm.com-error.log
CustomLog logs/leo.testingphpfpm.com-acess.log common
<IfModule mod_fastcgi.c>
Action php5-fcgi /php5-testphpfpm-fcgi virtual
Alias /php5-testphpfpm-fcgi /usr/lib/cgi-bin/php5-testphpfpm-fcgi
FastCgiExternalServer /usr/lib/cgi-bin/php5-testphpfpm-fcgi -socket
/var/run/php5-fpm-testingphpfpm.sock -pass-header Authorization
</IfModule>
</VirtualHost>

Now the website ‘leo.testingphpfpm.com’ runs as the user ‘testphpfpm’ and php files are processed by that user as well. Likewise, we can create separate userr and pools according to that.

Make a test php page with the below coding and you will see the username while accessing it in browser.

<?php system(‘whoami’); phpinfo(); ?>