php-fpm配置

主配置文件：/usr/local/php-fpm/etc/php-fpm.conf #include=/usr/local/php-fpm/etc/php-fpm.d/*.conf

實際生效子配置文件：/usr/local/php-fpm/etc/php-fpm.d/www.conf

user = php-fpm
 group = php-fpm
 listen.group = php-fpm
 listen.owner = php-fpm
 listen.allowed_clients = 127.0.0.1

定義容許訪問的客戶端，通常狀況保持默認pool 名字：[www] 能夠自定義，啓動後，ps aux |grep php-fpm 看最右側，就是pool的名字

[root@feature1 etc]#  ps aux |grep php-fpm
root       7286  0.0  0.3 230484  6444 ?        Ss   09:22   0:01 php-fpm: master process (/usr/local/php-fpm/etc/php-fpm.conf)
php-fpm    7287  0.0  0.4 230920  9276 ?        S    09:22   0:00 php-fpm: pool bbs
php-fpm    7288  0.0  0.4 230920  9216 ?        S    09:22   0:00 php-fpm: pool bbs
php-fpm    7289  0.0  1.1 315020 22780 ?        S    09:22   0:00 php-fpm: pool blog
php-fpm    7290  0.0  0.3 230476  6364 ?        S    09:22   0:00 php-fpm: pool blog
root       7382  0.0  0.0 112724   984 pts/1    S+   10:10   0:00 grep --color=auto php-fpm

listen 指定監聽的IP:port或者socket地址。這個地址須要和nginx配置文件裏面的fastcgi_pass所配置的地址一致，不然就會502錯誤。若是監聽的是socket文件，nginx配置文件修改爲（fastcgi_pass unix:/tmp/www.socket;）而且要保證nginx服務用戶（nginx）對該socket文件有讀寫權限，不然也會報502錯誤。修改完監聽權限須要重啓php-fpm服務，從新生成socket文件。

listen = 127.0.0.1:9000
listen = /tmp/www.socket
listen.mode 指定socket文件的權限
listen.mode = 0660 #通常修改爲0666
pm = dynamic #動態模式
pm.max_children = 5 #最大進程數
pm.start_servers = 2 #啓動幾個子進程
pm.min_spare_servers = 1 #空閒時，最少不能少於幾個子進程
pm.max_spare_servers = 3 #空閒時，最多不能多於幾個子進程
pm.max_requests = 500 #單個子進程最多處理多少個請求
php_flag[display_errors] = off

生產環境通常保持off，排錯調試可臨時打開，錯誤信息會顯示在網頁上 php_admin_value[error_log] = /var/log/fpm-php.www.log php_admin_flag[log_errors] = on php_admin_value[error_reporting] = E_ALL #錯誤日誌級別 [root@linux2019 conf.d]# /usr/local/php-fpm/sbin/php-fpm -t #檢查配置是否正確 [root@linux2019 conf.d]# /etc/init.d/php-fpm reload #重載配置文件 1 2 查看php.ini文件路徑（phpinfo）

#php -i 執行該命令會調用phpinfo（）函數

[root@feature1 etc]# /usr/local/php-fpm/bin/php -i |head
phpinfo()

PHP Version => 7.3.1

System => Linux linux2019 3.10.0-957.1.3.el7.x86_64 #1 SMP Thu Nov 29 14:49:43 UTC 2018 x86_64
Build Date => Jan 23 2019 11:05:01
Configure Command =>  './configure'  '--prefix=/usr/local/php-fpm' '--with-config-file-path=/usr/local/php-fpm/etc' '--enable-fpm' '--with-fpm-user=php-fpm' '--with-fpm-group=php-fpm' '--with-mysql=/usr/local/mysql5.6' '--with-mysqli=/usr/local/mysql5.6/bin/mysql_config' '--with-pdo-mysql=/usr/local/mysql5.6' '--with-mysql-sock=/tmp/mysql.sock' '--with-libxml-dir' '--with-gd' '--with-jpeg-dir' '--with-png-dir' '--with-freetype-dir' '--with-iconv-dir' '--with-zlib-dir' '--with-mcrypt' '--enable-soap' '--enable-gd-native-ttf' '--enable-ftp' '--enable-mbstring' '--enable-exif' '--with-pear' '--with-curl' '--with-openssl'
Server API => Command Line Interface
Virtual Directory Support => disabled
Configuration File (php.ini) Path => /usr/local/php-fpm/etc
Loaded Configuration File => /usr/local/php-fpm/etc/php.ini

[root@feature1 bbs.feature.com]# vim phpinfo.php
<?php
phpinfo()
?>

[root@feature1 bbs.feature.com]# chmod 777 phpinfo.php

[root@feature1 bbs.feature.com]#  curl -k https://bbs.feature.com/phpinfo.php   
#查看php基本配置信息
[root@feature1 etc]# vi /usr/local/php-fpm/etc/php.ini 
#關閉phpinfo函數功能
disable_functions = phpinfo

[root@feature1 etc]# curl -k -H "host:bbs.feature.com" https://127.0.0.1/phpinfo.php -I

#可是通常狀況下不建議開啓phpinfo函數功能，且不建議在根目錄建立此文件，存在安全隱患！

配置slow日誌

在排查網頁加載緩慢的狀況，能夠經過slowlog日誌查看、優化

slowlog = /var/log/www.log.slow
request_slowlog_timeout = 1 
#腳本執行超時時間，執行超時的文件詳情將被記入在日誌中
配置open_basedir

定義php服務可以活動的目錄範圍

vi /usr/local/php-fpm/etc/php.ini open_basedir = /data/wwwroot/bbs.aibenwoniu.xyz:/tmp #目錄之間以：分割，/tmp目錄通常會成一切臨時文件，如日誌文件、socket之類的 存在問題：若是bbs網站安全泄露，存在同一個路徑的blog網站也存在泄露的風險 解決方案：爲blog網站新建一個blog.conf文件，用不一樣的pool控制管理，注意新建的pool中listen參數要區分開（端口或者socket）

[root@feature1 php-fpm.d]# vim blog.conf
 
[blog]
user = php-fpm
group = php-fpm
listen = /tmp/blog.socket
listen.mode = 0666
pm = dynamic
pm.max_children = 5
pm.start_servers = 2
pm.min_spare_servers = 1
pm.max_spare_servers = 3
slowlog = /var/log/$pool.log.slow
request_slowlog_timeout = 1
php_flag[display_errors] = off
php_admin_value[error_log] = /var/log/fpm-php.blog.log
php_admin_flag[log_errors] = on
php_admin_value[error_reporting] = E_ALL
php_admin_value[open_basedir] = /data/wwwroot/blog.feature.com:/tmp

[root@feature1 php-fpm.d] grep -v ^\; bbs.conf |grep -v ^$
[bbs]
user = php-fpm
group = php-fpm
listen = 127.0.0.1:9000
listen.mode = 0660
pm = dynamic
pm.max_children = 5
pm.start_servers = 2
pm.min_spare_servers = 1
pm.max_spare_servers = 3
slowlog = /var/log/$pool.log.slow
request_slowlog_timeout = 1
php_flag[display_errors] = off
php_admin_value[error_log] = /var/log/fpm-php.bbs.log
php_admin_flag[log_errors] = on
php_admin_value[error_reporting] = E_ALL
php_admin_value[open_basedir] = /data/wwwroot/bbs.feature.com:/tmp

• 備註:php-fpm配置文件中兩類參數格式

php_flag #on/off
php_admin_value 
#配置具體參數
！