How to Set Up Separate PHP-FPM Pools in NGINX
Published: March 3, 2015 at 3:55:36 PM UTC
In this article, I go over the configuration steps needed to run multiple PHP-FPM pools and connect NGINX to them via FastCGI, allowing for process separation and isolation between virtual hosts.
The information in this post is based on NGINX 1.4.6 and PHP-FPM 5.5.9 running on Ubuntu Server 14.04 x64. It may or may not be valid for other versions. (Update: I can confirm that as of Ubuntu Server 24.04, PHP-FPM 8.3 and NGINX 1.24.0, all of the instructions in this post still works)
There are a number of advantages to setting up multiple PHP-FPM child process pools rather than running everything in the same pool. Security, separation/isolation and resource management springs to mind as a few major ones.
Regardless of what your motivation is, this post will help you do it :-)
Part 1 – Set up a new PHP-FPM pool
First, you need to locate the directory where PHP-FPM stores its pool configurations. On Ubuntu 14.04, this is /etc/php5/fpm/pool.d by default. There is probably already a file there called www.conf, which holds the configuration for the default pool. If you haven’t looked at that file before chances are you should go through it and tweak the settings in it for your setup as the defaults are for a fairly underpowered server, but for now just make a copy of it so we don’t have to start from scratch:
Of course, replace “mypool” with whatever you want your pool to be called.
Now open up the new file using nano or whichever text editor you prefer and adjust it to fit your purpose. You will probably want to tweak the child process numbers and possibly which user and group the pool runs under, but the two settings that you absolutely must change are the pool’s name and the socket it’s listening to, otherwise it will conflict with the existing pool and things will stop working.
The name of the pool is near the top of the file, enclosed in square brackets. By default it’s [www]. Change this to whatever you want; I suggest the same as you named the configuration file, so for the sake of this example change it to [mypool]. If you don’t change it, it seems that PHP-FPM will only load the first configuration file with that name, which is likely to break things.
You then need to change the socket or address you are listening to, which is defined by the listen directive. By default, PHP-FPM uses Unix sockets so your listen directive will probably look like this:
You can change it to whatever valid name you want, but again, I suggest sticking with something similar to the configuration filename, so you could for example set it to:
Alrightythen, save the file and exit the text editor.
Part 2 – Update NGINX virtual host configuration
Now you need to open up the NGINX virtual host file with the FastCGI configuration you want to change to a new pool – or rather, connect to the new socket.
By default on Ubuntu 14.04, these are stored under /etc/nginx/sites-available, but can also be defined elsewhere. You probably best know where your virtual host configurations are located ;-)
Open up the relevant configuration file in your favorite text editor and look for the fastcgi_pass directive (which must be in a location context) defining the PHP-FPM socket. You must change this value so that it matches the new PHP-FPM pool configuration you made under step one, so continuing our example you would change this to:
fastcgi_pass unix:/var/run/php5-fpm-mypool.sock;
Then save and close that file as well. You’re almost done now.
Part 3 – Restart PHP-FPM and NGINX
To apply the configuration changes you’ve made, restart both PHP-FPM and NGINX. It may be enough to reload instead of restart, but I find it to be a bit hit and miss, depending on which settings are changed. In the particular case, I wanted the old PHP-FPM child processes to die right away, so restarting PHP-FPM was needed, but for NGINX a reload may be sufficient. Try it out for yourself.
sudo service nginx restart
And voila, you’re done. If you did everything correctly, the virtual host you modified should now be using the new PHP-FPM pool and not share child processes with any other virtual hosts.