PHP-FPM on Ubuntu 16.04

Here’s my experience trying to move from fCGId to PHP-FPM on Ubuntu 16.04.

switched the vhost to PHP-FPM

ran apachectl -t got Invalid command 'ProxyPassMatch', perhaps misspelled or defined by a module not included in the server configuration

enabled mod_proxy

got a 500 on the vhost, log reads No protocol handler was valid for the URL /index.php. If you are using a DSO version of mod_proxy, make sure the proxy submodules are included in the configuration using LoadModule

enabled ALL submodules of mod_proxy.

ran apachectl -t got I18n support in mod_proxy_html requires mod_xml2enc. Without it, non-ASCII characters in proxied pages are likely to display incorrectly.

vhost now gives a 503 & log says failed to make connection to backend: localhost

ran sudo iptables -I INPUT 1 -i lo -j ACCEPT, no go

disabled ufw (read somewhere there could be a firewall blocking connections to localhost), no go

reverted back to fCGId

It’s enough to have enabled mod_proxy and mod_proxy_fcgi … But it seems that php-fpm pools are not defined (if yes, where it’s configured, as it’s not in standard /etc/php/PHP-VERSION-NUMBER/fpm ). Socket files in /var/php-fpm are with root:root permissions which can’t be accessed by virtual server.

thanks gsanjin, i’ve enabled only the necessary modules.

these are the default permissions

ll /var/php-fpm
total 8
drwxr-xr-x 2 root root 4096 Feb 17 17:54 ./
drwxr-xr-x 16 root root 4096 Feb 17 17:07 …/
srw-rw---- 1 root root 0 Feb 17 17:54 147198543311493.sock=
srw-rw---- 1 root root 0 Feb 17 17:54 147198619014488.sock=
srw-rw---- 1 root root 0 Feb 17 17:54 147198751619768.sock=
srw-rw---- 1 root root 0 Feb 17 17:54 14726669744799.sock=
srw-rw---- 1 root root 0 Feb 17 17:54 14726673319009.sock=
srw-rw---- 1 root root 0 Feb 17 17:54 147267101613188.sock=
srw-rw---- 1 root root 0 Feb 17 17:54 147267135917403.sock=
srw-rw---- 1 root root 0 Feb 17 17:54 147889813524934.sock=


what are the most restrictive permissions that would work? 666?

or should we change the FPM conf, as shown in http://stackoverflow.com/a/25418157/139040?

pools are defined in /etc/php/7.0/fpm/php-fpm.conf and set to include=/etc/php/7.0/fpm/pool.d/*.conf on my install.

the permissions for /etc/php/7.0/fpm/pool.d/ are 0755.

Yes, you’re right, I have parallel installation of php7.1 but virtualmin php-fpm seems to ignore it.

At the end, I managed to configure php-fpm with virtualmin, but I had to change and correct few things.

After installing php-fpm:

sudo apt-get install php-fpm (as I have php7.0 and 7.1, I installed both of them)

I did re-check of virtualmin configuration:

VIRTUALMIN -> SYSTEM SETTINGS -> RE-CHECK CONFIGURATION

and enabled php-fpm for virtual site

VIRTUAL SERVER -> SERVER CONFIGURATION -> WEBSITE OPTIONS -> PHP script execution mode -> FPM (run as virtual server owner.

Also, I had to enable mod_proxy and mod_proxy_fcgi apache modules:

WEBMIN -> SERVERS -> APACHE WEBSERVER -> tab GLOBAL CONFIGURATION -> CONFIGURE APACHE MODULES

Note: I disabled here PHP7.0/7.1, FCGID, MPM_PREFORK and enabled MPM_WORKER, PROXY, PROXY_FCGI.

Unfortunately, after this I was getting 500 errors, so additional manual steps had to be done for each virtual server.

First, in each php-fpm pool, I have had to add:

listen.owner = www-data
listen.group = www-data
listen.mode = 0666

This was only way to prevent next errors:

Permission denied: AH02454: FCGI: attempt to connect to Unix domain socket /var/php-fpm/148736275311367.sock (localhost) failed
AH01079: failed to make connection to backend: httpd-UDS

Next, as this virtualmin php-fpm is using unix socket implementation, I had to correct in every apache virtual server config file:

ProxyPassMatch ^/(..php(/.)?)$ unix:/var/php-fpm/YOUR-SOCKET-FILENAME.sock|fcgi://localhost/VIRTUAL-SERVER-ACCOUNT/wp/public_html/$1

into

ProxyPassMatch ^/(..php(/.)?)$ unix:/var/php-fpm/YOUR-SOCKET-FILENAME.sock|fcgi://localhost/VIRTUAL-SERVER-ACCOUNT/wp/public_html/

Note there is no $1 at end, this is really nicely explained on this link - https://wiki.apache.org/httpd/PHP-FPM

I hope these few quirks will be fixed in next release. Also, I hope it will be possible to choose which php version per virtual server to use.

thanks for the detailed explanation. it is useful, but i am just going to wait for the fix.

Thanks gsanjin
I had the same issues and you changes made it work !
Hope this will be included in virtualmin soon

problem solved for me after today’s update. thank you virtualmin crew!

It’s not fixed in virtualmin for me, even after latest update. I tried to setup FPM on another server, and I had several problems pointed out by gsanjin (mod_proxy_fcgi not enabled, $1 at te end of line still present, socket permissions issue…)

probably not your case, but worth noting: sites that were in FPM before the last update have to be switched to something else then back to FPM for the update to take effect.

I’ve just installed a fresh instance of Ubuntu 16.04 with Virtualmin. However, the configuration check is saying that ‘PHP-FPM support was not detected : Apache module mod_proxy is missing or not enabled’ after manually installing FPM.

Is FPM now supposed to be running by default with Virtualmin or do I still need to do something. The check would suggest that this isn’t working out of the box. How beneficial is it to have FPM? Is there an established way to fix this yet?

And lets not forget us folks that use NGINX with FPM. I have to wipe the php config and write the pool.d file by hand. I find that it saves 50% memory using fpm vs fcgi. But it is not for the faint of heart, nor for those unfamiliar with FPM config. Even the newest version and fresh install of Virtualmin on a new box will not allow proper configuration of nginx->php-fpm.