Virtualmin with NGINX+PHP-FPM+OPCACHE

Hi,

After a couple of days figuring how to get this setup working I was able to crack it, so I am sharing it with the world in case someone is in my situation.

Step 1:

I started with a minimum install of CentOS 6.5 64 bits, but it should work with other supported OSes as well. I am using a VPS for my setup.

Step 2:

I also wanted to run the latest PHP version ( 5.6.1 as of today ), so I installed an enable the “Remi” repository. To do that execute the following commands:

a) Get your system ready for virtualmin

yum install wget perl -y

b) Add the “Remi” repository

wget http://dl.fedoraproject.org/pub/epel/6/x86_64/epel-release-6-8.noarch.rpm

wget http://rpms.famillecollet.com/enterprise/remi-release-6.rpm

rpm -Uvh remi-release-6*.rpm epel-release-6*.rpm

c) Edit your repository file to enable the “Remi” repository

vi /etc/yum.repos.d/remi.repo [remi] name=Les RPM de remi pour Enterprise Linux 6 - $basearch #baseurl=http://rpms.famillecollet.com/enterprise/6/remi/$basearch/ mirrorlist=http://rpms.famillecollet.com/enterprise/6/remi/mirror enabled=1 gpgcheck=1 gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-remi

[remi-php56]
name=Les RPM de remi de PHP 5.6 pour Enterprise Linux 6 - $basearch
#baseurl=http://rpms.famillecollet.com/enterprise/6/php56/$basearch/
mirrorlist=http://rpms.famillecollet.com/enterprise/6/php56/mirror

WARNING: If you enable this repository, you must also enable “remi”

enabled=1
gpgcheck=1
gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-remi

d) Now install the latest and greatest version of PHP (5.6.1 as of today)

sudo yum install php php-xml php-gd php-imap php-mysql php-odbc php-pear php-pgsql php-snmp php-xmlrpc php-mbstring php-fpm php-opcache -y

e) Verify PHP by running the following command:

[root@cloud1 ~]# php -v

and that should output:

PHP 5.6.1 (cli) (built: Oct 3 2014 07:28:16) Copyright (c) 1997-2014 The PHP Group Zend Engine v2.6.0, Copyright (c) 1998-2014 Zend Technologies with Zend OPcache v7.0.4-dev, Copyright (c) 1999-2014, by Zend Technologies

Step 3:

Install Virtualmin, but since PHP is already installed on the system I decide to update the “install.sh” so that only one version of PHP is on the system. I also took this change to remove stuff I don’t use like Postgres.

a) Get Virtualmin

wget http://software.virtualmin.com/gpl/scripts/install.sh

b) Edit the install.sh file

vi install.sh

c) Install Virtualmin and login for the first time to complete the post installation wizard

/bin/sh install.sh

Step 4:

Now it is time to install NGINX and the Webmin modules like it said here: https://www.virtualmin.com/documentation/web/nginx

a) Stop Apache web server

/etc/init.d/httpd stop

b) Download and install NGINX

yum install nginx

c) Start NGINX

/etc/init.d/nginx start

d) Install the Webmin module to manage NGINX

yum install wbm-virtualmin-nginx wbm-virtualmin-nginx-ssl

Step 5:

Configure NGINX to use TCP connections instead of Unix sockets. I know that Unix sockets might bring an extra performance benefit, but until there is a Webmin module to manage NGINX and PHP-FPM I try to keep it as simple as possible. I will explain how to use sockets at the end.

a) Go to Webmin > Server > Ngnix Webserver > Module Config

Change Connect Nginx to PHP processes with from Socket files to TCP connections

Step 6:

Let’s now disable the default way Virtualmin execute PHP (php-cgi) so that when you create a new site it uses PHP-FPM instead of PHP-CGI. I haven’t been able to use PHP-FPM to run under the user account of the site, but since I only have one site hosted it is not a problem for me. You might have to weight your needs against the benefits of this setup.

a) Disable the PHP-CGI call when creating and/or running a site:

vi /usr/libexec/webmin/virtualmin-nginx/virtualmin-nginx-lib.pl

Around line 1705 and 1706 find:

# Launch it, and save the PID &start_php_fcgi_server_command($d, $cmd, $envs_to_set, $log, $pidfile);

Replace it with:

# Launch it, and save the PID #&start_php_fcgi_server_command($d, $cmd, $envs_to_set, $log, $pidfile);

Step 7:

Let’s edit the PHP-FPM config file to make change the user from Apache to Nginx.

a) Edit the www.conf file

vi /etc/php-fpm.d/www.conf

Look for:

; RPM: apache Choosed to be able to access some dir as httpd user = apache ; RPM: Keep a group allowed to write in log dir. group = apache

Change it with:

; RPM: apache Choosed to be able to access some dir as httpd user = nginx ; RPM: Keep a group allowed to write in log dir. group = nginx

Step 8:

Now at this point PHP-FPM is not running, but your are ready to create your site. This is the only cabeat you have to consider when creating a new site. Since you told NGINX to use a TCP Connection the default connection will look for 127.0.0.1:9000 and that is the port PHP-FPM uses, but if PHP-FPM is running and using the port 9000 when the new site is created it will listed in 127.0.0.1:9001. You can manually adjusted later on, but to keep it simple I stop PHP-PFM when creating a new site.

a) Go ahead and create your new site

b) After this start PHP-PFM like this:

service php-fpm start

c) If you visit your site you will see a 403 error and that is because there is nothing in public_html.

d)Visit /home/SITE-ACCOUNT/public_html and add an index.php file

vi index.php

add and save:

<?php

phpinfo();

?>

e) Revisit the site and now you should see PHP information page with the latest PHP version and running from PHP-PFM. You are done.

================================================================

Miscellaneous

So, you want to run PHP-FPM from an Unix Socket instead of a TCP connection? No problem.

a) Go to Webmin > Server > Ngnix Webserver > Module Config

Change Connect Nginx to PHP processes with from TCP connections to Socket files

b) Edit the PHP-FPM www.conf file

Add folder for socket

mkdir -p /var/run/php-fpm/

Edit config file

vi /etc/php-fpm.d/www.conf

Change the following line:

listen = 127.0.0.1:9000

to

listen = /var/run/php-fpm/DOMAINNAME.socket

c) Go to Webmin > Server > Ngnix Webserver > Edit Configuration Files

Update:

fastcgi_pass localhost:9000;

To:

fastcgi_pass unix:/var/run/php-fpm/DOMAINNAME.socket;

===============================================================

That’s all for now folks. If you have a better way, please share it so that we all can benefit from it.

Thank you.

1 Like

To have PHP-FPM run under the current user or domain owner follow the steps below:

Step 1:

Follow the above tutorial until Step 6 and skip Step 5 if you want to use sockets instead of TCP connections.

Step 2:

Now you have working Virtualmin, NGINX is up and running and setup to listen to socket and PHP-FPM is installed, but has not been started yet.

a) Create sockets folder:

mkdir -p /var/run/php-fpm/

b) Go to /etc/php-fpm.d/

cd /etc/php-fpm.d/

c) Rename www.conf to www.conf.orginal

mv www.conf www.conf.orginal

Step 3:

a) Make a copy www.conf.orginal as the domain user and repeat this for each user and/or domain user you want to use with PHP-FPM

cp www.conf.orginal DOMAINNAME.conf

Step 4:

a) Edit DOMAINNAME.conf and update the following settings as need

Start a new pool named ‘DOMAIN_USER_ACCOUNT’.

[DOMAIN_USER_ACCOUNT]

The address on which to accept FastCGI requests.

listen = /var/run/php-fpm/DOMAINNAME.socket

Set permissions for unix socket

listen.owner = DOMAIN_USER_ACCOUNT listen.group = DOMAIN_USER_GROUP listen.mode = 0660

Unix user/group of processes

; RPM: apache Choosed to be able to access some dir as httpd user = DOMAIN_USER_ACCOUNT ; RPM: Keep a group allowed to write in log dir. group = DOMAIN_USER_GROUP

Step 5:

a) Create a new site in Virtualmin

b) Update the fastcgi_pass

fastcgi_pass unix:/var/run/php-fpm/DOMAINNAME.socket;

c) Start PHP-FPM service so that the sockets are created

service php-fpm start

d) Restart NGINX

service nginx restart

Step 6:

You are done, now PHP-FPM is working with NGINX and running as the domain user. You can confirm this by checking in Virtualmin the running process and sorting them by user.

I am sure at least a PHP script can be written to automate this process, but this should actually be done with a native module for Virtualmin.

1 Like

Very nice tutorial. But before doing this I would like to ask you about benchmarks. Why? Because just disabling Apache and installing Nginx, everything will work as expected. No need to use PHP-FPM. I did some scenarios in my machine, PHP-CGI is providing same results as PHP-FPM, sometimes a litter better in miliseconds. For example PHP-FPM 120ms, PHP-CGI 98 ms.

A huge improvement appears when you replace this stuff with HHVM. HHVM is capable to decrease this time to half.

As a conclusion, there is no need to use PHP5-FPM when initial PHP-CGI is available and providing same results. If anyone came to this conclusion please share some thoughts.

1 Like

I can see your point and I first I was ok, just by switching from Apache to Nginx and keeping PHP-CGI.

But I use Drupal 7 on my projects and it is not a secret that any Drupal page can have a thousand queries and a lot of include PHP code that have to render into the HTML page the user see. I don’t have numbers to show you, but I have tested the above setup in few production servers and in a 2 GB VPS with CentOS 6.5 I have been able to handle a lot of traffic without affecting the performance of the site.

One thing I have noticed is that if you restart the PHP-FPM service the first visit to your site will be a bit slower due to the cache been recreated. In another project I added Memcache and in combination with the OpCode I can see a lot of improvement as well. At the end of the day each site is different and the clients needs are different, but in my experience the faster the site the happier the client.

1 Like

I am using Magento 1.9 which is very hungry with resources. In my tests there is no improvement replacing PHP-CGI 5.5 with PHP-FPM. I read some articles about how PHP-CGI is functioning comparing it with PHP-FPM, but they were related to versions before 5.3. With PHP-FPM I need to be very careful to its configurable parameters like pm_xxxxx. From a point of view, after a while I will completely switch to HHVM or PHP-NG just for more performance related to PHP. If you use HHVM you won’t need OpCache.

Good tutorial, I could setup everything word by word.! It would be also better to include some details to setup mod_pagespeed with the nGinx.

Very nice tutorial. The most complete tutorial on virtualmin and nginx

please change this line, its a small and unintentional mistake i guess

rpm -Uvh remi-release-6.rpm epel-release-6.rpm

rpm -Uvh remi-release-6.rpm epel-release-6-8.noarch.rpm

I`ve created Virtualmin plugin to run such scenario on my Debian server.
https://github.com/Real-Gecko/virtualmin-nginx-fpm
Works on Debian and Ubuntu for now, not yet feature rich, but is already on my production server :smiley:

1 Like

I’m lookking to pay someone to do it for me :slight_smile:
info at allnblue.com please

1 Like

Check your email

1 Like

Hello! I’m using your plugin.

But I have installed a phpMyAdmin in one subdomain and a Roundcube in another subdomain. But in phpMyAdmin the page turn a blank page after the login. Why?

And in roundcube, I can login, but I cant send, neither receive emails no action. When I click to refresh mail list, the progress bar stay in progress forever. Is not a problem with POP or SMTP server, in Outlook I’m receiving and sending normally.

Can you help me?

What is your Linux distrib and version?
Which version of PHP?

Can you enable PHP error messaging and see what error is shown when you open phpMyAdmin?

AFAIK Roundcube requires some initial configuration, I think it simply cannot connect to SMTP server. http://trac.roundcube.net/wiki/Howto_Requirements check here for requirements, maybe something is not installed on your system.

My linux is CentOS 6.x 64bits. PHP version is 5.5.x on remi repository.

About the phpMyAdmin, my PHP display error are already enabled, but not showing any issue. Like on PHP or Nginx error_log are both enabled and they don’t show anything too.

About the Roundcube, all the requirements are showing on the Installer script of the Roundcube, and I have all that enabled and checked.

I’m thinking that can be some Nginx configuration, here is my /etc/nginx/nginx.conf file:

http://textuploader.com/w2vj

Now I’m without errors…my mistake is with Nginx configuration.

For phpMyAdmin i have to change the limits to that:

# Size Limits & Buffer Overflows
client_body_buffer_size     128k;
client_header_buffer_size   3m;
client_max_body_size        8m;
large_client_header_buffers 4 256k;

And for RoundCube, i have to comment this line:

#add_header Content-Security-Policy "default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://ssl.google-analytics.com https://assets.zendesk.com https://connect.facebook.net; img-src 'self' https://ssl.google-analytics.com https://s-static.ak.facebook.com https://assets.zendesk.com; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://assets.zendesk.com; font-src 'self' https://themes.googleusercontent.com; frame-src https://assets.zendesk.com https://www.facebook.com https://s-static.ak.facebook.com https://tautt.zendesk.com; object-src 'none'";

Thanks!

Glad you figured it out :slight_smile:

Hello guys!
I’m wanting to understand a point of your tutorial, I found it quite explanatory, I’m trying to understand why you made two tutorials, one day Sun, 05/10/2014 and another full day Sun, 08/10/2014, what difference to him ? I’m not understanding these differences, I used Apache for a long time, I already used nginx for a few months for testing in my vps tests I used a ISPCo control panel … which was the same as working in the command line all I had to do the terminal, spent hours copying and pasting things from my note, several configuration lines for anything that needed doing, dkim keys and configure the e-mail, all an interminable and hard work. everything was very manual, to add a new domain and install a simple wordpress website was a great labor, took a long time, I’ve been worried with the load that would bring me in the future and returned to virtualmin with apache, but I am now having problem of too much use of memory ram and regretted not having stay with nginx, now I’m with him on a new vps with virtualmin + nginx + php-cgi standard of virtualmin, I’m trying to disable the php-cgi to nginx use php-fpm …

but I’m having a great concern with respect because so afraid of people use php-fpm _ nginx in virtualmin ??!

because so many people in forums are asking quite a module for virtualmin make this integration of php-fpm with nginx?

because switch socket for TCP socket it has better performance?

use Socket will make that task in manual tasks in the administration of my server?

I just use wordpress websites. and a simple single website in php / mysql too. this tutorial here by chance have to be done with each new domain added to my vps, will not be all the automatic create feature server virtualmin as when using apache?

this is not to be done only once the virtualmin will manage all the rest as it did with apache…
add new domains (create server, auto ssl keys signed for each website, dkim key for all emails, etc …)?? …

this tutorial I use the first day of the 10/08 or 10/05 addition, I would like to understand the difference between the two because my English is bad and I would like an explanation in which case these two tutorials above fit?
Thanks all.

@emilorol ,

Thank you for sharing.

Very informative and Useful. Respect.

Is it on some blog too un make on 16.04?

Hello guys,
can anybody help me to host magento 2 website with virtulmin with nginx i have tried but failed thrice.

It’s urgent.