apache 2.4 – php-fpm needs more memory than mod_php

I recently moved a PHP5 application from Apache 2.4 + mod_php to Apache 2.4 + php-fpm. Apache is configured to forward all * .php requests through Unix Domain Sockets to php-fpm. The application required the PHP settings to increase the memory limit to 384 MB, which was the case when using mod_php, and this setting is preserved under PHP-FPM.

After switching to php-fpm, some requests consume about 1 GB of memory before they are terminated by the Linux OOM. The same requirements in mod_php did not consume the same amount of memory and were therefore not terminated.

Note that I downgraded Apache's event MPM to only 2 processes and 8 threads each. The pm of PHP-FPM is set to ondemand and only 2 processes. I can see that only this request is being executed at this time. The PHP FPM process memory is steadily increasing to 1 GB and will be shut down before it can return.

My questions are:
1] Why does php-fpm exceed the php.ini memory_limit setting of 384MB?
2] If Apache uses a proxy function for PHP FPM over a Unix domain socket, does it really matter to empty the buffer? I assume no
3] Do you have a recommendation to correct this problem?

Install PHP 7.2 (PHP-FPM and mod-fcgid) (Debian)

Hi Guys,

This is correct for installing PHP FPM on Debian? With mod-fcgid.

Code:

sudo apt-get update && apt-get upgrade

Code:

sudo apt-get install aptitude

Code:

sudo aptitude update && sudo aptitude safe-upgrade (full-upgrade)

Code:

sudo aptitude search php

Code:

sudo aptitude install libapache2-mod-fcgid (combination Apache, and PHP-FPM on Debian/Ubuntu Server) php7.2-fpm php7.2

Apache crashes with PHP-FPM after some time

Best regards!

I've recently set up a new server and moved a fairly full forum there (4.5 million posts, typically 500-1000 users online over a 30-minute period). I use Invision 4.4.4, which is quite resource intensive. Database (MySQL 5.7) runs on a dedicated server, Apache runs on another dedicated server. No other sites are running on the web server, and the database server supports only this one site.

When optimizing the server, I tried to move from PHP CGI to PHP FPM. Apache went out pretty fast on the first run, apparently due to the exhaustion of MaxRequestWorkers. I have increased MaxClients to 2500 and MaxRequestWorkers to 2000. I've also slightly increased the PHP FPM pool options (Max Requests to 200, Process Idle Timeout to 10 and Max Children to 10).
SEMrush

This seemed to solve the problem, but after about 12 hours, Apache was no longer responding to requests and I saw no active PHP FPM processes. A reboot of Apache did not seem to help, and only when I switched to PHP CGI again did the server respond to requests. Switching from PHP CGI to PHP FPM is nice, as the load has dropped from above 3.0 to about 1.0. So I would like to use PHP FPM if I can. I've tried it a second time (switching back to PHP FPM), but after another 12 hours it went down and I had to switch back to PHP CGI.

I could try to increase MaxClients and MaxRequestWorkers, but I do not know if that would help – it seems like I'm just putting some temporary tape help into a deeper problem.

The last time I looked through the logs was when Apache fell (or at least hung) and saw tons of news like this:


[Wed Jul 03 22:20:16.028372 2019] [proxy_fcgi:error] [pid 12645]    (104) Reset remote site connection: [client 110.249.201.217:10762] AH01075: Error message
Send inquiry to:
[Wed Jul 03 22:20:16.028452 2019] [proxy_fcgi:error] [pid 12652] [client 111.225.148.7:11198]    AH01067: Error reading FastCGI header
[Wed Jul 03 22:20:16.028491 2019] [proxy_fcgi:error] [pid 12652]    (104) Reset remote site connection: [client 111.225.148.7:11198] AH01075: Error while shipping
Request to:
[Wed Jul 03 22:20:16.028512 2019] [proxy_fcgi:error] [pid 12651] [client 125.209.235.178:37891]    AH01067: Error reading FastCGI header
[Wed Jul 03 22:20:16.028586 2019] [proxy_fcgi:error] [pid 12651]    (104) Reset remote site connection: [client 125.209.235.178:37891] AH01075: Error message
Send inquiry to:
[Wed Jul 03 22:20:16.028620 2019] [proxy_fcgi:error] [pid 12150] [client 110.249.202.82:63448]    AH01067: Error reading FastCGI header
[Wed Jul 03 22:20:16.028642 2019] [proxy_fcgi:error] [pid 12527] [client 54.36.148.120:38628]    AH01067: Error reading FastCGI header

Code (surcharge):

Running PHP 7.2.19 and Apache 2.4.39. CENTOS 7.6 and WHM v80.0.20. Redis is running on this server for caching. The computer has 32 GB of RAM and the site runs on a fast NVMe SSD. The main task is to run only the web server for this one site and the email address.

Thanks in advance for insights and / or tips for debugging.

php fpm – php-fpm: why i have a pool size higher than memory_limit

I know that there are many related topics, but I have not found my answer.

I have a dedicated server with 32Go of RAM (but I want PHP-fpm to use only 12Go max), and I have a PHP Fpm (7.2.13) that runs alongside an Apache server.

My problem is that every PHP FPM process consumes too much memory …
I measured it

ps -ylC php-fpm --sort: rss

The output included 269 processes, each with 121 MB in the RSS column, and a total of RAM on the dedicated 3Go server.

I've also created some PHP profiles with the PHP function "memory_get_peak_usage ()" and each of my scripts uses an average of 4Mo (peak load!) And a maximum peak load of 50Mo (this is a very special case though).
After profiling, I tried to set "memory_limit" to 10Mo, the special case did not work, so I set it to 50Mo and everything was fine (normal behavior).

My two questions are:

  • Since my PHP scripts do not exceed a peak usage of 50Mo and I set a memory limit of 50Mo, why is ANY of my PHP FPM processes 121M?

  • How is it possible to run 269 processes with 121 million each? The total amount of memory would be 269 * 121 = 32Go (and when I did this profiling, only 3Go RAM was used for the dedicated server altogether …)

Thank you for your help !

php fpm – how many children and servers are set to PHP-FPM

I see a big problem today, too much traffic got my website totally run down, but I have a big server to host it. I have the following:

BlockQuote
[20-May-2019 14:23:02] WARNING: [pool www] seems to be busy (you may need to increase pm.start_servers or pm.min / max_spare_servers) and spawn 8 children, 4 of them idle and 22 children in total
[20-May-2019 14:23:03] WARNING: [pool www] seems to be busy (you may need to increase pm.start_servers or pm.min / max_spare_servers) and spawn 16 children, of which there are 3 idle and 30 children in total
[20-May-2019 14:23:04] WARNING: [pool www] seems to be busy (possibly you need to increase pm.start_servers or pm.min / max_spare_servers) and bring up 32 children, of which 0 are idle and 42 children in total
[20-May-2019 14:23:05] WARNING: [pool www] seems to be busy (you may need to increase pm.start_servers or pm.min / max_spare_servers) and bring up 32 children, of which 0 are idle and 57 children in total
[20-May-2019 14:23:06] WARNING: [pool www] seems to be busy (you may need to increase pm.start_servers or pm.min / max_spare_servers) and bring up 32 children, of which 0 are idle and 72 children in total
[20-May-2019 14:23:07] WARNING: [pool www] seems to be busy (you might need to increase pm.start_servers or pm.min / max_spare_servers) and bring up 32 children, of which 0 are idle and 87 are children in total
[20-May-2019 14:23:08] WARNING: [pool www] seems to be busy (you may need to increase pm.start_servers or pm.min / max_spare_servers) and bring up 32 children, of which 0 are idle and 102 children in total
[20-May-2019 14:23:09] WARNING: [pool www] seems to be busy (you may need to increase pm.start_servers or pm.min / max_spare_servers) and bring up 32 children, of which 0 are idle and 117 children in total
[20-May-2019 14:23:10] WARNING: [pool www] seems to be busy (you may need to increase pm.start_servers or pm.min / max_spare_servers) and bring up 32 children, 9 of them idle and 132 children in total

But before I think I've configured enough kids in my fpm with this configuration:

  • pm.max_children = 100
  • pm.start_servers = 15
  • pm.min_spare_servers = 15
  • pm.max_spare_servers = 25

But I got this mistake. Do you know how many I can set up to accept more traffic? I have 32go RAM and 8 cores

Does CVE-2019-0211 affect Apache with php-fpm?

Intro

From version 2.4.17 (October 9, 2015) to version 2.4.38 (April 1, 2019),
Apache HTTP suffers from a local extension of root privileges
Out-of-bounds Array Access Vulnerability
any function call. The vulnerability is raised on Apache
gracefully restarts (apache2ctl graceful). In standard Linux
For configurations, the Logrotate utility executes this command once a day
6:25 am to reset protocol handles.

Sometimes php-fpm stops, what's going on?

I have the idea that my PHP Fpm56 sometimes seems to stop on my Direct Admin VPS server. The memory seems to be normal as the times when the PHP Fpm stops are a bit more heavy. The websites that are used will be loaded until I restart the services for php-fpm56. Other php-fpm70 websites are simply online.

The traffic to my webserver does not seem to have increased. Does anyone have any idea why PHP-Fpm is terminated regularly? I can not find any indication as to whether a particular script is responsible for this.

Is it maybe an attack? Or something else?
Who has an idea where to look?

Help to understand INI files and PHP_FPM

With PHP-FPM you can have configuration options in many places

1. Global php.ini – /opt/cpanel/ea-phpXX/root/etc/php.ini

2. The php-fpm pool files may contain php.ini values. For example, in cPanel, the pool conf has php_admin_value[disable_functions] = x, y, z, etc., which you can override by using the .yaml files and recreating the pool conf

3. The .user.ini – Important: "Only INI settings with PHP_INI_PERDIR and PHP_INI_USER modes will be recognized in .user.ini-style INI files." – which means that you can not enter everything there – The list of available options can be found at http://php.net/manual/en/ini.list.php. Look in the changeable column and make sure PHP_INI_PERDIR and PHP_INI_USER are present

That's it!