Differences

This shows you the differences between two versions of the page.

--- nginxarchitecture [2016/01/06 07:44] – [Run benchmark for checking optimize effect] admin
+++ nginxarchitecture [2022/10/29 16:15] (current) – external edit 127.0.0.1
@@ Line 1: / Line 1: @@
-====== nginx architecture ======
+====== nginx with PHP-FPM ======
 refer:
   * http://www.aosabook.org/en/nginx.html
@@ Line 28: / Line 28: @@
 ===== Optimize nginx configuration for performance and benchmark =====
 refer:
+  * http://www.freshblurbs.com/blog/2015/11/28/high-load-nginx-config.html
   * http://tweaked.io/guide/nginx/
   * http://wiki.nginx.org/FullExample
@@ Line 42: / Line 43: @@
 events {
-    worker_connections  8096;
+    worker_connections  8192;
     multi_accept        on;
     use                 epoll;
@@ Line 89: / Line 90: @@
 ==== Nginx Request / Upload Max Body Size (client_max_body_size) ====
-If you want to allow users upload something or upload personally something over the HTTP then you should maybe **increase post size**. It can be done with **client_max_body_size** value which goes under **http/server/location section**. On default it’s **1 Mb**, but it can be **set example to 20 Mb** and also **increase buffer size** with following configuration:<code>
+If you want to allow users upload something or upload personally something over the HTTP then you should maybe **increase post size**. It can be done with **client_max_body_size** value inside **http {…}**. On default it’s **1 Mb**, but it can be **set example to 20 Mb** and also **increase buffer size** with following configuration :<code>
 client_max_body_size 20m;
 client_body_buffer_size 128k;
@@ Line 138: / Line 139: @@
   * benchmark load speed from other countries from http://www.webpagetest.org/
 => with above benchmarch for static file ab -n 20 -c 4 http://shop.babies.vn/media/js/af1ae2e07ff564e3d1499f7eb7aecdf9.js(size 400k), we can see the problem for performance because the network or bandwidth
-===== nginx Security =====
+===== PHP-FPM Config and Optimize =====
+refer:
+  * https://www.if-not-true-then-false.com/2011/nginx-and-php-fpm-configuration-and-optimizing-tips-and-tricks/
+  * https://tweaked.io/guide/nginx/
+**global** config for all pools:<code>
+[global]
+; Error log file
+; If it's set to "syslog", log is sent to syslogd instead of being written
+; in a local file.
+; Note: the default prefix is /usr/local/php/var
+; Default Value: log/php-fpm.log
+;error_log = log/php-fpm.log
+; Log level
+; Possible Values: alert, error, warning, notice, debug
+; Default Value: notice
+;log_level = notice
+; The maximum number of processes FPM will fork. This has been design to control
+; the global number of processes when using dynamic PM within a lot of pools.
+; Use it with caution.
+; Note: A value of 0 indicates no limit
+; Default Value: 0
+; process.max = 128
+</code>
+**pool** www config:<code>
+; Choose how the process manager will control the number of child processes.
+; Possible Values:
+;   static  - a fixed number (pm.max_children) of child processes;
+;   dynamic - the number of child processes are set dynamically based on the
+;             following directives. With this process management, there will be
+;             always at least 1 children.
+;             pm.max_children      - the maximum number of children that can
+;                                    be alive at the same time.
+;             pm.start_servers     - the number of children created on startup.
+;             pm.min_spare_servers - the minimum number of children in 'idle'
+;                                    state (waiting to process). If the number
+;                                    of 'idle' processes is less than this
+;                                    number then some children will be created.
+;             pm.max_spare_servers - the maximum number of children in 'idle'
+;                                    state (waiting to process). If the number
+;                                    of 'idle' processes is greater than this
+;                                    number then some children will be killed.
+;  ondemand - no children are created at startup. Children will be forked when
+;             new requests will connect. The following parameter are used:
+;             pm.max_children           - the maximum number of children that
+;                                         can be alive at the same time.
+;             pm.process_idle_timeout   - The number of seconds after which
+;                                         an idle process will be killed.
+</code>
+==== PHP-FPM Global Configuration Tweaks ====
+Set up **emergency_restart_threshold, emergency_restart_interval and process_control_timeout**. **Default values** for these options **are totally off**, but I think it’s better use these options example like following in **php-fpm.conf**(we can off for performance):<code>
+emergency_restart_threshold 10
+emergency_restart_interval 1m
+process_control_timeout 10s
+</code>
+What this mean? So if **10 PHP-FPM child** processes exit with SIGSEGV or SIGBUS within 1 minute*then **PHP-FPM restart automatically**. This configuration also **sets 10 seconds time limit for child processes to wait for a reaction** on signals from master.
+(In some case, the php-fpm child processes full memory and can't process the request, these configurations will automatically restart the php-fpm child processes)
+==== PHP-FPM Pools Configuration ====
+=== Basic Config ===
+Default php-fpm will use pool **[www]** to configuration for all site. In advance, it’s possible to use **different pools** for different sites and **allocate resources very accurately** and even use **different users and groups for every pool**. Following is just example configuration files structure for PHP-FPM pools for three different sites (or actually three different part of same site):<code>
+/etc/php-fpm.d/site.conf
+/etc/php-fpm.d/blog.conf
+/etc/php-fpm.d/forums.conf
+</code>
+Or config in php-fpm.conf<code>
+; Relative path can also be used. They will be prefixed by:
+;  - the global prefix if it's been set (-p argument)
+;  - /onec/php otherwise
+;include=etc/fpm.d/*.conf
+</code>(Create directory **/onec/php/etc/fpm.d/**)
+Just example configurations for every pool:
+  * default pool [www](listen on port 9000)<code>
+[www]
+; Per pool prefix
+; It only applies on the following directives:
+; - 'access.log'
+; - 'slowlog'
+; - 'listen' (unixsocket)
+; - 'chroot'
+; - 'chdir'
+; - 'php_values'
+; - 'php_admin_values'
+; When not set, the global prefix (or /onec/php) applies instead.
+; Note: This directive can also be relative to the global prefix.
+; Default Value: none
+;prefix = /path/to/pools/$pool
+; Unix user/group of processes
+; Note: The user is mandatory. If the group is not set, the default user's group
+;       will be used.
+user = nobody
+group = nobody
+; The address on which to accept FastCGI requests.
+; Valid syntaxes are:
+;   'ip.add.re.ss:port'    - to listen on a TCP socket to a specific IPv4 address on
+;                            a specific port;
+;   '[ip:6:addr:ess]:port' - to listen on a TCP socket to a specific IPv6 address on
+;                            a specific port;
+;   'port'                 - to listen on a TCP socket to all IPv4 addresses on a
+;                            specific port;
+;   '[::]:port'            - to listen on a TCP socket to all addresses
+;                            (IPv6 and IPv4-mapped) on a specific port;
+;   '/path/to/unix/socket' - to listen on a unix socket.
+; Note: This value is mandatory.
+listen = 127.0.0.1:9000
+</code>
+  * /etc/php-fpm.d/site.conf<code>
+[site]
+listen = 127.0.0.1:9000
+user = site
+group = site
+request_slowlog_timeout = 5s
+slowlog = /var/log/php-fpm/slowlog-site.log
+listen.allowed_clients = 127.0.0.1
+pm = dynamic
+pm.max_children = 5
+pm.start_servers = 3
+pm.min_spare_servers = 2
+pm.max_spare_servers = 4
+pm.max_requests = 200
+listen.backlog = -1
+pm.status_path = /status
+request_terminate_timeout = 120s
+rlimit_files = 131072
+rlimit_core = unlimited
+catch_workers_output = yes
+env[HOSTNAME] = $HOSTNAME
+env[TMP] = /tmp
+env[TMPDIR] = /tmp
+env[TEMP] = /tmp
+</code> =>pool **[site] use port 9000**
+  * /etc/php-fpm.d/blog.conf<code>
+[blog]
+listen = 127.0.0.1:9001
+user = blog
+group = blog
+request_slowlog_timeout = 5s
+slowlog = /var/log/php-fpm/slowlog-blog.log
+listen.allowed_clients = 127.0.0.1
+pm = dynamic
+pm.max_children = 4
+pm.start_servers = 2
+pm.min_spare_servers = 1
+pm.max_spare_servers = 3
+pm.max_requests = 200
+listen.backlog = -1
+pm.status_path = /status
+request_terminate_timeout = 120s
+rlimit_files = 131072
+rlimit_core = unlimited
+catch_workers_output = yes
+env[HOSTNAME] = $HOSTNAME
+env[TMP] = /tmp
+env[TMPDIR] = /tmp
+env[TEMP] = /tmp
+</code>=>pool **[blog] use port 9001**
+  * /etc/php-fpm.d/forums.conf<code>
+[forums]
+listen = 127.0.0.1:9002
+user = forums
+group = forums
+request_slowlog_timeout = 5s
+slowlog = /var/log/php-fpm/slowlog-forums.log
+listen.allowed_clients = 127.0.0.1
+pm = dynamic
+pm.max_children = 10
+pm.start_servers = 3
+pm.min_spare_servers = 2
+pm.max_spare_servers = 4
+pm.max_requests = 400
+listen.backlog = -1
+pm.status_path = /status
+request_terminate_timeout = 120s
+rlimit_files = 131072
+rlimit_core = unlimited
+catch_workers_output = yes
+env[HOSTNAME] = $HOSTNAME
+env[TMP] = /tmp
+env[TMPDIR] = /tmp
+env[TEMP] = /tmp
+</code> =>pool **[forums] use port 9002**
+So this is just example howto configure multiple different size pools.
+=== Optimize config ===
+Example Config:<code bash>
+process.max = 15
+pm.max_children = 100
+pm.start_servers = 10
+pm.min_spare_servers = 5
+pm.max_spare_servers = 15
+pm.max_requests = 1000
+</code>
+**process.max**: The **maximum number of processes FPM will fork**. This has been design to **control the global number of processes when using dynamic PM within a lot of pools**
+The configuration variable **pm.max_children** controls the maximum amount of FPM processes that can ever run at the same time. This value can be calculate like this :<code>
+pm.max_children = total RAM - (500MB) / average process memory
+</code>
+  * To find the average process memory:<code bash>
+ps -ylC php-fpm --sort:rss | awk '!/RSS/ { s+=$8 } END { printf "%s\n", "Total memory used by PHP-FPM child processes: "; printf "%dM\n", s/1024 }'
+</code>=> get **total memory** used by all php-fpm process base on basic command **ps -ylC php-fpm**. Then get number of php-fpm processes:<code bash>
+ps -ylC php-fpm --sort:rss | grep php-fpm | wc -l
+</code>And the average process memory:<code>
+Avg Memory = Total Memory/number of process
+</code>
+  * Why **500MB** ? Depends **of what is running on your system**, but you want to keep memory for nginx (about 20MB), MySql and others services.
+Other configs:
+  * **pm.start_servers**: The number of children created on startup. Value must be between pm.min_spare_servers and pm.max_spare_servers.<code>
+pm.start_servers = (pm.max_spare_servers + pm.min_spare_servers)/2
+</code>
+  * **pm.max_requests**: We want to keep it hight to prevent server respawn. Note: **If you have a memory leak** in your PHP code **decrease this value to recreate it quickly and free the memory**.
+===== Nginx Security =====
+refer:
+  * List nginx security issues: http://nginx.org/en/security_advisories.html
+  * http://www.cyberciti.biz/tips/linux-unix-bsd-nginx-webserver-security.html