Skip to content

Commit 7971e0e

Browse files
fix: php-fpm config — non-root user, sane pm defaults
- user/group: root -> nobody (security hardening) - pm.max_children: 500 -> 20 (500 * ~40MB = 20GB, unreasonable default) - pm.start_servers: 60 -> 4 - pm.min_spare_servers: 25 -> 2 - pm.max_spare_servers: 100 -> 10 - Add comment guiding operators to tune pm values for their workload Source: https://www.php.net/manual/en/install.fpm.configuration.php
1 parent feeb1f4 commit 7971e0e

3 files changed

Lines changed: 30 additions & 18 deletions

File tree

8.1/rootfs/etc/php81/php-fpm.conf

Lines changed: 10 additions & 6 deletions
Original file line numberDiff line numberDiff line change
@@ -1,22 +1,26 @@
1+
; Source: https://www.php.net/manual/en/install.fpm.configuration.php
12
[global]
23
emergency_restart_threshold = 10
34
emergency_restart_interval = 1m
45
process_control_timeout = 10
56
error_log = /proc/self/fd/2
67

78
[www]
8-
user = root
9-
group = root
9+
; Run as unprivileged user (override via PHP_FPM_USER/PHP_FPM_GROUP env if needed)
10+
user = nobody
11+
group = nobody
1012
listen = [::]:9000
1113
chdir = /app
1214

1315
access.log = /proc/self/fd/1
1416

1517
pm = dynamic
16-
pm.max_children = 500
17-
pm.start_servers = 60
18-
pm.min_spare_servers = 25
19-
pm.max_spare_servers = 100
18+
; Conservative defaults — tune for your workload
19+
; Rule of thumb: (available_memory / ~40MB_per_worker)
20+
pm.max_children = 20
21+
pm.start_servers = 4
22+
pm.min_spare_servers = 2
23+
pm.max_spare_servers = 10
2024
pm.max_requests = 1000
2125

2226
listen.backlog = -1

8.2/rootfs/etc/php82/php-fpm.conf

Lines changed: 10 additions & 6 deletions
Original file line numberDiff line numberDiff line change
@@ -1,22 +1,26 @@
1+
; Source: https://www.php.net/manual/en/install.fpm.configuration.php
12
[global]
23
emergency_restart_threshold = 10
34
emergency_restart_interval = 1m
45
process_control_timeout = 10
56
error_log = /proc/self/fd/2
67

78
[www]
8-
user = root
9-
group = root
9+
; Run as unprivileged user (override via PHP_FPM_USER/PHP_FPM_GROUP env if needed)
10+
user = nobody
11+
group = nobody
1012
listen = [::]:9000
1113
chdir = /app
1214

1315
access.log = /proc/self/fd/1
1416

1517
pm = dynamic
16-
pm.max_children = 500
17-
pm.start_servers = 60
18-
pm.min_spare_servers = 25
19-
pm.max_spare_servers = 100
18+
; Conservative defaults — tune for your workload
19+
; Rule of thumb: (available_memory / ~40MB_per_worker)
20+
pm.max_children = 20
21+
pm.start_servers = 4
22+
pm.min_spare_servers = 2
23+
pm.max_spare_servers = 10
2024
pm.max_requests = 1000
2125

2226
listen.backlog = -1

8.3/rootfs/etc/php83/php-fpm.conf

Lines changed: 10 additions & 6 deletions
Original file line numberDiff line numberDiff line change
@@ -1,22 +1,26 @@
1+
; Source: https://www.php.net/manual/en/install.fpm.configuration.php
12
[global]
23
emergency_restart_threshold = 10
34
emergency_restart_interval = 1m
45
process_control_timeout = 10
56
error_log = /proc/self/fd/2
67

78
[www]
8-
user = root
9-
group = root
9+
; Run as unprivileged user (override via PHP_FPM_USER/PHP_FPM_GROUP env if needed)
10+
user = nobody
11+
group = nobody
1012
listen = [::]:9000
1113
chdir = /app
1214

1315
access.log = /proc/self/fd/1
1416

1517
pm = dynamic
16-
pm.max_children = 500
17-
pm.start_servers = 60
18-
pm.min_spare_servers = 25
19-
pm.max_spare_servers = 100
18+
; Conservative defaults — tune for your workload
19+
; Rule of thumb: (available_memory / ~40MB_per_worker)
20+
pm.max_children = 20
21+
pm.start_servers = 4
22+
pm.min_spare_servers = 2
23+
pm.max_spare_servers = 10
2024
pm.max_requests = 1000
2125

2226
listen.backlog = -1

0 commit comments

Comments
 (0)