- http://www.howtoforge.com/php-fpm-nginx-security-in-shared-hosting-environments-debian-ubuntu
- http://www.if-not-true-then-false.com/2011/nginx-and-php-fpm-configuration-and-optimizing-tips-and-tricks/
- http://timwhitlock.info/blog/2010/08/17/php-fpm-5-3-3-under-nginx/
PHP-FPM pool
Edit the config file in /etc/php5/fpm/pool.d/domain.tld.conf, add the following content:
[{DOMAIN.TLD}]
listen = /var/run/php5-fpm/{DOMAIN.TLD}.sock
listen.owner = {USER}
listen.group = {GROUP}
listen.mode = 0660
user = {USER}
group = {GROUP}
pm = dynamic
pm.max_children = 50
pm.start_servers = 20
pm.min_spare_servers = 5
pm.max_spare_servers = 35
chdir = /
; Set open_basedir restrictions
php_admin_value[open_basedir] = /home/sites/{DOMAIN.TLD}:/usr/share/php5:/tmp:/usr/share/phpmyadmin:/etc/phpmyadmin:/var/lib/phpmyadmin
; Disable certain OS functions
php_admin_value[disable_functions] = dl,exec,passthru,shell_exec,system,proc_open,popen,curl_exec,curl_multi_exec,parse_ini_file,show_source
Activate the new pool by restarting PHP-FPM:
service php5-fpm restart
nginx config
In the nginx config file /etc/nginx/sites-available/domain.tld, replace the line
fastcgi_pass 127.0.0.1:9000;
with the following:
fastcgi_pass unix:/var/run/php5-fpm/domain.tld.sock;