The configuration files of the PHP-FPM pools are stored in the following location:
/etc/php5/fpm/pool.d/
By default the file www.conf is used, but it is possible to add a specific pool for a single site (or group of sites).
Custom pool
A custom pool could look like this:
[{DOM}.{TLD}]
listen = 127.0.0.1:9000
listen.allowed_clients = 127.0.0.1
user = {WEBUSER}
group = {WEBGROUP}
pm = dynamic
pm.max_children = 5
pm.start_servers = 3
pm.min_spare_servers = 2
pm.max_spare_servers = 4
chdir = /
; Set open_basedir restrictions
php_admin_value[open_basedir] = /home/sites/{DOM}.{TLD}:/usr/share/php5:/tmp:/usr/share/phpmyadmin:/etc/phpmyadmin:/var/lib/phpmyadmin
; Disable certain OS functions
php_admin_value[disable_functions] = dl,exec,passthru,shell_exec,system,proc_open,popen,curl_exec,curl_multi_exec,parse_ini_file,show_source
As you can see, it defines certain directories to be used with open_basedir and it disables the use of some potentially dangerous system functions.
Save it as /etc/php5/fpm/pool.d/{DOM}.{TLD}.conf and restart PHP-FPM to activate it:
service php5-fpm restart
Remember to create a new webuser and webgroup for the new pool. If you don’t want to use a specific user and group for each account, then you could use www-data as the user and group.
Sockets vs. ports
Instead of using a port (9000 in the example above), it is also possible to use sockets. Replace the lines
listen = 127.0.0.1:9000
listen.allowed_clients = 127.0.0.1
with
listen = /var/run/php5-fpm/{DOM}.{TLD}.sock
listen.owner = {WEBUSER}
listen.group = {WEBGROUP}
listen.mode = 0660
(Make sure /var/run/php5-fpm/ exists. If not, create the directory.)
To use the socket, change the nginx config file. Replace the line:
fastcgi_pass 127.0.0.1:9000;
with:
fastcgi_pass unix:/var/run/php5-fpm/{DOM}.{TLD}.sock;
As always, restart PHP5-FPM (and nginx) after making changes to any of the pools.
Error reporting
If you want to turn on error reporting, you can add the following line to the pool:
catch_workers_output = yes
This will log the errors in /var/log/php5-fpm.log.
To display errors on the screen add this to the pool:
php_admin_value[display_errors] = on
(By default error_reporting is set to E_ALL &~ E_DEPRECATED.)