how to use a dedicated php-fpm server

Events happening in the community are now at Drupal community events on www.drupal.org.
404's picture
Posted by 404 on August 8, 2011 at 9:12am

I am using perusio's nginx conf for drupal.

I tried to use a php-fpm server instead of the localhost one:

step 1: edit nginx conf

# -- mode: nginx; mode: flyspell-prog; mode: autopair; ispell-local-dictionary: "american" --

### Upstream configuration for PHP FastCGI.

## Add as many servers as needed. Cf. http://wiki.nginx.org/HttpUpstreamModule.
upstream phpcgi {
    #server 127.0.0.1:9000;
    server 129.0.0.48:9000;
}

step 2: edit php5 fpm conf

On 129.0.0.48, I use the ppa:nginx repo.

I edited /etc/php5/fpm/pool.d/www.conf

; List of ipv4 addresses of FastCGI clients which are allowed to connect.
; Equivalent to the FCGI_WEB_SERVER_ADDRS environment variable in the original
; PHP FCGI (5.2.2+). Makes sense only with a tcp listening socket. Each address
; must be separated by a comma. If this value is left blank, connections will be
; accepted from any ip address.
; Default Value: any
;listen.allowed_clients = 127.0.0.1

;129.0.0.223 is the server nginx running on
listen.allowed_clients = 127.0.0.1, 129.0.0.223, 129.0.0.48,

step 3: clone the drupal code base

I cloned the drupal code base in 129.0.0.48, same directory as the nginx one /var/www/d7 using git clone

problem:

If I used the 129.0.0.48 server, I got bad request.

Where did i go wrong?

Comments

The client, not the server

Posted by perusio on August 8, 2011 at 2:30pm
perusio's picture

You must enable the client. What's the IP of the server calling the fpm daemon on 129.0.0.48? The line:

listen.allowed_clients = 127.0.0.1, 129.0.0.223, 129.0.0.48

Is enabling the loopback, 129.0.023 and 129.0.0.48 for issuing requests to this fpm daemon.

Show the log, please.

more info with some logs

Posted by 404 on August 9, 2011 at 9:56am
404's picture

On server A

In the nginx logs/access.log, I have

192.168.12.199 - - [09/Aug/2011:09:12:57 +0800] "GET /php.info/phpcgiinfo.php HTTP/1.1" 502 383 "http://129.0.0.223/php.info/" "Mozilla/5.0 (X11; Linux i686) AppleWebKit/534.24 (KHTML, like Gecko) Ubuntu/10.10 Chromium/11.0.696.71 Chrome/11.0.696.71 Safari/534.24"

nginx logs/errors.log

2011/08/09 09:12:57 [error] 11749#0: *913439 connect() failed (111: Connection refused) while connecting to upstream, client: 192.168.12.199, server: 129.0.0.223, request: "GET /php.info/phpcgiinfo.php HTTP/1.1", upstream: "fastcgi://129.0.0.48:9000", host: "129.0.0.223", referrer: "http://129.0.0.223/php.info/"

In the browser I have:

http://129.0.0.223/php.info/phpcgiinfo.php

    The page you are looking for is temporarily unavailable.
            Please try again later.

On server B

/var/log/php5-fpm.log

Aug 09 09:18:49.018315 [WARNING] [pool www] pm.start_servers is not set. It's been set to 20.
Aug 09 09:18:49.018352 [NOTICE] configuration file /etc/php5/fpm/main.conf test is successful

Aug 09 09:18:49.037151 [WARNING] [pool www] pm.start_servers is not set. It's been set to 20.
Aug 09 09:18:49.038235 [NOTICE] fpm is running, pid 6519
Aug 09 09:18:49.043539 [NOTICE] ready to handle connections

That's all on the log.

I don't know where to find other php logs. They are not in /var/log/syslog

That's strange

Posted by perusio on August 9, 2011 at 8:38pm
perusio's picture

the URL http://129.0.0.223/php.info/phpcgiinfo.php is not handled by the config. The config routes all 404s to index.php which is an exact location.

The URL above assumes that you have a location for handling the URI '/php.info/phpcgiinfo.php'. Also it appears to exist a redirect from '/php.info' to
'/php.info/phpcgiinfo.php`.

There are a lot of possibilities for the source of the error you're having. You have to drill down and start locally.

  1. Can you connect from the local machine, i.e., via loopback?

  2. Could be a listening queue issue on the PHP side. Nginx is 1000+ of magnitude faster than PHP so it could be that it's forwarding the connections
    to the fastcgi daemon and it can't cope with it. For starters check listen.backlog.

    Check the php-fpm socket status with netstat -nlp | grep fpm.

Can you connect from the

Posted by 404 on August 10, 2011 at 3:33am
404's picture

Can you connect from the local machine, i.e., via loopback?

Yes, it works on loopback.

Thank you very much for the pointer to php-fpm conf on php.net

problem solved by now

Posted by 404 on August 10, 2011 at 3:16am
404's picture

I have to bind fastcgi to only a port but not a ip, then allow it to be connected by any ip address.

This is strange but in my case only such combination works.

; The address on which to accept FastCGI requests.
; Valid syntaxes are:
;   'ip.add.re.ss:port'    - to listen on a TCP socket to a specific address on
;                            a specific port;
;   'port'                 - to listen on a TCP socket to all addresses on a
;                            specific port;
;   '/path/to/unix/socket' - to listen on a unix socket.
; Note: This value is mandatory.
; listen = 127.0.0.1:9000,  129.0.0.48:9000
; 404:  it works if i only sets the port.  Sets ip with prot would fail: this machine refuses to handle the php processing requests.
listen = 9000


; List of ipv4 addresses of FastCGI clients which are allowed to connect.
; Equivalent to the FCGI_WEB_SERVER_ADDRS environment variable in the original
; PHP FCGI (5.2.2+). Makes sense only with a tcp listening socket. Each address
; must be separated by a comma. If this value is left blank, connections will be
; accepted from any ip address.
; Default Value: any
;listen.allowed_clients = 127.0.0.1
; 404:I have to comment out this to allow access from any ip. Setting this to any value causes this machine to
; refuse to handle the php processing requests.
; listen.allowed_clients = 127.0.0.1, 129.0.0.223

Hmm: right, I overlooked that

Posted by perusio on August 10, 2011 at 3:29pm
perusio's picture

You're specifying the port only, so I suppose it binds to all interfaces. Probably the socket binding as a security measure disallows the connection of anything that is not on the loopback.

Took me few days, pheeew

Posted by snovak7 on September 9, 2015 at 5:54pm
snovak7's picture

I know it took some time, but if you want many addresses (I particularly wanted allowed_clients), remove any whitespaces! and just comma in between...