Merge pull request #9 from polytan02/master

[enh] Add comments about dedicated php-fpm process

conf/nginx.conf

@@ -5,10 +5,21 @@ location YNH_WWW_PATH {
 
   # Example PHP configuration
   index index.php;
+
+  # Common parameter to increase upload size limit in conjuction with dedicated php-fpm file
+  #client_max_body_size 50M;
+
   try_files $uri $uri/ index.php;
   location ~ [^/]\.php(/|$) {
     fastcgi_split_path_info ^(.+?\.php)(/.*)$;
     fastcgi_pass unix:/var/run/php5-fpm.sock;
+    
+    # Filename to be changed if dedicated php-fpm process is required
+    # This is too be uised INSTEAD of line above
+    # Don't forget to adjust scripts install/upgrade/remove/backup accordingly
+    #
+    #fastcgi_pass unix:/var/run/php5-fpm-YNH_WWW_APP.sock;
+
     fastcgi_index index.php;
     include fastcgi_params;
     fastcgi_param   REMOTE_USER   $remote_user;

conf/php-fpm.conf

@@ -0,0 +1,251 @@
+; Start a new pool named 'www'.
+; the variable $pool can we used in any directive and will be replaced by the
+; pool name ('www' here)
+[YNH_WWW_APP]
+
+; Per pool prefix
+; It only applies on the following directives:
+; - 'slowlog'
+; - 'listen' (unixsocket)
+; - 'chroot'
+; - 'chdir'
+; - 'php_values'
+; - 'php_admin_values'
+; When not set, the global prefix (or /usr) applies instead.
+; Note: This directive can also be relative to the global prefix.
+; Default Value: none
+;prefix = /path/to/pools/$pool
+
+; The address on which to accept FastCGI requests.
+; Valid syntaxes are:
+;   'ip.add.re.ss:port'    - to listen on a TCP socket to a specific address on
+;                            a specific port;
+;   'port'                 - to listen on a TCP socket to all addresses on a
+;                            specific port;
+;   '/path/to/unix/socket' - to listen on a unix socket.
+; Note: This value is mandatory.
+listen = /var/run/php5-fpm-YNH_WWW_APP.sock
+
+; Set listen(2) backlog. A value of '-1' means unlimited.
+; Default Value: 128 (-1 on FreeBSD and OpenBSD)
+;listen.backlog = -1
+
+; List of ipv4 addresses of FastCGI clients which are allowed to connect.
+; Equivalent to the FCGI_WEB_SERVER_ADDRS environment variable in the original
+; PHP FCGI (5.2.2+). Makes sense only with a tcp listening socket. Each address
+; must be separated by a comma. If this value is left blank, connections will be
+; accepted from any ip address.
+; Default Value: any
+;listen.allowed_clients = 127.0.0.1
+
+; Set permissions for unix socket, if one is used. In Linux, read/write
+; permissions must be set in order to allow connections from a web server. Many
+; BSD-derived systems allow connections regardless of permissions.
+; Default Values: user and group are set as the running user
+;                 mode is set to 0666
+listen.owner = www-data
+listen.group = www-data
+listen.mode = 0600
+
+; Unix user/group of processes
+; Note: The user is mandatory. If the group is not set, the default user's group
+;       will be used.
+user = www-data
+group = www-data
+
+; Choose how the process manager will control the number of child processes.
+; Possible Values:
+;   static  - a fixed number (pm.max_children) of child processes;
+;   dynamic - the number of child processes are set dynamically based on the
+;             following directives:
+;             pm.max_children      - the maximum number of children that can
+;                                    be alive at the same time.
+;             pm.start_servers     - the number of children created on startup.
+;             pm.min_spare_servers - the minimum number of children in 'idle'
+;                                    state (waiting to process). If the number
+;                                    of 'idle' processes is less than this
+;                                    number then some children will be created.
+;             pm.max_spare_servers - the maximum number of children in 'idle'
+;                                    state (waiting to process). If the number
+;                                    of 'idle' processes is greater than this
+;                                    number then some children will be killed.
+; Note: This value is mandatory.
+pm = dynamic
+
+; The number of child processes to be created when pm is set to 'static' and the
+; maximum number of child processes to be created when pm is set to 'dynamic'.
+; This value sets the limit on the number of simultaneous requests that will be
+; served. Equivalent to the ApacheMaxClients directive with mpm_prefork.
+; Equivalent to the PHP_FCGI_CHILDREN environment variable in the original PHP
+; CGI.
+; Note: Used when pm is set to either 'static' or 'dynamic'
+; Note: This value is mandatory.
+pm.max_children = 6
+
+; The number of child processes created on startup.
+; Note: Used only when pm is set to 'dynamic'
+; Default Value: min_spare_servers + (max_spare_servers - min_spare_servers) / 2
+pm.start_servers = 3
+
+; The desired minimum number of idle server processes.
+; Note: Used only when pm is set to 'dynamic'
+; Note: Mandatory when pm is set to 'dynamic'
+pm.min_spare_servers = 3
+
+; The desired maximum number of idle server processes.
+; Note: Used only when pm is set to 'dynamic'
+; Note: Mandatory when pm is set to 'dynamic'
+pm.max_spare_servers = 5
+
+; The number of requests each child process should execute before respawning.
+; This can be useful to work around memory leaks in 3rd party libraries. For
+; endless request processing specify '0'. Equivalent to PHP_FCGI_MAX_REQUESTS.
+; Default Value: 0
+pm.max_requests = 500
+
+; The URI to view the FPM status page. If this value is not set, no URI will be
+; recognized as a status page. By default, the status page shows the following
+; information:
+;   accepted conn        - the number of request accepted by the pool;
+;   pool                 - the name of the pool;
+;   process manager      - static or dynamic;
+;   idle processes       - the number of idle processes;
+;   active processes     - the number of active processes;
+;   total processes      - the number of idle + active processes.
+;   max children reached - number of times, the process limit has been reached,
+;                          when pm tries to start more children (works only for
+;                          pm 'dynamic')
+; The values of 'idle processes', 'active processes' and 'total processes' are
+; updated each second. The value of 'accepted conn' is updated in real time.
+; Example output:
+;   accepted conn:        12073
+;   pool:                 www
+;   process manager:      static
+;   idle processes:       35
+;   active processes:     65
+;   total processes:      100
+;   max children reached: 1
+; By default the status page output is formatted as text/plain. Passing either
+; 'html' or 'json' as a query string will return the corresponding output
+; syntax. Example:
+;   http://www.foo.bar/status
+;   http://www.foo.bar/status?json
+;   http://www.foo.bar/status?html
+; Note: The value must start with a leading slash (/). The value can be
+;       anything, but it may not be a good idea to use the .php extension or it
+;       may conflict with a real PHP file.
+; Default Value: not set
+pm.status_path = /fpm-status
+
+; The ping URI to call the monitoring page of FPM. If this value is not set, no
+; URI will be recognized as a ping page. This could be used to test from outside
+; that FPM is alive and responding, or to
+; - create a graph of FPM availability (rrd or such);
+; - remove a server from a group if it is not responding (load balancing);
+; - trigger alerts for the operating team (24/7).
+; Note: The value must start with a leading slash (/). The value can be
+;       anything, but it may not be a good idea to use the .php extension or it
+;       may conflict with a real PHP file.
+; Default Value: not set
+ping.path = /ping
+
+; This directive may be used to customize the response of a ping request. The
+; response is formatted as text/plain with a 200 response code.
+; Default Value: pong
+;ping.response = pong
+
+; The timeout for serving a single request after which the worker process will
+; be killed. This option should be used when the 'max_execution_time' ini option
+; does not stop script execution for some reason. A value of '0' means 'off'.
+; Available units: s(econds)(default), m(inutes), h(ours), or d(ays)
+; Default Value: 0
+request_terminate_timeout = 120s
+
+; The timeout for serving a single request after which a PHP backtrace will be
+; dumped to the 'slowlog' file. A value of '0s' means 'off'.
+; Available units: s(econds)(default), m(inutes), h(ours), or d(ays)
+; Default Value: 0
+request_slowlog_timeout = 5s
+
+; The log file for slow requests
+; Default Value: not set
+; Note: slowlog is mandatory if request_slowlog_timeout is set
+slowlog = /var/log/nginx/YNH_WWW_APP.slow.log
+
+; Set open file descriptor rlimit.
+; Default Value: system defined value
+rlimit_files = 4096
+
+; Set max core size rlimit.
+; Possible Values: 'unlimited' or an integer greater or equal to 0
+; Default Value: system defined value
+rlimit_core = 0
+
+; Chroot to this directory at the start. This value must be defined as an
+; absolute path. When this value is not set, chroot is not used.
+; Note: you can prefix with '$prefix' to chroot to the pool prefix or one
+; of its subdirectories. If the pool prefix is not set, the global prefix
+; will be used instead.
+; Note: chrooting is a great security feature and should be used whenever
+;       possible. However, all PHP paths will be relative to the chroot
+;       (error_log, sessions.save_path, ...).
+; Default Value: not set
+;chroot =
+
+; Chdir to this directory at the start.
+; Note: relative path can be used.
+; Default Value: current directory or / when chroot
+chdir = /var/www/YNH_WWW_ALIAS
+
+; Redirect worker stdout and stderr into main error log. If not set, stdout and
+; stderr will be redirected to /dev/null according to FastCGI specs.
+; Note: on highloaded environement, this can cause some delay in the page
+; process time (several ms).
+; Default Value: no
+catch_workers_output = yes
+
+; Pass environment variables like LD_LIBRARY_PATH. All $VARIABLEs are taken from
+; the current environment.
+; Default Value: clean env
+;env[HOSTNAME] = $HOSTNAME
+;env[PATH] = /usr/local/bin:/usr/bin:/bin
+;env[TMP] = /tmp
+;env[TMPDIR] = /tmp
+;env[TEMP] = /tmp
+
+; Additional php.ini defines, specific to this pool of workers. These settings
+; overwrite the values previously defined in the php.ini. The directives are the
+; same as the PHP SAPI:
+;   php_value/php_flag             - you can set classic ini defines which can
+;                                    be overwritten from PHP call 'ini_set'.
+;   php_admin_value/php_admin_flag - these directives won't be overwritten by
+;                                     PHP call 'ini_set'
+; For php_*flag, valid values are on, off, 1, 0, true, false, yes or no.
+
+; Defining 'extension' will load the corresponding shared extension from
+; extension_dir. Defining 'disable_functions' or 'disable_classes' will not
+; overwrite previously defined php.ini values, but will append the new value
+; instead.
+
+; Note: path INI options can be relative and will be expanded with the prefix
+; (pool, global or /usr)
+
+; Default Value: nothing is defined by default except the values in php.ini and
+;                specified at startup with the -d argument
+;php_admin_value[sendmail_path] = /usr/sbin/sendmail -t -i -f www@my.domain.com
+;php_flag[display_errors] = off
+;php_admin_value[error_log] = /var/log/fpm-php.www.log
+;php_admin_flag[log_errors] = on
+;php_admin_value[memory_limit] = 32M
+
+# Common values to change to increase file upload limit
+;php_value[upload_max_filesize] = 50M
+;php_value[post_max_size] = 50M
+;php_value[mail.add_x_header] = Off
+
+# Other common parameters
+;php_value[max_execution_time] = 600
+;php_value[max_input_time] = 300
+;php_value[memory_limit] = 256M
+;php_value[short_open_tag] = On
+

scripts/backup

@@ -13,3 +13,8 @@ sudo cp -a /var/www/$app/. $backup_dir/sources
 sudo cp -a /etc/yunohost/apps/$app/. $backup_dir/yunohost
 domain=$(sudo yunohost app setting $app domain)
 sudo cp -a /etc/nginx/conf.d/$domain.d/$app.conf $backup_dir/nginx.conf
+
+# If a dedicated php-fpm process is used :
+# Copy dedicated php-fpm process to backup folder
+#
+#sudo cp -a /etc/php5/fpm/pool.d/$app.conf $backup_dir/php-fpm.conf

scripts/install

@@ -25,8 +25,23 @@ sudo cp -a ../sources/* $final_path
 # Modify Nginx configuration file and copy it to Nginx conf directory
 sed -i "s@YNH_WWW_PATH@$path@g" ../conf/nginx.conf
 sed -i "s@YNH_WWW_ALIAS@$final_path/@g" ../conf/nginx.conf
+# If a dedicated php-fpm process is used :
+# Don't forget to modify ../conf/nginx.conf accordingly or your app will not work !
+#
+#sudo sed -i "s@YNH_WWW_APP@$app@g" ../conf/nginx.conf
 sudo cp ../conf/nginx.conf /etc/nginx/conf.d/$domain.d/$app.conf
 
+# If a dedicated php-fpm process is used :
+# Adjustment and copy dedicated php-fpm conf file
+# Don't forget to modify ../conf/php-fpm.conf accordingly or your app will not work !
+#
+#sed -i "s@YNH_WWW_APP@$app@g" ../conf/php-fpm.conf
+#sed -i "s@YNH_WWW_ALIAS@$final_path/@g" ../conf/php-fpm.conf
+#finalphpconf=/etc/php5/fpm/pool.d/$app.conf
+#sudo cp ../conf/php-fpm.conf $finalphpconf
+#sudo chown root: $finalphpconf
+#sudo chmod 644 $finalphpconf
+
 # If app is public, add url to SSOWat conf as skipped_uris
 if [ "$is_public" = "Yes" ];
 then
@@ -34,6 +49,13 @@ then
   sudo yunohost app setting $app unprotected_uris -v "/"
 fi
 
+
+# If dedicated php-fpm process :
+#
+#sudo service php5-fpm reload
+
 # Restart services
 sudo service nginx reload
 sudo yunohost app ssowatconf
+
+

scripts/remove

@@ -13,6 +13,11 @@ sudo rm -rf /var/www/$app
 # Remove configuration files
 sudo rm -f /etc/nginx/conf.d/$domain.d/$app.conf
 
+# If a dedicated php-fpm process is used :
+#
+#sudo rm -f /etc/php5/fpm/pool.d/$app.conf
+#sudo service php5-fpm reload
+
 # Restart services
 sudo service nginx reload
 sudo yunohost app ssowatconf

scripts/restore

@@ -12,5 +12,12 @@ sudo cp -a $backup_dir/yunohost/. /etc/yunohost/apps/$app
 domain=$(sudo yunohost app setting $app domain)
 sudo cp -a $backup_dir/nginx.conf /etc/nginx/conf.d/$domain.d/$app.conf
 
+# If a dedicated php-fpm process is used :
+# Copy dedicated php-fpm process from backup folder to the right location
+# And restart service
+#
+#sudo cp -a $backup_dir/php-fpm.conf /etc/php5/fpm/pool.d/$app.conf
+#sudo service php5-fpm reload
+
 # Restart webserver
-sudo service nginx reload
+sudo service nginx reload

scripts/upgrade

@@ -18,8 +18,21 @@ sudo cp -a ../sources/* $final_path
 # Modify Nginx configuration file and copy it to Nginx conf directory
 sed -i "s@YNH_WWW_PATH@$path@g" ../conf/nginx.conf
 sed -i "s@YNH_WWW_ALIAS@$final_path/@g" ../conf/nginx.conf
+# If a dedicated php-fpm process is used :
+#
+#sudo sed -i "s@YNH_WWW_APP@$app@g" ../conf/nginx.conf
 sudo cp ../conf/nginx.conf /etc/nginx/conf.d/$domain.d/$app.conf
 
+# If a dedicated php-fpm process is used :
+# Adjustment and copy dedicated php-fpm conf file
+#
+#sed -i "s@YNH_WWW_APP@$app@g" ../conf/php-fpm.conf
+#sed -i "s@YNH_WWW_ALIAS@$final_path/@g" ../conf/php-fpm.conf
+#finalphpconf=/etc/php5/fpm/pool.d/$app.conf
+#sudo cp ../conf/php-fpm.conf $finalphpconf
+#sudo chown root: $finalphpconf
+#sudo chmod 644 $finalphpconf
+
 # If app is public, add url to SSOWat conf as skipped_uris
 if [ "$is_public" = "Yes" ];
 then
@@ -29,6 +42,10 @@ then
   sudo yunohost app setting $app skipped_uris -d
 fi
 
+# If a dedicated php-fpm process is used :
+#
+#sudo service php5-fpm restart
+
 # Restart services
 sudo service nginx reload
 sudo yunohost app ssowatconf

sources/README.md

@@ -0,0 +1,3 @@
+Place the sources of the webapp in this folder.
+
+This file can be removed.