Cheap VPS & Xen Server

Residential Proxy Network - Hourly & Monthly Packages

Using PHP5-FPM With Apache2 On OpenSUSE 12.1


This tutorial shows how you can install an Apache2 webserver on an OpenSUSE 12.1 server with PHP5 (through PHP-FPM) and MySQL support. PHP-FPM (FastCGI Process Manager) is an alternative PHP FastCGI implementation with some additional features useful for sites of any size, especially busier sites.

I do not issue any guarantee that this will work for you!

 

1 Preliminary Note

In this tutorial I use the hostname server1.example.com with the IP address 192.168.0.100. These settings might differ for you, so you have to replace them where appropriate.

 

2 Enabling Additional Repositories

We need to install mod_fastcgi later on which is available in a repository which is not enabled by default. We can enable it as follows:

zypper –gpg-auto-import-keys addrepo –name “Third-party modules for the Apache HTTP server. (Apache_openSUSE_12.1)” http://download.opensuse.org/repositories/Apache:/Modules/Apache_openSUSE_12.1/ apache-third-party-12.1

 

3 Installing MySQL 5

To install MySQL, we do this:

yast2 -i mysql mysql-client mysql-community-server

Then we create the system startup links for MySQL (so that MySQL starts automatically whenever the system boots) and start the MySQL server:

systemctl enable mysql.service
systemctl start mysql.service

To secure the MySQL installation, run:

mysql_secure_installation

Now you will be asked several questions:

server1:~ # mysql_secure_installation

NOTE: RUNNING ALL PARTS OF THIS SCRIPT IS RECOMMENDED FOR ALL MySQL
SERVERS IN PRODUCTION USE!  PLEASE READ EACH STEP CAREFULLY!

In order to log into MySQL to secure it, we’ll need the current
password for the root user.  If you’ve just installed MySQL, and
you haven’t set the root password yet, the password will be blank,
so you should just press enter here.

Enter current password for root (enter for none): <– ENTER
OK, successfully used password, moving on…

Setting the root password ensures that nobody can log into the MySQL
root user without the proper authorisation.

Set root password? [Y/n] <– Y
New password: <– fill in your desired MySQL root password
Re-enter new password: <– confirm that password
Password updated successfully!
Reloading privilege tables..
… Success!

By default, a MySQL installation has an anonymous user, allowing anyone
to log into MySQL without having to have a user account created for
them.  This is intended only for testing, and to make the installation
go a bit smoother.  You should remove them before moving into a
production environment.

Remove anonymous users? [Y/n] <– Y
 … Success!

Normally, root should only be allowed to connect from ‘localhost’.  This
ensures that someone cannot guess at the root password from the network.

Disallow root login remotely? [Y/n] <– Y
 … Success!

By default, MySQL comes with a database named ‘test’ that anyone can
access.  This is also intended only for testing, and should be removed
before moving into a production environment.

Remove test database and access to it? [Y/n] <– Y
 – Dropping test database…
… Success!
– Removing privileges on test database…
… Success!

Reloading the privilege tables will ensure that all changes made so far
will take effect immediately.

Reload privilege tables now? [Y/n] <– Y
 … Success!

Cleaning up…

All done!  If you’ve completed all of the above steps, your MySQL
installation should now be secure.

Thanks for using MySQL!

server1:~ #

Now your MySQL setup should be secured.

 

4 Installing Apache2

Apache2 is available as an OpenSUSE package, therefore we can install it like this:

yast2 -i apache2

Now configure your system to start Apache at boot time…

systemctl enable apache2.service

… and start Apache:

systemctl start apache2.service

Now direct your browser to http://192.168.0.100, and you should see the Apache2 placeholder page (don’t worry about the 403 error, this happens because there’s no index file (e.g. index.html) in the document root directory):

1

Apache’s default document root is /srv/www/htdocs/ on OpenSUSE, and the configuration file is /etc/apache2/httpd.conf. Additional configurations are stored in the /etc/apache2/conf.d/ directory.

5 Installing PHP5

We can make PHP5 work in Apache2 through PHP-FPM and Apache’s mod_fastcgi module which we install as follows:

yast -i apache2-mod_fastcgi php5-fpm

Before we start PHP-FPM, rename /etc/php5/fpm/php-fpm.conf.default to /etc/php5/fpm/php-fpm.conf:

mv /etc/php5/fpm/php-fpm.conf.default /etc/php5/fpm/php-fpm.conf

Change the permissions of PHP’s session directory:

chmod 1733 /var/lib/php5

Then open /etc/php5/fpm/php-fpm.conf

vi /etc/php5/fpm/php-fpm.conf

… and change error_log to /var/log/php-fpm.log and uncomment pm.min_spare_servers and pm.max_spare_servers:

[...]
error_log = /var/log/php-fpm.log
[...]
pm.min_spare_servers = 5
[...]
pm.max_spare_servers = 35
[...]

Next create the system startup links for php-fpm and start it:

systemctl enable php-fpm.service
systemctl start php-fpm.service

PHP-FPM is a daemon process that runs a FastCGI server on port 9000, as you can see in the output of

netstat -tapn

server1:~ # netstat -tapn
Active Internet connections (servers and established)
Proto Recv-Q Send-Q Local Address           Foreign Address         State       PID/Program name
tcp        0      0 0.0.0.0:80              0.0.0.0:*               LISTEN      2329/nginx
tcp        0      0 0.0.0.0:22              0.0.0.0:*               LISTEN      1204/sshd
tcp        0      0 127.0.0.1:9000          0.0.0.0:*               LISTEN      2511/php-fpm.conf)
tcp        0      0 0.0.0.0:3306            0.0.0.0:*               LISTEN      2059/mysqld
tcp        0      0 192.168.0.100:22        192.168.0.199:1632      ESTABLISHED 1284/0
tcp        0      0 :::22                   :::*                    LISTEN      1204/sshd
server1:~ #

Next enable the following Apache modules…

a2enmod actions
a2enmod fastcgi
a2enmod alias

… disable mod_php5…

a2dismod php5

… and restart Apache:

systemctl restart apache2.service

6 Configuring Apache

To make Apache work with PHP-FPM, we need the following configuration:

        <IfModule mod_fastcgi.c>
                <Directory "/usr/lib/cgi-bin">
                        AllowOverride None
                        Options +ExecCGI -Includes
                        SetHandler fastcgi-script
                        Order allow,deny
                        Allow from all
                </Directory>
                DirectoryIndex index.html index.shtml index.cgi index.php
                AddHandler php5-fcgi .php
                Action php5-fcgi /php5-fcgi
                Alias /php5-fcgi /usr/lib/cgi-bin/php5-fcgi
                FastCgiExternalServer /usr/lib/cgi-bin/php5-fcgi -host 127.0.0.1:9000 -pass-header Authorization
        </IfModule>

(To learn more about the FastCgiExternalServer directive, take a look at http://www.fastcgi.com/mod_fastcgi/docs/mod_fastcgi.html#FastCgiExternalServer.)

You can put it in the global Apache configuration (so it’s enabled for all vhosts), for example in /etc/apache2/conf.d/mod_fastcgi.conf, or you can place it in each vhost that should use PHP-FPM. I want to use PHP-FPM with all vhosts so I open /etc/apache2/conf.d/mod_fastcgi.conf

vi /etc/apache2/conf.d/mod_fastcgi.conf

… and put the following section at the end:

[...]
        <IfModule mod_fastcgi.c>
                <Directory "/usr/lib/cgi-bin">
                        AllowOverride None
                        Options +ExecCGI -Includes
                        SetHandler fastcgi-script
                        Order allow,deny
                        Allow from all
                </Directory>
                DirectoryIndex index.html index.shtml index.cgi index.php
                AddHandler php5-fcgi .php
                Action php5-fcgi /php5-fcgi
                Alias /php5-fcgi /usr/lib/cgi-bin/php5-fcgi
                FastCgiExternalServer /usr/lib/cgi-bin/php5-fcgi -host 127.0.0.1:9000 -pass-header Authorization
        </IfModule>

The /usr/lib/cgi-bin/ directory must exist, so we create it as follows:

mkdir /usr/lib/cgi-bin/

Restart Apache afterwards:

systemctl restart apache2.service

Now create the following PHP file in the document root /srv/www/htdocs of the default Apache vhost:

vi /srv/www/htdocs/info.php

<?php
phpinfo();
?>

Now we call that file in a browser (e.g. http://192.168.0.100/info.php):

2

As you see, PHP5 is working, and it’s working through FPM/FastCGI, as shown in the Server API line. If you scroll further down, you will see all modules that are already enabled in PHP5. MySQL is not listed there which means we don’t have MySQL support in PHP5 yet.

 

7 Getting MySQL Support In PHP5

To get MySQL support in PHP, we can install the php5-mysql package. It’s a good idea to install some other PHP5 modules as well as you might need them for your applications:

yast2 -i php5-mysql php5-bcmath php5-bz2 php5-calendar php5-ctype php5-curl php5-dom php5-ftp php5-gd php5-gettext php5-gmp php5-iconv php5-imap php5-ldap php5-mbstring php5-mcrypt php5-odbc php5-openssl php5-pcntl php5-pgsql php5-posix php5-shmop php5-snmp php5-soap php5-sockets php5-sqlite php5-sysvsem php5-tokenizer php5-wddx php5-xmlrpc php5-xsl php5-zlib php5-exif php5-fastcgi php5-pear php5-sysvmsg php5-sysvshm

Now reload PHP-FPM:

systemctl reload php-fpm.service

Now reload http://192.168.0.100/info.php in your browser and scroll down to the modules section again. You should now find lots of new modules there, including the MySQL module:

3

8 phpMyAdmin

phpMyAdmin is a web interface through which you can manage your MySQL databases.

phpMyAdmin can be installed as follows:

yast2 -i phpMyAdmin

To make sure that we can access phpMyAdmin from all websites created through ISPConfig later on by using /phpmyadmin (e.g. http://www.example.com/phpmyadmin) and /phpMyAdmin (e.g. http://www.example.com/phpMyAdmin), open /etc/apache2/conf.d/phpMyAdmin.conf

vi /etc/apache2/conf.d/phpMyAdmin.conf

… and add the following two aliases right at the beginning:

Alias /phpMyAdmin /srv/www/htdocs/phpMyAdmin
Alias /phpmyadmin /srv/www/htdocs/phpMyAdmin
[...]

Restart Apache and reload PHP-FPM:

systemctl restart apache2.service
systemctl reload php-fpm.service

Afterwards, you can access phpMyAdmin under http://192.168.0.100/phpMyAdmin/:

4

9 Making PHP-FPM Use A Unix Socket

By default PHP-FPM is listening on port 9000 on 127.0.0.1. It is also possible to make PHP-FPM use a Unix socket which avoids the TCP overhead. To do this, open /etc/php5/fpm/php-fpm.conf

vi /etc/php5/fpm/php-fpm.conf

… and make the listen line look as follows:

[...]
;listen = 127.0.0.1:9000
listen = /tmp/php5-fpm.sock
[...]

Also set the owner, group, and permissions of the socket as follows:

[...]
; Set permissions for unix socket, if one is used. In Linux, read/write
; permissions must be set in order to allow connections from a web server. Many
; BSD-derived systems allow connections regardless of permissions.
; Default Values: user and group are set as the running user
;                 mode is set to 0666
listen.owner = nobody
listen.group = nobody
listen.mode = 0666
[...]

Then reload PHP-FPM:

systemctl reload php-fpm.service

Next go through your Apache configuration and all your vhosts and change the lineFastCgiExternalServer /usr/lib/cgi-bin/php5-fcgi -host 127.0.0.1:9000 -pass-header Authorization to FastCgiExternalServer /usr/lib/cgi-bin/php5-fcgi -socket /tmp/php5-fpm.sock -pass-header Authorization, e.g. like this:

vi /etc/apache2/conf.d/mod_fastcgi.conf

[...]
        <IfModule mod_fastcgi.c>
                <Directory "/usr/lib/cgi-bin">
                        AllowOverride None
                        Options +ExecCGI -Includes
                        SetHandler fastcgi-script
                        Order allow,deny
                        Allow from all
                </Directory>
                DirectoryIndex index.html index.shtml index.cgi index.php
                AddHandler php5-fcgi .php
                Action php5-fcgi /php5-fcgi
                Alias /php5-fcgi /usr/lib/cgi-bin/php5-fcgi
                FastCgiExternalServer /usr/lib/cgi-bin/php5-fcgi -socket /tmp/php5-fpm.sock -pass-header Authorization
        </IfModule>

Finally reload Apache:

systemctl reload apache2.service

 

 

Comments

comments