diff --git a/Makefile b/Makefile index e04d9da..cb274ad 100644 --- a/Makefile +++ b/Makefile @@ -24,8 +24,7 @@ RESET = "\e[0m" COMPOSE = ./srcs/docker-compose.yml -IMAGES = test \ - nginx \ +IMAGES = nginx \ mariadb \ wordpress diff --git a/NetrwTreeListing 9 b/NetrwTreeListing 9 deleted file mode 100644 index e69de29..0000000 diff --git a/README.md b/README.md index f133aa0..933ef29 100644 --- a/README.md +++ b/README.md @@ -8,7 +8,7 @@ - communication between two containers : https://www.tutorialworks.com/container-networking/ - connecting two containers : https://stackoverflow.com/questions/45481943/connecting-two-docker-containers - connect mysql docker to another : https://stackoverflow.com/questions/54901581/connect-to-a-mysql-server-running-in-a-docker-container-from-another-container -- fail with 'vant connect' : https://stackoverflow.com/questions/23234379/installing-mysql-in-docker-fails-with-error-message-cant-connect-to-local-mysq +- fail with 'cant connect' : https://stackoverflow.com/questions/23234379/installing-mysql-in-docker-fails-with-error-message-cant-connect-to-local-mysq - maybe do something like starting mysql in wpdocker with hostname of mysql-docker ? mysql -h hostname ? - or with port:port-protocol ? with tcp ? @@ -78,6 +78,7 @@ - [use env variable with compose](https://docs.docker.com/compose/environment-variables/) - [using DEBIAN_FRONTEND=noninteractive disouraged in dockerfile](https://bobcares.com/blog/debian_frontendnoninteractive-docker/) - [docker network](https://docs.docker.com/network/) +- [depends_on](https://docs.docker.com/compose/compose-file/#depends_on) ###### docker pid 1 - nginx by default will create some child process (a master and some workers), then it quits (doc ?) @@ -171,6 +172,7 @@ - [mysql commande line](https://mariadb.com/kb/en/mysql-command-line-client/) - [use mysql in script](https://stackoverflow.com/questions/59608632/mariadb-create-database-and-execute-sql-script-without-character-from-the) - [no need to use FLUSH PRIVILEGES after GRANT](https://stackoverflow.com/questions/36463966/mysql-when-is-flush-privileges-in-mysql-really-needed) +- [mysqld](https://dev.mysql.com/doc/refman/8.0/en/mysqld.html) ###### mariadb basic commands : - create user : @@ -205,7 +207,6 @@ - wget https://wordpress.org/latest.tar.gz - tar -xzvf latest.tar.gz -- [install wp with wp-cli](https://make.wordpress.org/cli/handbook/how-to-install/) - [php-fpm : Fastcgi Process Manager](https://en.wikipedia.org/wiki/FastCGI) - [install wp-cli](https://make.wordpress.org/cli/handbook/guides/installing/) - [cli commands](https://developer.wordpress.org/cli/commands/) diff --git a/srcs/.env b/srcs/.env index ba967ed..6e0ac30 100644 --- a/srcs/.env +++ b/srcs/.env @@ -1,20 +1,20 @@ -#DOMAIN_NAME=wil.42.fr -## certificates -#CERTS_=./XXXXXXXXXXXX -## MARIADB SETUP +# MARIADB SETUP + DB_NAME=db_wp_inception DB_USER=user_wp_inception DB_PSWD="if you read this i will have to erase your memory" -## TMP MARIADB SETUP -DB_NAME_TMP=db_wp_inception_tmp -DB_USER_TMP=user_wp_inception_tmp -DB_PSWD_TMP="if you read this i will have to erase your memory _tmp" +# WORDPRESS SETUP -## WORDPRESS SETUP +WP_DIR=/var/www/html WP_URL=hulamy.42.fr -WP_TITLE="le blog !" -WP_ADMIN=hulamy +WP_TITLE=title + +WP_ADMIN=admin WP_ADMIN_PSWD="you shall not password !" -WP_ADMIN_EMAIL=hulamy@42.fr +WP_ADMIN_EMAIL=admin@email.fr + +WP_USER=user +WP_USER_PSWD="it's a secret for nobody" +WP_USER_EMAIL=user@email.fr diff --git a/srcs/docker-compose.yml b/srcs/docker-compose.yml index 002f65f..9831b03 100644 --- a/srcs/docker-compose.yml +++ b/srcs/docker-compose.yml @@ -8,18 +8,10 @@ version: "3.8" services: -# --------------------------------- -# test: -# build: -# context: ./requirements/test -# dockerfile: Dockerfile -# image: test -# container_name: mytest # --------------------------------- nginx: #restart: on-failure ports: - - "80:80" - "443:443" build: context: ./requirements/nginx @@ -27,36 +19,34 @@ services: image: nginx container_name: mynginx # --------------------------------- - mariadb: - #restart: on-failure - env_file: .env - build: - context: ./requirements/mariadb - args: - - DB_NAME=${DB_NAME} - - DB_USER=${DB_USER} - - DB_PSWD=${DB_PSWD} - image: mariadb - container_name: mymariadb +# mariadb: +# #restart: on-failure +# networks: +# - inception-network +# env_file: .env +# build: +# context: ./requirements/mariadb +# args: +# - DB_NAME=${DB_NAME} +# - DB_USER=${DB_USER} +# - DB_PSWD=${DB_PSWD} +# image: mariadb +# container_name: mymariadb # --------------------------------- - wordpress: - #restart: on-failure - networks: - - inception-network - env_file: .env - build: - context: ./requirements/wordpress - args: - - WP_URL=${WP_URL} - - WP_TITLE=${WP_TITLE} - - WP_ADMIN=${WP_ADMIN} - - WP_ADMIN_PSWD=${WP_ADMIN_PSWD} - - WP_ADMIN_EMAIL=${WP_ADMIN_EMAIL} - - DB_NAME=${DB_NAME} - - DB_USER=${DB_USER} - - DB_PSWD=${DB_PSWD} - image: wordpress - container_name: mywordpress +# wordpress: +# #restart: on-failure +# networks: +# - inception-network +# env_file: .env +# build: +# context: ./requirements/wordpress +# args: +# - WP_DIR=${WP_DIR} +## depends_on: +## mariadb: +## condition: service_completed_successfully +# image: wordpress +# container_name: mywordpress networks: inception-network: diff --git a/srcs/requirements/mariadb/Dockerfile b/srcs/requirements/mariadb/Dockerfile index 4a00e6b..509da08 100644 --- a/srcs/requirements/mariadb/Dockerfile +++ b/srcs/requirements/mariadb/Dockerfile @@ -6,9 +6,8 @@ ARG DB_PSWD RUN apt update && apt install -y \ mariadb-client \ - mariadb-server \ - && \ - rm -rf /var/lib/apt/lists/* + mariadb-server +RUN rm -rf /var/lib/apt/lists/* # configure wp database RUN service mysql start && \ @@ -16,5 +15,12 @@ RUN service mysql start && \ mariadb --execute="CREATE USER '${DB_USER}'@'localhost' IDENTIFIED BY '${DB_PSWD}';" && \ mariadb --execute="GRANT ALL PRIVILEGES ON ${DB_NAME}.* TO '${DB_USER}'@'localhost' with grant option;" -CMD [ "mysqld" ] +# # config file 50-server.cnf : +# # uncomment port = 3306 +# RUN sed -i "s/^#port/port /g" /etc/mysql/mariadb.conf.d/50-server.cnf +# # comment bind-address = 127.0.0.1 +# RUN sed -i "s/^bind-address /#bind-address/g" /etc/mysql/mariadb.conf.d/50-server.cnf +COPY ./conf/50-server.cnf ./ + +ENTRYPOINT [ "mysqld" ] diff --git a/srcs/requirements/mariadb/conf/50-server.cnf b/srcs/requirements/mariadb/conf/50-server.cnf new file mode 100644 index 0000000..6dd17f7 --- /dev/null +++ b/srcs/requirements/mariadb/conf/50-server.cnf @@ -0,0 +1,133 @@ +# +# These groups are read by MariaDB server. +# Use it for options that only the server (but not clients) should see +# +# See the examples of server my.cnf files in /usr/share/mysql + +# this is read by the standalone daemon and embedded servers +[server] + +# this is only for the mysqld standalone daemon +[mysqld] + +# +# * Basic Settings +# +user = mysql +pid-file = /run/mysqld/mysqld.pid +socket = /run/mysqld/mysqld.sock +port = 3306 +basedir = /usr +datadir = /var/lib/mysql +tmpdir = /tmp +lc-messages-dir = /usr/share/mysql +#skip-external-locking + +# Instead of skip-networking the default is now to listen only on +# localhost which is more compatible and is not less secure. +#bind-address = 127.0.0.1 + +# +# * Fine Tuning +# +#key_buffer_size = 16M +#max_allowed_packet = 16M +#thread_stack = 192K +#thread_cache_size = 8 +# This replaces the startup script and checks MyISAM tables if needed +# the first time they are touched +#myisam_recover_options = BACKUP +#max_connections = 100 +#table_cache = 64 +#thread_concurrency = 10 + +# +# * Query Cache Configuration +# +#query_cache_limit = 1M +query_cache_size = 16M + +# +# * Logging and Replication +# +# Both location gets rotated by the cronjob. +# Be aware that this log type is a performance killer. +# As of 5.1 you can enable the log at runtime! +#general_log_file = /var/log/mysql/mysql.log +#general_log = 1 +# +# Error log - should be very few entries. +# +log_error = /var/log/mysql/error.log +# +# Enable the slow query log to see queries with especially long duration +#slow_query_log_file = /var/log/mysql/mariadb-slow.log +#long_query_time = 10 +#log_slow_rate_limit = 1000 +#log_slow_verbosity = query_plan +#log-queries-not-using-indexes +# +# The following can be used as easy to replay backup logs or for replication. +# note: if you are setting up a replication slave, see README.Debian about +# other settings you may need to change. +#server-id = 1 +#log_bin = /var/log/mysql/mysql-bin.log +expire_logs_days = 10 +#max_binlog_size = 100M +#binlog_do_db = include_database_name +#binlog_ignore_db = exclude_database_name + +# +# * Security Features +# +# Read the manual, too, if you want chroot! +#chroot = /var/lib/mysql/ +# +# For generating SSL certificates you can use for example the GUI tool "tinyca". +# +#ssl-ca = /etc/mysql/cacert.pem +#ssl-cert = /etc/mysql/server-cert.pem +#ssl-key = /etc/mysql/server-key.pem +# +# Accept only connections using the latest and most secure TLS protocol version. +# ..when MariaDB is compiled with OpenSSL: +#ssl-cipher = TLSv1.2 +# ..when MariaDB is compiled with YaSSL (default in Debian): +#ssl = on + +# +# * Character sets +# +# MySQL/MariaDB default is Latin1, but in Debian we rather default to the full +# utf8 4-byte character set. See also client.cnf +# +character-set-server = utf8mb4 +collation-server = utf8mb4_general_ci + +# +# * InnoDB +# +# InnoDB is enabled by default with a 10MB datafile in /var/lib/mysql/. +# Read the manual for more InnoDB related options. There are many! + +# +# * Unix socket authentication plugin is built-in since 10.0.22-6 +# +# Needed so the root database user can authenticate without a password but +# only when running as the unix root user. +# +# Also available for other users if required. +# See https://mariadb.com/kb/en/unix_socket-authentication-plugin/ + +# this is only for embedded server +[embedded] + +# This group is only read by MariaDB servers, not by MySQL. +# If you use the same .cnf file for MySQL and MariaDB, +# you can put MariaDB-only options here +[mariadb] + +# This group is only read by MariaDB-10.3 servers. +# If you use the same .cnf file for MariaDB of different versions, +# use this group for options that older servers don't understand +[mariadb-10.3] diff --git a/srcs/requirements/nginx/Dockerfile b/srcs/requirements/nginx/Dockerfile index e8d86e6..c2f47cd 100644 --- a/srcs/requirements/nginx/Dockerfile +++ b/srcs/requirements/nginx/Dockerfile @@ -1,14 +1,11 @@ FROM debian:buster -RUN apt update && \ - apt install -y nginx openssl && \ - rm -rf /var/lib/apt/lists/* - -# for debug -#RUN apt install -y procps vim +RUN apt update && apt install -y \ + nginx openssl +RUN rm -rf /var/lib/apt/lists/* # create ssl certificate -RUN openssl req -newkey rsa:2048 -nodes -x509 \ +RUN openssl req -newkey rsa:2048 -nodes -x509 -days 365 \ -keyout /etc/ssl/private/hulamy.42.fr.key -out /etc/ssl/certs/hulamy.42.fr.crt \ -subj "/C=fr/ST=ile-de-france/L=paris/O=42/OU=inception/CN=hulamy.42.fr" @@ -16,11 +13,9 @@ RUN openssl req -newkey rsa:2048 -nodes -x509 \ COPY ./conf/nginx.conf /etc/nginx/ COPY ./conf/inception_nginx.conf /etc/nginx/conf.d/ -# for test COPY ./conf/index.html /data/www/ -COPY ./conf/https/index.html /data/wwws/ -CMD [ "nginx", "-g", "daemon off;" ] +ENTRYPOINT [ "nginx", "-g", "daemon off;" ] # diff --git a/srcs/requirements/nginx/conf/https/index.html b/srcs/requirements/nginx/conf/https/index.html deleted file mode 100644 index 804bf4e..0000000 --- a/srcs/requirements/nginx/conf/https/index.html +++ /dev/null @@ -1 +0,0 @@ -you are on https connection, yeah diff --git a/srcs/requirements/nginx/conf/inception_nginx.conf b/srcs/requirements/nginx/conf/inception_nginx.conf index 0f2ef62..9a91f86 100644 --- a/srcs/requirements/nginx/conf/inception_nginx.conf +++ b/srcs/requirements/nginx/conf/inception_nginx.conf @@ -1,29 +1,31 @@ # doc : https://nginx.org/en/docs/dirindex.html server { - listen 80; - listen [::]:80; + listen 443 ssl; # for ipv4, on port 443, specifying that accepted connections should works in ssl mode + listen [::]:443 ssl; # for ipv6 server_name hulamy.42.fr; - root /data/www/; + ssl_certificate /etc/ssl/certs/hulamy.42.fr.crt; # specifies the file with the ssl certificate (self signed here) generated by openssl + ssl_certificate_key /etc/ssl/private/hulamy.42.fr.key; # specifies the file with the secret key of the certificate - # switch between two following tests configurations - location / { try_files $uri /index.html; } # try files then redirect to index.html (https://nginx.org/en/docs/http/ngx_http_core_module.html#try_files) -# return 301 https://$host$request_uri; # redirect on https + root /var/www/html/; # contains default nginx index.nginx-debian.html + index index.html index.php; # defines files that will be used as index (https://nginx.org/en/docs/http/ngx_http_index_module.html) + + location / { + try_files $uri $uri/ =404; # from /etc/nginx/sites-enabled/default : First attempt to serve request as file, then as directory, then fall back to displaying a 404 + root /data/www/; + } + + # pass PHP scripts to FastCGI (PHP-FPM) server + location ~ \.php$ { + fastcgi_pass wordpress:9000; + + fastcgi_split_path_info ^(.+\.php)(/.+)$; + try_files $uri =404; + + include fastcgi_params; + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + + include /etc/nginx/fastcgi.conf; + fastcgi_index index.php; + } } - -#server { -# listen 443 ssl; # for ipv4, on port 443, specifying that accepted connections should works in ssl mode -# listen [::]:443 ssl; # for ipv6 -# server_name hulamy.42.fr; -# ssl_certificate /etc/ssl/certs/hulamy.42.fr.crt; # specifies the file with the ssl certificate (self signed here) generated by openssl -# ssl_certificate_key /etc/ssl/private/hulamy.42.fr.key; # specifies the file with the secret key of the certificate -# -# root /var/www/html/; # contains default nginx index.nginx-debian.html -# index index.html index.htm index.nginx-debian.html index.php; # defines files that will be used as index (https://nginx.org/en/docs/http/ngx_http_index_module.html) -# -# location / { -# try_files $uri $uri/ =404; # from /etc/nginx/sites-enabled/default : First attempt to serve request as file, then as directory, then fall back to displaying a 404 -# # for test -# root /data/wwws/; -# } -#} diff --git a/srcs/requirements/nginx/conf/index.html b/srcs/requirements/nginx/conf/index.html index 09a8734..a95200f 100644 --- a/srcs/requirements/nginx/conf/index.html +++ b/srcs/requirements/nginx/conf/index.html @@ -1 +1 @@ -you are on http connection, there is nothing for you there, you should go to https +hello world ! diff --git a/srcs/requirements/wordpress/Dockerfile b/srcs/requirements/wordpress/Dockerfile index d7ed091..7799f06 100644 --- a/srcs/requirements/wordpress/Dockerfile +++ b/srcs/requirements/wordpress/Dockerfile @@ -1,32 +1,27 @@ + FROM debian:buster RUN apt update && apt install -y \ php7.3 \ + php7.3-fpm \ + php7.3-mysqli \ + mariadb-client \ curl -# mariadb-client +RUN rm -rf /var/lib/apt/lists/* + +# config change address to accept FastCGI requests, to worpress:9000 +COPY ./conf/www.conf /etc/php/7.3/fpm/pool.d/ +RUN mkdir /run/php/ +## run service once to initialize +#RUN service php7.3-fpm start && \ +# service php7.3-fpm stop # install wp-cli : https://make.wordpress.org/cli/handbook/guides/installing/ RUN curl -O https://raw.githubusercontent.com/wp-cli/builds/gh-pages/phar/wp-cli.phar &&\ chmod +x wp-cli.phar && \ mv wp-cli.phar /usr/local/bin/wp -ARG WP_DIR=/var/www/html -#ARG WP_URL -#ARG WP_TITLE -#ARG WP_ADMIN -#ARG WP_ADMIN_PSWD -#ARG WP_ADMIN_EMAIL +COPY ./conf/wp_entrypoint.sh ./ -ARG DB_NAME -ARG DB_USER -ARG DB_PSWD - -# install wordpress with cli : https://make.wordpress.org/cli/handbook/how-to-install/ -RUN wp core download --path=${WP_DIR} --allow-root -# create config file : -RUN wp config create --dbname=${DB_NAME} --dbuser=${DB_USER} --dbpass=${DB_PASS} --path=${WP_DIR} --allow-root --skip-check -# create db : -#RUN service mysql start && wp db create --path=${WP_DIR} --allow-root -# install wordpress : -RUN wp core install --url=${WP_URL} --title=${WP_TITLE} --admin_user=${WP_ADMIN} --admin_password=${WP_ADMIN_PSWD} --admin_email=${WP_ADMIN_EMAIL} --path=${WP_DIR} --allow-root +ENTRYPOINT [ "sh", "wp_entrypoint.sh" ] diff --git a/srcs/requirements/wordpress/conf/wp_entrypoint.sh b/srcs/requirements/wordpress/conf/wp_entrypoint.sh new file mode 100644 index 0000000..091afe9 --- /dev/null +++ b/srcs/requirements/wordpress/conf/wp_entrypoint.sh @@ -0,0 +1,30 @@ +#!/bin/sh + +# install wordpress with cli : https://make.wordpress.org/cli/handbook/how-to-install/ +mkdir -p ${WP_DIR} +wp core download --path="${WP_DIR}" --allow-root + +## create config file : +wp config create \ + --dbhost=mariadb \ + --dbname="${DB_NAME}" \ + --dbuser="${DB_USER}" \ + --dbpass="${DB_PASS}" \ + --path="${WP_DIR}" --allow-root + +## install wordpress : +wp core install \ + --url="${WP_URL}" \ + --title="${WP_TITLE}" \ + --admin_user="${WP_ADMIN}" \ + --admin_email="${WP_ADMIN_EMAIL}" \ + --admin_password="${WP_ADMIN_PSWD}" \ + --skip-email \ + --path="${WP_DIR}" --allow-root +wp user create \ + ${WP_USER} ${WP_USER_EMAIL} \ + --user_pass=${WP_USER_PSWD} \ + --path=${WP_DIR} --allow-root +chown -R www-data:www-data /var/www/* +chmod 755 -R /var/www/* + diff --git a/srcs/requirements/wordpress/conf/www.conf b/srcs/requirements/wordpress/conf/www.conf new file mode 100644 index 0000000..e3e99b2 --- /dev/null +++ b/srcs/requirements/wordpress/conf/www.conf @@ -0,0 +1,439 @@ +; Start a new pool named 'www'. +; the variable $pool can be used in any directive and will be replaced by the +; pool name ('www' here) +[www] + +; Per pool prefix +; It only applies on the following directives: +; - 'access.log' +; - 'slowlog' +; - 'listen' (unixsocket) +; - 'chroot' +; - 'chdir' +; - 'php_values' +; - 'php_admin_values' +; When not set, the global prefix (or /usr) applies instead. +; Note: This directive can also be relative to the global prefix. +; Default Value: none +;prefix = /path/to/pools/$pool + +; Unix user/group of processes +; Note: The user is mandatory. If the group is not set, the default user's group +; will be used. +user = www-data +group = www-data + +; The address on which to accept FastCGI requests. +; Valid syntaxes are: +; 'ip.add.re.ss:port' - to listen on a TCP socket to a specific IPv4 address on +; a specific port; +; '[ip:6:addr:ess]:port' - to listen on a TCP socket to a specific IPv6 address on +; a specific port; +; 'port' - to listen on a TCP socket to all addresses +; (IPv6 and IPv4-mapped) on a specific port; +; '/path/to/unix/socket' - to listen on a unix socket. +; Note: This value is mandatory. +listen = wordpress:9000 + +; Set listen(2) backlog. +; Default Value: 511 (-1 on FreeBSD and OpenBSD) +;listen.backlog = 511 + +; Set permissions for unix socket, if one is used. In Linux, read/write +; permissions must be set in order to allow connections from a web server. Many +; BSD-derived systems allow connections regardless of permissions. The owner +; and group can be specified either by name or by their numeric IDs. +; Default Values: user and group are set as the running user +; mode is set to 0660 +listen.owner = www-data +listen.group = www-data +;listen.mode = 0660 +; When POSIX Access Control Lists are supported you can set them using +; these options, value is a comma separated list of user/group names. +; When set, listen.owner and listen.group are ignored +;listen.acl_users = +;listen.acl_groups = + +; List of addresses (IPv4/IPv6) of FastCGI clients which are allowed to connect. +; Equivalent to the FCGI_WEB_SERVER_ADDRS environment variable in the original +; PHP FCGI (5.2.2+). Makes sense only with a tcp listening socket. Each address +; must be separated by a comma. If this value is left blank, connections will be +; accepted from any ip address. +; Default Value: any +;listen.allowed_clients = 127.0.0.1 + +; Specify the nice(2) priority to apply to the pool processes (only if set) +; The value can vary from -19 (highest priority) to 20 (lower priority) +; Note: - It will only work if the FPM master process is launched as root +; - The pool processes will inherit the master process priority +; unless it specified otherwise +; Default Value: no set +; process.priority = -19 + +; Set the process dumpable flag (PR_SET_DUMPABLE prctl) even if the process user +; or group is differrent than the master process user. It allows to create process +; core dump and ptrace the process for the pool user. +; Default Value: no +; process.dumpable = yes + +; Choose how the process manager will control the number of child processes. +; Possible Values: +; static - a fixed number (pm.max_children) of child processes; +; dynamic - the number of child processes are set dynamically based on the +; following directives. With this process management, there will be +; always at least 1 children. +; pm.max_children - the maximum number of children that can +; be alive at the same time. +; pm.start_servers - the number of children created on startup. +; pm.min_spare_servers - the minimum number of children in 'idle' +; state (waiting to process). If the number +; of 'idle' processes is less than this +; number then some children will be created. +; pm.max_spare_servers - the maximum number of children in 'idle' +; state (waiting to process). If the number +; of 'idle' processes is greater than this +; number then some children will be killed. +; ondemand - no children are created at startup. Children will be forked when +; new requests will connect. The following parameter are used: +; pm.max_children - the maximum number of children that +; can be alive at the same time. +; pm.process_idle_timeout - The number of seconds after which +; an idle process will be killed. +; Note: This value is mandatory. +pm = dynamic + +; The number of child processes to be created when pm is set to 'static' and the +; maximum number of child processes when pm is set to 'dynamic' or 'ondemand'. +; This value sets the limit on the number of simultaneous requests that will be +; served. Equivalent to the ApacheMaxClients directive with mpm_prefork. +; Equivalent to the PHP_FCGI_CHILDREN environment variable in the original PHP +; CGI. The below defaults are based on a server without much resources. Don't +; forget to tweak pm.* to fit your needs. +; Note: Used when pm is set to 'static', 'dynamic' or 'ondemand' +; Note: This value is mandatory. +pm.max_children = 5 + +; The number of child processes created on startup. +; Note: Used only when pm is set to 'dynamic' +; Default Value: min_spare_servers + (max_spare_servers - min_spare_servers) / 2 +pm.start_servers = 2 + +; The desired minimum number of idle server processes. +; Note: Used only when pm is set to 'dynamic' +; Note: Mandatory when pm is set to 'dynamic' +pm.min_spare_servers = 1 + +; The desired maximum number of idle server processes. +; Note: Used only when pm is set to 'dynamic' +; Note: Mandatory when pm is set to 'dynamic' +pm.max_spare_servers = 3 + +; The number of seconds after which an idle process will be killed. +; Note: Used only when pm is set to 'ondemand' +; Default Value: 10s +;pm.process_idle_timeout = 10s; + +; The number of requests each child process should execute before respawning. +; This can be useful to work around memory leaks in 3rd party libraries. For +; endless request processing specify '0'. Equivalent to PHP_FCGI_MAX_REQUESTS. +; Default Value: 0 +;pm.max_requests = 500 + +; The URI to view the FPM status page. If this value is not set, no URI will be +; recognized as a status page. It shows the following informations: +; pool - the name of the pool; +; process manager - static, dynamic or ondemand; +; start time - the date and time FPM has started; +; start since - number of seconds since FPM has started; +; accepted conn - the number of request accepted by the pool; +; listen queue - the number of request in the queue of pending +; connections (see backlog in listen(2)); +; max listen queue - the maximum number of requests in the queue +; of pending connections since FPM has started; +; listen queue len - the size of the socket queue of pending connections; +; idle processes - the number of idle processes; +; active processes - the number of active processes; +; total processes - the number of idle + active processes; +; max active processes - the maximum number of active processes since FPM +; has started; +; max children reached - number of times, the process limit has been reached, +; when pm tries to start more children (works only for +; pm 'dynamic' and 'ondemand'); +; Value are updated in real time. +; Example output: +; pool: www +; process manager: static +; start time: 01/Jul/2011:17:53:49 +0200 +; start since: 62636 +; accepted conn: 190460 +; listen queue: 0 +; max listen queue: 1 +; listen queue len: 42 +; idle processes: 4 +; active processes: 11 +; total processes: 15 +; max active processes: 12 +; max children reached: 0 +; +; By default the status page output is formatted as text/plain. Passing either +; 'html', 'xml' or 'json' in the query string will return the corresponding +; output syntax. Example: +; http://www.foo.bar/status +; http://www.foo.bar/status?json +; http://www.foo.bar/status?html +; http://www.foo.bar/status?xml +; +; By default the status page only outputs short status. Passing 'full' in the +; query string will also return status for each pool process. +; Example: +; http://www.foo.bar/status?full +; http://www.foo.bar/status?json&full +; http://www.foo.bar/status?html&full +; http://www.foo.bar/status?xml&full +; The Full status returns for each process: +; pid - the PID of the process; +; state - the state of the process (Idle, Running, ...); +; start time - the date and time the process has started; +; start since - the number of seconds since the process has started; +; requests - the number of requests the process has served; +; request duration - the duration in µs of the requests; +; request method - the request method (GET, POST, ...); +; request URI - the request URI with the query string; +; content length - the content length of the request (only with POST); +; user - the user (PHP_AUTH_USER) (or '-' if not set); +; script - the main script called (or '-' if not set); +; last request cpu - the %cpu the last request consumed +; it's always 0 if the process is not in Idle state +; because CPU calculation is done when the request +; processing has terminated; +; last request memory - the max amount of memory the last request consumed +; it's always 0 if the process is not in Idle state +; because memory calculation is done when the request +; processing has terminated; +; If the process is in Idle state, then informations are related to the +; last request the process has served. Otherwise informations are related to +; the current request being served. +; Example output: +; ************************ +; pid: 31330 +; state: Running +; start time: 01/Jul/2011:17:53:49 +0200 +; start since: 63087 +; requests: 12808 +; request duration: 1250261 +; request method: GET +; request URI: /test_mem.php?N=10000 +; content length: 0 +; user: - +; script: /home/fat/web/docs/php/test_mem.php +; last request cpu: 0.00 +; last request memory: 0 +; +; Note: There is a real-time FPM status monitoring sample web page available +; It's available in: /usr/share/php/7.3/fpm/status.html +; +; Note: The value must start with a leading slash (/). The value can be +; anything, but it may not be a good idea to use the .php extension or it +; may conflict with a real PHP file. +; Default Value: not set +;pm.status_path = /status + +; The ping URI to call the monitoring page of FPM. If this value is not set, no +; URI will be recognized as a ping page. This could be used to test from outside +; that FPM is alive and responding, or to +; - create a graph of FPM availability (rrd or such); +; - remove a server from a group if it is not responding (load balancing); +; - trigger alerts for the operating team (24/7). +; Note: The value must start with a leading slash (/). The value can be +; anything, but it may not be a good idea to use the .php extension or it +; may conflict with a real PHP file. +; Default Value: not set +;ping.path = /ping + +; This directive may be used to customize the response of a ping request. The +; response is formatted as text/plain with a 200 response code. +; Default Value: pong +;ping.response = pong + +; The access log file +; Default: not set +;access.log = log/$pool.access.log + +; The access log format. +; The following syntax is allowed +; %%: the '%' character +; %C: %CPU used by the request +; it can accept the following format: +; - %{user}C for user CPU only +; - %{system}C for system CPU only +; - %{total}C for user + system CPU (default) +; %d: time taken to serve the request +; it can accept the following format: +; - %{seconds}d (default) +; - %{miliseconds}d +; - %{mili}d +; - %{microseconds}d +; - %{micro}d +; %e: an environment variable (same as $_ENV or $_SERVER) +; it must be associated with embraces to specify the name of the env +; variable. Some exemples: +; - server specifics like: %{REQUEST_METHOD}e or %{SERVER_PROTOCOL}e +; - HTTP headers like: %{HTTP_HOST}e or %{HTTP_USER_AGENT}e +; %f: script filename +; %l: content-length of the request (for POST request only) +; %m: request method +; %M: peak of memory allocated by PHP +; it can accept the following format: +; - %{bytes}M (default) +; - %{kilobytes}M +; - %{kilo}M +; - %{megabytes}M +; - %{mega}M +; %n: pool name +; %o: output header +; it must be associated with embraces to specify the name of the header: +; - %{Content-Type}o +; - %{X-Powered-By}o +; - %{Transfert-Encoding}o +; - .... +; %p: PID of the child that serviced the request +; %P: PID of the parent of the child that serviced the request +; %q: the query string +; %Q: the '?' character if query string exists +; %r: the request URI (without the query string, see %q and %Q) +; %R: remote IP address +; %s: status (response code) +; %t: server time the request was received +; it can accept a strftime(3) format: +; %d/%b/%Y:%H:%M:%S %z (default) +; The strftime(3) format must be encapsuled in a %{}t tag +; e.g. for a ISO8601 formatted timestring, use: %{%Y-%m-%dT%H:%M:%S%z}t +; %T: time the log has been written (the request has finished) +; it can accept a strftime(3) format: +; %d/%b/%Y:%H:%M:%S %z (default) +; The strftime(3) format must be encapsuled in a %{}t tag +; e.g. for a ISO8601 formatted timestring, use: %{%Y-%m-%dT%H:%M:%S%z}t +; %u: remote user +; +; Default: "%R - %u %t \"%m %r\" %s" +;access.format = "%R - %u %t \"%m %r%Q%q\" %s %f %{mili}d %{kilo}M %C%%" + +; The log file for slow requests +; Default Value: not set +; Note: slowlog is mandatory if request_slowlog_timeout is set +;slowlog = log/$pool.log.slow + +; The timeout for serving a single request after which a PHP backtrace will be +; dumped to the 'slowlog' file. A value of '0s' means 'off'. +; Available units: s(econds)(default), m(inutes), h(ours), or d(ays) +; Default Value: 0 +;request_slowlog_timeout = 0 + +; Depth of slow log stack trace. +; Default Value: 20 +;request_slowlog_trace_depth = 20 + +; The timeout for serving a single request after which the worker process will +; be killed. This option should be used when the 'max_execution_time' ini option +; does not stop script execution for some reason. A value of '0' means 'off'. +; Available units: s(econds)(default), m(inutes), h(ours), or d(ays) +; Default Value: 0 +;request_terminate_timeout = 0 + +; The timeout set by 'request_terminate_timeout' ini option is not engaged after +; application calls 'fastcgi_finish_request' or when application has finished and +; shutdown functions are being called (registered via register_shutdown_function). +; This option will enable timeout limit to be applied unconditionally +; even in such cases. +; Default Value: no +;request_terminate_timeout_track_finished = no + +; Set open file descriptor rlimit. +; Default Value: system defined value +;rlimit_files = 1024 + +; Set max core size rlimit. +; Possible Values: 'unlimited' or an integer greater or equal to 0 +; Default Value: system defined value +;rlimit_core = 0 + +; Chroot to this directory at the start. This value must be defined as an +; absolute path. When this value is not set, chroot is not used. +; Note: you can prefix with '$prefix' to chroot to the pool prefix or one +; of its subdirectories. If the pool prefix is not set, the global prefix +; will be used instead. +; Note: chrooting is a great security feature and should be used whenever +; possible. However, all PHP paths will be relative to the chroot +; (error_log, sessions.save_path, ...). +; Default Value: not set +;chroot = + +; Chdir to this directory at the start. +; Note: relative path can be used. +; Default Value: current directory or / when chroot +;chdir = /var/www + +; Redirect worker stdout and stderr into main error log. If not set, stdout and +; stderr will be redirected to /dev/null according to FastCGI specs. +; Note: on highloaded environement, this can cause some delay in the page +; process time (several ms). +; Default Value: no +;catch_workers_output = yes + +; Decorate worker output with prefix and suffix containing information about +; the child that writes to the log and if stdout or stderr is used as well as +; log level and time. This options is used only if catch_workers_output is yes. +; Settings to "no" will output data as written to the stdout or stderr. +; Default value: yes +;decorate_workers_output = no + +; Clear environment in FPM workers +; Prevents arbitrary environment variables from reaching FPM worker processes +; by clearing the environment in workers before env vars specified in this +; pool configuration are added. +; Setting to "no" will make all environment variables available to PHP code +; via getenv(), $_ENV and $_SERVER. +; Default Value: yes +;clear_env = no + +; Limits the extensions of the main script FPM will allow to parse. This can +; prevent configuration mistakes on the web server side. You should only limit +; FPM to .php extensions to prevent malicious users to use other extensions to +; execute php code. +; Note: set an empty value to allow all extensions. +; Default Value: .php +;security.limit_extensions = .php .php3 .php4 .php5 .php7 + +; Pass environment variables like LD_LIBRARY_PATH. All $VARIABLEs are taken from +; the current environment. +; Default Value: clean env +;env[HOSTNAME] = $HOSTNAME +;env[PATH] = /usr/local/bin:/usr/bin:/bin +;env[TMP] = /tmp +;env[TMPDIR] = /tmp +;env[TEMP] = /tmp + +; Additional php.ini defines, specific to this pool of workers. These settings +; overwrite the values previously defined in the php.ini. The directives are the +; same as the PHP SAPI: +; php_value/php_flag - you can set classic ini defines which can +; be overwritten from PHP call 'ini_set'. +; php_admin_value/php_admin_flag - these directives won't be overwritten by +; PHP call 'ini_set' +; For php_*flag, valid values are on, off, 1, 0, true, false, yes or no. + +; Defining 'extension' will load the corresponding shared extension from +; extension_dir. Defining 'disable_functions' or 'disable_classes' will not +; overwrite previously defined php.ini values, but will append the new value +; instead. + +; Note: path INI options can be relative and will be expanded with the prefix +; (pool, global or /usr) + +; Default Value: nothing is defined by default except the values in php.ini and +; specified at startup with the -d argument +;php_admin_value[sendmail_path] = /usr/sbin/sendmail -t -i -f www@my.domain.com +;php_flag[display_errors] = off +;php_admin_value[error_log] = /var/log/fpm-php.www.log +;php_admin_flag[log_errors] = on +;php_admin_value[memory_limit] = 32M