Optimizing PHP-FPM for Better Performance

Introduction

If you are here, you probably hosting a PHP-based website or web application, The good news is you are reading the correct article.

Optimizing PHP-FPM can have deep impacts on your Website or Web application performance and efficiency, This is because PHP-FPM (PHP FastCGI) is a server module that is responsible for handling PHP requests mainly when you are using NGINX as your webserver. By optimizing PHP-FPM you can achieve:

  • reduce the resource usage
  • reduce the response time for PHP requests
  • handle more requests concurrently
  • prevent performance degradation
  • improve the reliability of your web server over time

All that will be leading to a faster and more efficient website or web application.

Note that all of the steps in this article are in an environment containing: PHP 8.1.14

Optimize PHP-FPM

Optimizing PHP-FPM is not rocket science if you know the variables and their purpose. So we are going to briefly explain the most important ones:

The Process manager types (pm)

The process manager configuration in PHP-FPM (pm) refers to the setting that controls how PHP-FPM manages the worker processes that handle PHP requests, These settings stated how many workers should be deployed or created to manage the PHP requests and how they should respond to changes in demand.

We have Three pm types:

Ondemand

This process manager creates a new process for each request that is received by PHP-FPM. This ensures that every request is processed by a separate process, which can be useful for reducing the risk of one request affecting another, but it can also be resource-intensive and slow down the server.

Dynamic

This process manager uses a pool of worker processes to handle incoming requests. The number of worker processes can be configured and can be adjusted based on the current demand. This process manager is more efficient than the on-demand process manager, as it uses fewer resources and can handle requests more quickly, but it may not provide the same level of isolation as the on-demand process manager.

Static

The static option as it’s clear from the name Will fix the number for all of the sub-options of the pm configurations and it will not adopt in any circumstances.

Most of the tips and configurations provided in this article are valid when the Process Manager type (pm) is set to dynamic, so it is assumed that the pm is set to dynamic.

Tuning the Configurations

To access the main configuration file of the PHP-FPM on an RHEL based OS you need to execute the following command:

vim /etc/opt/remi/php81/php-fpm.d/www.conf

The configuration file location could be different based on your Linux Distro or even based on your installation method.
After selecting your pm configuration based on the type and load of your website or web application, you can tweak the following variables to get the most out of the PHP-FPM.

pm.max_children

This setting determines the maximum number of child processes that can run simultaneously. Setting it too low can cause PHP-FPM to spawn new processes too frequently, leading to overhead.

pm.max_children = 50

pm.start_servers

The number of worker processes to start when PHP-FPM is launched. This option is only applicable when using the dynamic process manager.

We are going to set it to:

pm.start_servers = 10

pm.min_spare_servers & pm.max_spare_servers

The minimum and maximum number of idle worker processes to keep available at all times. This option is only applicable when using the “dynamic” process manager.

pm.min_spare_servers = 5
pm.max_spare_servers = 15

pm.max_requests

The maximum number of requests that each worker process should handle before it is terminated and replaced with a new process.

We are going to uncomment it and set it to:

pm.max_requests = 500

Handling Unexpected behavior

These three options in a PHP-FPM configuration file are related to the management of worker processes in the event of an error or unexpected behavior.

  • emergency_restart_threshold: This setting specifies the number of worker processes that need to exit in a short period of time before PHP-FPM will trigger an emergency restart. An emergency restart will terminate all worker processes and restart PHP-FPM, which can help resolve problems caused by a malfunctioning worker process.
  • emergency_restart_interval: This setting specifies the interval of time in which the emergency_restart_threshold must be exceeded before an emergency restart is triggered. In this example, the interval is set to 1 minute.
  • process_control_timeout: This setting specifies the amount of time PHP-FPM will wait for a worker process to exit gracefully before forcing it to terminate. If a worker process does not exit within the specified time, PHP-FPM will kill it and start a new worker process to take its place. This setting helps to prevent worker processes from hanging or slowing down the system, and helps to ensure the overall stability of PHP-FPM.

We are going to set them like below:

[global]
emergency_restart_threshold = 10
emergency_restart_interval = 1m
process_control_timeout = 10s

Conclusion

Optimizing PHP-FPM is an important step in ensuring the performance and stability of your web server. By properly configuring PHP-FPM, you can control the number of worker processes, manage resource utilization, and improve response times for PHP requests.

In addition to optimizing PHP-FPM, it’s also important to optimize your PHP configuration file (php.ini) and your web server software (such as Nginx). This can involve setting appropriate values for memory limits, enabling caching, and tweaking other settings to match the specific requirements of your web applications.

To get the most out of your web server, it’s recommended to take a comprehensive approach to optimization, which includes optimizing PHP-FPM, PHP, and Nginx. There are many online resources available that can help you learn more about optimizing these components, and it’s always a good idea to stay up-to-date with the latest best practices and techniques. So, take the time to read more about optimizing PHP and Nginx, and start maximizing the performance of your web server today!

Setup local DNS caching with DNSmasq on CentOS 8

Introduction

In today’s interconnected world, reliable and efficient network infrastructure is crucial for smooth online experiences. Whether you’re a seasoned system administrator or an enthusiast looking to optimize your network, setting up a local DNS caching server can significantly enhance your network’s performance and reduce latency.

DNS, short for Domain Name System, plays an important role in translating domain names into IP addresses. When you access a website or any online service, your device needs to query a DNS server to get the corresponding IP address. By default, these DNS queries are sent to remote DNS servers, which can cause delays and increase network traffic.

To overcome these challenges, we will implement a local DNS caching server using DNSmasq on CentOS 8. DNSmasq is a lightweight and versatile DNS forwarding and DHCP server that can be easily configured to provide local DNS caching capabilities. This setup enables your CentOS 8 machine to cache DNS responses locally, reducing the reliance on external DNS servers and accelerating the overall network performance.

Throughout this blog post, we will guide you step-by-step through the process of installing and configuring DNSmasq on CentOS 8. We’ll cover the necessary prerequisites, and explain the key concepts behind DNS caching, By the end, you’ll have a fully operational local DNS caching server that optimizes DNS resolution and improves your network’s responsiveness.

Whether you’re running a home network, a small business infrastructure, or a larger enterprise setup, implementing local DNS caching with DNSmasq on CentOS 8 can have significant advantages. It not only reduces the load on external DNS servers but also enhances the reliability and security of DNS resolution within your network.

Prerequisites

Before proceeding with the installation and configuration of DNSmasq, make sure you have the following:

  • A CentOS 8 machine with root or sudo privileges.
  • A stable internet connection.
  • Basic knowledge of the Linux command line.

Install DNSmasq

The first step is to install DNSmasq on your CentOS 8 machine. Open a terminal or SSH into your CentOS server and run the following command:

dnf install dnsmasq

You can also use yum to install DNSmasq:

yum install dnsmasq

Configuring DNSmasq

Once DNSmasq is installed, it’s time to configure its settings. The main configuration file for DNSmasq is located at /etc/dnsmasq.conf. Open the file using a text editor:

vim /etc/dnsmasq.conf

In the configuration file, you’ll find different options to customize DNSmasq. Some important settings to consider are:

listen-address

Specify the IP address on which DNSmasq should listen for DNS queries. set it to 127.0.0.1 if you are using DNSmasq as a local DNS caching service.

resolv-file

Set the path to the file containing upstream DNS servers. you can create any file where for example we are creating a file named “resolv.dnsmasq” in “/etc” with the following content:

vim /etc/resolv.dnsmasq
nameserver 8.8.8.8
nameserver 1.1.1.1

These configurations will enable DNSmasq to query the DNS records from the 8.8.8.8 and 1.1.1.1 and cache locally.

cache-size

Define the maximum number of DNS records to cache. The cache-size value represents the maximum number of DNS records that can be stored in the cache. It is defined in terms of the number of DNS resource records (RRs) rather than the amount of memory consumed. Each cached DNS record takes up a certain amount of memory, and as the cache size increases, so does the memory usage of the DNSmasq process.

The appropriate value for cache-size depends on factors such as the available memory on your CentOS 8 machine and the expected DNS query load. It’s important to strike a balance between maximizing cache utilization and avoiding excessive memory consumption.

cache-size=2000

no-resolv

Uncomment this line to prevent DNSmasq from using the “/etc/resolv.conf” file.

no-poll

Uncomment this line to enable asynchronous DNS resolution.

When DNSmasq receives a DNS query, it typically sends the query to the configured upstream DNS servers and waits for a response. During this waiting period, DNSmasq uses a polling mechanism to periodically check for the arrival of the DNS response. This polling approach introduces some delay and can impact the responsiveness of DNS resolution, especially in high-traffic scenarios.

By enabling no-poll, DNSmasq switches to an asynchronous mode of operation. Instead of continuously polling for the response, it allows the DNS resolution process to be event-driven. When a DNS query is sent, DNSmasq immediately moves on to process other tasks, and when the DNS response arrives, it is handled asynchronously. This approach improves the responsiveness of DNS resolution by reducing the delay caused by polling.

Start and Enable DNSmasq

Now that you have configured DNSmasq, you need to start and enable the service before making the final changes to the Linux network settings. execute the following command to start the DNSmasq service and make it run at the startup:

systemctl start dnsmasq
systemctl enable dnsmasq

Set default DNS to DNSmasq

If you have uncommented the “no-resolv” option in the DNSmasq config you don’t need to edit the “/etc/resolv.conf”.

As the last step, you need to make one change in the “/etc/resolv.conf” file. you need to comment on all lines that refer to “nameserver” and write a new one with 127.0.0.1 as the value, see the following example:

nameserver 127.0.0.1
#nameserver 8.8.8.8
#nameserver 1.1.1.1

Also, it’s recommended to apply this change in your network configuration in the “network-scripts” file:

vim /etc/sysconfig/network-scripts/YOUR_NETWORK_INTERFACE_NAME

Set the DNS1 value to 127.0.0.1 and set the DNS2 to another DNS server as the backup.

After that you need to restart your network interface for changes to take effect:

nmcli device reapply YOUR_NETWORK_INTERFACE_NAME

If you want to find your Network Interface name you can use “ifconfig” command.
To install “ifconfig”:

yum install net-tools
ifconfig

Conclusion

The installation and configuration process detailed in this article provides step-by-step instructions, enabling system administrators and network enthusiasts to seamlessly deploy a fully operational local DNS caching server on their CentOS 8 machine. By following these guidelines, users can effectively optimize DNS resolution, streamline network performance, and elevate the overall online experience.

How to Configure Jenkins with SSL Behind Nginx on Ubuntu 20.04

Jenkins is an open-source tool automation solution that enables the continuous delivery of software. It is used to set up the full software delivery pipeline. This allows developers to manage and control software delivery processes throughout the product’s lifecycle, allowing them to build, test, and reliably deploy their software.

Jenkins has an extendable architecture with a dynamic and active community. The programming language used is Java. In most cases, Jenkins operates as a self-contained Java servlet application. Java servlet containers like Apache Tomcat and GlassFish can also be used to run the program.

Organizations can use Jenkins to automate and speed up the software development process. Jenkins combines all development lifecycle stages, including build, document, test, package, stage, deploy, static analysis, and many others.

Plugins assist Jenkins in achieving Continuous Integration. DevOps stages can be integrated thanks to plugins. Installing the utility’s plugins is necessary to incorporate that tool. Git, Maven 2 projects, Amazon EC2, HTML publishers, etc. are a few examples.

(more…)

How to install and use TCPflow (TCPDump alternative)

On Unix-like systems like Linux, TCPflow is a free, open-source, and potent command line utility for network traffic analysis. It records information sent or received across TCP connections and saves it in a file for subsequent examination in a way that makes protocol analysis and debugging possible.

Since it processes packets from the wire or a saved file, t is a program similar to tcpdump. It is compatible with the same potent filtering expressions as its sibling. The sole distinction is that tcpflow organizes all TCP packets into separate files (one for each direction of flow) and assembles each flow for later analysis.

Its feature set also includes a sophisticated plug-in system for reversing MIME encoding, decompressing HTTP connections that have been compressed, and calling external programs for post-processing, among other things.

Tcpflow has a wide range of applications, including understanding network packet flows, forensics, and disclosing the contents of HTTP connections.

(more…)

How to Add a User to Sudoers in AlmaLinux or Rocky Linux

What is sudoers in Linux?

Have you ever wondered why it takes “sudo” or “su” to make system-wide changes in a Linux terminal? Su means “super user,” while sudo means “super user do.” With this command, you’re requesting root access and the status of a super user. If your name is not on the list, Linux checks a specific file to see if you are authorized to be given root access, much like a VIP CLUB. While you can still obtain root capabilities, you must log in as root to do so. This is not a very secure course of action. Reason: If you have root access, your system’s doors are wide open, making it vulnerable. The commands “sudo” and “su” permit you to run a specific program that you specify.

That individual file already has the maintenance user account configuration in certain distributions. You type:

command sudo

And enter your user account’s password, or

su root

And then, type the command after entering the root password. I’ve come to understand that not all distributions support this simple process, and you might need to manually add your username to the sudoers file. We just took the VIP list from the guard dozing off, and we’ll teach you how to add your name. (more…)

Use bitlocker with powershell on Windows

BitLocker is an encryption solution for volumes initially made available in Windows Vista and Windows Server 2008, respectively. BitLocker Drive Encryption (BDE) may have some of the same issues that plague other Microsoft products, but many individuals use it all over the world to keep their data secure when it is dormant.

What is PowerShell?

Microsoft created PowerShell as an object-oriented automation engine and scripting language with an interactive command-line shell to assist IT professionals in automating administrative activities and configuring systems. PowerShell is part of the PowerShell family of tools.

In contrast to most command-line shells, which are built on text, PowerShell, based on the.NET framework, works with objects. Because of its scripting features, PowerShell is used as a tool for automation by system administrators working in internal IT departments and other entities such as managed service providers. These administrators are employed in both internal and external IT departments.

The original version of PowerShell was a closed-source solution exclusive to the Windows platform. In 2016, Microsoft released PowerShell as open-source software and made it compatible with macOS and Linux. (more…)

Crontab Basics Tutorial

Introduction

A daemon’s name is Cron. Daemons are utility programs in Linux that operate in the background, monitoring and carrying out activities in response to triggering events and programmed schedules. Daemons can also be used to automate repetitive tasks.

The origin of the term “cron” can be traced back to the Greek word “Chronos,” which can be translated as “time.” Cron is a daemon that operates according to a set timetable or calendar, as this indicates.

A long-running piece of software known as the cron daemon is a system tool responsible for executing commands at specific dates and times. When using cron daemons, you can schedule computer activities as one-time events, occasional events, or as jobs that are scheduled repeatedly and on a regular basis.

Cron scheduling is useful for many businesses because it can automate repetitive operations, edit databases, data, or files, send bulk email messages, and conduct administrative tasks on a predetermined schedule.

The scheduling syntax that cron utilizes is also often used by software that does not run on operating systems. An example is Zuar’s Mitto data pipeline solution. Mitto can automate a wide range of processes by utilizing cron scheduling, including manipulating data within data warehouses, pulling data from other software, and many more.

The term ‘Cron Table’ can be abbreviated to ‘Crontab,’ a component of Cron. It is a file containing the cron schedule that needs to be executed and the commands used to automate operations and activities. When you make a new cron job, its information will be saved in the crontab file.
System administrators can only modify the system crontab file. However, many administrators are supported by Unix-like operating systems. Everybody can make a crontab file and add commands to it anytime.

Users may automate system upkeep, disk space monitoring, and backup scheduling with cron jobs. Cron jobs are ideal for servers and other machines that operate continuously because of their nature.

Cron jobs can be useful for web developers even though system administrators often utilize them.

As a website administrator, you could, for instance, set up three cron jobs: one to check for broken links every Monday at midnight, one to back up your site every day at midnight automatically, and one to delete the cache of your site every Friday at noon. (more…)

Backup and restore GPG keys on Linux

Introduction

The issue of privacy is becoming more and more controversial. Users of Linux can encrypt files with public-key cryptography by using the gpg command. If you were to lose your encryption keys, this would be a disastrous situation. This is how you may support their claims.

OpenPGP and GNU Privacy Guard

One benefit of electronic files over paper hard copies is the ability to encrypt them so that only authorized users may access them. It won’t matter if they end up in the wrong hands. The contents of the files are only accessible to you and the intended recipient.

(more…)

How to Install and use Monit on Linux

Introduction

In UNIX/Linux-based systems, Monit is a free, open-source tool that automatically manages processes, files, directories, checksums, permissions, filesystems, and services like Apache, Nginx, MySQL, FTP, SSH, SMTP, and others. It also gives system administrators excellent and practical monitoring functionality.

A native HTTP(S) web server or the command line interface can be used to immediately view the system status and setup procedures via the monit’s user-friendly web interfaces web server, such as Apache or Nginx, must be installed on your system in order to access and view the Monit web interface. (more…)

Monitor Linux CPU temperature using s-ui

What is s-tui?

“s-tui” is a terminal utility that runs GNU/Linux and is made to stress test and monitor our CPU. It is a program that graphically displays the frequency of CPU temperature utilization and power consumption without needing an X server. It was created by Alex Manuskin and is written in Python.

An effective way to determine whether a cooling system is working well or whether we have a stable overclock is to run a stress test on a computer. S-tui makes it simple to identify overheating when you see a decrease in frequency. Additionally, it will display any signs of decreased performance.

We can use the tool over SSH because it operates in the terminal. This is helpful if you enjoy using the terminal or for monitoring servers or small PCs like Raspberry Pi.

S-tui does not display precise information about the active processes in the system, which is one drawback of this tool. Just imagine the overall scene. S-tui won’t be of assistance if we’re searching for a tool that provides us with details about specific processes or allows us to manage these processes.

Install s-tui on Ubuntu using the PPA

The installer can also be downloaded and installed for Ubuntu systems using pip or a PPA. We merely need to launch a terminal (Ctrl + Alt + T) and enter the following commands to install s-tui from the PPA:

sudo add-apt-repository ppa:amanusk/python-s-tui && sudo apt update && sudo apt install python-s-tui

To start the program, we need to type “s-tui” in the terminal.

By adding stress, we can expand the program’s alternatives. This package allows us to run the stress test. Although installing this program is not required, it performs excellently. To accomplish this, using the terminal, we type:

sudo apt install stress

Archlinux users:

Use the Pacman command to install the pip package for Archlinux users.

sudo pacman -S python-pip stress

Fedora users:

sudo dnf install python-pip stress

For CentOS/RHEL users:

sudo yum install python-pip stress

For openSUSE users:

sudo zypper install python-pip stress

Stress can be used to highlight the CPU. All the graphs will advance to their maximum values if we choose this mode of operation.
Finally, use the pip command below to install the s-tui utility on Linux:

For Python 2.x:

sudo pip install s-tui

For Python 3.x:

sudo pip3 install s-tui

Getting to S-TUI

The article’s introduction stated as much. To obtain all the information from your system, root privilege is required. To start s-tui, simply enter the following command.

sudo s-tui

By default, it activates hardware monitoring and chooses the “Stress” option to put your system through a stress test.
Go to the help page to see alternative possibilities.

s-tui --help