Thursday, 11 January 2024

PHP-FPM: The Future of PHP Handling

 PHP-FastCGI Process Manager (or PHP-FPM) is widely used on sites that use WordPress, a hugely popular content management system. PHP-FPM is a processor for PHP, one of the most common scripting languages, that enables WordPress sites to handle a greater volume of web traffic without relying on as many server resources as when using alternative PHP processors.

How does PHP-FPM work? What security does it offer? And how easy is it to set up?

We’ll cover all this and more in this guide to PHP-FPM.

The Structure of PHP-FPM

PHP is a high-level programming language. As a result, PHP scripts need to be compiled before a web server (specifically its underlying processor hardware) can comprehend it.

Generally, web servers use integrated modules to compile PHP scripts, such as Common Gateway Interface (CGI) or single user PHP (suPHP). Web servers leveraging these handlers pair with processing PHP scripts, then compile and execute them as part of their standard processes when responding to traffic. To execute, they use the server process’s ownership and permission configurations. This creates a stable method of using PHP scripts.

But PHP-FPM is designed to fill the gaps in other PHP handlers. The work is handled by a separate service that was created exclusively to process PHP scripts. It’s arranged as a master process handling singular worker processes in pools. Whenever the server gets a PHP script request, it utilizes a proxy, FastCGI connection to pass that request on to the PHP-FPM service.

That service is able to pick up these requests via Unix sockets or on the network ports of the host server. While requests are passed through proxy connections, the PHP-FPM service needs to be running on the same server as the web server. Crucially, the proxy connection used by PHP-FPM is different to the traditional one: because PHP-FPM gets a proxied connection, a PHP-FPM worker that’s available takes the request from the web server.

Then, the script is compiled and executed by PHP-FPM, with the output returned to the web server. The system releases the PHP-FPM worker when it’s done with the request, then awaits further requests.

Worker processes are dynamically made and terminated by the PHP-FPM master process as traffic to scripts rises and falls. This is done within configurable limits. Additional worker processes that are created to manage traffic increases are terminated only once a specific length of time has passed, which enables worker processes to stay available for as long as traffic levels remain at a higher level.

Furthermore, worker processes also terminate and are recreated after completing a set amount of requests, which is important for stopping memory leaks while PHP scripts are processed. Every PHP user may have a separate worker process pool to handle PHP requests. While this can push some of the overhead related to PHP-FPM usage higher, the extra resource expense should be worthwhile considering the benefits.

The architecture of PHP-FPM is similar in some ways with NGINX and Apache web servers, as well as other event-driven examples, with the Event Multi-Processing Module. By using this approach to PHP script processing, you can expect better processing, security, configurability, and stability.

The Performance of PHP-FPM

PHP-FPM offers two main performance advantages: it lets websites handle PHP requests more efficiently and allows for opcode caching.

The event-driven architecture of PHP-FPM enables PHP scripts to utilize whatever available resources on a server they need to, but without the extra overhead caused by running them in web server processes. With PHP-FPM, worker processes may be used and reused over and over, with no need to make and terminate them for each individual PHP request.

While the price of starting and terminating new processes for every request is generally on the small side, the overall cost can rise quickly when the server starts to manage more traffic than usual. PHP-FPM is able to serve higher volumes of traffic than traditional handlers, while allowing for more efficient use of resources.

The biggest benefit in performance comes with PHP-FPM allowing opcode caching. This causes the opcode from compiled scripts to be cached in RAM. If a PHP script request is received, PHP-FPM searches for copies of the script that have already been cached. If it locates one, PHP-FPM executes it with the cached opcode straight away, then carries on processing that request.

As PHP-FPM can execute opcode from memory so quickly, it eliminates the need to read the source code for a script from disk and compile that source code to opcode. Reading data directly from the server’s memory is significantly more efficient than reading it from the server’s filesystem instead.

Additionally, PHP-FPM is more time- and resource-effective because it doesn’t need to compile PHP source code to opcode. As with making and terminating processes, the expense and time for reaching and compiling source code files is generally small individually, but it increases with further occurrences. For instance, systems that repeat these steps potentially thousands of times per second will drive the overall cost up significantly and have a major effect on a web server’s resource usage. By using opcode caching, you can process PHP scripts more efficiently, particularly when handling a high number of PHP script requests.

The Security Capabilities of PHP-FPM

PHP-FPM offers a higher standard of security than other PHP processors, as it allows opcode caching with isolated PHP processing for every user. Opcode caching is ineffective when leveraging CGI and suPHP handlers because of how they handle memory usage. While opcode caching is supported by the DSO handler, the DSO module needs PHP scripts to be run as an Apache user. That can bring security dangers with it.

Furthermore, you may need to allow for extra configuration when using DSO to make sure that scripts have the right permissions to let an Apache user read them correctly. This issue can be fixed, but that typically requires extra server modules to be installed or outdated tech to be used. But PHP-FPM offers opcode caching and isolated script processing as standard.

You need to be careful, though, to set up PHP-FPM for security properly while using opcode caching. For instance, the primary PHP configuration file on the server must have these values set to true:

opcache.validate_root = true

opcache.validate_permission = true

These settings bring an extra layer of protection to stop users from accessing others’ opcode caches. The core PHP-FPM configuration files carry the settings required to use PHP-FPM safely and securely. These concerns largely affect hosting environments with a multi-tenant setup.

The Stability of PHP-FPM

PHP-FPM offers impressive stability, as its architecture stops a server from being overwhelmed by PHP processing. Extra processes need to be made when web servers manage PHP script requests in their own processes. And as PHP script traffic rises, servers can become so swamped with requests that they stop responding.

PHP-FPM is only able to serve the amount of traffic that its worker processes can manage. When it’s set up correctly, PHP-FPM establishes a limit on the number of PHP script requests that it can process simultaneously.

When its worker processes are used to their maximum capabilities, extra PHP script requests will lead to gateway errors or timeouts. Rather than leveraging all of the server resources awaiting a response, the server will deliver a 503 or 504 HTTP status code. Those codes can be frustrating for visitors, but they’re better than letting a hosting server stop responding altogether. Furthermore, website owners can set up bespoke 503 status pages to provide a stronger user experience, instead of relying on generic error pages.

While PHP-FPM offers stable performance because of its architecture, it can turn into a bottleneck for script processing if configured in the wrong way. Setting it up right is essential to ensure it offers an adequate number of workers for processing the traffic volume that the server can safely process.

If there aren’t enough workers, an extreme number of 503 or 504 responses may be delivered, even when the server is seeing normal traffic levels. This issue is more frequent when single-tenant servers are using PHP-FPM with one pool of worker processes across all sites (e.g. a VPS hosting server). But hosting environments with a multi-tenant approach and separate worker process pools should have a PHP-FPM that’s configured correctly to provide the right amount of workers for all tenants’ traffic requirements.

The Configurability of PHP-FPM

PHP-FPM offers a bigger range of configuration options than alternative PHP processors. Lots of these options may be defined in a different way for each site on a server. Some of those configuration options are worker limits, status reports, and worker creation behavior.

You can tweak PHP-FPM to achieve the highest standard of performance for PHP website hosting, improving on other PHP handlers that don’t include these configuration options. However, configuring PHP-FPM in the right way can be fairly complicated and time-consuming, so you may need an experienced systems administrator to help you get started.

PHP-FPM and WordPress

An Nginx server with PHP-FPM support is crucial if you operate an online newspaper, content platform, or WordPress site receiving a huge number of visits daily. This set up enables you to facilitate the execution of your WordPress CMS’s PHP code to a higher standard.

PHP-FPM and Magento

Magento, a popular ecommerce platform, integrates with Nginx and PHP-FPM well. If you want to achieve your online store’s top performance, you’ll need to use this web server along with PHP-FPM support. Balancer and caches are essential, too.

PHP-FPM is a very challenging topic for newcomers, but we hope this guide has shed light on it. You should feel more comfortable with PHP-FPM, its features, and everything else covered above now that you’ve read our expert insights!

PHP-FPM and Plesk

To insure high performance and low memory consumption for highly loaded web apps PHP-FPM handler is available under Plesk. You need to make sure that PHP-FPM is installed and the option “Process PHP by nginx” is on under Websites & Domains > YourDomain > Web Server Settings.

Conclusion

PHP-FPM is an efficient method on how to minimize the memory consumption and rise the performance for the websites with heavy traffic. It is significantly faster than traditional CGI-based methods in multi-user PHP environments. If your primary goal for hosting your web application is to achieve optimal performance and security, then PHP-FPM is the way forward.

A Festive Feast of Features in 2023

 In just a few minutes, you can have a stunning website up and running faster than you can say “Ho, ho, ho!” – well, almost. And for our partners and resellers, rejoice! You can boost your product offerings by including the Sitejet Builder for Plesk in your lineup, making it a win-win for both users and businesses.

We’ve been on a mission to make it even merrier. More templates have joined the party, and we spiced things up with an SEO Analysis feature and ensured it’s pre-enabled for those who keep their Plesk fresh and updated (if not, install it here). Talk about the gift that keeps on giving!

Plesk's 2023 Gift Basket: Unwrapping a Year of Tech Marvels!

Plesk's 2023 Gift Basket: Unwrapping a Year of Tech Marvels!

In January, we kicked off the year with the release of the SOGo Webmail Extension and the introduction of the WP Toolkit Deluxe – the kind of tech goodies that warm the hearts of Plesk users worldwide. 

February saw us accelerating WordPress on CloudLinux, bringing centralized DB and Network File System management to the table – gifts that keep the digital fireplace of your server running smoothly.

March added a sprinkle of magic with Cloudflare integrationSOGo Webmail moving out of beta, Sophos Anti-virus protection, and a sleek Dark Mode – because who doesn’t love a bit of tech glamour? 

In April, we fortified your digital fortress with the Plesk FirewallSSL It! And Let’s Encrypt are available for the Plesk Premium Email, and May brought the guardian angel for WordPress websites – WP Guardian, along with major updates to Sophos AntivirusJune introduced the Suspicious Email Detector

July was ablaze with the launch of the Sitejet Builder and the CentOS Elevate feature, making server transitions smoother than ever. DANE support for SSL It! and MySQL tuning for Plesk were like ornaments on the Plesk tree – fulfilling long-standing Christmas wishes.

August came bearing the gift of inclusion, with Plesk WP Edition now featuring the WP Toolkit Deluxe and flexible Backup Scheduling – a top-rated improvement that customers had been dreaming of. 

September brought the Plesk magic to ARM servers and granted the most-requested feature for two years – the Performance Booster Release. It provides a 32% increase in performance for WordPress sites and a 16% boost for other websites hosted on Plesk.

October saw Sitejet Builder pre-enabled for all and the introduction of WappspectorNovember was the month of enhancements. Sitejet Builder got an SEO Analysis, we made improvements to WP Toolkit, and added the ability to measure and compare Time To First Byte (TTFB) in the Performance Booster.

And as we approach the end of the year, December brings the grand finale – Plesk Holideals, our digital Santa’s bag of exclusive deals and offers.

These improvements aren’t just updates; they fulfill our users’ Christmas wishes that have been on top of their lists – and we’re happy to comply. From enhanced security to streamlined server management, Plesk’s 2023 journey has been about making your hosting dreams come true. Let’s hear what Sergey Lystsev’s (CTO of Plesk) 2023 favorites are: 

"Our product team finds it most inspirational when Plesk makes top-tier technology expertise accessible to everyone. Among all the improvements in 2023, the Website Performance Booster and Sitejet Builder stand out as the most empowering innovations. The Website Performance Booster enhances website speed, increasing a site’s visibility in Google searches. It wraps a massive pack of the industry’s best practices into just one click. Furthermore, the Sitejet Builder, a powerful yet beginner-friendly website editor, allows users to effortlessly create stunning websites, regardless of their design experience. These breakthroughs exemplify Plesk’s commitment to making advanced technology accessible and user-friendly."

Let Us Know What’s On Your Wish List for 2024

Here at Plesk, we’re not just asking for your wish list for under the tree; we want to know your hosting dreams for 2024! We believe in the magic of user feedback and want to ensure your Plesk experience is as delightful as a cup of cocoa by the fireplace. That’s why we’ve been on a quest to grant your hosting wishes and sleigh through your server dreams; 2023 has already seen top contestants come to life!

Help us make your wishes come true. Join our UX Research Program and get involved in the evolution of Plesk, gain exclusive access to new products, and pioneer great Plesk products with your valued feedback.

Or take part in our yearly survey, and let us know what features, improvements, and magic you’d like to see in the Plesk universe. Because here at Plesk, your wishes aren’t just on our radar; they’re our top priority.

All Aboard the Plesk Sleigh

As we wrap up the magical journey of 2023, Plesk has been on a sleigh ride across the globe, spreading joy and innovation like Santa with a sack full of tech treats! While the spotlight gleams on the Free Sitejet Builder, let’s take a twirl through the festive events that have made this year truly enchanting.

Picture Plesk touching down at the vibrant WordCamp Asia in Bangkok and swooshing through the landscapes of CloudFest in Germany. June saw us donning techy hats at WordCamp Europe in Athens. By August, we were jingling all the way at WordCamp US, and all year long, we were rocking the tech bells at WebPros NEXT Events around the globe – it’s been a sleigh full of adventure! These gatherings weren’t just about showcasing Plesk but spreading the holiday spirit of connection, camaraderie, and innovation.on 

Unraveling the AI Magic in Hosting with Jan Loeffler

Twice this year, Jan Loeffler, the tech maestro from WebPros (cPanel, Plesk, WHMCS), took us on a thrilling ride through the ever-evolving landscape of hosting in his insightful talk on The Influence of AI in Hosting

Jan Loeffler, CTO of WebPros (Plesk, cPanel, WHMCS) shared his insights on how AI will reshapte the hosting industry

Jan dove into the transformative power of AI, revealing how it’s not just a buzzword but a game-changer for your hosting endeavors. Picture this: AI reshaping the hosting industry, orchestrating streamlined operations for peak efficiency, fortifying security to shield your precious assets, and fine-tuning performance for stellar results.

And who knows, maybe, just maybe, the WebPros CTO will indeed host another opportunity for you to join. So stay tuned and make sure to follow us on social media!

As we close the book on 2023, our virtual glasses are raised to the excitement lingering in the air: What surprises will 2024 bring for the Plesk family? More features, integrations, or a tech treasure trove? Whatever it is, Plesk is ready for another year of innovation and joy. Here’s to a tech-tastic 2024! Cheers!