Help with PHP-FPM on Apache

ℹ️ Support
1

I wanted to switch my server from the old mpm-prefork configuration to mpm-event, which seems to have worked successfully. However, Nextcloud isn’t a big fan. I can successfully read a php file with phpinfo() in Nextcloud’s webroot, but I get this error currently:

This is on FreeBSD 11.1-STABLE, and I followed these instructions here, and also what is said on the Nextcloud documentation regarding this here

I compiled Apache and PHP71 from ports and made sure to grab all the necessary PHP extensions listed in the documentation

<VirtualHost 172.16.0.10:80>

ServerName mydomain.com

ServerAdmin webmaster@localhost
DocumentRoot /usr/local/www/apache24/data/nextcloud

ProxyPassMatch ^/(.*.php)$ fcgi://127.0.0.1:9000/usr/local/www/apache24/data/nextcloud/$1

ErrorLog /usr/local/www/logs/error.log
CustomLog /usr/local/www/logs/access.log combined

<Directory /usr/local/www/apache24/data/nextcloud/>
Options +FollowSymlinks +ExecCGI
AllowOverride All
DirectoryIndex index.php

<IfModule mod_dav.c>
Dav off
</IfModule>

SetEnv HOME /usr/local/www/apache24/data/nextcloud
SetEnv HTTP_HOME /usr/local/www/apache24/data/nextcloud
Satisfy Any

</Directory>

Redirect permanent / https://mydomain.com/

</VirtualHost>

<IfModule mod_ssl.c>
<VirtualHost 172.16.0.10:443>

ServerName mydomain.com

ServerAdmin webmaster@localhost
DocumentRoot /usr/local/www/apache24/data/nextcloud

ProxyPassMatch ^/(.*.php)$ fcgi://127.0.0.1:9000/usr/local/www/apache24/data/nextcloud/

Protocols h2 http/1.1

ErrorLog /usr/local/www/logs/error.log
CustomLog /usr/local/www/logs/access.log combined

<IfModule mod_headers.c>
Header always set Strict-Transport-Security “max-age=15768000; includeSubDomains; preload”
</IfModule>

<Directory /usr/local/www/apache24/data/nextcloud/>
Options +FollowSymlinks +ExecCGI
AllowOverride All
DirectoryIndex index.php

<IfModule mod_dav.c>
Dav off
</IfModule>

SetEnv HOME /usr/local/www/apache24/data/nextcloud
SetEnv HTTP_HOME /usr/local/www/apache24/data/nextcloud
Satisfy Any
</Directory>

SSLOpenSSLConfCmd DHParameters /etc/ssl/private/dh2048.pem
SSLCertificateFile /etc/letsencrypt/live/mydomain.com/fullchain.pem
SSLCertificateKeyFile /etc/letsencrypt/live/mydomain.com/privkey.pem
Include /etc/letsencrypt/options-ssl-apache.conf
</VirtualHost>

</IfModule>

SSLUseStapling on
SSLStaplingResponderTimeout 5
SSLStaplingReturnResponderErrors off
SSLStaplingCache shmcb:/var/run/ssl_stapling(32768)

Sorry for the funny formatting

2

The snappy version also moved from mod_php to php-fpm, but they use SetHandler instead of ProxyPassMatch:

Here, they also switched. It’s in german but they provide the configuration files, could be helpful for inspiration:
https://serversupportforum.de/forum/webserver/60300-nextcloud12-auf-debian-9-mit-php7-0-fpm-apache2-4-25-a.html

3

2 steps back at this point…having 503 errors now, using both ProxyPassMatch and SetHandler

4

Okay, here is where I am at now:

Currently, I get 503 errors. However, if I drop my own script in there (like a php script that just echos hello), I can get the script to work. But any of the Nextcloud files will result in a 503 WSOD

5

I’m dumb. Caching during all of this I haven’t installed my caching module :grin: However, even with APCu reinstalled, I still get 503 soooo that’ll take some more work. In the meantime, this works again!

6

Hmmmm well, not sure what piece of the puzzle caused my issues, but CalDAV completely stopped working after switching to an Apache + PHP-FPM + HTTP2 server in general, reverted back to original everything for now

7

I am testing Apache2 + PHP-FPM as well right now.

It took me some time to see through the different implementation methods, using mod-fcgid or proxy_fcgi.

What I finally did:

apt install php-fpm
a2dismod php7.0 mpm_prefork
a2enmod mpm_event proxy_fcgi
apt purge libapache2-mod-php7.0

And then I added the following to /etc/apache2/apache2.conf:

<FilesMatch \.php$>
        SetHandler "proxy:unix:/var/run/php/php7.0-fpm.sock|fcgi://localhost/"
</FilesMatch>

Everything seems fine, phpinfo() shows Server API FPM/FastCGI and Nextcloud is running.

Some guides also suggest to add

<Proxy "fcgi://localhost/">
</Proxy>

But it seems not needed and I cannot see any difference after adding it, thus left it out.

My question is now that as Apache still spawns child processes, even that php-fpm definitely is used.
I was thinking, that as just PHP files are handled by php-fpm, that static html files are still handled by Apache and it’s child processes, thus this is expected?

processes
processes795×145 6.16 KB

On the other hand, Nginx and Lighttpd do not need own child processes, thus html files seem to be handled by php-fpm as well or by their webserver master process?

The amount of Apache child processes btw. seem to be configurable via /etc/apache2/mods-available/mpm_event.conf.

1 Like
8

@MichaIng

yes.

that the main differences between nginx-apache24

@stratacast

10 month laters …

1 Like
9

Okay thanks for clarification.

Indeed it looks like Nginx (or Lighttpd), which natively is intended to be used with fcgi/php-fpm seem to be the more consistent solution then. The use of .htaccess (and that Nextcloud uses it actively) seem to be the only left argument for Apache…

Do you have any other suggestion about what should be changed about Apache2 (not PHP/FPM) settings/setup, besides the SetHandler above?
So far at least the switch is easy, compared to other solutions with libapache2-mod-fcgid and more complex looking implementation.

@stratacast
Sorry for hijacking your thread, I just thought to collect information in one thread has advantages. Did you actually find a solution, or are you still at mod-php?
I don’t know much about the difference between the SetHandler and ProxyPassMatch implementations, besides that SetHandler seems to be the most current solution and provides web socket support. I suggest you try it out, as shown above.

10

Please do hijack, I switched to nginx in the end. Much better :wink: Less mess hassling with having to compile apache24 for different worker processes and such

11

Hi

I am trying to do the exact same thign you did here but I get 503 :frowning:

I am on Apache/2.4.34 , Debian Testing,

ls -a /etc/apache2/mods-enabled/
.                   alias.load       authz_user.load     deflate.conf  env.load      mime.load         proxy_balancer.conf  proxy_ftp.load       rewrite.load        ssl.load
..                  auth_basic.load  autoindex.conf      deflate.load  expires.load  mpm_worker.conf   proxy_balancer.load  proxy_http.load      setenvif.conf       status.conf
access_compat.load  authn_core.load  autoindex.load      dir.conf      filter.load   mpm_worker.load   proxy.conf           proxy.load           setenvif.load       status.load
actions.conf        authn_file.load  cache.load          dir.load      headers.load  negotiation.conf  proxy_connect.load   proxy_wstunnel.load  slotmem_shm.load    suexec.load
actions.load        authz_core.load  cache_socache.load  dnssd.conf    include.load  negotiation.load  proxy_fcgi.load      reqtimeout.conf      socache_shmcb.load  xml2enc.load
alias.conf          authz_host.load  cgi.load            dnssd.load    mime.conf     proxy_ajp.load    proxy_ftp.conf       reqtimeout.load      ssl.conf            xsendfile.load

I also get this in the err

Sat Aug 18 12:35:09.604721 2018] [proxy_fcgi:error] [pid 17927:tid 139937047361280] (104)Connection reset by peer: [client 192.168.1.11:34358] AH01075: Error dispatching request to :     
[Sat Aug 18 12:35:47.209219 2018] [proxy_fcgi:error] [pid 17927:tid 139936325949184] [client 192.168.1.11:34416] AH01067: Failed to read FastCGI header
[Sat Aug 18 12:35:47.209261 2018] [proxy_fcgi:error] [pid 17927:tid 139936325949184] (104)Connection reset by peer: [client 192.168.1.11:34416] AH01075: Error dispatching request to :
12

I honestly found the best solution to this is just to use nginx. Much better, easier to maintain too IMO

13

What is the equivelant .htaccess you use for NC?

14

Did you solve the issue in between? By chance I found the topic again to review some discussion.

As you are on Debian testing (Buster?), I guess PHP7.2 is installed, right?

The commands above need to be adjusted in case:

apt install php-fpm
a2dismod php7.2 mpm_prefork
a2enmod mpm_event proxy_fcgi
apt purge libapache2-mod-php7.2

And the apache2.conf addition:
SetHandler "proxy:unix:/var/run/php/php7.2-fpm.sock|fcgi://localhost/"

But first verify the PHP version in use, since the repo move from 7.0 to 7.2 was done not too long ago: php -v

Okay, but your enabled Apache modules already look fine. If the apache.conf points to the correct php-fpm socket, and as well according to the error message, it could be due to missing PHP modules or at wrong version, e.g.:

  • You use PHP7.2, but the php-apcu module is still at PHP7.0 (or 7.1 max). This was the case for a short time of repo transition 7.0 -> 7.1 -> 7.2, if I remember right. The same could be the case for php-redis + php-igbinary. If then Nextcloud, according to config.php try to access APCu, I guess the above errors can be thrown.

Check php -m to list all the enabled PHP modules and verify that whatever is needed or explicitly configured in config.php is in the list.

There is no .htaccess equivalent for Nginx, if this was the question. .user.ini can be used to set certain PHP settings and all webserver settings need to be placed in the Nginx config, e.g. inside the ^/nextcloud location directive to apply directory-wise.

2 Likes
15

Yes that is expected and normal. I am assuming you have

pm.start_servers = 3