Use unixsocket or TCP for communication between nginx and php-fpm and Its Configuration

Source: Internet
Author: User
Tags unix domain socket

Use unixsocket or TCP for communication between nginx and php-fpm and Its Configuration

Preface

Nginx and fastcgi can communicate in either TCP or unix socke. The two methods have their own advantages and disadvantages. Here we first provide two configuration methods, and then summarize the performance and security.

TCP is to use TCP port to connect 127.0.0.1: 9000
Socket is connected to socket/dev/shm/php-cgi.sock using unix domain Socket (many tutorials use path/tmp, while path/dev/shm is tmpfs, which is much faster than disk ), in the case of low server pressure, the difference between tcp and socket is not big, but when the pressure is full, the socket method is used, the effect is indeed better.

Configuration Guide

TCP configuration method

TCP communication configuration is simple. You can do it in three steps.

Step 1, Edit/etc/nginx/conf. d/your site configuration file (if the default configuration file is used, modify/etc/nginx/sites-available/default)

Change the fastcgi_pass parameter to 127.0.0.1: 9000, as shown in the following figure:

Location ~ \. Php $ {index. php index.html index.htm;
Include/etc/nginx/fastcgi_params;
Fastcgi_pass 127.0.0.1: 9000;
Fastcgi_index index. php;
Include fastcgi_params ;}

Step 2, Edit the php-fpm configuration file/etc/php5/fpm/pool. d/www. conf

Modify the listen parameter to 127.0.0.1: 9000, as shown in the following code:

 

Listen = 127.0.0.1: 9000

Step 3Restart php-fpm and nginx

 

Unix socket Configuration

In fact, unix socket should be strictly called unix domain socket, which is a widely used method of * nix System Process Communication (IPC. as the unique identifier (descriptor) of the socket, two processes that need to communicate can reference the same socket descriptor file to establish a channel for communication.

Unix domain socket or IPC socket is a terminal that enables two or more processes on the same operating system to communicate with each other. Compared with pipelines, Unix domain sockets can use both byte streams and data queues, while pipeline communication can only use byte streams. The Unix domain sockets interface is similar to the Internet socket interface, but it does not use the underlying network protocol for communication. The Unix domain socket function is a component in the POSIX operating system. Unix domain sockets uses the address of the system file as its identity. It can be referenced by system processes. Therefore, two processes can simultaneously open a Unix domain sockets for communication. However, this communication mode occurs in the system kernel rather than in the network.

Five steps are required for configuration

Step 1Determines the storage location of your socket descriptor file.

It can be placed anywhere in the system. If you want a faster communication speed, you can put it under/dev/shm. This directory is called tmpfs, which is an area that RAM can directly use. Therefore, the read/write speed is always fast.

If the file location is determined, you need to modify the File Permission. To grant nginx and php-fpm the read and write permissions to the file, you can:

 

Sudo touch/dev/shm/fpm-cgi.socksudo chown www-data: www-data/dev/shm/fpm-cgi.socksudo chmod 666/dev/shm/fpm-cgi.sock

Step 2, Modify the php-fpm configuration file/etc/php5/fpm/pool. d/www. conf

Change the listen parameter to/dev/shm/fpm-cgi.sock, as shown in the following code:

Listen =/dev/shm/fpm-cgi.sock

Change the listen. backlog parameter to-1. The memory backlog is infinite. The default value is 128. If the concurrency is high, an error is returned.

Set listen (2) backlog. A value of '-1' means unlimited .;
Default Value: 128 (-1 on FreeBSD and OpenBSD) listen. backlog =-1

Step 3, Modify the nginx site configuration file

Change the fastcgi_pass parameter to unix:/dev/shm/fpm-cgi.sock, like this:

Location ~ \. Php $ {indexindex.phpindex.htmlindex.htm; include/etc/nginx/fastcgi_params; fastcgi_passunix:/dev/shm/fpm-cgi.sock; fastcgi_indexindex.php; inclustcgi_params ;}

Step 4, Modify/etc/sysctl. conf file to increase the number of concurrent connections at the kernel level (I am not particularly familiar with this system-level configuration file. Refer to this blog: Php-fpm TcpSocket vs UnixSocket)


Sudoecho 'Net. core. somaxconn = 2048 '>/etc/sysctl. conf sudosysctl-p
Step 5, Restart nginx and php-fpm services (it is best to restart php-fpm and then nginx)

 

Analysis and Summary of the two communication modes

In principle, the unix socket method must be faster than the tcp method and consume less resources, because the sockets communicate between processes of nginx and php-fpm, tcp needs to go through the local loopback driver, and requests temporary ports and tcp-related resources.

Of course, in principle, unix socket may not seem so stable. When the number of concurrent connections breaks out, a large amount of long cache will be generated. Without support for connection-oriented protocols, large data packets may cause direct errors and will not return exceptions. The connection-oriented protocol such as TCP can ensure the correctness and integrity of communication.

Of course, the above mainly involves theoretical analysis that is not fully understood and subjective speculation. The specific difference is that we need to talk about it through test data. In the future, we will conduct tests in this area. My theoretical analysis on testing data from other blogs on the internet is almost correct. As for the method you choose, I can only say that "You and the bear's paw cannot have both sides". With superb O & M and configuration skills, let's make a balance between performance and stability.

 

About my choice

In fact, if nginx is used for load balancing, we should not consider the unix socket method at all. We can only use the TCP method. Now my small site does not have such a high concurrency, so I use unix socket. If there is a high concurrency business in the future, I can adjust some parameters to cope with it. If it is really unable to support it, you can only perform load balancing, and then you will naturally choose the TCP mode.


Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.