Use unixsocket or TCP for communication between nginx and php-fpm and Its Configuration
Preface
Nginx and fastcgi can communicate in either TCP or unix socke. The two methods have their own advantages and disadvantages. Here we first provide two configuration methods, and then summarize the performance and security.
TCP is to use TCP port to connect 127.0.0.1: 9000
Socket is connected to socket/dev/shm/php-cgi.sock using unix domain Socket (many tutorials use path/tmp, while path/dev/shm is tmpfs, which is much faster than disk ), in the case of low server pressure, the difference between tcp and socket is not big, but when the pressure is full, the socket method is used, the effect is indeed better.
Configuration Guide
TCP configuration method
TCP communication configuration is simple. You can do it in three steps.
Step 1, Edit/etc/nginx/conf. d/your site configuration file (if the default configuration file is used, modify/etc/nginx/sites-available/default)
Change the fastcgi_pass parameter to 127.0.0.1: 9000, as shown in the following figure:
Location ~ \. Php $ {index. php index.html index.htm;
Include/etc/nginx/fastcgi_params;
Fastcgi_pass 127.0.0.1: 9000;
Fastcgi_index index. php;
Include fastcgi_params ;}
Step 2, Edit the php-fpm configuration file/etc/php5/fpm/pool. d/www. conf
Modify the listen parameter to 127.0.0.1: 9000, as shown in the following code:
Listen = 127.0.0.1: 9000
Step 3Restart php-fpm and nginx
Unix socket Configuration
In fact, unix socket should be strictly called unix domain socket, which is a widely used method of * nix System Process Communication (IPC. as the unique identifier (descriptor) of the socket, two processes that need to communicate can reference the same socket descriptor file to establish a channel for communication.
Unix domain socket or IPC socket is a terminal that enables two or more processes on the same operating system to communicate with each other. Compared with pipelines, Unix domain sockets can use both byte streams and data queues, while pipeline communication can only use byte streams. The Unix domain sockets interface is similar to the Internet socket interface, but it does not use the underlying network protocol for communication. The Unix domain socket function is a component in the POSIX operating system. Unix domain sockets uses the address of the system file as its identity. It can be referenced by system processes. Therefore, two processes can simultaneously open a Unix domain sockets for communication. However, this communication mode occurs in the system kernel rather than in the network.
Five steps are required for configuration
Step 1Determines the storage location of your socket descriptor file.
It can be placed anywhere in the system. If you want a faster communication speed, you can put it under/dev/shm. This directory is called tmpfs, which is an area that RAM can directly use. Therefore, the read/write speed is always fast.
If the file location is determined, you need to modify the File Permission. To grant nginx and php-fpm the read and write permissions to the file, you can:
Sudo touch/dev/shm/fpm-cgi.socksudo chown www-data: www-data/dev/shm/fpm-cgi.socksudo chmod 666/dev/shm/fpm-cgi.sock
Step 2, Modify the php-fpm configuration file/etc/php5/fpm/pool. d/www. conf
Change the listen parameter to/dev/shm/fpm-cgi.sock, as shown in the following code:
Listen =/dev/shm/fpm-cgi.sock
Change the listen. backlog parameter to-1. The memory backlog is infinite. The default value is 128. If the concurrency is high, an error is returned.
Set listen (2) backlog. A value of '-1' means unlimited .;
Default Value: 128 (-1 on FreeBSD and OpenBSD) listen. backlog =-1
Step 3, Modify the nginx site configuration file
Change the fastcgi_pass parameter to unix:/dev/shm/fpm-cgi.sock, like this:
Location ~ \. Php $ {indexindex.phpindex.htmlindex.htm; include/etc/nginx/fastcgi_params; fastcgi_passunix:/dev/shm/fpm-cgi.sock; fastcgi_indexindex.php; inclustcgi_params ;}
Step 4, Modify/etc/sysctl. conf file to increase the number of concurrent connections at the kernel level (I am not particularly familiar with this system-level configuration file. Refer to this blog: Php-fpm TcpSocket vs UnixSocket)
Sudoecho 'Net. core. somaxconn = 2048 '>/etc/sysctl. conf sudosysctl-p
Step 5, Restart nginx and php-fpm services (it is best to restart php-fpm and then nginx)
Analysis and Summary of the two communication modes
In principle, the unix socket method must be faster than the tcp method and consume less resources, because the sockets communicate between processes of nginx and php-fpm, tcp needs to go through the local loopback driver, and requests temporary ports and tcp-related resources.
Of course, in principle, unix socket may not seem so stable. When the number of concurrent connections breaks out, a large amount of long cache will be generated. Without support for connection-oriented protocols, large data packets may cause direct errors and will not return exceptions. The connection-oriented protocol such as TCP can ensure the correctness and integrity of communication.
Of course, the above mainly involves theoretical analysis that is not fully understood and subjective speculation. The specific difference is that we need to talk about it through test data. In the future, we will conduct tests in this area. My theoretical analysis on testing data from other blogs on the internet is almost correct. As for the method you choose, I can only say that "You and the bear's paw cannot have both sides". With superb O & M and configuration skills, let's make a balance between performance and stability.
About my choice
In fact, if nginx is used for load balancing, we should not consider the unix socket method at all. We can only use the TCP method. Now my small site does not have such a high concurrency, so I use unix socket. If there is a high concurrency business in the future, I can adjust some parameters to cope with it. If it is really unable to support it, you can only perform load balancing, and then you will naturally choose the TCP mode.