php: fpm sapi: install php-fpm.conf

Install a custom php-fpm.conf instead of the stock one.

- Listening on /var/run/php-fpm.sock instead of TCP port so we can
  restrict access to webserver user www-data.
- Using ondemand pm, so PHP children are only started after a PHP
  request, instead of kept resident all the time.

Signed-off-by: Floris Bos <bos@je-eigen-domein.nl>
Reviewed-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>

diff --git a/package/php/php-fpm.conf b/package/php/php-fpm.conf
new file mode 100644 (file)
index 0000000..b75a58f
--- /dev/null
+++ b/package/php/php-fpm.conf
@@ -0,0 +1,14 @@
+[www]
+# Only start children when there are requests to be processed
+pm = ondemand
+# Terminate them again after there haven't been any for 2 minutes
+pm.process_idle_timeout = 120s
+# Maximum number of children processing PHP requests concurrently
+pm.max_children = 5
+
+listen = /var/run/php-fpm.sock
+listen.owner = www-data
+listen.group = www-data
+user = www-data
+group = www-data
+

diff --git a/package/php/php.mk b/package/php/php.mk
index 4c65c35f7139d117a11df22d39bf661c26163d9d..3b9a1176b883023fea8026e3dadb4006558a0fe3 100644 (file)
--- a/package/php/php.mk
+++ b/package/php/php.mk
@@ -264,6 +264,14 @@ define PHP_INSTALL_INIT_SYSTEMD
        ln -fs ../../../../usr/lib/systemd/system/php-fpm.service \
                $(TARGET_DIR)/etc/systemd/system/multi-user.target.wants/php-fpm.service
 endef
+
+define PHP_INSTALL_FPM_CONF
+       $(INSTALL) -D -m 0644 package/php/php-fpm.conf \
+               $(TARGET_DIR)/etc/php-fpm.conf
+       rm -f $(TARGET_DIR)/etc/php-fpm.conf.default
+endef
+
+PHP_POST_INSTALL_TARGET_HOOKS += PHP_INSTALL_FPM_CONF
 endif
 
 define PHP_EXTENSIONS_FIXUP