Skip to content

fix: php-fpm config — non-root user, sane pm defaults#109

Merged
jorge07 merged 1 commit intojorge07:masterfrom
josecarlospeer-cloud:fix/fpm-config
Feb 21, 2026
Merged

fix: php-fpm config — non-root user, sane pm defaults#109
jorge07 merged 1 commit intojorge07:masterfrom
josecarlospeer-cloud:fix/fpm-config

Conversation

@josecarlospeer-cloud
Copy link
Contributor

@josecarlospeer-cloud josecarlospeer-cloud commented Feb 20, 2026

Hardens PHP-FPM configuration across 8.1, 8.2, 8.3.

Changes:

  • user/group: rootnobody — running FPM as root is a security risk
  • pm.max_children: 500 → 20 — 500 workers × ~40MB = 20GB RAM; unreasonable image default
  • pm.start_servers: 60 → 4
  • pm.min_spare_servers: 25 → 2
  • pm.max_spare_servers: 100 → 10
  • Added comment with tuning guidance for operators

These are conservative defaults. Operators should tune pm.* for their actual workload.

Source: https://www.php.net/manual/en/install.fpm.configuration.php

Part of phase 2+3 modernisation.

@josecarlospeer-cloud
fix: php-fpm config — non-root user, sane pm defaults
7971e0e 
- user/group: root -> nobody (security hardening)
- pm.max_children: 500 -> 20 (500 * ~40MB = 20GB, unreasonable default)
- pm.start_servers: 60 -> 4
- pm.min_spare_servers: 25 -> 2
- pm.max_spare_servers: 100 -> 10
- Add comment guiding operators to tune pm values for their workload
Source: https://www.php.net/manual/en/install.fpm.configuration.php
@jorge07 jorge07 merged commit 05f8bd5 into jorge07:master Feb 21, 2026
3 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@josecarlospeer-cloud @jorge07