Skip to content

All about FPM pools

A PHP-FPM pool is the process pool that serves PHP requests for a virtual host. This article describes how to create one, the naming convention that makes future PHP upgrades painless, the sizing fields, and the namespacing toggle.

For changing PHP runtime settings (e.g. max_execution_time) on an existing pool, see Change PHP settings.

Where to find FPM pools

In Core, the top-level 'FPM Pools' page lists every pool. Click 'Create' to add one.

Creating an FPM pool

Required fields

  • 'Name' — lowercase, digits, dash, underscore.
  • 'UNIX User' — the UNIX user the pool runs as. The PHP version dropdown is filtered to the versions installed on that user's cluster.
  • 'PHP Version' — the version of PHP this pool runs. Can't be changed after creation.

PHP Settings

Below the core fields, the form has a 'PHP Settings' section for runtime settings like max_execution_time and memory_limit. See Change PHP settings for the full set.

Sizing fields

These control how many PHP-FPM processes (workers) run, when they restart, and when they idle out.

Max Children — concurrent workers

The maximum number of concurrent PHP-FPM workers. Each worker handles one request at a time, so this is also the maximum number of concurrent PHP requests this pool can serve.

If you don't know what to set: 5.

Max Requests — restart after N

Each worker restarts after handling this many requests. The restart releases any memory the worker leaked.

If you don't know what to set: 20.

Process Idle Timeout — stop idle workers

If a worker hasn't received a request in this many seconds, it's stopped. Frees memory after a traffic burst.

Trade-off: if all workers are stopped, the next incoming request waits while one starts up — a slight first-request slowdown.

If you don't know what to set: 10.

CPU and memory limits

Both optional:

  • 'CPU Limit (cores)' — limits the pool to that many CPU cores total.
  • 'Memory Limit (MB)' — caps total memory across all workers. Minimum 256.

Slow request logging

Set 'Log Slow Requests Threshold' (in seconds) to log any PHP request taking longer than that to the PHP-FPM slow log. Useful for hunting performance issues.

Contact Cyberfusion to retrieve the slow-log results.

Namespacing

'Is Namespaced' applies several security measures to the FPM pool's processes. Most notably:

  • A dedicated /dev/ for the pool.
  • When the cluster's UNIX users home directory is /home, the home directories of other UNIX users are hidden — so the FPM pool can't enumerate other users' usernames.

Recommended for shared environments where users aren't fully trusted. See also UNIX user namespacing for the related concept on UNIX users themselves.

Use cases by target group

Sizing and isolation per group

  • Web agencies — one FPM pool per client UNIX user is the simplest and safest layout. Start with the suggested defaults (5 / 20 / 10) and only raise 'Max Children' if the site genuinely has concurrent traffic. With many clients on one cluster, 'Is Namespaced' on means a hostile or compromised site can't enumerate other clients.
  • Shops — 'Max Children' has to cover the worst peak (Black Friday, a flash sale). Set the 'Memory Limit (MB)' so workers × per-worker RAM stays inside the node's budget — running out of memory under peak is far worse than queuing requests.
  • SaaS — when one tenant's heavy job shouldn't slow another's, give each tenant its own UNIX user + FPM pool with a dedicated 'CPU Limit (cores)'. When a single tenant's customer reports lag, turn on slow-request logging and ask Cyberfusion for the results — it'll show exactly which PHP request was slow, so you can fix the actual query/script instead of guessing.
  • Tech agencies / large platforms — pair 'CPU Limit (cores)' with the cluster's 'Log Slow Requests Threshold' so noisy-neighbour incidents leave a trail in the slow log instead of just degrading the whole node.