8 files changed, 94 insertions, 14 deletions

diff --git a/etc/inc/system.inc b/etc/inc/system.inc
index 035c5de..c4857fa 100644
--- a/etc/inc/system.inc
+++ b/etc/inc/system.inc
@@ -982,11 +982,6 @@ function system_generate_lighty_config($filename,
 			$max_php_children = 1;
 	}
 
-	if ($captive_portal !== false)
-		$fast_cgi_path = "{$g['tmp_path']}/php-fastcgi-{$captive_portal}.socket";
-	else
-		$fast_cgi_path = "{$g['tmp_path']}/php-fastcgi.socket";
-
 	if(!isset($config['syslog']['nologlighttpd'])) {
 		$lighty_use_syslog = <<<EOD
 ## where to send error-messages to
@@ -995,7 +990,9 @@ EOD;
 	}
 
 
-	$fastcgi_config = <<<EOD
+	if ($captive_portal !== false) {
+		$fast_cgi_path = "{$g['tmp_path']}/php-fastcgi-{$captive_portal}.socket";
+		$fastcgi_config = <<<EOD
 #### fastcgi module
 ## read fastcgi.txt for more info
 fastcgi.server = ( ".php" =>
@@ -1013,6 +1010,23 @@ fastcgi.server = ( ".php" =>
 )
 
 EOD;
+	} else {
+		$fast_cgi_path = "{$g['varrun_path']}/php-fpm.socket";
+		$fastcgi_config = <<<EOD
+#### fastcgi module
+## read fastcgi.txt for more info
+fastcgi.server = ( ".php" =>
+	( "localhost" =>
+		(
+			"socket" => "{$fast_cgi_path}",
+			"broken-scriptfilename" => "enable"
+		)
+	)
+)
+
+EOD;
+	}
+
 
 	$lighty_config = <<<EOD
 #
diff --git a/etc/phpshellsessions/gitsync b/etc/phpshellsessions/gitsync
index 2b4eec1..31fd468 100644
--- a/etc/phpshellsessions/gitsync
+++ b/etc/phpshellsessions/gitsync
@@ -399,7 +399,6 @@ function post_cvssync_commands() {
 	$fd = fopen("/tmp/restart_lighty", "w");
 	fwrite($fd, "#!/bin/sh\n");
 	fwrite($fd, "sleep 5\n");
-	fwrite($fd, "killall php\n");
 	fwrite($fd, "/usr/local/sbin/pfSctl -c 'service restart webgui'\n");
 	if(file_exists("/var/etc/lighty-CaptivePortal.conf"))
 		fwrite($fd, "/usr/local/sbin/lighttpd -f /var/etc/lighty-CaptivePortal.conf\n");
diff --git a/etc/rc b/etc/rc
index 9baac4e..2a11bdb 100755
--- a/etc/rc
+++ b/etc/rc
@@ -369,6 +369,7 @@ fi
 # Run the php.ini setup file and populate
 # /usr/local/etc/php.ini and /usr/local/lib/php.ini
 /etc/rc.php_ini_setup 2>/tmp/php_errors.txt
+/usr/local/sbin/php-fpm -c /usr/local/lib/php.ini -y /usr/local/lib/php-fpm.conf -RD 2>&1 >/dev/null
 
 # Launch external configuration loader for supported platforms
 if [ "$PLATFORM" = "embedded" ]; then
@@ -391,6 +392,7 @@ if [ -f /etc/rc.custom_boot_early ]; then
 	echo "Done"
 fi
 
+export fcgipath=/var/run/php-fpm.socket
 /usr/bin/nice -n20 /usr/local/sbin/check_reload_status
 
 # let the PHP-based configuration subsystem set up the system now
diff --git a/etc/rc.initial b/etc/rc.initial
index 1f9f1e2..c57c0db 100755
--- a/etc/rc.initial
+++ b/etc/rc.initial
@@ -137,7 +137,7 @@ case ${opmode} in
 		/usr/sbin/tcpdump -s 256 -v -S -l -n -e -ttt -i pflog0
 		;;
 11 | 111)
-		/usr/bin/killall -9 php; /usr/bin/killall -9 lighttpd; /etc/rc.restart_webgui
+		/etc/rc.restart_webgui
 		;;
 12)
 		/usr/local/sbin/pfSsh.php
diff --git a/etc/rc.php_ini_setup b/etc/rc.php_ini_setup
index 589fab8..1105773 100755
--- a/etc/rc.php_ini_setup
+++ b/etc/rc.php_ini_setup
@@ -53,7 +53,7 @@ REALMEM=`/sbin/sysctl hw.realmem | /usr/bin/awk '{print $2/1048576}' | /usr/bin/
 export REALMEM
 export LOWMEM
 
-if [  "$REALMEM" -lt "$MIN_REALMEM_FOR_APC" ]; then
+if [  ${REALMEM} -lt $MIN_REALMEM_FOR_APC ]; then
 	LOWMEM="TRUE"
 	echo ">>> Under $MIN_REALMEM_FOR_APC megabytes of ram detected.  Not enabling APC."
 	echo ">>> Under $MIN_REALMEM_FOR_APC megabytes of ram detected.  Not enabling APC." | /usr/bin/logger -p daemon.info -i -t rc.php_ini_setup
@@ -296,6 +296,73 @@ suhosin.memory_limit = 512435456
 EOF
 
 
+PHPFPMMAX=2
+if [ "$LOWMEM" = "TRUE" ]; then
+	PHPFPMMAX=1
+elif [ ${REALMEM} -gt 1000 ]; then
+	PHPFPMMAX=4
+fi
+
+/bin/cat > /usr/local/lib/php-fpm.conf <<EOF
+
+[global]
+pid = run/php-fpm.pid
+error_log=syslog
+syslog.facility = daemon
+syslog.ident = php-fpm
+log_level = notice
+daemonize = yes
+events.mechanism = kqueue
+process.max = ${PHPFPMMAX}
+
+[lighty]
+user = root
+group = wheel
+;mode = 0600
+
+listen = /var/run/php-fpm.socket
+listen.owner = root
+listen.group = wheel
+listen.mode = 0600
+
+security.limit_extensions =
+
+EOF
+
+if [ "$LOWMEM" = "TRUE" ]; then
+	/bin/cat >> /usr/local/lib/php-fpm.conf <<EOF
+
+pm = ondemand
+pm.process_idle_timeout = 5
+pm.max_children = 1
+pm.max_requests = 500
+
+EOF
+
+elif [ $REALMEM -gt 1000 ]; then
+	/bin/cat >> /usr/local/lib/php-fpm.conf <<EOF
+
+pm = dynamic
+pm.process_idle_timeout = 5
+pm.max_children = 3
+pm.start_servers = 1
+pm.max_requests = 500
+pm.min_spare_servers=1
+pm.max_spare_servers=1
+
+EOF
+else
+
+	/bin/cat >> /usr/local/lib/php-fpm.conf <<EOF
+
+pm = static
+pm.max_children = 2
+pm.max_requests = 500
+
+EOF
+
+fi
+
 # Copy php.ini file to etc/ too (cli)
 /bin/cp /usr/local/lib/php.ini /usr/local/etc/php.ini
 
diff --git a/usr/local/www/firewall_shaper_queues.php b/usr/local/www/firewall_shaper_queues.php
index f8ee5b6..db93524 100755
--- a/usr/local/www/firewall_shaper_queues.php
+++ b/usr/local/www/firewall_shaper_queues.php
@@ -46,7 +46,7 @@ require_once("shaper.inc");
 require_once("rrd.inc");
 
 if($_GET['reset'] <> "") {
-	mwexec("killall -9 pfctl php");
+	mwexec("killall -9 pfctl");
 	exit;
 }
 
diff --git a/usr/local/www/firewall_shaper_vinterface.php b/usr/local/www/firewall_shaper_vinterface.php
index 9ab72b4..73b98c6 100644
--- a/usr/local/www/firewall_shaper_vinterface.php
+++ b/usr/local/www/firewall_shaper_vinterface.php
@@ -46,8 +46,7 @@ require_once("filter.inc");
 require_once("shaper.inc");
 
 if($_GET['reset'] <> "") {
-	/* XXX: Huh, why are we killing php? */
-	mwexec("/usr/bin/killall -9 pfctl php");
+	mwexec("/usr/bin/killall -9 pfctl");
 	exit;
 }
 
diff --git a/usr/local/www/firewall_shaper_wizards.php b/usr/local/www/firewall_shaper_wizards.php
index 455b932..57f7d02 100755
--- a/usr/local/www/firewall_shaper_wizards.php
+++ b/usr/local/www/firewall_shaper_wizards.php
@@ -45,8 +45,7 @@ require_once("filter.inc");
 require_once("shaper.inc");
 
 if($_GET['reset'] <> "") {
-	/* XXX: Huh, why are we killing php? */
-	mwexec("/usr/bin/killall -9 pfctl php");
+	mwexec("/usr/bin/killall -9 pfctl");
 	exit;
 }