Mastering PHP 8.x on Fedora Server: Optimizing PHP-FPM and Taming SELinux

Fedora tutorial - IT technology blog
Fedora tutorial - IT technology blog

Why Fedora is a Formidable Choice for PHP Developers

While Ubuntu or AlmaLinux are often chosen for Production due to their LTS stability, Fedora is a different kind of “beast” for those who love cutting-edge technology. Fedora’s greatest strength lies in its repositories, which are always updated very quickly, making it ideal for maintaining a clean and secure server. Instead of having to install third-party repos like Remi on CentOS or Ondrej on Ubuntu, you can install official PHP 8.3 just days after the stable version is released.

After 6 months of actual operation, I’ve found the combination of PHP-FPM and OPcache on Fedora provides impressive response times. However, the biggest hurdle is SELinux. If configured incorrectly, you’ll encounter constant 500 errors even if you chmod 777 the entire directory. This article will help you install everything correctly and resolve these security issues once and for all, much like handling SELinux and firewalld for other high-performance services.

Deploying PHP 8.x and Essential Extensions

Let’s start by updating the system. Fedora uses the dnf package manager, which has very smart dependency resolution.

sudo dnf update -y
# Check available PHP versions
sudo dnf module list php

Fedora usually defaults to the latest PHP version. To properly run modern frameworks like Laravel or Symfony, you need the following set of extensions, particularly when deploying PostgreSQL on Fedora server as your database backend:

sudo dnf install php-fpm php-cli php-opcache php-gd php-curl php-mysqlnd php-zip php-mbstring php-xml php-intl php-json -y

Once installed, verify it with the command: php -v. If you see version 8.2 or 8.3, you’re on the right track.

Configuring PHP-FPM via Unix Sockets for Better Performance

PHP-FPM is the heart of script processing. The main configuration file is located at /etc/php-fpm.d/www.conf. Instead of using a slow TCP port (127.0.0.1:9000), switch to Unix Sockets. This helps reduce latency by about 10-15% as it doesn’t have to go through the local network stack.

Open the configuration file:

sudo nano /etc/php-fpm.d/www.conf

Adjust the following parameters for optimization:

; Use sockets for faster data transfer
listen = /run/php-fpm/www.sock

; Set permissions for the socket (change to nginx if you are not using Apache)
listen.owner = nginx
listen.group = nginx
listen.mode = 0660

; Configuration for a server with 2GB RAM
pm = dynamic
pm.max_children = 50
pm.start_servers = 5
pm.min_spare_servers = 5
pm.max_spare_servers = 35

Note: Fedora defaults the user to apache. If you are using Nginx, make sure to change both user and group in this file to nginx to avoid permission errors.

Enabling OPcache: Don’t Skip This Step

OPcache stores bytecode in RAM, preventing the server from having to recompile code on every request. For large applications, OPcache can triple execution speed. Edit the file /etc/php.d/10-opcache.ini:

opcache.enable=1
opcache.memory_consumption=128
opcache.interned_strings_buffer=8
; Increase the number of files if the project has thousands of classes like Laravel
opcache.max_accelerated_files=10000
opcache.revalidate_freq=2

Installing Composer Globally

Instead of downloading it manually every time you need it, install Composer directly into the system to call the command from anywhere:

php -r "copy('https://getcomposer.org/installer', 'composer-setup.php');"
sudo php composer-setup.php --install-dir=/usr/local/bin --filename=composer
php -r "unlink('composer-setup.php');"

Mastering SELinux Instead of Disabling It

SELinux on Fedora is usually in Enforcing mode. This is a very powerful security layer but can be a nightmare if you’re not used to it. Instead of disabling it (which is very insecure), use these 3 “essential” commands, which are also vital for a secure phpMyAdmin installation.

1. Labeling the Source Code

Assign a context so the system understands this is valid web content:

sudo semanage fcontext -a -t httpd_sys_content_t "/var/www/my-app(/.*)?"
sudo restorecon -Rv /var/www/my-app

2. Granting Write Permissions for Storage/Cache Directories

If the application needs to write logs or upload images, you must grant specific permissions:

sudo semanage fcontext -a -t httpd_sys_rw_content_t "/var/www/my-app/storage(/.*)?"
sudo restorecon -Rv /var/www/my-app/storage

3. Allowing PHP to Connect Externally

By default, SELinux blocks PHP from calling external APIs or sending Mail. Turn it on:

sudo setsebool -P httpd_can_network_connect 1

Starting and Testing

Enable the service so PHP-FPM runs automatically whenever the server restarts:

sudo systemctl enable --now php-fpm

To test OPcache, create a file at /var/www/html/info.php with the content <?php phpinfo(); ?>. When accessing it via a browser, look for the Zend OPcache section. If the status is Up and running, your system is ready to serve thousands of requests per second.

After half a year of experience, I can confirm that Fedora is an excellent environment for deploying PHP. The fast update cycle allows you to immediately take advantage of features like Readonly Properties or Enums without waiting for old LTS versions, much like setting up a professional Go (Golang) development environment on Fedora.

Share: