Harden PHP-FPM defaults

Dockerfiles/base/data/php-fpm.conf/php-fpm-5.2.conf

@@ -40,7 +40,7 @@
 
 			<value name="listen_options">
 				Set listen(2) backlog
-				<value name="backlog">1023</value>
+				<value name="backlog">1024</value>
 				Set permissions for unix socket, if one used.
 				In Linux read/write permissions must be set in order to allow connections from web server.
 				Many BSD-derrived systems allow connections regardless of permissions.
@@ -50,16 +50,6 @@
 			</value>
 
 			Additional php.ini defines, specific to this pool of workers.
-			<value name="php_defines">
-				<value name="error_reporting">E_ALL</value>
-				<value name="xmlrpc_errors">Off</value>
-				<value name="report_memleaks">On</value>
-				<value name="display_errors">Off</value>
-				<value name="display_startup_errors">Off</value>
-				<value name="track_errors">On</value>
-				<value name="log_errors">On</value>
-				<value name="html_errors">Off</value>
-			</value>
 
 			Unix user of processes
 			<value name="user">devilbox</value>
@@ -84,15 +74,15 @@
 				<value name="apache_like">
 					Sets the number of server processes created on startup.
 					Used only when 'apache-like' pm_style is selected
-					<value name="StartServers">10</value>
+					<value name="StartServers">4</value>
 
 					Sets the desired minimum number of idle server processes.
 					Used only when 'apache-like' pm_style is selected
-					<value name="MinSpareServers">5</value>
+					<value name="MinSpareServers">2</value>
 
 					Sets the desired maximum number of idle server processes.
 					Used only when 'apache-like' pm_style is selected
-					<value name="MaxSpareServers">15</value>
+					<value name="MaxSpareServers">6</value>
 				</value>
 
 			</value>
@@ -100,7 +90,7 @@
 			The timeout (in seconds) for serving a single request after which the worker process will be terminated
 			Should be used when 'max_execution_time' ini option does not stop script execution for some reason
 			'0s' means 'off'
-			<value name="request_terminate_timeout">180s</value>
+			<value name="request_terminate_timeout">120s</value>
 
 			The timeout (in seconds) for serving of single request after which a php backtrace will be dumped to slow.log file
 			'0s' means 'off'

Dockerfiles/base/data/php-fpm.conf/php-fpm-5.3.conf

@@ -1,3 +1,119 @@
+; ################################################################################
+; ####
+; #### The following settings can be overwritten by later includes
+; ####
+; ################################################################################
+
+
+; ############################################################
+; Timeouts
+; ############################################################
+
+[www]
+; The timeout for serving a single request after which the worker process will be killed.
+; This option should be used when the 'max_execution_time' ini option does not stop script
+; execution for some reason.
+request_terminate_timeout = 120s
+
+
+; ############################################################
+; Logging
+; ############################################################
+
+[global]
+error_log = /proc/self/fd/2
+log_level = notice
+
+[www]
+; if we send this to /proc/self/fd/1, it never appears
+access.log = /proc/self/fd/2
+
+
+; ############################################################
+; Worker configuration
+; ############################################################
+
+[www]
+
+; static - the number of child processes is fixed (pm.max_children).
+;
+; dynamic - the number of child processes is set dynamically based on the following directives:
+; pm.max_children, pm.start_servers, pm.min_spare_servers, pm.max_spare_servers.
+;
+; ondemand - the processes spawn on demand (when requested, as opposed to dynamic, where
+; pm.start_servers are started when the service is started.
+pm = ondemand
+
+; The maximum number of child processes to be created
+pm.max_children = 50
+
+; The number of child processes created on startup. Used only when pm is set to dynamic.
+; Default Value: min_spare_servers + (max_spare_servers - min_spare_servers) / 2.
+pm.start_servers = 4
+
+; The desired minimum number of idle server processes.
+pm.min_spare_servers = 2
+
+; The desired maximum number of idle server processes.
+pm.max_spare_servers = 6
+
+; The number of requests each child process should execute before respawning.
+; This can be useful to work around memory leaks in 3rd party libraries.
+; For endless request processing specify '0'. Equivalent to PHP_FCGI_MAX_REQUESTS.
+; Default value: 0.
+pm.max_requests = 500
+
+; The number of seconds after which an idle process will be killed. Used only when pm is set to ondemand
+pm.process_idle_timeout = 10s
+
+
+; ############################################################
+; Include
+; ############################################################
+
+
+[global]
+include   = /usr/local/etc/php-fpm.d/*.conf
+
+
+; ################################################################################
+; ####
+; #### The following settings overwrite any includes again
+; ####
+; ################################################################################
+
+
+; ############################################################
+; Required for Dockerization
+; ############################################################
+
 [global]
 daemonize = no
-include   = /usr/local/etc/php-fpm.d/*.conf
+
+[www]
+
+; Redirect worker stdout and stderr into main error log. If not set, stdout and
+; stderr will be redirected to /dev/null according to FastCGI specs.
+; Note: on highloaded environement, this can cause some delay in the page
+; process time (several ms).
+; Default Value: no
+catch_workers_output = yes
+
+
+; ############################################################
+; User and Group
+; ############################################################
+
+[www]
+user  = devilbox
+group = devilbox
+
+
+; ############################################################
+; Networking
+; ############################################################
+
+[www]
+; Ensure to listen here
+listen         = 9000
+listen.backlog = 1024

Dockerfiles/base/data/php-fpm.conf/php-fpm-5.4.conf

@@ -1,3 +1,121 @@
+; ################################################################################
+; ####
+; #### The following settings can be overwritten by later includes
+; ####
+; ################################################################################
+
+
+; ############################################################
+; Timeouts
+; ############################################################
+
+[www]
+; The timeout for serving a single request after which the worker process will be killed.
+; This option should be used when the 'max_execution_time' ini option does not stop script
+; execution for some reason.
+request_terminate_timeout = 120s
+
+
+; ############################################################
+; Logging
+; ############################################################
+
+[global]
+error_log = /proc/self/fd/2
+log_level = notice
+
+[www]
+; if we send this to /proc/self/fd/1, it never appears
+access.log = /proc/self/fd/2
+
+
+; ############################################################
+; Worker configuration
+; ############################################################
+
+[www]
+
+; static - the number of child processes is fixed (pm.max_children).
+;
+; dynamic - the number of child processes is set dynamically based on the following directives:
+; pm.max_children, pm.start_servers, pm.min_spare_servers, pm.max_spare_servers.
+;
+; ondemand - the processes spawn on demand (when requested, as opposed to dynamic, where
+; pm.start_servers are started when the service is started.
+pm = ondemand
+
+; The maximum number of child processes to be created
+pm.max_children = 50
+
+; The number of child processes created on startup. Used only when pm is set to dynamic.
+; Default Value: min_spare_servers + (max_spare_servers - min_spare_servers) / 2.
+pm.start_servers = 4
+
+; The desired minimum number of idle server processes.
+pm.min_spare_servers = 2
+
+; The desired maximum number of idle server processes.
+pm.max_spare_servers = 6
+
+; The number of requests each child process should execute before respawning.
+; This can be useful to work around memory leaks in 3rd party libraries.
+; For endless request processing specify '0'. Equivalent to PHP_FCGI_MAX_REQUESTS.
+; Default value: 0.
+pm.max_requests = 500
+
+; The number of seconds after which an idle process will be killed. Used only when pm is set to ondemand
+pm.process_idle_timeout = 10s
+
+
+; ############################################################
+; Include
+; ############################################################
+
+
+[global]
+include   = /usr/local/etc/php-fpm.d/*.conf
+
+
+; ################################################################################
+; ####
+; #### The following settings overwrite any includes again
+; ####
+; ################################################################################
+
+
+; ############################################################
+; Required for Dockerization
+; ############################################################
+
 [global]
 daemonize = no
-include   = /usr/local/etc/php-fpm.d/*.conf
+
+[www]
+; Keep env variables set by docker
+clear_env = no
+
+; Redirect worker stdout and stderr into main error log. If not set, stdout and
+; stderr will be redirected to /dev/null according to FastCGI specs.
+; Note: on highloaded environement, this can cause some delay in the page
+; process time (several ms).
+; Default Value: no
+catch_workers_output = yes
+
+
+; ############################################################
+; User and Group
+; ############################################################
+
+[www]
+user  = devilbox
+group = devilbox
+
+
+; ############################################################
+; Networking
+; ############################################################
+
+[www]
+; Ensure to listen here
+listen         = 9000
+listen.backlog = 1024

Dockerfiles/base/data/php-fpm.conf/php-fpm-5.5.conf

@@ -1,3 +1,121 @@
+; ################################################################################
+; ####
+; #### The following settings can be overwritten by later includes
+; ####
+; ################################################################################
+
+
+; ############################################################
+; Timeouts
+; ############################################################
+
+[www]
+; The timeout for serving a single request after which the worker process will be killed.
+; This option should be used when the 'max_execution_time' ini option does not stop script
+; execution for some reason.
+request_terminate_timeout = 120s
+
+
+; ############################################################
+; Logging
+; ############################################################
+
+[global]
+error_log = /proc/self/fd/2
+log_level = notice
+
+[www]
+; if we send this to /proc/self/fd/1, it never appears
+access.log = /proc/self/fd/2
+
+
+; ############################################################
+; Worker configuration
+; ############################################################
+
+[www]
+
+; static - the number of child processes is fixed (pm.max_children).
+;
+; dynamic - the number of child processes is set dynamically based on the following directives:
+; pm.max_children, pm.start_servers, pm.min_spare_servers, pm.max_spare_servers.
+;
+; ondemand - the processes spawn on demand (when requested, as opposed to dynamic, where
+; pm.start_servers are started when the service is started.
+pm = ondemand
+
+; The maximum number of child processes to be created
+pm.max_children = 50
+
+; The number of child processes created on startup. Used only when pm is set to dynamic.
+; Default Value: min_spare_servers + (max_spare_servers - min_spare_servers) / 2.
+pm.start_servers = 4
+
+; The desired minimum number of idle server processes.
+pm.min_spare_servers = 2
+
+; The desired maximum number of idle server processes.
+pm.max_spare_servers = 6
+
+; The number of requests each child process should execute before respawning.
+; This can be useful to work around memory leaks in 3rd party libraries.
+; For endless request processing specify '0'. Equivalent to PHP_FCGI_MAX_REQUESTS.
+; Default value: 0.
+pm.max_requests = 500
+
+; The number of seconds after which an idle process will be killed. Used only when pm is set to ondemand
+pm.process_idle_timeout = 10s
+
+
+; ############################################################
+; Include
+; ############################################################
+
+
+[global]
+include   = /usr/local/etc/php-fpm.d/*.conf
+
+
+; ################################################################################
+; ####
+; #### The following settings overwrite any includes again
+; ####
+; ################################################################################
+
+
+; ############################################################
+; Required for Dockerization
+; ############################################################
+
 [global]
 daemonize = no
-include   = /usr/local/etc/php-fpm.d/*.conf
+
+[www]
+; Keep env variables set by docker
+clear_env = no
+
+; Redirect worker stdout and stderr into main error log. If not set, stdout and
+; stderr will be redirected to /dev/null according to FastCGI specs.
+; Note: on highloaded environement, this can cause some delay in the page
+; process time (several ms).
+; Default Value: no
+catch_workers_output = yes
+
+
+; ############################################################
+; User and Group
+; ############################################################
+
+[www]
+user  = devilbox
+group = devilbox
+
+
+; ############################################################
+; Networking
+; ############################################################
+
+[www]
+; Ensure to listen here
+listen         = 9000
+listen.backlog = 1024

Dockerfiles/base/data/php-fpm.conf/php-fpm-5.6.conf

@@ -1,3 +1,121 @@
+; ################################################################################
+; ####
+; #### The following settings can be overwritten by later includes
+; ####
+; ################################################################################
+
+
+; ############################################################
+; Timeouts
+; ############################################################
+
+[www]
+; The timeout for serving a single request after which the worker process will be killed.
+; This option should be used when the 'max_execution_time' ini option does not stop script
+; execution for some reason.
+request_terminate_timeout = 120s
+
+
+; ############################################################
+; Logging
+; ############################################################
+
+[global]
+error_log = /proc/self/fd/2
+log_level = notice
+
+[www]
+; if we send this to /proc/self/fd/1, it never appears
+access.log = /proc/self/fd/2
+
+
+; ############################################################
+; Worker configuration
+; ############################################################
+
+[www]
+
+; static - the number of child processes is fixed (pm.max_children).
+;
+; dynamic - the number of child processes is set dynamically based on the following directives:
+; pm.max_children, pm.start_servers, pm.min_spare_servers, pm.max_spare_servers.
+;
+; ondemand - the processes spawn on demand (when requested, as opposed to dynamic, where
+; pm.start_servers are started when the service is started.
+pm = ondemand
+
+; The maximum number of child processes to be created
+pm.max_children = 50
+
+; The number of child processes created on startup. Used only when pm is set to dynamic.
+; Default Value: min_spare_servers + (max_spare_servers - min_spare_servers) / 2.
+pm.start_servers = 4
+
+; The desired minimum number of idle server processes.
+pm.min_spare_servers = 2
+
+; The desired maximum number of idle server processes.
+pm.max_spare_servers = 6
+
+; The number of requests each child process should execute before respawning.
+; This can be useful to work around memory leaks in 3rd party libraries.
+; For endless request processing specify '0'. Equivalent to PHP_FCGI_MAX_REQUESTS.
+; Default value: 0.
+pm.max_requests = 500
+
+; The number of seconds after which an idle process will be killed. Used only when pm is set to ondemand
+pm.process_idle_timeout = 10s
+
+
+; ############################################################
+; Include
+; ############################################################
+
+
+[global]
+include   = /usr/local/etc/php-fpm.d/*.conf
+
+
+; ################################################################################
+; ####
+; #### The following settings overwrite any includes again
+; ####
+; ################################################################################
+
+
+; ############################################################
+; Required for Dockerization
+; ############################################################
+
 [global]
 daemonize = no
-include   = /usr/local/etc/php-fpm.d/*.conf
+
+[www]
+; Keep env variables set by docker
+clear_env = no
+
+; Redirect worker stdout and stderr into main error log. If not set, stdout and
+; stderr will be redirected to /dev/null according to FastCGI specs.
+; Note: on highloaded environement, this can cause some delay in the page
+; process time (several ms).
+; Default Value: no
+catch_workers_output = yes
+
+
+; ############################################################
+; User and Group
+; ############################################################
+
+[www]
+user  = devilbox
+group = devilbox
+
+
+; ############################################################
+; Networking
+; ############################################################
+
+[www]
+; Ensure to listen here
+listen         = 9000
+listen.backlog = 1024

Dockerfiles/base/data/php-fpm.conf/php-fpm-7.0.conf

@@ -1,3 +1,121 @@
+; ################################################################################
+; ####
+; #### The following settings can be overwritten by later includes
+; ####
+; ################################################################################
+
+
+; ############################################################
+; Timeouts
+; ############################################################
+
+[www]
+; The timeout for serving a single request after which the worker process will be killed.
+; This option should be used when the 'max_execution_time' ini option does not stop script
+; execution for some reason.
+request_terminate_timeout = 120s
+
+
+; ############################################################
+; Logging
+; ############################################################
+
+[global]
+error_log = /proc/self/fd/2
+log_level = notice
+
+[www]
+; if we send this to /proc/self/fd/1, it never appears
+access.log = /proc/self/fd/2
+
+
+; ############################################################
+; Worker configuration
+; ############################################################
+
+[www]
+
+; static - the number of child processes is fixed (pm.max_children).
+;
+; dynamic - the number of child processes is set dynamically based on the following directives:
+; pm.max_children, pm.start_servers, pm.min_spare_servers, pm.max_spare_servers.
+;
+; ondemand - the processes spawn on demand (when requested, as opposed to dynamic, where
+; pm.start_servers are started when the service is started.
+pm = ondemand
+
+; The maximum number of child processes to be created
+pm.max_children = 50
+
+; The number of child processes created on startup. Used only when pm is set to dynamic.
+; Default Value: min_spare_servers + (max_spare_servers - min_spare_servers) / 2.
+pm.start_servers = 4
+
+; The desired minimum number of idle server processes.
+pm.min_spare_servers = 2
+
+; The desired maximum number of idle server processes.
+pm.max_spare_servers = 6
+
+; The number of requests each child process should execute before respawning.
+; This can be useful to work around memory leaks in 3rd party libraries.
+; For endless request processing specify '0'. Equivalent to PHP_FCGI_MAX_REQUESTS.
+; Default value: 0.
+pm.max_requests = 500
+
+; The number of seconds after which an idle process will be killed. Used only when pm is set to ondemand
+pm.process_idle_timeout = 10s
+
+
+; ############################################################
+; Include
+; ############################################################
+
+
+[global]
+include   = /usr/local/etc/php-fpm.d/*.conf
+
+
+; ################################################################################
+; ####
+; #### The following settings overwrite any includes again
+; ####
+; ################################################################################
+
+
+; ############################################################
+; Required for Dockerization
+; ############################################################
+
 [global]
 daemonize = no
-include   = /usr/local/etc/php-fpm.d/*.conf
+
+[www]
+; Keep env variables set by docker
+clear_env = no
+
+; Redirect worker stdout and stderr into main error log. If not set, stdout and
+; stderr will be redirected to /dev/null according to FastCGI specs.
+; Note: on highloaded environement, this can cause some delay in the page
+; process time (several ms).
+; Default Value: no
+catch_workers_output = yes
+
+
+; ############################################################
+; User and Group
+; ############################################################
+
+[www]
+user  = devilbox
+group = devilbox
+
+
+; ############################################################
+; Networking
+; ############################################################
+
+[www]
+; Ensure to listen here
+listen         = 9000
+listen.backlog = 1024

Dockerfiles/base/data/php-fpm.conf/php-fpm-7.1.conf

@@ -1,3 +1,121 @@
+; ################################################################################
+; ####
+; #### The following settings can be overwritten by later includes
+; ####
+; ################################################################################
+
+
+; ############################################################
+; Timeouts
+; ############################################################
+
+[www]
+; The timeout for serving a single request after which the worker process will be killed.
+; This option should be used when the 'max_execution_time' ini option does not stop script
+; execution for some reason.
+request_terminate_timeout = 120s
+
+
+; ############################################################
+; Logging
+; ############################################################
+
+[global]
+error_log = /proc/self/fd/2
+log_level = notice
+
+[www]
+; if we send this to /proc/self/fd/1, it never appears
+access.log = /proc/self/fd/2
+
+
+; ############################################################
+; Worker configuration
+; ############################################################
+
+[www]
+
+; static - the number of child processes is fixed (pm.max_children).
+;
+; dynamic - the number of child processes is set dynamically based on the following directives:
+; pm.max_children, pm.start_servers, pm.min_spare_servers, pm.max_spare_servers.
+;
+; ondemand - the processes spawn on demand (when requested, as opposed to dynamic, where
+; pm.start_servers are started when the service is started.
+pm = ondemand
+
+; The maximum number of child processes to be created
+pm.max_children = 50
+
+; The number of child processes created on startup. Used only when pm is set to dynamic.
+; Default Value: min_spare_servers + (max_spare_servers - min_spare_servers) / 2.
+pm.start_servers = 4
+
+; The desired minimum number of idle server processes.
+pm.min_spare_servers = 2
+
+; The desired maximum number of idle server processes.
+pm.max_spare_servers = 6
+
+; The number of requests each child process should execute before respawning.
+; This can be useful to work around memory leaks in 3rd party libraries.
+; For endless request processing specify '0'. Equivalent to PHP_FCGI_MAX_REQUESTS.
+; Default value: 0.
+pm.max_requests = 500
+
+; The number of seconds after which an idle process will be killed. Used only when pm is set to ondemand
+pm.process_idle_timeout = 10s
+
+
+; ############################################################
+; Include
+; ############################################################
+
+
+[global]
+include   = /usr/local/etc/php-fpm.d/*.conf
+
+
+; ################################################################################
+; ####
+; #### The following settings overwrite any includes again
+; ####
+; ################################################################################
+
+
+; ############################################################
+; Required for Dockerization
+; ############################################################
+
 [global]
 daemonize = no
-include   = /usr/local/etc/php-fpm.d/*.conf
+
+[www]
+; Keep env variables set by docker
+clear_env = no
+
+; Redirect worker stdout and stderr into main error log. If not set, stdout and
+; stderr will be redirected to /dev/null according to FastCGI specs.
+; Note: on highloaded environement, this can cause some delay in the page
+; process time (several ms).
+; Default Value: no
+catch_workers_output = yes
+
+
+; ############################################################
+; User and Group
+; ############################################################
+
+[www]
+user  = devilbox
+group = devilbox
+
+
+; ############################################################
+; Networking
+; ############################################################
+
+[www]
+; Ensure to listen here
+listen         = 9000
+listen.backlog = 1024

Dockerfiles/base/data/php-fpm.conf/php-fpm-7.2.conf

@@ -1,3 +1,121 @@
+; ################################################################################
+; ####
+; #### The following settings can be overwritten by later includes
+; ####
+; ################################################################################
+
+
+; ############################################################
+; Timeouts
+; ############################################################
+
+[www]
+; The timeout for serving a single request after which the worker process will be killed.
+; This option should be used when the 'max_execution_time' ini option does not stop script
+; execution for some reason.
+request_terminate_timeout = 120s
+
+
+; ############################################################
+; Logging
+; ############################################################
+
+[global]
+error_log = /proc/self/fd/2
+log_level = notice
+
+[www]
+; if we send this to /proc/self/fd/1, it never appears
+access.log = /proc/self/fd/2
+
+
+; ############################################################
+; Worker configuration
+; ############################################################
+
+[www]
+
+; static - the number of child processes is fixed (pm.max_children).
+;
+; dynamic - the number of child processes is set dynamically based on the following directives:
+; pm.max_children, pm.start_servers, pm.min_spare_servers, pm.max_spare_servers.
+;
+; ondemand - the processes spawn on demand (when requested, as opposed to dynamic, where
+; pm.start_servers are started when the service is started.
+pm = ondemand
+
+; The maximum number of child processes to be created
+pm.max_children = 50
+
+; The number of child processes created on startup. Used only when pm is set to dynamic.
+; Default Value: min_spare_servers + (max_spare_servers - min_spare_servers) / 2.
+pm.start_servers = 4
+
+; The desired minimum number of idle server processes.
+pm.min_spare_servers = 2
+
+; The desired maximum number of idle server processes.
+pm.max_spare_servers = 6
+
+; The number of requests each child process should execute before respawning.
+; This can be useful to work around memory leaks in 3rd party libraries.
+; For endless request processing specify '0'. Equivalent to PHP_FCGI_MAX_REQUESTS.
+; Default value: 0.
+pm.max_requests = 500
+
+; The number of seconds after which an idle process will be killed. Used only when pm is set to ondemand
+pm.process_idle_timeout = 10s
+
+
+; ############################################################
+; Include
+; ############################################################
+
+
+[global]
+include   = /usr/local/etc/php-fpm.d/*.conf
+
+
+; ################################################################################
+; ####
+; #### The following settings overwrite any includes again
+; ####
+; ################################################################################
+
+
+; ############################################################
+; Required for Dockerization
+; ############################################################
+
 [global]
 daemonize = no
-include   = /usr/local/etc/php-fpm.d/*.conf
+
+[www]
+; Keep env variables set by docker
+clear_env = no
+
+; Redirect worker stdout and stderr into main error log. If not set, stdout and
+; stderr will be redirected to /dev/null according to FastCGI specs.
+; Note: on highloaded environement, this can cause some delay in the page
+; process time (several ms).
+; Default Value: no
+catch_workers_output = yes
+
+
+; ############################################################
+; User and Group
+; ############################################################
+
+[www]
+user  = devilbox
+group = devilbox
+
+
+; ############################################################
+; Networking
+; ############################################################
+
+[www]
+; Ensure to listen here
+listen         = 9000
+listen.backlog = 1024

Dockerfiles/base/data/php-fpm.conf/php-fpm-7.3.conf

@@ -1,3 +1,121 @@
+; ################################################################################
+; ####
+; #### The following settings can be overwritten by later includes
+; ####
+; ################################################################################
+
+
+; ############################################################
+; Timeouts
+; ############################################################
+
+[www]
+; The timeout for serving a single request after which the worker process will be killed.
+; This option should be used when the 'max_execution_time' ini option does not stop script
+; execution for some reason.
+request_terminate_timeout = 120s
+
+
+; ############################################################
+; Logging
+; ############################################################
+
+[global]
+error_log = /proc/self/fd/2
+log_level = notice
+
+[www]
+; if we send this to /proc/self/fd/1, it never appears
+access.log = /proc/self/fd/2
+
+
+; ############################################################
+; Worker configuration
+; ############################################################
+
+[www]
+
+; static - the number of child processes is fixed (pm.max_children).
+;
+; dynamic - the number of child processes is set dynamically based on the following directives:
+; pm.max_children, pm.start_servers, pm.min_spare_servers, pm.max_spare_servers.
+;
+; ondemand - the processes spawn on demand (when requested, as opposed to dynamic, where
+; pm.start_servers are started when the service is started.
+pm = ondemand
+
+; The maximum number of child processes to be created
+pm.max_children = 50
+
+; The number of child processes created on startup. Used only when pm is set to dynamic.
+; Default Value: min_spare_servers + (max_spare_servers - min_spare_servers) / 2.
+pm.start_servers = 4
+
+; The desired minimum number of idle server processes.
+pm.min_spare_servers = 2
+
+; The desired maximum number of idle server processes.
+pm.max_spare_servers = 6
+
+; The number of requests each child process should execute before respawning.
+; This can be useful to work around memory leaks in 3rd party libraries.
+; For endless request processing specify '0'. Equivalent to PHP_FCGI_MAX_REQUESTS.
+; Default value: 0.
+pm.max_requests = 500
+
+; The number of seconds after which an idle process will be killed. Used only when pm is set to ondemand
+pm.process_idle_timeout = 10s
+
+
+; ############################################################
+; Include
+; ############################################################
+
+
+[global]
+include   = /usr/local/etc/php-fpm.d/*.conf
+
+
+; ################################################################################
+; ####
+; #### The following settings overwrite any includes again
+; ####
+; ################################################################################
+
+
+; ############################################################
+; Required for Dockerization
+; ############################################################
+
 [global]
 daemonize = no
-include   = /usr/local/etc/php-fpm.d/*.conf
+
+[www]
+; Keep env variables set by docker
+clear_env = no
+
+; Redirect worker stdout and stderr into main error log. If not set, stdout and
+; stderr will be redirected to /dev/null according to FastCGI specs.
+; Note: on highloaded environement, this can cause some delay in the page
+; process time (several ms).
+; Default Value: no
+catch_workers_output = yes
+
+
+; ############################################################
+; User and Group
+; ############################################################
+
+[www]
+user  = devilbox
+group = devilbox
+
+
+; ############################################################
+; Networking
+; ############################################################
+
+[www]
+; Ensure to listen here
+listen         = 9000
+listen.backlog = 1024