Why php-fpm is listening on port 9000?

Question

➜  ~ sudo lsof -i :9000

COMMAND   PID USER   FD   TYPE             DEVICE SIZE/OFF NODE NAME
php-fpm 23153 root    8u  IPv4 0xbdb928c0ec095c13      0t0  TCP localhost:cslistener (LISTEN)
php-fpm 23154 _www    9u  IPv4 0xbdb928c0ec095c13      0t0  TCP localhost:cslistener (LISTEN)
php-fpm 23155 _www    9u  IPv4 0xbdb928c0ec095c13      0t0  TCP localhost:cslistener (LISTEN)

sure, I have PHP installed on my mac. But why is it listening on 9000 always? is it a security risk?

Answer 1

When PHP was originally put out there, PHP mostly ran as a plugin of the Apache web server called mod-php

Basically, when loading mod_php as an Apache module, it allows Apache to interpret PHP files

This was the "quick and easy" way to run PHP. You only had to have Apache configured to load the PHP module, and it was a cornerstone of the so-called LAMP stack. But it also meant that PHP was constrained by Apache, which could hamper performance. As performance became more of an issue, and with the rise of other web servers like nginx, there was a need for PHP to run under its own processes, which meant you could tune PHP separately from the web server.

PHP-FPM is a service that accepts requests to process PHP files. It doesn't care what web server you're running and, by default, it accepts those web server connections on port 9000. From the nginx default configuration

fastcgi_pass 127.0.0.1:9000;

The other default way is over a Linux socket file. Here's how Apache2 does it under Ubuntu

<FilesMatch ".+\.ph(ar|p|tml)$">
    SetHandler "proxy:unix:/run/php/php7.4-fpm.sock|fcgi://localhost"
</FilesMatch>

Is it a security risk?

No. While it's listening on a socket, your server should not be configured to listen on port 9000 for public traffic. That's what your web server is doing. Only things local to your server should be accessing port 9000.