httpd systemd unitshttpdAuthorOrtonJoejorton@redhat.comhttpd.service8httpd.servicehttpd@.servicehttpd.sockethttpd-init.servicehttpd unit files for systemd/usr/lib/systemd/system/httpd.service,
/usr/lib/systemd/system/httpd@.service,
/usr/lib/systemd/system/httpd-init.service,
/usr/lib/systemd/system/httpd.socketDescriptionThis manual page describes the systemd
unit files used to integrate the httpd daemon
with systemd. Two main unit files are
available: httpd.service allows the
httpd daemon to be run as a system service, and
httpd.socket allows httpd to be started via
socket-based activation. Most systems will use
httpd.service.The apachectl command has been modified
to invoke systemctl for most uses, so for
example, running apachectl start is equivalent
to running systemctl start httpd.service. This
ensures that the running httpd daemon is tracked and managed by
systemd. In contrast, running
httpd directly from a root shell will start the
service outside of systemd; in this case,
default security restrictions described below (including, but not
limited to, SELinux) will not be enforced.Changing default behaviourTo change the default behaviour of the httpd service, an
over-ride file should be created, rather
than changing
/usr/lib/systemd/system/httpd.service
directly, since such changes would be lost over package
upgrades. Running systemctl edit
httpd.service or systemctl edit
httpd.socket as root will create a drop-in file (in
the former case, in
/etc/systemd/system/httpd.service.d) which
over-rides the system defaults.For example, to set the
environment variable for the daemon, run systemctl edit
httpd.service and enter:
[Service]
Environment=LD_LIBRARY_PATH=/opt/vendor/libStarting the service at boot timeThe httpd.service and httpd.socket units are
disabled by default. To start the httpd
service at boot time, run: systemctl enable
httpd.service. In the default configuration, the
httpd daemon will accept connections on port 80 (and, if mod_ssl
is installed, TLS connections on port 443) for any configured
IPv4 or IPv6 address.If httpd is configured to depend on any specific IP
address (for example, with a "Listen" directive) which may only
become available during start-up, or if httpd depends on other
services (such as a database daemon), the service
must be configured to ensure correct
start-up ordering.For example, to ensure httpd is only running after all
configured network interfaces are configured, create a drop-in
file (as described above) with the following section:
[Unit]
After=network-online.target
Wants=network-online.target
See
for more information on start-up ordering with systemd.SSL/TLS certificate generationThe httpd-init.service unit is provided
with the mod_ssl package. This oneshot unit automatically
creates a TLS server certificate and key (using a generated
self-signed CA certificate and key) for testing purposes before
httpd is started. To inhibit certificate generation, use
systemctl mask httpd-init.service after
installing mod_ssl, and adjust the mod_ssl configuration to use
an appropriate certificate and key.Reloading and stopping the serviceWhen running systemctl reload
httpd.service, a graceful
restart is used, which sends a signal to the httpd parent
process to reload the configuration and re-open log files. Any
children with open connections at the time of reload will
terminate only once they have completed serving requests. This
prevents users of the server seeing errors (or potentially
losing data) due to the reload, but means some there is some
delay before any configuration changes take effect for all
users.Similarly, a graceful stop is used
when systemctl stop httpd.service is run,
which terminates the server only once active connections have
been processed.To "ungracefully" stop the server without waiting for
requests to complete, use systemctl kill
--kill-who=main httpd; similarly to "ungracefully"
reload the configuration, use systemctl kill
--kill-who=main --signal=HUP httpd.Automated service restartsSystem packages (including the httpd package itself) may
restart the httpd service automatically after packages are
upgraded, installed, or removed. This is done using the
systemctl try-restart httpd.service, which
stops then starts the service if it is running.To disable automatic restarts, create the file
/etc/sysconfig/httpd-disable-posttrans.
When httpd interfaces are added in an update,
it may not be safe to reload a running
service after upgrading, if updated modules require interfaces
only available in the updated httpd. It is recommended to allow
automatic restarts for this reason.Changing the default MPM (Multi-Processing Module)httpd offers a choice of multi-processing modules (MPMs),
which can be configured in
/etc/httpd/conf.modules.d/00-mpm.conf.
See
httpd.conf5
for more information on changing the MPM.systemd integration and mod_systemdThe httpd service uses the systemd
service type. The mod_systemd module must be
loaded (as in the default configuration) for this to work
correctly - the service will fail if this module is not
loaded. mod_systemd also makes worker and
request statistics available when running systemctl status
httpd. See
systemd.exec5
for more information on systemd service types.Security and SELinuxThe default SELinux policy restricts the httpd service in
various ways. For example, the default policy limits the ports
to which httpd can bind (using the Listen
directive), which parts of the filesystem can be accessed, and
whether outgoing TCP connections are possible. Many of these
restrictions can be relaxed or adjusted by using
semanage to change booleans or other
types. See
httpd_selinux8
for more information.Process policies and restrictionsThe httpd service uses the following options:
PrivateTmp is enabled by
default. The /tmp and
/var/tmp directories available within the
httpd process (and CGI scripts, etc) are not shared by other
processes.OOMPolicy is set to
continue by default. Under the default
Out-of-Memory policy, the entire service will be terminated if
any process is killed by the kernel OOM killer. By setting
the policy to continue, httpd will
continue to run (and recover) if a single child is terminated
because of excess memory consumption.
See
systemd.exec5
and
systemd.service5
for more information.Logging and log file rotationThe httpd daemon is configured to log
to the /var/log/httpd directory by default,
and a drop-in for logrotate is provided at
/etc/logrotate.d/httpd to enable log file
rotation. The httpd.service systemd unit is
reloaded after a logrotate run.Log file compression is not enabled by default; since
httpd can continue writing to open log files
for some time after a reload (graceful restart), if compression
is enabled the delaycompress option must be
present (as in the default) to delay compression of log files to
a later rotation run.Socket activationSocket activation (see
systemd.socket5
for more information) can be used with httpd
by enabling the httpd.socket unit. The
httpd listener configuration must exactly
match the ListenStream options configured for
the httpd.socket unit. The default
httpd.socket has a
ListenStream=80 and, if mod_ssl is installed,
ListenStream=443 by a drop-in file. If
additional Listen directives are added to the
httpd configuration, corresponding
ListenStream options should be added via
drop-in files, for example via systemctl edit
httpd.socket.If using socket activation with httpd, only one listener
on any given TCP port is supported; a configuration with both
"Listen 127.0.0.1:80" and "Listen
192.168.1.2:80" will not work.Instantiated servicesThe httpd@.service unit is a template
for creating instantiated services. An instance of this unit
will be started using the configuration file
/etc/httpd/conf/INSTANCE.conf, where
INSTANCE is replaced with the instance
name. For example, systemctl start
httpd@foobar.service will start httpd using the
configuration file
/etc/httpd/conf/foobar.conf. The
environment variable is set to
the instance name by the unit and is available for use within
the configuration file.To allow multiple instances of httpd to run
simultaneously, a number of configuration directives must be
changed, such as PidFile and
DefaultRuntimeDir to pick non-conflicting
paths, and Listen to choose different ports.
The example configuration file
/usr/share/doc/httpd/instance.conf
demonstrates how to make such changes using the
variable.It can be useful to configure instances of
httpd@.service to reload when
httpd.service is reloaded; for example,
logrotate will reload only
httpd.service when logs are rotated. If this
behaviour is required, create a drop-in file for the instance as
follows:
[Unit]
ReloadPropagatedFrom=httpd.service
As with normal units, drop-in files for instances can be created
using systemctl edit, e.g. systemctl edit
httpd@foobar.service.Files/usr/lib/systemd/system/httpd.service,
/usr/lib/systemd/system/httpd.socket,
/usr/lib/systemd/system/httpd@.service,
/etc/systemd/systemd/httpd.service.dSee alsohttpd8,
httpd.conf5,
systemd1,
systemctl1,
systemd.service5,
systemd.exec5,
systemd.socket5,
httpd_selinux8,
semanage8,
logrotate8