181 lines
7.1 KiB
XML
181 lines
7.1 KiB
XML
<?xml version='1.0' encoding='utf-8'?>
|
|
<!DOCTYPE refentry PUBLIC "-//OASIS//DTD DocBook XML V4.2//EN"
|
|
"http://www.oasis-open.org/docbook/xml/4.2/docbookx.dtd" [
|
|
|
|
]>
|
|
|
|
<refentry>
|
|
<refentryinfo>
|
|
<title>httpd systemd units</title>
|
|
<productname>httpd</productname>
|
|
<author><contrib>Author</contrib><surname>Orton</surname><firstname>Joe</firstname><email>jorton@redhat.com</email></author>
|
|
</refentryinfo>
|
|
|
|
<refmeta>
|
|
<refentrytitle>httpd.service</refentrytitle>
|
|
<manvolnum>5</manvolnum>
|
|
</refmeta>
|
|
|
|
<refnamediv>
|
|
<refname>httpd.service</refname>
|
|
<refname>httpd.socket</refname>
|
|
<refpurpose>httpd unit files for systemd</refpurpose>
|
|
</refnamediv>
|
|
|
|
<refsynopsisdiv>
|
|
<para>
|
|
<filename>/usr/lib/systemd/system/httpd.service</filename>,
|
|
<filename>/usr/lib/systemd/system/httpd.socket</filename>
|
|
</para>
|
|
</refsynopsisdiv>
|
|
|
|
<refsect1>
|
|
<title>Description</title>
|
|
|
|
<para>This manual page describes the <command>systemd</command>
|
|
unit files used to integrate the <command>httpd</command> daemon
|
|
with <command>systemd</command>. Two unit files are available:
|
|
<command>httpd.service</command> allows the
|
|
<command>httpd</command> daemon to be run as a system service, and
|
|
<command>httpd.socket</command> allows httpd to be started via
|
|
socket-based activation. Most systems will use
|
|
<command>httpd.service</command>.</para>
|
|
|
|
<refsect2>
|
|
<title>Changing default behaviour</title>
|
|
|
|
<para>To change the default behaviour of the httpd service, an
|
|
<emphasis>over-ride</emphasis> file should be created, rather
|
|
than changing
|
|
<filename>/usr/lib/systemd/system/httpd.service</filename>
|
|
directly, since such changes would be lost over package
|
|
upgrades. Running <command>systemctl edit
|
|
httpd.service</command> or <command>systemctl edit
|
|
httpd.socket</command> as root will create a drop-in file in
|
|
<filename>/etc/systemd/system/httpd.service.d</filename> which
|
|
over-rides the system defaults.</para>
|
|
|
|
<para>For example, to set the <literal>LD_LIBRARY_PATH</literal>
|
|
environment variable for the daemon, run <command>systemctl edit
|
|
httpd.service</command> and enter:
|
|
|
|
<programlisting>[Service]
|
|
Environment=LD_LIBRARY_PATH=/opt/vendor/lib</programlisting></para>
|
|
|
|
</refsect2>
|
|
|
|
<refsect2>
|
|
<title>Starting the service at boot time</title>
|
|
|
|
<para>The httpd.service and httpd.socket units are
|
|
<emphasis>disabled</emphasis> by default. To start the httpd
|
|
service at boot time, run: <command>systemctl enable
|
|
httpd.service</command>. In the default configuration, the
|
|
httpd daemon will accept connections on port 80 (and, if mod_ssl
|
|
is installed, TLS connections on port 443) for any configured
|
|
IPv4 or IPv6 address.</para>
|
|
|
|
<para>If httpd is configured to depend on any specific IP
|
|
address (for example, with a "Listen" directive), which may only
|
|
become available during startup, or if httpd depends on other
|
|
services (such as a database daemon), the service
|
|
<emphasis>must</emphasis> be configured to ensure correct
|
|
startup ordering.</para>
|
|
|
|
<para>For example, to ensure httpd is only running after all
|
|
configured network interfaces are configured, create a drop-in
|
|
file (as described above) with the following:
|
|
|
|
<programlisting>[Unit]
|
|
After=network-online.target
|
|
Wants=network-online.target</programlisting>
|
|
|
|
See <ulink
|
|
url="https://www.freedesktop.org/wiki/Software/systemd/NetworkTarget/"/>
|
|
for more information on startup ordering with systemd.</para>
|
|
|
|
</refsect2>
|
|
|
|
<refsect2>
|
|
<title>Reloading and stopping the service</title>
|
|
|
|
<para>When running <command>systemctl reload
|
|
httpd.service</command>, a "<emphasis>graceful</emphasis>"
|
|
restart is used, which sends a signal to the httpd parent
|
|
process to reload the configuration and re-open log files. Any
|
|
children with open connections at the time of reload will
|
|
terminate only once they have completed serving requests. This
|
|
prevents users of the server seeing errors (or potentially
|
|
losing data) due to the reload, but means some there is some
|
|
delay before any configuration changes take effect for all
|
|
users.</para>
|
|
|
|
<para>Similarly, a "<emphasis>graceful stop</emphasis>" is used
|
|
when <command>systemctl stop httpd.service</command> is run,
|
|
which terminates the server only once active connections have
|
|
been processed.</para>
|
|
|
|
</refsect2>
|
|
|
|
<refsect2>
|
|
<title>systemd integration and mod_systemd</title>
|
|
|
|
<para>httpd.service uses the "<option>notify</option>" systemd
|
|
service type. The <literal>mod_systemd</literal> module must be
|
|
loaded (as in the default configuration) for this to work
|
|
correctly - the service will fail if this module is not
|
|
loaded. <literal>mod_systemd</literal> also makes worker and
|
|
request statistics available when running <command>systemctl status
|
|
httpd</command>. See
|
|
<citerefentry><refentrytitle>systemd.exec</refentrytitle><manvolnum>5</manvolnum></citerefentry>
|
|
for more information on systemd service types.</para>
|
|
</refsect2>
|
|
|
|
<refsect2>
|
|
<title>Security and SELinux</title>
|
|
|
|
<para>The default SELinux policy restricts the httpd service in
|
|
various ways. The ports to which httpd can bind (using the
|
|
<literal>Listen</literal> directive), which parts of the
|
|
filesystem can be accessed, whether outgoing TCP connections are
|
|
possible, are limited by default, for example. Many of these
|
|
restrictions can be lifted using SELinux booleans and port
|
|
types. See
|
|
<citerefentry><refentrytitle>httpd_selinux</refentrytitle><manvolnum>8</manvolnum></citerefentry>
|
|
for more information.</para>
|
|
|
|
<para>The httpd service enables <emphasis>PrivateTmp</emphasis>
|
|
by default. The <filename>/tmp</filename> and
|
|
<filename>/var/tmp</filename> directories available within the
|
|
httpd process (and CGI scripts, etc) are not shared by other
|
|
processes. See
|
|
<citerefentry><refentrytitle>systemd.exec</refentrytitle><manvolnum>5</manvolnum></citerefentry>
|
|
for more information.</para>
|
|
|
|
</refsect2>
|
|
|
|
</refsect1>
|
|
|
|
<refsect1>
|
|
<title>Files</title>
|
|
|
|
<para><filename>/usr/lib/systemd/system/httpd.service</filename>,
|
|
<filename>/usr/lib/systemd/system/httpd.socket</filename>,
|
|
<filename>/etc/systemd/systemd/httpd.service.d</filename></para>
|
|
</refsect1>
|
|
|
|
<refsect1>
|
|
<title>See also</title>
|
|
|
|
<para>
|
|
<citerefentry><refentrytitle>httpd</refentrytitle><manvolnum>8</manvolnum></citerefentry>,
|
|
<citerefentry><refentrytitle>systemd</refentrytitle><manvolnum>1</manvolnum></citerefentry>,
|
|
<citerefentry><refentrytitle>systemctl</refentrytitle><manvolnum>1</manvolnum></citerefentry>,
|
|
<citerefentry><refentrytitle>systemd.service</refentrytitle><manvolnum>5</manvolnum></citerefentry>,
|
|
<citerefentry><refentrytitle>systemd.exec</refentrytitle><manvolnum>5</manvolnum></citerefentry>,
|
|
<citerefentry><refentrytitle>httpd_selinux</refentrytitle><manvolnum>8</manvolnum></citerefentry>
|
|
</para>
|
|
</refsect1>
|
|
|
|
</refentry>
|