httpd.service.xml


1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180

<?xml version='1.0' encoding='utf-8'?>
<!DOCTYPE refentry PUBLIC "-//OASIS//DTD DocBook XML V4.2//EN"
  "http://www.oasis-open.org/docbook/xml/4.2/docbookx.dtd" [

]>

<refentry>
  <refentryinfo>
    <title>httpd systemd units</title>
    <productname>httpd</productname>
    <author><contrib>Author</contrib><surname>Orton</surname><firstname>Joe</firstname><email>jorton@redhat.com</email></author>
  </refentryinfo>

  <refmeta>
    <refentrytitle>httpd.service</refentrytitle>
    <manvolnum>5</manvolnum>
  </refmeta>
  
  <refnamediv>
    <refname>httpd.service</refname>
    <refname>httpd.socket</refname>
    <refpurpose>httpd unit files for systemd</refpurpose>
  </refnamediv>

  <refsynopsisdiv>
    <para>
      <filename>/usr/lib/systemd/system/httpd.service</filename>, 
      <filename>/usr/lib/systemd/system/httpd.socket</filename>
    </para>
  </refsynopsisdiv>
  
  <refsect1>
    <title>Description</title>

    <para>This manual page describes the <command>systemd</command>
    unit files used to integrate the <command>httpd</command> daemon
    with <command>systemd</command>. Two unit files are available:
    <command>httpd.service</command> allows the
    <command>httpd</command> daemon to be run as a system service, and
    <command>httpd.socket</command> allows httpd to be started via
    socket-based activation. Most systems will use
    <command>httpd.service</command>.</para>

    <refsect2>
      <title>Changing default behaviour</title>

      <para>To change the default behaviour of the httpd service, an
      <emphasis>over-ride</emphasis> file should be created, rather
      than changing
      <filename>/usr/lib/systemd/system/httpd.service</filename>
      directly, since such changes would be lost over package
      upgrades. Running <command>systemctl edit
      httpd.service</command> or <command>systemctl edit
      httpd.socket</command> as root will create a drop-in file in
      <filename>/etc/systemd/system/httpd.service.d</filename> which
      over-rides the system defaults.</para>

      <para>For example, to set the <literal>LD_LIBRARY_PATH</literal>
      environment variable for the daemon, run <command>systemctl edit
      httpd.service</command> and enter:

      <programlisting>[Service]
Environment=LD_LIBRARY_PATH=/opt/vendor/lib</programlisting></para>

    </refsect2>
    
    <refsect2>
      <title>Starting the service at boot time</title>

      <para>The httpd.service and httpd.socket units are
      <emphasis>disabled</emphasis> by default. To start the httpd
      service at boot time, run: <command>systemctl enable
      httpd.service</command>. In the default configuration, the
      httpd daemon will accept connections on port 80 (and, if mod_ssl
      is installed, TLS connections on port 443) for any configured
      IPv4 or IPv6 address.</para>

      <para>If httpd is configured to depend on any specific IP
      address (for example, with a "Listen" directive), which may only
      become available during startup, or if httpd depends on other
      services (such as a database daemon), the service
      <emphasis>must</emphasis> be configured to ensure correct
      startup ordering.</para>

      <para>For example, to ensure httpd is only running after all
      configured network interfaces are configured, create a drop-in
      file (as described above) with the following:

      <programlisting>[Unit]
After=network-online.target
Wants=network-online.target</programlisting>

      See <ulink
      url="https://www.freedesktop.org/wiki/Software/systemd/NetworkTarget/"/>
      for more information on startup ordering with systemd.</para>

    </refsect2>

    <refsect2>
      <title>Reloading and stopping the service</title>

      <para>When running <command>systemctl reload
      httpd.service</command>, a "<emphasis>graceful</emphasis>"
      restart is used, which sends a signal to the httpd parent
      process to reload the configuration and re-open log files. Any
      children with open connections at the time of reload will
      terminate only once they have completed serving requests. This
      prevents users of the server seeing errors (or potentially
      losing data) due to the reload, but means some there is some
      delay before any configuration changes take effect for all
      users.</para>

      <para>Similarly, a "<emphasis>graceful stop</emphasis>" is used
      when <command>systemctl stop httpd.service</command> is run,
      which terminates the server only once active connections have
      been processed.</para>

    </refsect2>

    <refsect2>
      <title>systemd integration and mod_systemd</title>

      <para>httpd.service uses the "<option>notify</option>" systemd
      service type. The <literal>mod_systemd</literal> module must be
      loaded (as in the default configuration) for this to work
      correctly - the service will fail if this module is not
      loaded. <literal>mod_systemd</literal> also makes worker and
      request statistics available when running <command>systemctl status
      httpd</command>. See
      <citerefentry><refentrytitle>systemd.exec</refentrytitle><manvolnum>5</manvolnum></citerefentry>
      for more information on systemd service types.</para>
    </refsect2>
    
    <refsect2>
      <title>Security and SELinux</title>

      <para>The default SELinux policy restricts the httpd service in
      various ways. The ports to which httpd can bind (using the
      <literal>Listen</literal> directive), which parts of the
      filesystem can be accessed, whether outgoing TCP connections are
      possible, are limited by default, for example. Many of these
      restrictions can be lifted using SELinux booleans and port
      types. See
      <citerefentry><refentrytitle>httpd_selinux</refentrytitle><manvolnum>8</manvolnum></citerefentry>
      for more information.</para>

      <para>The httpd service enables <emphasis>PrivateTmp</emphasis>
      by default. The <filename>/tmp</filename> and
      <filename>/var/tmp</filename> directories available within the
      httpd process (and CGI scripts, etc) are not shared by other
      processes. See
      <citerefentry><refentrytitle>systemd.exec</refentrytitle><manvolnum>5</manvolnum></citerefentry>
      for more information.</para>

    </refsect2>

  </refsect1>

  <refsect1>
    <title>Files</title>

    <para><filename>/usr/lib/systemd/system/httpd.service</filename>,
    <filename>/usr/lib/systemd/system/httpd.socket</filename>,
    <filename>/etc/systemd/systemd/httpd.service.d</filename></para>
  </refsect1>
  
  <refsect1>
    <title>See also</title>

    <para>
    <citerefentry><refentrytitle>httpd</refentrytitle><manvolnum>8</manvolnum></citerefentry>, 
    <citerefentry><refentrytitle>systemd</refentrytitle><manvolnum>1</manvolnum></citerefentry>, 
    <citerefentry><refentrytitle>systemctl</refentrytitle><manvolnum>1</manvolnum></citerefentry>, 
    <citerefentry><refentrytitle>systemd.service</refentrytitle><manvolnum>5</manvolnum></citerefentry>,
    <citerefentry><refentrytitle>systemd.exec</refentrytitle><manvolnum>5</manvolnum></citerefentry>,
      <citerefentry><refentrytitle>httpd_selinux</refentrytitle><manvolnum>8</manvolnum></citerefentry>
    </para>
  </refsect1>

</refentry>