1HTTPD.SERVICE(8)              httpd systemd units             HTTPD.SERVICE(8)
2
3
4

NAME

6       httpd.service, httpd@.service, httpd.socket, httpd-init.service - httpd
7       unit files for systemd
8

SYNOPSIS

10       /usr/lib/systemd/system/httpd.service,
11       /usr/lib/systemd/system/httpd@.service,
12       /usr/lib/systemd/system/httpd-init.service,
13       /usr/lib/systemd/system/httpd.socket
14

DESCRIPTION

16       This manual page describes the systemd unit files used to integrate the
17       httpd daemon with systemd. Two main unit files are available:
18       httpd.service allows the httpd daemon to be run as a system service,
19       and httpd.socket allows httpd to be started via socket-based
20       activation. Most systems will use httpd.service.
21
22       The apachectl command has been modified to invoke systemctl for most
23       uses, so for example, running apachectl start is equivalent to running
24       systemctl start httpd.service. This ensures that the running httpd
25       daemon is tracked and managed by systemd. In contrast, running httpd
26       directly from a root shell will start the service outside of systemd;
27       in this case, default security restrictions described below (including,
28       but not limited to, SELinux) will not be enforced.
29
30   Changing default behaviour
31       To change the default behaviour of the httpd service, an over-ride file
32       should be created, rather than changing
33       /usr/lib/systemd/system/httpd.service directly, since such changes
34       would be lost over package upgrades. Running systemctl edit
35       httpd.service or systemctl edit httpd.socket as root will create a
36       drop-in file (in the former case, in
37       /etc/systemd/system/httpd.service.d) which over-rides the system
38       defaults.
39
40       For example, to set the LD_LIBRARY_PATH environment variable for the
41       daemon, run systemctl edit httpd.service and enter:
42
43           [Service]
44           Environment=LD_LIBRARY_PATH=/opt/vendor/lib
45
46   Starting the service at boot time
47       The httpd.service and httpd.socket units are disabled by default. To
48       start the httpd service at boot time, run: systemctl enable
49       httpd.service. In the default configuration, the httpd daemon will
50       accept connections on port 80 (and, if mod_ssl is installed, TLS
51       connections on port 443) for any configured IPv4 or IPv6 address.
52
53       If httpd is configured to depend on any specific IP address (for
54       example, with a "Listen" directive) which may only become available
55       during start-up, or if httpd depends on other services (such as a
56       database daemon), the service must be configured to ensure correct
57       start-up ordering.
58
59       For example, to ensure httpd is only running after all configured
60       network interfaces are configured, create a drop-in file (as described
61       above) with the following section:
62
63           [Unit]
64           After=network-online.target
65           Wants=network-online.target
66
67       See https://www.freedesktop.org/wiki/Software/systemd/NetworkTarget/
68       for more information on start-up ordering with systemd.
69
70   SSL/TLS certificate generation
71       The httpd-init.service unit is provided with the mod_ssl package. This
72       oneshot unit automatically creates a TLS server certificate and key
73       (using a generated self-signed CA certificate and key) for testing
74       purposes before httpd is started. To inhibit certificate generation,
75       use systemctl mask httpd-init.service after installing mod_ssl, and
76       adjust the mod_ssl configuration to use an appropriate certificate and
77       key.
78
79   Reloading and stopping the service
80       When running systemctl reload httpd.service, a graceful restart is
81       used, which sends a signal to the httpd parent process to reload the
82       configuration and re-open log files. Any children with open connections
83       at the time of reload will terminate only once they have completed
84       serving requests. This prevents users of the server seeing errors (or
85       potentially losing data) due to the reload, but means some there is
86       some delay before any configuration changes take effect for all users.
87
88       Similarly, a graceful stop is used when systemctl stop httpd.service is
89       run, which terminates the server only once active connections have been
90       processed.
91
92       To "ungracefully" stop the server without waiting for requests to
93       complete, use systemctl kill --kill-who=main httpd; similarly to
94       "ungracefully" reload the configuration, use systemctl kill
95       --kill-who=main --signal=HUP httpd.
96
97   Automated service restarts
98       System packages (including the httpd package itself) may restart the
99       httpd service automatically after packages are upgraded, installed, or
100       removed. This is done using the systemctl try-restart httpd.service,
101       which stops then starts the service if it is running.
102
103       To disable automatic restarts, create the file
104       /etc/sysconfig/httpd-disable-posttrans. When httpd interfaces are added
105       in an update, it may not be safe to reload a running service after
106       upgrading, if updated modules require interfaces only available in the
107       updated httpd. It is recommended to allow automatic restarts for this
108       reason.
109
110   Changing the default MPM (Multi-Processing Module)
111       httpd offers a choice of multi-processing modules (MPMs), which can be
112       configured in /etc/httpd/conf.modules.d/00-mpm.conf. See httpd.conf(5)
113       for more information on changing the MPM.
114
115   systemd integration and mod_systemd
116       The httpd service uses the notify systemd service type. The mod_systemd
117       module must be loaded (as in the default configuration) for this to
118       work correctly - the service will fail if this module is not loaded.
119       mod_systemd also makes worker and request statistics available when
120       running systemctl status httpd. See systemd.exec(5) for more
121       information on systemd service types.
122
123   Security and SELinux
124       The default SELinux policy restricts the httpd service in various ways.
125       For example, the default policy limits the ports to which httpd can
126       bind (using the Listen directive), which parts of the filesystem can be
127       accessed, and whether outgoing TCP connections are possible. Many of
128       these restrictions can be relaxed or adjusted by using semanage to
129       change booleans or other types. See httpd_selinux(8) for more
130       information.
131
132       The httpd service enables PrivateTmp by default. The /tmp and /var/tmp
133       directories available within the httpd process (and CGI scripts, etc)
134       are not shared by other processes. See systemd.exec(5) for more
135       information.
136
137   Logging and log file rotation
138       The httpd daemon is configured to log to the /var/log/httpd directory
139       by default, and a drop-in for logrotate is provided at
140       /etc/logrotate.d/httpd to enable log file rotation. The httpd.service
141       systemd unit is reloaded after a logrotate run.
142
143       Log file compression is not enabled by default; since httpd can
144       continue writing to open log files for some time after a reload
145       (graceful restart), if compression is enabled the delaycompress option
146       must be present (as in the default) to delay compression of log files
147       to a later rotation run.
148
149   Socket activation
150       Socket activation (see systemd.socket(5) for more information) can be
151       used with httpd by enabling the httpd.socket unit. The httpd listener
152       configuration must exactly match the ListenStream options configured
153       for the httpd.socket unit. The default httpd.socket has a
154       ListenStream=80 and, if mod_ssl is installed, ListenStream=443 by a
155       drop-in file. If additional Listen directives are added to the httpd
156       configuration, corresponding ListenStream options should be added via
157       drop-in files, for example via systemctl edit httpd.socket.
158
159       If using socket activation with httpd, only one listener on any given
160       TCP port is supported; a configuration with both "Listen 127.0.0.1:80"
161       and "Listen 192.168.1.2:80" will not work.
162
163   Instantiated services
164       The httpd@.service unit is a template for creating instantiated
165       services. An instance of this unit will be started using the
166       configuration file /etc/httpd/conf/INSTANCE.conf, where INSTANCE is
167       replaced with the instance name. For example, systemctl start
168       httpd@foobar.service will start httpd using the configuration file
169       /etc/httpd/conf/foobar.conf. The HTTPD_INSTANCE environment variable is
170       set to the instance name by the unit and is available for use within
171       the configuration file.
172
173       To allow multiple instances of httpd to run simultaneously, a number of
174       configuration directives must be changed, such as PidFile and
175       DefaultRuntimeDir to pick non-conflicting paths, and Listen to choose
176       different ports. The example configuration file
177       /usr/share/doc/httpd/instance.conf demonstrates how to make such
178       changes using the HTTPD_INSTANCE variable.
179
180       It can be useful to configure instances of httpd@.service to reload
181       when httpd.service is reloaded; for example, logrotate will reload only
182       httpd.service when logs are rotated. If this behaviour is required,
183       create a drop-in file for the instance as follows:
184
185           [Unit]
186           ReloadPropagatedFrom=httpd.service
187
188       As with normal units, drop-in files for instances can be created using
189       systemctl edit, e.g.  systemctl edit httpd@foobar.service.
190

FILES

192       /usr/lib/systemd/system/httpd.service,
193       /usr/lib/systemd/system/httpd.socket,
194       /usr/lib/systemd/system/httpd@.service,
195       /etc/systemd/systemd/httpd.service.d
196

SEE ALSO

198       httpd(8), httpd.conf(5), systemd(1), systemctl(1), systemd.service(5),
199       systemd.exec(5), systemd.socket(5), httpd_selinux(8), semanage(8),
200       logrotate(8)
201

AUTHOR

203       Joe Orton <jorton@redhat.com>
204           Author
205
206
207
208httpd                             02/01/2021                  HTTPD.SERVICE(8)
Impressum