1HTTPD.SERVICE(8) httpd systemd units HTTPD.SERVICE(8)
2
6 httpd.service, httpd@.service, httpd.socket, httpd-init.service - httpd
7 unit files for systemd
8
10 /usr/lib/systemd/system/httpd.service,
11 /usr/lib/systemd/system/httpd@.service,
12 /usr/lib/systemd/system/httpd-init.service,
13 /usr/lib/systemd/system/httpd.socket
14
16 This manual page describes the systemd unit files used to integrate the
17 httpd daemon with systemd. Two main unit files are available:
18 httpd.service allows the httpd daemon to be run as a system service,
19 and httpd.socket allows httpd to be started via socket-based
20 activation. Most systems will use httpd.service.
21 The apachectl command has been modified to invoke systemctl for most
23 uses, so for example, running apachectl start is equivalent to running
24 systemctl start httpd.service. This ensures that the running httpd
25 daemon is tracked and managed by systemd. In contrast, running httpd
26 directly from a root shell will start the service outside of systemd;
27 in this case, default security restrictions described below (including,
28 but not limited to, SELinux) will not be enforced.
29 Changing default behaviour
31 To change the default behaviour of the httpd service, an over-ride file
32 should be created, rather than changing
33 /usr/lib/systemd/system/httpd.service directly, since such changes
34 would be lost over package upgrades. Running systemctl edit
35 httpd.service or systemctl edit httpd.socket as root will create a
36 drop-in file (in the former case, in
37 /etc/systemd/system/httpd.service.d) which over-rides the system
38 defaults.
39 For example, to set the LD_LIBRARY_PATH environment variable for the
41 daemon, run systemctl edit httpd.service and enter:
42 [Service]
44 Environment=LD_LIBRARY_PATH=/opt/vendor/lib
45 Starting the service at boot time
47 The httpd.service and httpd.socket units are disabled by default. To
48 start the httpd service at boot time, run: systemctl enable
49 httpd.service. In the default configuration, the httpd daemon will
50 accept connections on port 80 (and, if mod_ssl is installed, TLS
51 connections on port 443) for any configured IPv4 or IPv6 address.
52 If httpd is configured to depend on any specific IP address (for
54 example, with a "Listen" directive) which may only become available
55 during start-up, or if httpd depends on other services (such as a
56 database daemon), the service must be configured to ensure correct
57 start-up ordering.
58 For example, to ensure httpd is only running after all configured
60 network interfaces are configured, create a drop-in file (as described
61 above) with the following section:
62 [Unit]
64 After=network-online.target
65 Wants=network-online.target
66 See https://www.freedesktop.org/wiki/Software/systemd/NetworkTarget/
68 for more information on start-up ordering with systemd.
69 SSL/TLS certificate generation
71 The httpd-init.service unit is provided with the mod_ssl package. This
72 oneshot unit automatically creates a TLS server certificate and key
73 (using a generated self-signed CA certificate and key) for testing
74 purposes before httpd is started. To inhibit certificate generation,
75 use systemctl mask httpd-init.service after installing mod_ssl, and
76 adjust the mod_ssl configuration to use an appropriate certificate and
77 key.
78 Reloading and stopping the service
80 When running systemctl reload httpd.service, a graceful restart is
81 used, which sends a signal to the httpd parent process to reload the
82 configuration and re-open log files. Any children with open connections
83 at the time of reload will terminate only once they have completed
84 serving requests. This prevents users of the server seeing errors (or
85 potentially losing data) due to the reload, but means some there is
86 some delay before any configuration changes take effect for all users.
87 Similarly, a graceful stop is used when systemctl stop httpd.service is
89 run, which terminates the server only once active connections have been
90 processed.
91 To "ungracefully" stop the server without waiting for requests to
93 complete, use systemctl kill --kill-who=main httpd; similarly to
94 "ungracefully" reload the configuration, use systemctl kill
95 --kill-who=main --signal=HUP httpd.
96 Automated service restarts
98 System packages (including the httpd package itself) may restart the
99 httpd service automatically after packages are upgraded, installed, or
100 removed. This is done using the systemctl try-restart httpd.service
101 command, which stops then starts the service if it is running.
102 To disable automatic restarts, create the file
104 /etc/sysconfig/httpd-disable-posttrans. When httpd interfaces are added
105 in an update, it may not be safe to reload a running service after
106 upgrading, if updated modules require interfaces only available in the
107 updated httpd binary. It is recommended to allow automatic restarts for
108 this reason.
109 Changing the default MPM (Multi-Processing Module)
111 httpd offers a choice of multi-processing modules (MPMs), which can be
112 configured in /etc/httpd/conf.modules.d/00-mpm.conf. See httpd.conf(5)
113 for more information on changing the MPM.
114 systemd integration and mod_systemd
116 The httpd service uses the notify systemd service type. The mod_systemd
117 module must be loaded (as in the default configuration) for this to
118 work correctly - the service will fail if this module is not loaded.
119 mod_systemd also makes worker and request statistics available when
120 running systemctl status httpd. See systemd.exec(5) for more
121 information on systemd service types.
122 Security and SELinux
124 The default SELinux policy restricts the httpd service in various ways.
125 For example, the default policy limits the ports to which httpd can
126 bind (using the Listen directive), which parts of the filesystem can be
127 accessed, and whether outgoing TCP connections are possible. Many of
128 these restrictions can be relaxed or adjusted by using semanage to
129 change booleans or other types. See httpd_selinux(8) for more
130 information.
131 Process policies and restrictions
133 The httpd service uses the following options:
134 • PrivateTmp is enabled by default. The /tmp and /var/tmp directories
136 available within the httpd process (and CGI scripts, etc) are not
137 shared by other processes.
138 • OOMPolicy is set to continue by default. Under the default
140 Out-of-Memory policy, the entire service will be terminated if any
141 process is killed by the kernel OOM killer. By setting the policy
142 to continue, httpd will continue to run (and recover) if a single
143 child is terminated because of excess memory consumption.
144 See systemd.exec(5) and systemd.service(5) for more information.
146 Logging and log file rotation
148 The httpd daemon is configured to log to the /var/log/httpd directory
149 by default, and a drop-in for logrotate is provided at
150 /etc/logrotate.d/httpd to enable log file rotation. The httpd.service
151 systemd unit is reloaded after a logrotate run.
152 Log file compression is not enabled by default; since httpd can
154 continue writing to open log files for some time after a reload
155 (graceful restart), if compression is enabled the delaycompress option
156 must be present (as in the default) to delay compression of log files
157 to a later rotation run.
158 Socket activation
160 Socket activation (see systemd.socket(5) for more information) can be
161 used with httpd by enabling the httpd.socket unit. The httpd listener
162 configuration must exactly match the ListenStream options configured
163 for the httpd.socket unit. The default httpd.socket has a
164 ListenStream=80 and, if mod_ssl is installed, ListenStream=443 by a
165 drop-in file. If additional Listen directives are added to the httpd
166 configuration, corresponding ListenStream options should be added via
167 drop-in files, for example via systemctl edit httpd.socket.
168 If using socket activation with httpd, only one listener on any given
170 TCP port is supported; a configuration with both "Listen 127.0.0.1:80"
171 and "Listen 192.168.1.2:80" will not work.
172 Instantiated services
174 The httpd@.service unit is a template for creating instantiated
175 services. An instance of this unit will be started using the
176 configuration file /etc/httpd/conf/INSTANCE.conf, where INSTANCE is
177 replaced with the instance name. For example, systemctl start
178 httpd@foobar.service will start httpd using the configuration file
179 /etc/httpd/conf/foobar.conf. The HTTPD_INSTANCE environment variable is
180 set to the instance name by the unit and is available for use within
181 the configuration file.
182 To allow multiple instances of httpd to run simultaneously, a number of
184 configuration directives must be changed, such as PidFile and
185 DefaultRuntimeDir to pick non-conflicting paths, and Listen to choose
186 different ports. The example configuration file
187 /usr/share/doc/httpd/instance.conf demonstrates how to make such
188 changes using the HTTPD_INSTANCE variable.
189 It can be useful to configure instances of httpd@.service to reload
191 when httpd.service is reloaded; for example, logrotate will reload only
192 httpd.service when logs are rotated. If this behaviour is required,
193 create a drop-in file for the instance as follows:
194 [Unit]
196 ReloadPropagatedFrom=httpd.service
197 As with normal units, drop-in files for instances can be created using
199 systemctl edit, e.g. systemctl edit httpd@foobar.service.
200
202 /usr/lib/systemd/system/httpd.service,
203 /usr/lib/systemd/system/httpd.socket,
204 /usr/lib/systemd/system/httpd@.service,
205 /etc/systemd/systemd/httpd.service.d
206
208 httpd(8), httpd.conf(5), systemd(1), systemctl(1), systemd.service(5),
209 systemd.exec(5), systemd.socket(5), httpd_selinux(8), semanage(8),
210 logrotate(8)
211
213 Joe Orton <jorton@redhat.com>
214 Author
215httpd 10/20/2023 HTTPD.SERVICE(8)