Name

httpd.service, httpd.socket — httpd unit files for systemd

Synopsis

/usr/lib/systemd/system/httpd.service, /usr/lib/systemd/system/httpd.socket

Description

This manual page describes the systemd unit files used to integrate the httpd daemon with systemd. Two unit files are available: httpd.service allows the httpd daemon to be run as a system service, and httpd.socket allows httpd to be started via socket-based activation. Most systems will use httpd.service.

Changing default behaviour

To change the default behaviour of the httpd service, an over-ride file should be created, rather than changing /usr/lib/systemd/system/httpd.service directly, since such changes would be lost over package upgrades. Running systemctl edit httpd.service or systemctl edit httpd.socket as root will create a drop-in file in /etc/systemd/system/httpd.service.d which over-rides the system defaults.

For example, to set the LD_LIBRARY_PATH environment variable for the daemon, run systemctl edit httpd.service and enter:

[Service]
Environment=LD_LIBRARY_PATH=/opt/vendor/lib

Starting the service at boot time

The httpd.service and httpd.socket units are disabled by default. To start the httpd service at boot time, run: systemctl enable httpd.service. In the default configuration, the httpd daemon will accept connections on port 80 (and, if mod_ssl is installed, TLS connections on port 443) for any configured IPv4 or IPv6 address.

If httpd is configured to depend on any specific IP address (for example, with a "Listen" directive), which may only become available during startup, or if httpd depends on other services (such as a database daemon), the service must be configured to ensure correct startup ordering.

For example, to ensure httpd is only running after all configured network interfaces are configured, create a drop-in file (as described above) with the following:

[Unit]
After=network-online.target
Wants=network-online.target

See https://www.freedesktop.org/wiki/Software/systemd/NetworkTarget/ for more information on startup ordering with systemd.

Reloading and stopping the service

When running systemctl reload httpd.service, a "graceful" restart is used, which sends a signal to the httpd parent process to reload the configuration and re-open log files. Any children with open connections at the time of reload will terminate only once they have completed serving requests. This prevents users of the server seeing errors (or potentially losing data) due to the reload, but means some there is some delay before any configuration changes take effect for all users.

Similarly, a "graceful stop" is used when systemctl stop httpd.service is run, which terminates the server only once active connections have been processed.

systemd integration and mod_systemd

httpd.service uses the "notify" systemd service type. The mod_systemd module must be loaded (as in the default configuration) for this to work correctly - the service will fail if this module is not loaded. mod_systemd also makes worker and request statistics available when running systemctl status httpd. See systemd.exec(5) for more information on systemd service types.

Security and SELinux

The default SELinux policy restricts the httpd service in various ways. The ports to which httpd can bind (using the Listen directive), which parts of the filesystem can be accessed, whether outgoing TCP connections are possible, are limited by default, for example. Many of these restrictions can be lifted using SELinux booleans and port types. See httpd_selinux(8) for more information.

The httpd service enables PrivateTmp by default. The /tmp and /var/tmp directories available within the httpd process (and CGI scripts, etc) are not shared by other processes. See systemd.exec(5) for more information.

Files

/usr/lib/systemd/system/httpd.service, /usr/lib/systemd/system/httpd.socket, /etc/systemd/systemd/httpd.service.d

See also

httpd(8), systemd(1), systemctl(1), systemd.service(5), systemd.exec(5), httpd_selinux(8)