httpd.service, httpd.socket — httpd unit files for systemd
/usr/lib/systemd/system/httpd.service,
/usr/lib/systemd/system/httpd.socket
This manual page describes the systemd unit files used to integrate the httpd daemon with systemd. Two unit files are available: httpd.service allows the httpd daemon to be run as a system service, and httpd.socket allows httpd to be started via socket-based activation. Most systems will use httpd.service.
To change the default behaviour of the httpd service, an
over-ride file should be created, rather
than changing
/usr/lib/systemd/system/httpd.service
directly, since such changes would be lost over package
upgrades. Running systemctl edit
httpd.service or systemctl edit
httpd.socket as root will create a drop-in file in
/etc/systemd/system/httpd.service.d which
over-rides the system defaults.
For example, to set the LD_LIBRARY_PATH
environment variable for the daemon, run systemctl edit
httpd.service and enter:
[Service] Environment=LD_LIBRARY_PATH=/opt/vendor/lib
The httpd.service and httpd.socket units are disabled by default. To start the httpd service at boot time, run: systemctl enable httpd.service. In the default configuration, the httpd daemon will accept connections on port 80 (and, if mod_ssl is installed, TLS connections on port 443) for any configured IPv4 or IPv6 address.
If httpd is configured to depend on any specific IP address (for example, with a "Listen" directive), which may only become available during startup, or if httpd depends on other services (such as a database daemon), the service must be configured to ensure correct startup ordering.
For example, to ensure httpd is only running after all configured network interfaces are configured, create a drop-in file (as described above) with the following:
[Unit] After=network-online.target Wants=network-online.target
See https://www.freedesktop.org/wiki/Software/systemd/NetworkTarget/ for more information on startup ordering with systemd.
When running systemctl reload httpd.service, a "graceful" restart is used, which sends a signal to the httpd parent process to reload the configuration and re-open log files. Any children with open connections at the time of reload will terminate only once they have completed serving requests. This prevents users of the server seeing errors (or potentially losing data) due to the reload, but means some there is some delay before any configuration changes take effect for all users.
Similarly, a "graceful stop" is used when systemctl stop httpd.service is run, which terminates the server only once active connections have been processed.
httpd.service uses the "notify" systemd
service type. The mod_systemd module must be
loaded (as in the default configuration) for this to work
correctly - the service will fail if this module is not
loaded. mod_systemd also makes worker and
request statistics available when running systemctl status
httpd. See
systemd.exec(5)
for more information on systemd service types.
The default SELinux policy restricts the httpd service in
various ways. The ports to which httpd can bind (using the
Listen directive), which parts of the
filesystem can be accessed, whether outgoing TCP connections are
possible, are limited by default, for example. Many of these
restrictions can be lifted using SELinux booleans and port
types. See
httpd_selinux(8)
for more information.
The httpd service enables PrivateTmp
by default. The /tmp and
/var/tmp directories available within the
httpd process (and CGI scripts, etc) are not shared by other
processes. See
systemd.exec(5)
for more information.