From 03f1098961e7cd0a5a3b7d93ca59f9176b7f63ac Mon Sep 17 00:00:00 2001
From: CoprDistGit <infra@openeuler.org>
Date: Mon, 5 Aug 2024 02:42:43 +0000
Subject: automatic import of httpd

---
 httpd.service.xml | 374 ++++++++++++++++++++++++++++++++++++++++++++++++++++++
 1 file changed, 374 insertions(+)
 create mode 100644 httpd.service.xml

(limited to 'httpd.service.xml')

diff --git a/httpd.service.xml b/httpd.service.xml
new file mode 100644
index 0000000..c6bf865
--- /dev/null
+++ b/httpd.service.xml
@@ -0,0 +1,374 @@
+<?xml version='1.0' encoding='utf-8'?>
+<!DOCTYPE refentry PUBLIC "-//OASIS//DTD DocBook XML V4.2//EN"
+  "http://www.oasis-open.org/docbook/xml/4.2/docbookx.dtd" [
+
+]>
+<!--
+ Copyright 2018 Red Hat, Inc.
+
+ Licensed to the Apache Software Foundation (ASF) under one or more
+ contributor license agreements.  See the NOTICE file distributed with
+ this work for additional information regarding copyright ownership.
+ The ASF licenses this file to You under the Apache License, Version 2.0
+ (the "License"); you may not use this file except in compliance with
+ the License.  You may obtain a copy of the License at
+
+     http://www.apache.org/licenses/LICENSE-2.0
+
+ Unless required by applicable law or agreed to in writing, software
+ distributed under the License is distributed on an "AS IS" BASIS,
+ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ See the License for the specific language governing permissions and
+ limitations under the License.
+-->
+
+<refentry>
+  <refentryinfo>
+    <title>httpd systemd units</title>
+    <productname>httpd</productname>
+    <author><contrib>Author</contrib><surname>Orton</surname><firstname>Joe</firstname><email>jorton@redhat.com</email></author>
+  </refentryinfo>
+
+  <refmeta>
+    <refentrytitle>httpd.service</refentrytitle>
+    <manvolnum>8</manvolnum>
+  </refmeta>
+  
+  <refnamediv>
+    <refname>httpd.service</refname>
+    <refname>httpd@.service</refname>
+    <refname>httpd.socket</refname>
+    <refname>httpd-init.service</refname>
+    <refpurpose>httpd unit files for systemd</refpurpose>
+  </refnamediv>
+
+  <refsynopsisdiv>
+    <para>
+      <filename>/usr/lib/systemd/system/httpd.service</filename>, 
+      <filename>/usr/lib/systemd/system/httpd@.service</filename>,
+      <filename>/usr/lib/systemd/system/httpd-init.service</filename>,
+      <filename>/usr/lib/systemd/system/httpd.socket</filename>
+    </para>
+  </refsynopsisdiv>
+  
+  <refsect1>
+    <title>Description</title>
+
+    <para>This manual page describes the <command>systemd</command>
+    unit files used to integrate the <command>httpd</command> daemon
+    with <command>systemd</command>. Two main unit files are
+    available: <command>httpd.service</command> allows the
+    <command>httpd</command> daemon to be run as a system service, and
+    <command>httpd.socket</command> allows httpd to be started via
+    socket-based activation. Most systems will use
+    <command>httpd.service</command>.</para>
+
+    <para>The <command>apachectl</command> command has been modified
+    to invoke <command>systemctl</command> for most uses, so for
+    example, running <command>apachectl start</command> is equivalent
+    to running <command>systemctl start httpd.service</command>.  This
+    ensures that the running httpd daemon is tracked and managed by
+    <command>systemd</command>.  In contrast, running
+    <command>httpd</command> directly from a root shell will start the
+    service outside of <command>systemd</command>; in this case,
+    default security restrictions described below (including, but not
+    limited to, SELinux) will not be enforced.</para>
+
+    <refsect2>
+      <title>Changing default behaviour</title>
+
+      <para>To change the default behaviour of the httpd service, an
+      <emphasis>over-ride</emphasis> file should be created, rather
+      than changing
+      <filename>/usr/lib/systemd/system/httpd.service</filename>
+      directly, since such changes would be lost over package
+      upgrades. Running <command>systemctl edit
+      httpd.service</command> or <command>systemctl edit
+      httpd.socket</command> as root will create a drop-in file (in
+      the former case, in
+      <filename>/etc/systemd/system/httpd.service.d</filename>) which
+      over-rides the system defaults.</para>
+
+      <para>For example, to set the <option>LD_LIBRARY_PATH</option>
+      environment variable for the daemon, run <command>systemctl edit
+      httpd.service</command> and enter:
+
+      <programlisting>[Service]
+Environment=LD_LIBRARY_PATH=/opt/vendor/lib</programlisting></para>
+    </refsect2>
+    
+    <refsect2>
+      <title>Starting the service at boot time</title>
+
+      <para>The httpd.service and httpd.socket units are
+      <emphasis>disabled</emphasis> by default. To start the httpd
+      service at boot time, run: <command>systemctl enable
+      httpd.service</command>. In the default configuration, the
+      httpd daemon will accept connections on port 80 (and, if mod_ssl
+      is installed, TLS connections on port 443) for any configured
+      IPv4 or IPv6 address.</para>
+
+      <para>If httpd is configured to depend on any specific IP
+      address (for example, with a "Listen" directive) which may only
+      become available during start-up, or if httpd depends on other
+      services (such as a database daemon), the service
+      <emphasis>must</emphasis> be configured to ensure correct
+      start-up ordering.</para>
+
+      <para>For example, to ensure httpd is only running after all
+      configured network interfaces are configured, create a drop-in
+      file (as described above) with the following section:
+
+      <programlisting>[Unit]
+After=network-online.target
+Wants=network-online.target</programlisting>
+
+      See <ulink
+      url="https://www.freedesktop.org/wiki/Software/systemd/NetworkTarget/"/>
+      for more information on start-up ordering with systemd.</para>
+
+    </refsect2>
+
+    <refsect2>
+      <title>SSL/TLS certificate generation</title>
+
+      <para>The <command>httpd-init.service</command> unit is provided
+      with the mod_ssl package. This oneshot unit automatically
+      creates a TLS server certificate and key (using a generated
+      self-signed CA certificate and key) for testing purposes before
+      httpd is started. To inhibit certificate generation, use
+      <command>systemctl mask httpd-init.service</command> after
+      installing mod_ssl, and adjust the mod_ssl configuration to use
+      an appropriate certificate and key.</para>
+
+    </refsect2>
+
+    <refsect2>
+      <title>Reloading and stopping the service</title>
+
+      <para>When running <command>systemctl reload
+      httpd.service</command>, a <emphasis>graceful</emphasis>
+      restart is used, which sends a signal to the httpd parent
+      process to reload the configuration and re-open log files. Any
+      children with open connections at the time of reload will
+      terminate only once they have completed serving requests. This
+      prevents users of the server seeing errors (or potentially
+      losing data) due to the reload, but means some there is some
+      delay before any configuration changes take effect for all
+      users.</para>
+
+      <para>Similarly, a <emphasis>graceful stop</emphasis> is used
+      when <command>systemctl stop httpd.service</command> is run,
+      which terminates the server only once active connections have
+      been processed.</para>
+
+      <para>To "ungracefully" stop the server without waiting for
+      requests to complete, use <command>systemctl kill
+      --kill-who=main httpd</command>; similarly to "ungracefully"
+      reload the configuration, use <command>systemctl kill
+      --kill-who=main --signal=HUP httpd</command>.</para>
+    </refsect2>
+
+    <refsect2>
+      <title>Automated service restarts</title>
+
+      <para>System packages (including the httpd package itself) may
+      restart the httpd service automatically after packages are
+      upgraded, installed, or removed. This is done using the
+      <command>systemctl try-restart httpd.service</command>, which
+      stops then starts the service if it is running.</para>
+
+      <para>To disable automatic restarts, create the file
+      <filename>/etc/sysconfig/httpd-disable-posttrans</filename>.
+      When <command>httpd</command> interfaces are added in an update,
+      it may not be safe to <emphasis>reload</emphasis> a running
+      service after upgrading, if updated modules require interfaces
+      only available in the updated httpd.  It is recommended to allow
+      automatic restarts for this reason.</para>
+    </refsect2>
+
+    <refsect2>
+      <title>Changing the default MPM (Multi-Processing Module)</title>
+
+      <para>httpd offers a choice of multi-processing modules (MPMs),
+      which can be configured in
+      <filename>/etc/httpd/conf.modules.d/00-mpm.conf</filename>.
+      See
+      <citerefentry><refentrytitle>httpd.conf</refentrytitle><manvolnum>5</manvolnum></citerefentry>
+      for more information on changing the MPM.</para>
+    </refsect2>
+
+    <refsect2>
+      <title>systemd integration and mod_systemd</title>
+
+      <para>The httpd service uses the <option>notify</option> systemd
+      service type. The <literal>mod_systemd</literal> module must be
+      loaded (as in the default configuration) for this to work
+      correctly - the service will fail if this module is not
+      loaded. <literal>mod_systemd</literal> also makes worker and
+      request statistics available when running <command>systemctl status
+      httpd</command>. See
+      <citerefentry><refentrytitle>systemd.exec</refentrytitle><manvolnum>5</manvolnum></citerefentry>
+      for more information on systemd service types.</para>
+    </refsect2>
+    
+    <refsect2>
+      <title>Security and SELinux</title>
+
+      <para>The default SELinux policy restricts the httpd service in
+      various ways. For example, the default policy limits the ports
+      to which httpd can bind (using the <literal>Listen</literal>
+      directive), which parts of the filesystem can be accessed, and
+      whether outgoing TCP connections are possible. Many of these
+      restrictions can be relaxed or adjusted by using
+      <command>semanage</command> to change booleans or other
+      types. See
+      <citerefentry><refentrytitle>httpd_selinux</refentrytitle><manvolnum>8</manvolnum></citerefentry>
+      for more information.</para>
+    </refsect2>
+
+    <refsect2>
+      <title>Process policies and restrictions</title>
+
+      <para>The httpd service uses the following options:
+
+      <itemizedlist>
+        <listitem><para><emphasis>PrivateTmp</emphasis> is enabled by
+        default. The <filename>/tmp</filename> and
+        <filename>/var/tmp</filename> directories available within the
+        httpd process (and CGI scripts, etc) are not shared by other
+        processes.</para></listitem>
+
+        <listitem><para><emphasis>OOMPolicy</emphasis> is set to
+        <emphasis>continue</emphasis> by default.  Under the default
+        Out-of-Memory policy, the entire service will be terminated if
+        any process is killed by the kernel OOM killer.  By setting
+        the policy to <emphasis>continue</emphasis>, httpd will
+        continue to run (and recover) if a single child is terminated
+        because of excess memory consumption.</para></listitem>
+      </itemizedlist>
+
+      See
+      <citerefentry><refentrytitle>systemd.exec</refentrytitle><manvolnum>5</manvolnum></citerefentry>
+      and
+      <citerefentry><refentrytitle>systemd.service</refentrytitle><manvolnum>5</manvolnum></citerefentry>
+      for more information.</para>
+    </refsect2>
+
+    <refsect2>
+      <title>Logging and log file rotation</title>
+
+      <para>The <command>httpd</command> daemon is configured to log
+      to the <filename>/var/log/httpd</filename> directory by default,
+      and a drop-in for <command>logrotate</command> is provided at
+      <filename>/etc/logrotate.d/httpd</filename> to enable log file
+      rotation.  The <command>httpd.service</command> systemd unit is
+      reloaded after a <command>logrotate</command> run.</para>
+
+      <para>Log file compression is not enabled by default; since
+      <command>httpd</command> can continue writing to open log files
+      for some time after a reload (graceful restart), if compression
+      is enabled the <literal>delaycompress</literal> option must be
+      present (as in the default) to delay compression of log files to
+      a later rotation run.</para>
+    </refsect2>
+
+    <refsect2>
+      <title>Socket activation</title>
+
+      <para>Socket activation (see
+      <citerefentry><refentrytitle>systemd.socket</refentrytitle><manvolnum>5</manvolnum></citerefentry>
+      for more information) can be used with <command>httpd</command>
+      by enabling the <command>httpd.socket</command> unit.  The
+      <command>httpd</command> listener configuration must exactly
+      match the <literal>ListenStream</literal> options configured for
+      the <command>httpd.socket</command> unit.  The default
+      <command>httpd.socket</command> has a
+      <literal>ListenStream=80</literal> and, if mod_ssl is installed,
+      <literal>ListenStream=443</literal> by a drop-in file. If
+      additional <literal>Listen</literal> directives are added to the
+      httpd configuration, corresponding
+      <literal>ListenStream</literal> options should be added via
+      drop-in files, for example via <command>systemctl edit
+      httpd.socket</command>.</para>
+
+      <para>If using socket activation with httpd, only one listener
+      on any given TCP port is supported; a configuration with both
+      "<literal>Listen 127.0.0.1:80</literal>" and "<literal>Listen
+      192.168.1.2:80</literal>" will not work.</para>
+    </refsect2>
+
+    <refsect2>
+      <title>Instantiated services</title>
+
+      <para>The <command>httpd@.service</command> unit is a template
+      for creating instantiated services. An instance of this unit
+      will be started using the configuration file
+      <filename>/etc/httpd/conf/INSTANCE.conf</filename>, where
+      <emphasis>INSTANCE</emphasis> is replaced with the instance
+      name.  For example, <command>systemctl start
+      httpd@foobar.service</command> will start httpd using the
+      configuration file
+      <filename>/etc/httpd/conf/foobar.conf</filename>.  The
+      <option>HTTPD_INSTANCE</option> environment variable is set to
+      the instance name by the unit and is available for use within
+      the configuration file.</para>
+
+      <para>To allow multiple instances of httpd to run
+      simultaneously, a number of configuration directives must be
+      changed, such as <command>PidFile</command> and
+      <command>DefaultRuntimeDir</command> to pick non-conflicting
+      paths, and <command>Listen</command> to choose different ports.
+      The example configuration file
+      <filename>/usr/share/doc/httpd/instance.conf</filename>
+      demonstrates how to make such changes using the
+      <option>HTTPD_INSTANCE</option> variable.</para>
+
+      <para>It can be useful to configure instances of
+      <command>httpd@.service</command> to reload when
+      <command>httpd.service</command> is reloaded; for example,
+      <command>logrotate</command> will reload only
+      <command>httpd.service</command> when logs are rotated. If this
+      behaviour is required, create a drop-in file for the instance as
+      follows:
+
+      <programlisting>[Unit]
+ReloadPropagatedFrom=httpd.service</programlisting>
+
+      As with normal units, drop-in files for instances can be created
+      using <command>systemctl edit</command>, e.g. <command>systemctl edit
+      httpd@foobar.service</command>.</para>
+    </refsect2>
+
+  </refsect1>
+
+  <refsect1>
+    <title>Files</title>
+
+    <para><filename>/usr/lib/systemd/system/httpd.service</filename>,
+    <filename>/usr/lib/systemd/system/httpd.socket</filename>,
+    <filename>/usr/lib/systemd/system/httpd@.service</filename>,
+    <filename>/etc/systemd/systemd/httpd.service.d</filename></para>
+  </refsect1>
+  
+  <refsect1>
+    <title>See also</title>
+
+    <para>
+    <citerefentry><refentrytitle>httpd</refentrytitle><manvolnum>8</manvolnum></citerefentry>, 
+    <citerefentry><refentrytitle>httpd.conf</refentrytitle><manvolnum>5</manvolnum></citerefentry>,
+    <citerefentry><refentrytitle>systemd</refentrytitle><manvolnum>1</manvolnum></citerefentry>, 
+    <citerefentry><refentrytitle>systemctl</refentrytitle><manvolnum>1</manvolnum></citerefentry>, 
+    <citerefentry><refentrytitle>systemd.service</refentrytitle><manvolnum>5</manvolnum></citerefentry>,
+    <citerefentry><refentrytitle>systemd.exec</refentrytitle><manvolnum>5</manvolnum></citerefentry>,
+    <citerefentry><refentrytitle>systemd.socket</refentrytitle><manvolnum>5</manvolnum></citerefentry>,
+    <citerefentry><refentrytitle>httpd_selinux</refentrytitle><manvolnum>8</manvolnum></citerefentry>,
+    <citerefentry><refentrytitle>semanage</refentrytitle><manvolnum>8</manvolnum></citerefentry>,
+    <citerefentry><refentrytitle>logrotate</refentrytitle><manvolnum>8</manvolnum></citerefentry>
+    </para>
+  </refsect1>
+
+</refentry>
+
+<!-- LocalWords:  systemd PidFile
+-->
-- 
cgit v1.2.3