Commit Graph

10 Commits

Author SHA1 Message Date
Glenn Strauss 352d5d776d [core] graceful and immediate restart option
graceful and (nearly) immediate lighttpd restart option

For *some* configurations, it *may* be safe to background the current
lighttpd server (or workers) to continue processing active requests
and, in parallel, to start up a new lighttpd server with a new
configuration.  For other configurations, doing so might not be safe!

Therefore, this option must be explicitly configured to enable:
  server.feature-flags += ("server.graceful-restart-bg" => "enable")
  server.systemd-socket-activation = "enable"

Along with enabling server.feature-flags "server.graceful-restart-bg",
enabling server.systemd-socket-activation allows transfer of open
listening sockets to the new lighttpd server instance, and occurs
without closing the listening sockets and without destroying the
kernel listen backlog queue on the socket.

Safe configurations may include lighttpd.conf which connect to
standalone backend daemons, e.g. proxying to other servers,
including PHP-FPM backends.

Unsafe configurations include lighttpd.conf which use "bin-path" option
in *.server configs, instructing lighttpd to execute the backends.
Using the graceful-and-immediate-restart option is likely *unsafe* if
the backend daemon expects only one instance of itself to run at a time.

Current implementation of graceful and immediate restart option keeps
the backgrounded lighttpd in the same process group, so that subsequent
SIGINT or SIGTERM will shut down both the new and the backgrounded
servers.  (An alternative option (commented out in the code) is to
background and detach from the new lighttpd process.)  Regardless,
existing subprocesses, such as CGI, remain in original process group.
As a result, the new lighttpd server may receive SIGCHLD for unknown
processes inherited from the old server, which the new lighttpd server
will reap and discard.  The original lighttpd server, now a child, will
be unable to detect exit or reap and report status on those pre-existing

Graceful restart is triggered in lighttpd by sending lighttpd SIGUSR1.
If lighttpd is configured with workers, then SIGINT (not SIGUSR1) is
sent to the process group, including other processes started by
lighttpd, e.g. CGI.  To work well with graceful restart, CGI scripts and
other processes should trap SIGINT (and SIGUSR1 for good measure).
Long-running scripts may want to checkpoint and close, e.g. a CGI script
implementing a long-running websocket connection.
2020-10-11 12:19:27 -04:00
Glenn Strauss fb9b8ad8ae [core] mark startup/shutdown funcs cold 2019-02-04 02:25:48 -05:00
Glenn Strauss 04d76e7afd [core] some header cleanup
provide standard types in first.h instead of base.h
provide lighttpd types in base_decls.h instead of settings.h
reduce headers exposed by headers for core data structures
  do not expose <pcre.h> or <stdlib.h> in headers
move stat_cache_entry to stat_cache.h
reduce use of "server.h" and "base.h" in headers
2018-04-08 22:22:23 -04:00
Glenn Strauss 5c25f629ab [core] /dev/stdin listener for inetd wait yes
server.bind = "/dev/stdin" for use with inetd wait yes


  "inetd/wait mode with auto-shutdown after idle timeout"
2017-10-09 02:44:30 -04:00
Glenn Strauss 6c1e6e660e [core] graceful restart with SIGUSR1 (fixes #2785)
more consistent cleanup of resources at shutdown
(e.g. upon error conditions)

Notes: graceful restart with SIGUSR1
- not available if chroot()ed, oneshot mode, or if idle timeout occurs
- preserve process id (pid)
- preserve existing listen sockets
  - i.e. does not close old listen sockets from prior configs
    (even if old listen sockets no longer in the new config)
    (sockets may have been bound w/ root privileges no longer available)
  - will fail to add listen sockets from new config if privileges
    lighttpd configured to drop privileges to non-root user, and
    new listen socket attempts to bind to low-numbered port requiring
    root privileges.
  - will fail if listen sockets in new config conflict with any previous
    old listen sockets
  - These failure modes will result in lighttpd shutting down instead of
    graceful restart.  These failure modes are not detectable with
    preflight checks ('lighttpd -tt -f lighttpd.conf') because the
    new instance of lighttpd running the preflight check does not
    known config state of n prior graceful restarts, or even the
    config state of the currently running lighttpd server.
- due to lighttpd feature of optionally managing backends
  (e.g. fastcgi and scgi via "bin-path"), lighttpd must wait for
  all child processes to exit prior to restarting.  Restarting new
  workers while old workers (and old backends) were still running would
  result in failure of restarted lighttpd process to be able to bind to
  sockets already in use by old backends (e.g. unix "socket" path)

  "graceful restart with SIGUSR1"
2017-01-31 14:40:05 -05:00
Glenn Strauss 82feb70588 [core] move con throttling to connections-glue.c
move write throttling code from network.c:network_write_chunkqueue()
to connections-glue.c:connection_write_chunkqueue() and fix the code
to use TCP_CORK only on TCP sockets.
2017-01-31 14:36:15 -05:00
Glenn Strauss 416b5729fb [core] disable Nagle algorithm (TCP_NODELAY)
disable Nagle algorithm (TCP_NODELAY) on client sockets
2016-06-29 21:02:44 -04:00
Glenn Strauss 8abd06a7ff consistent inclusion of config.h at top of files (fixes #2073)
From: Glenn Strauss <>

git-svn-id: svn:// 152afb58-edef-0310-8abb-c4023f1b3aa9
2016-03-19 15:14:35 +00:00
Stefan Bühler f434d514ad Limit amount of bytes we send in one go; fixes stalling in one connection and timeouts on slow systems.
git-svn-id: svn:// 152afb58-edef-0310-8abb-c4023f1b3aa9
2011-08-22 15:12:28 +00:00
Jan Kneschke bcdc6a3bbc moved everything below trunk/ and added branches/ and tags/
git-svn-id: svn:// 152afb58-edef-0310-8abb-c4023f1b3aa9
2005-02-20 14:27:00 +00:00