Provide feedback on the IBM HTTP Server forum on IBM developerWorks.
Applications running as users other than root are normally prevented from binding to (listening on) low-numbered ports on Unix and Linux systems. Low-numbered ports are those ports below 1024. The standard ports for most popular Internet protocols, including http and https, are low-numbered ports.
On Solaris 10, IBM HTTP Server must be started as root to bind to a
low-numbered port unless the user which starts the web server has been
granted the net_privaddr
privilege.
On AIX, HP-UX, and Linux, and other versions of Solaris, IBM HTTP Server must be started as root to bind to a low-numbered port. A possible work-around is to utilize a firewall to redirect requests to port 80 to a high port. The web server will listen on the high-numbered port, thus avoiding the root requirement.
z/OS can restrict low ports to UID(0) users or authorized programs, allow reservation of particular ports to specified users or jobs, or allow unrestricted access. We recommend that IBM HTTP Server be started as a non-UID(0) user and z/OS configuration used to allow access to the required ports. Refer to Performing required z/OS system configurations in the IBM HTTP Server InfoCenter for more information.
The user id starting the web server must have read access to the configuration files and write access to the directory containing log files and other run-time files. This may require starting as root, or changing the ownership or permission of existing log files, depending on the configuration.
Here are AIX inittab entries to start IHS 1.3 or IHS 2.0:
: ihshttpd:2:wait:/usr/HTTPServer/bin/httpd > /dev/console 2>&1 ihshttpd:2:wait:/usr/IBMIHS/bin/apachectl start > /dev/console 2>&1
The first entry is commented out (leading ":") and starts IHS 1.3. The second entry is active and starts IHS 2. For either 1.3 or 2.0, replace the path to httpd or apachectl with the chosen installation directory. The "apachectl start" command is a valid way to start IHS 1.3 or IHS 2.0. The "httpd" command is only valid for IHS 1.3.
apachectl stop
completes?apachectl stop
sends a signal to the parent process,
and then exits. As soon as the parent process receives the signal, it
starts terminating the child processes. In many cases, by the time
you can look for child processes after the completion of
apachectl stop
they will have already exited. Some of
the following are reasons why they will linger for some time:
If a shutdown problem is suspected with IBM HTTP Server 2.0 or above, make sure that you are using one of the following software levels:
There is no timeout. Beyond normal web server termination or restart, here are the situations where a child process will exit:
A child process will only end if MaxRequestsPerChild
is set to non-zero, and the process has handled at least that many
client connections.
If MaxRequestsPerChild
is set to non-zero, a child
process will exit once it has handled that many client
connections.
While there are more idle processes than the value of
MaxSpareServers
, one child process will exit per
second.*
*On AIX, if AcceptMutex
is set to
pthread
, idle child process termination often does not
work. Code AcceptMutex fcntl
to work around this
problem.
If MaxRequestsPerChild
is set to non-zero, a child
process will exit once it has handled that many client
connections.
While there are more idle threads than the value of
MaxSpareThreads
, one child process will exit per
second.
Occasionally, problems with IHS or third-party modules can be attributed to issues which occur when IHS child processes terminate. In this case, it is helpful to disable child process termination until the problem can be fully resolved.
Set MaxRequestsPerChild to 0 and set MaxSpareThreads to the same value as MaxClients.
Set MaxRequestsPerChild to 0 and set MaxSpareServers to the same value as MaxClients.
In IHS 7.0 and later on Unix, apachectl -k graceful-stop will stop listening for new requests but allow active requests to finish, waiting forever by default, or until GracefulShutdownTimeout seconds have elapsed.
Otherwise, there is no mechanism to shut down the web server yet allow active requests to gracefully finish. Active requests must finish within about 7 seconds, or they may be forcefully terminated when the child process is killed.
<ihsinst>bin/apachectl
should be used to stop and start IHS version 2.0.x and later. Further apachectl information is available
here
Basic example of starting IHS during Linux startup:
grep default /etc/inittab
/etc/init.d/IHS_6.1
)
/etc/init.d/IHS_6.1
script, consult your linux manual for information on
details for creating your own that declares proper dependencies or interoperates with chkconfig/inssrv. This
script is provided AS-IS with no support.
#!/bin/bash # SERVICENAME should match this filename SERVICENAME=$(basename $0) LOCKFILE="/var/lock/subsys/${SERVICENAME}" APACHECTL=/opt/IHS61/bin/apachectl # The next lines are for chkconfig on RedHat systems. # chkconfig: 2345 98 02 # description: Starts and stops IHS # The next lines are for chkconfig on SuSE systems. ### BEGIN INIT INFO # Provides: IHS_61.1 # Required-Start: $network $syslog # Required-Stop: # Default-Start: 2 3 4 5 # Default-Stop: 0 6 # Short-Description: Starts and stops IHS # Description: Starts and stops IHS ### END INIT INFO case "$1" in start) touch $LOCKFILE ;; stop) rm -f $LOCKFILE ;; *) echo "Usage: $0 {start|stop|status|restart}" exit 1 ;; esac $APACHECTL "$@"
chmod u+x /etc/init.d/IHS_6.1
chkconfig --add IHS_61
and verify proper symlinks are created. If the symlinks are not created by chkconfig,
create them manually in the desired runlevel directories (choose high-numbered startup links).
apachectl
.
This issue has been documented in the startup mustgather document here.