Create new user without rebooting Apache

S

Siroro

Verified User
Joined
Nov 19, 2006
Messages
8
Is there anyway I can create a new user without rebooting apache.

I ask, because I run a semi-popular free web hosting service. I have at least 3-5 sign ups every hour, and have a user base of around 300-500. Rebooting the apache service every time someone connects causes me a few major problems.

1) Downtimes of up to a minute.
2) Causes downloads, etc. to break.
3) Causes processes and scripts started by the apache process to stop.

All of these are major issues I would like to avoid. I understand why the apache process needs to reboot, but is there any kind of work around or alternative I can try to implement to at least curve the above from happening?
Thanks.
 
Last edited:
Apache was never designed to add users interactively. Every user change to apache requires a change to the configuration file. You have to tell Apache to reload the configuration file or it will never know the new user is there.

DA does this by restarting apache (sending a SIGTERM). It appears from documentation that it could just as easily do this by sending the reload signal, SIGHUP). Since DA staff probably has a good reason for doing what they do, I'm going to ask John to reply.

Jeff
 
Thanks for the reply.

Before my current free hosting site, I used to have a cPanel server (was a while ago though), and I don't believe that I had the same problems.

Edit: Is there any way I can modify DirectAdmin to see if using a SIGHUP signal would fix my problems?
 
Last edited:
i don't know about 1, but service httpd reload seems does exactly 2 and 3.
 
If reload causes problems then there's nothing to be done, but I don't think it should.

Perhaps someone should ask on an apache forum?

Jeff
 
Probably what you are looking for is:

/etc/rc.d/init.d/httpd graceful

From the apache site:
graceful signal causes the parent process to advise the children to exit after their current request (or to exit immediately if they're not serving anything). The parent re-reads its configuration files and re-opens its log files. As each child dies off the parent replaces it with a child from the new generation of the configuration, which begins serving new requests immediately.
Click to expand...

Now how to make DA do that I don't know. I am not sure of the exact command it uses.
 
Thanks for the find; it's what I was looking for. Now we just need John to agree :) .

What do you think, John?

Jeff
 
Hello,

I have not tested it, but it's bascially just the USR1 signal to the main httpd process. Eg: Edit your httpd boot script: /etc/init.d/httpd or /usr/local/etc/rc.d/httpd
Change
Code: 
  restart)
        stop
        waitforexit "httpd" 20
        start
        ;;
to
Code: 
  restart)
        kill -USR1 `cat /var/run/httpd.pid`
        ;;
But test it out before leaving it (I haven't fully tested it yet). Do a few tallies and see what apache does.. add/remove some users.. especially with SSL certificates to make sure they get loaded in correctly.

John
 
Consider this carefully. Making this change loses you the ability to do a regular restart. For example, to resolve runaway process issues and memory issues.

There's already a section of the file called graceful, and using it would mean still having a hard restart for when you need it.

However, to do that, DA would have to change the way it calls apache to do the restart.

If for some reason DA can't do it that way, then I'd rather see we change restart to what John wrote, and then create a new "hard-restart to do what restart does now.

Then, to document what we've done we should also have to rewrite the man file.

Better of John can make the change to DA.

Jeff
 
This appears to work. But I've had the process crash, once or twice. And it appears to take a while to allow access to sites again if it does work.

I will keep an eye on it over the next few hours of normal use and document if it works or not.
 
Last edited:
Hello,

I did some testing believe graceful does not work for certificate changes (apache complains for a "full restart"). This means that new users, new domains, new subdomains, ssl changes will all require a full restart... which accounts for most of the tasks done, so I don't think a graceful option will work.

John
 
John,

Now maybe I am missing something here, very possible. So you are saying that apache requires a full restart when there is a SSL change or does it require a full restart if there is a SSL in the configuration?

If its just on a SSL change then we should be able to figure out a way to detect if a SSL was changed and then at that time do a full restart but if it just adding domains then do a graceful restart.

I am certainly not a C programmer and have no idea what that might involve but I am just trying to figure out the logic behind it. I might disable the DA way of restarting and create my own.

It just seems like that if somebody were modifying a domain with an SSL then an extra flag could be set so that DA would know to do a full restart at that point.

But if you are saying that if any SSL is included in the config then a full restart is needed then what I just said is moot.
 
It's if any virtualhost is added that contains an SSL cert/key entry (any also new certificate changes, which happens much less often).

One option might be to remove the SSL options (other than "SSLEngine On") in the case that the server shared certifcate is used... on the assumption that without specifying the path, the default/server cert (which should be the same) will be used. The server cert will always be used for the IP if the IP is shared anyway due the way it connect via ssl before any host is sent. Only if a custom cert is used would a specific path to cert/key be neeed.

Eg: in your virtual_host_secure*.conf files change
Code: 
        SSLEngine on
        SSLCertificateFile |CERT|
        SSLCertificateKeyFile |KEY|
        |CAROOT|
to
Code: 
        SSLEngine on
|*if CERT!="/etc/httpd/conf/ssl.crt/server.crt"|
        SSLCertificateFile |CERT|
        SSLCertificateKeyFile |KEY|
        |CAROOT|
|*endif|
That might even let apache load faster depending if it realizes the same cert is being read in multiple times.

John
 
I checked my accounts again, and I did leave SSL on for some reason on their accounts. (Although none had certificates) - I've disabled SSLon all of the old accounts, and on new accounts, and have had no problems with this method so far.
Reloads are taking in the region of 15 seconds to 1 minute to happen (with 650 accounts), during which time the server seems non-responsive, but other than this, it's fine.
 
so do you consider this is better than restart? I see you said "during which time the server seems non-responsive", looks like it's kinda bad...
 
If you are doing a graceful restart then the server should not be unresponsive.
 
I get a lot of sign-ups every day (as a free host), so I am much happier with the graceful restart.
It is however, not entirely reliable. I'm still monitoring it, but, I've had a few issues with it.

By unresponsive, I mean that it will appear to be loading, but may take a little longer for the page to arrive. This doesn't always happen however.
 
You must log in or register to reply here.
Back
Top