Bug 65248 - Enhancement: Call apache binary within apachectl with "exec" e.g. to ensure PID 1 in Docker
Summary: Enhancement: Call apache binary within apachectl with "exec" e.g. to ensure P...
Status: NEW
Alias: None
Product: Apache httpd-2
Classification: Unclassified
Component: Core (show other bugs)
Version: 2.4.3
Hardware: PC Linux
: P2 enhancement (vote)
Target Milestone: ---
Assignee: Apache HTTPD Bugs Mailing List
URL:
Keywords:
Depends on:
Blocks:
 
Reported: 2021-04-18 07:14 UTC by Martin Köhler
Modified: 2021-04-18 07:14 UTC (History)
0 users



Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Martin Köhler 2021-04-18 07:14:16 UTC
Dear All,
For setting up a webserver in a small docker container it is good practice to
run the server in the foreground via "exec"
See E.g. the "official" Apache Docker image:
https://github.com/docker-library/httpd/blob/master/2.4/httpd-foreground
This ensures that the apache binary gets PID 1 and signals are propagated (and I
think zombies are reaped).


However sometimes it would be nice to use the apachectl script within docker, since
it loads environment variables, ... and is handy if one uses e.g. a debian image.

Currently this does not work, since inside apachectl the actual apache programm is
called without "exec". 
See e.g. lines starting wit $HTTPD in /usr/sbin/apachectl
...
restart|graceful)
    if $HTTPD ${APACHE_ARGUMENTS} -t 2> /dev/null ; then
        $HTTPD ${APACHE_ARGUMENTS} -k "$ARGV"
    else
        $HTTPD ${APACHE_ARGUMENTS} -t
    fi
    ERROR=$?
    ;;
...



The result is that the apachectl script remains with PID
1 and e.g. signals (like USR1) for the container get not propagated correctly to
the apache process.
If one patches the apachectl so that all calls to the apache binary are done
with "exec", everthing works as expected.
(e.g. for debian execute 
`sed -i 's/\($HTTPD ${APACHE_ARGUMENTS}\)/exec \1/' /usr/sbin/apache2ctl` as root)

Might it be a sensible change in the apachectl to always call the binary with
"exec" (at least on the systems where exec exists)
Thanks