Apache HTTP Server Version 2.0
Apache Module mpm_common
Description: A collection of directives that are implemented by more than one multi-processing module (MPM) Status: MPM Directives
- CoreDumpDirectory
- Group
- Listen
- ListenBackLog
- LockFile
- MaxClients
- MaxRequestsPerChild
- MaxSpareThreads
- MaxThreadsPerChild
- MinSpareThreads
- NumServers
- PidFile
- ScoreBoardFile
- SendBufferSize
- ServerLimit
- StartServers
- StartThreads
- ThreadLimit
- ThreadsPerChild
- User
CoreDumpDirectory Directive
Description: Directory where Apache attempts to switch before dumping core Syntax: CoreDumpDirectory directory Default: See usage for the default setting
Context: server config Status: MPM Module: worker
,perchild
,prefork
,mpm_winnt
This controls the directory to which Apache attempts to switch before dumping core. The default is in the
ServerRoot
directory, however since this should not be writable by the user the server runs as, core dumps won't normally get written. If you want a core dump for debugging, you can use this directive to place it in a different location.Group Directive
Description: Group under which the server will answer requests Syntax: Group unix-group Default: Group #-1
Context: server config, virtual host Status: MPM Module: worker
,perchild
,prefork
The
Group
directive sets the group under which the server will answer requests. In order to use this directive, the stand-alone server must be run initially as root. Unix-group is one of:
- A group name
- Refers to the given group by name.
- # followed by a group number.
- Refers to a group by its number.
It is recommended that you set up a new group specifically for running the server. Some admins use user
nobody
, but this is not always possible or desirable.Note: if you start the server as a non-root user, it will fail to change to the specified group, and will instead continue to run as the group of the original user.
Special note: Use of this directive in <VirtualHost> is no longer supported. To implement the suEXEC wrapper with Apache 2.0, use the
SuexecUserGroup
directive. SECURITY: SeeUser
for a discussion of the security considerations.Listen Directive
Description: IP addresses and ports that the server listens to Syntax: Listen [IP-address:]portnumber Context: server config Status: MPM Module: worker
,perchild
,prefork
,mpm_winnt
The
Listen
directive instructs Apache to listen to only specific IP addresses or ports; by default it responds to requests on all IP interfaces. The Listen directive is now a required directive. If it is not in the config file, the server will fail to start. This is a change from previous versions of Apache.The Listen directive tells the server to accept incoming requests on the specified port or address-and-port combination. If only a port number is specified, the server listens to the given port on all interfaces. If an IP address is given as well as a port, the server will listen on the given port and interface.
Multiple Listen directives may be used to specify a number of addresses and ports to listen to. The server will respond to requests from any of the listed addresses and ports.
For example, to make the server accept connections on both port 80 and port 8000, use:
Listen 80
Listen 8000To make the server accept connections on two specified interfaces and port numbers, use
Listen 192.170.2.1:80
Listen 192.170.2.5:8000IPv6 addresses must be surrounded in square brackets, as in the following example:
Listen [fe80::a00:20ff:fea7:ccea]:80
See also
ListenBackLog Directive
Description: Maximum length of the queue of pending connections Syntax: ListenBacklog backlog Default: ListenBacklog 511
Context: server config Status: MPM Module: worker
,perchild
,prefork
,mpm_winnt
The maximum length of the queue of pending connections. Generally no tuning is needed or desired, however on some systems it is desirable to increase this when under a TCP SYN flood attack. See the backlog parameter to the
listen(2)
system call.This will often be limited to a smaller number by the operating system. This varies from OS to OS. Also note that many OSes do not use exactly what is specified as the backlog, but use a number based on (but normally larger than) what is set.
LockFile Directive
Description: Location of the accept serialization lock file Syntax: LockFile filename Default: LockFile logs/accept.lock
Context: server config Status: MPM Module: worker
,perchild
,prefork
The
LockFile
directive sets the path to the lockfile used when Apache is compiled with either USE_FCNTL_SERIALIZED_ACCEPT or USE_FLOCK_SERIALIZED_ACCEPT. This directive should normally be left at its default value. The main reason for changing it is if thelogs
directory is NFS mounted, since the lockfile must be stored on a local disk. The PID of the main server process is automatically appended to the filename.SECURITY: It is best to avoid putting this file in a world writable directory such as
/var/tmp
because someone could create a denial of service attack and prevent the server from starting by creating a lockfile with the same name as the one the server will try to create.MaxClients Directive
Description: Maximum number of child processes that will be created to serve requests Syntax: MaxClients number Default: MaxClients 8 (with threads) MaxClients 256
Context: server config Status: MPM Module: worker
,prefork
The
MaxClients
directive sets the limit on the number of child processes that will be created to serve requests. When the server is built without threading, no more than this number of clients can be served simultaneously. To configure more than 256 clients with the prefork MPM, you must use theServerLimit
directive. To configure more than 1024 clients with the worker MPM, you must use theServerLimit
andThreadLimit
directives.Any connection attempts over the
MaxClients
limit will normally be queued, up to a number based on theListenBacklog
directive. Once a child process is freed at the end of a different request, the connection will then be serviced.When the server is compiled with threading, then the maximum number of simultaneous requests that can be served is obtained from the value of this directive multiplied by
ThreadsPerChild
.MaxRequestsPerChild Directive
Description: Limit on the number of requests that an individual child server will handle during its life Syntax: MaxRequestsPerChild number Default: MaxRequestsPerChild 10000
Context: server config Status: MPM Module: worker
,perchild
,prefork
,mpm_winnt
The
MaxRequestsPerChild
directive sets the limit on the number of requests that an individual child server process will handle. AfterMaxRequestsPerChild
requests, the child process will die. IfMaxRequestsPerChild
is 0, then the process will never expire.Setting
MaxRequestsPerChild
to a non-zero limit has two beneficial effects:
- it limits the amount of memory that process can consume by (accidental) memory leakage;
- by giving processes a finite lifetime, it helps reduce the number of processes when the server load reduces.
NOTE: For KeepAlive requests, only the first request is counted towards this limit. In effect, it changes the behavior to limit the number of connections per child.
MaxSpareThreads Directive
Description: Maximum number of idle threads Syntax: MaxSpareThreads number Context: server config Status: MPM Module: mpm_netware
,perchild
,worker
Maximum number of idle threads. Different MPMs deal with this directive differently.
For
perchild
the default isMaxSpareThreads 10
. This MPM monitors the number of idle threads on a per-child basis. If there are too many idle threads in that child, the server will begin to kill threads within that child.For
worker
the default isMaxSpareThreads 500
. This MPM deals with idle threads on a server-wide basis. If there are too many idle threads in the server then child processes are killed until the number of idle threads is less than this number.For
mpm_netware
the default isMaxSpareThreads 100
. Since this MPM runs a single-process, the spare thread count is also server-wide.See also
MaxThreadsPerChild Directive
Description: Maximum number of threads per child process Syntax: MaxThreadsPerChild number Default: MaxThreadsPerChild 64
Context: server config Status: MPM Module: worker
,perchild
Maximum number of threads per child. For MPMs with a variable number of threads per child, this directive sets the maximum number of threads that will be created in each child process. To increase this value beyond its default, it is necessary to change the value of the compile-time define
HARD_THREAD_LIMIT
and recompile the server.MinSpareThreads Directive
Description: Minimum number of idle threads available to handle request spikes Syntax: MinSpareServers number Context: server config Status: MPM Module: mpm_netware
,perchild
,worker
Minimum number of idle threads to handle request spikes. Different MPMs deal with this directive differently.
perchild
uses a default ofMinSpareThreads 5
and monitors the number of idle threads on a per-child basis. If there aren't enough idle threads in that child, the server will begin to create new threads within that child.
worker
uses a default ofMinSpareThreads 250
and deals with idle threads on a server-wide basis. If there aren't enough idle threads in the server then child processes are created until the number of idle threads is greater than number.
mpm_netware
uses a default ofMinSpareThreads 10
and, since it is a single-process MPM, tracks this on a server-wide bases.See also
NumServers Directive
Description: Total number of children alive at the same time Syntax: NumServers number Default: NumServers 2
Context: server config Status: MPM Module: perchild
Number of children alive at the same time. MPMs that use this directive do not dynamically create new child processes so this number should be large enough to handle the requests for the entire site.
PidFile Directive
Description: File where the server records the process ID of the daemon Syntax: PidFile filename Default: PidFile logs/httpd.pid
Context: server config Status: MPM Module: worker
,perchilde
,prefork
,mpm_winnt
The
PidFile
directive sets the file to which the server records the process id of the daemon. If the filename does not begin with a slash (/) then it is assumed to be relative to theServerRoot
.
Example
PidFile /var/run/apache.pid
It is often useful to be able to send the server a signal, so that it closes and then reopens its
ErrorLog
and TransferLog, and re-reads its configuration files. This is done by sending a SIGHUP (kill -1) signal to the process id listed in the PidFile.The PidFile is subject to the same warnings about log file placement and security.
ScoreBoardFile Directive
Description: Location of the file used to store coordination data for the child processes Syntax: ScoreBoardFile file-path Default: ScoreBoardFile logs/apache_status
Context: server config Status: MPM Module: worker
,perchild
,prefork
Apache uses a scoreboard to communicate between its parent and child processes. Some architectures require a file to facilitate this communication. If the file is left unspecified, Apache first attempts to create the scoreboard entirely in memory (using anonymous shared memory) and, failing that, will attempt to create the file on disk (using file-based shared memory). Specifying this directive causes Apache to always create the file on the disk.
Example
ScoreBoardFile /var/run/apache_status
File-based shared memory is useful for third-party applications that require direct access to the scoreboard.
If you use a
ScoreBoardFile
then you may see improved speed by placing it on a RAM disk. But be careful that you heed the same warnings about log file placement and security.See also
SendBufferSize Directive
Description: TCP buffer size Syntax: SendBufferSize bytes Context: server config Status: MPM Module: worker
,perchild
,prefork
,mpm_winnt
The server will set the TCP buffer size to the number of bytes specified. Very useful to increase past standard OS defaults on high speed high latency (i.e., 100ms or so, such as transcontinental fast pipes).
ServerLimit Directive
Description: Upper limit on configurable number of processes Syntax: ServerLimit number Default: ServerLimit 256 (prefork), ServerLimit 16 (worker)
Context: server config Status: MPM Module: worker
,prefork
For the
prefork
MPM, this directive sets the maximum configured value forMaxClients
for the lifetime of the Apache process. For the worker MPM, this directive in combination withThreadLimit
sets the maximum configured value forMaxClients
for the lifetime of the Apache process. Any attempts to change this directive during a restart will be ignored, butMaxClients
can be modified during a restart.Special care must be taken when using this directive. If
ServerLimit
is set to a value much higher than necessary, extra, unused shared memory will be allocated. If bothServerLimit
andMaxClients
are set to values higher than the system can handle, Apache may not start or the system may become unstable.With the
prefork
MPM, use this directive only if you need to setMaxClients
higher higher than 256. Do not set the value of this directive any higher than what you might want to setMaxClients
to.With the
worker
MPM, use this directive only if yourMaxClients
andThreadsPerChild
settings require more than 16 server processes. Do not set the value of this directive any higher than the number of server processes required by what you may want forMaxClients
andThreadsPerChild
.StartServers Directive
Description: Number of child server processes created at startup Syntax: StartServers number Default: StartServers 5
Context: server config Status: MPM Module: worker
The
StartServers
directive sets the number of child server processes created on startup. As the number of processes is dynamically controlled depending on the load, there is usually little reason to adjust this parameter.See also
StartThreads Directive
Description: Nubmer of threads created on startup Syntax: StartThreads number Context: server config Status: MPM Module: mpm_netware
,perchild
Number of threads created on startup. As the number of threads is dynamically controlled depending on the load, there is usually little reason to adjust this parameter.
For
perchild
the default isStartThreads 5
and this directive tracks the number of threads per process at startup.For
mpm_netware
the default isStartThreads 50
and, since there is only a single process, this is the total number of threads created at startup to serve requests.ThreadLimit Directive
Description: Sets the upper limit on the configurable number of threads per child process Syntax: ThreadLimit number Default: ThreadLimit 64
Context: server config Status: MPM Module: worker
This directive sets the maximum configured value for
ThreadsPerChild
for the lifetime of the Apache process. Any attempts to change this directive during a restart will be ignored, butThreadsPerChild
can be modified during a restart up to the value of this directive.Special care must be taken when using this directive. If
ThreadLimit
is set to a value much higher thanThreadsPerChild
, extra unused shared memory will be allocated. If bothThreadLimit
andThreadsPerChild
are set to values higher than the system can handle, Apache may not start or the system may become unstable.Use this directive only if you need to set
ThreadsPerChild
higher than 64. Do not set the value of this directive any higher than what you might want to setThreadsPerChild
to.ThreadsPerChild Directive
Description: Number of threads created by each child process Syntax: ThreadsPerChild number Default: ThreadsPerChild 50
Context: server config Status: MPM Module: worker
,mpm_winnt
This directive sets the number of threads created by each child process. The child creates these threads at startup and never creates more. if using an MPM like mpmt_winnt, where there is only one child process, this number should be high enough to handle the entire load of the server. If using an MPM like worker, where there are multiple child processes, the total number of threads should be high enough to handle the common load on the server.
User Directive
Description: The userid under which the server will answer requests Syntax: User unix-userid Default: User #-1
Context: server config, virtual host Status: MPM Module: worker
,perchild
,prefork
The
User
directive sets the userid as which the server will answer requests. In order to use this directive, the standalone server must be run initially as root. Unix-userid is one of:
- A username
- Refers to the given user by name.
- # followed by a user number.
- Refers to a user by their number.
The user should have no privileges that result in it being able to access files that are not intended to be visible to the outside world, and similarly, the user should not be able to execute code that is not meant for httpd requests. It is recommended that you set up a new user and group specifically for running the server. Some admins use user
nobody
, but this is not always desirable, since thenobody
user can have other uses on the system.Notes: If you start the server as a non-root user, it will fail to change to the lesser privileged user, and will instead continue to run as that original user. If you do start the server as root, then it is normal for the parent process to remain running as root.
Special note: Use of this directive in
<VirtualHost>
is no longer supported. To configure your server for suexec useSuexecUserGroup
.
Security
Don't set
User
(orGroup
) toroot
unless you know exactly what you are doing, and what the dangers are.