Hi guys
I run a couple of mirrors serving "tails" over http. Occasionally I need to shut those servers down and reboot (for example I have just upgraded both of them to wheezy). Both servers are reasonably busy (they ship out about 2-3 TiB each per month) and normally have active connections at the time I want to power cycle them.
Connections can (of course) come from anywhere and some people may be on slow lines and may be over half way through a download of one of the 700 meg iso files. If I simply power cycle the server they will likely lose the connection and the download. I'd like to be more friendly than that.
So what I have in mind is some mechanism that I can invoke to prevent new connections being established but permit the existing ones to complete before I switch off. I've thought about cobbling together an iptables script which will change the lines:
BLAH –dport 80 -m state –state NEW,ESTABLISHED -j ACCEPT
to
BLAH –dport 80 -m state –state ESTABLISHED -j ACCEPT
temporarily and then switch it back afterwards. But I have yet to try it.
Before I start playing in earnest, does anyone know of a more elegant solution?
TIA
Mick
---------------------------------------------------------------------
blog: baldric.net gpg fingerprint: FC23 3338 F664 5E66 876B 72C0 0A1F E60B 5BAD D312
---------------------------------------------------------------------
On 26/05/13 20:09, mick wrote:
Hi guys
I run a couple of mirrors serving "tails" over http. Occasionally I need to shut those servers down and reboot (for example I have just upgraded both of them to wheezy). Both servers are reasonably busy (they ship out about 2-3 TiB each per month) and normally have active connections at the time I want to power cycle them.
Connections can (of course) come from anywhere and some people may be on slow lines and may be over half way through a download of one of the 700 meg iso files. If I simply power cycle the server they will likely lose the connection and the download. I'd like to be more friendly than that.
So what I have in mind is some mechanism that I can invoke to prevent new connections being established but permit the existing ones to complete before I switch off. I've thought about cobbling together an iptables script which will change the lines:
| I thought that ||"||apachectl -k graceful-stop|" would do this |but I've never tried it.
Nev
|
On Sun, 26 May 2013 23:03:17 +0100 nev young nev@nevilley.org.uk allegedly wrote:
On 26/05/13 20:09, mick wrote:
So what I have in mind is some mechanism that I can invoke to prevent new connections being established but permit the existing ones to complete before I switch off. I've thought about cobbling together an iptables script which will change the lines:
| I thought that ||"||apachectl -k graceful-stop|" would do this |but I've never tried it.
Nev
Nev
Many thanks for this. In my case this won't work. I should have said that I use lighttpd, not apache. But your answer pointed me in the right direction anyway. Searches on "lighttpd apachectl" and "lighttpd run-time control" and (eventually) "lighttpd graceful shutdown" gave me the answer. It turns out that lighty >= 1.4.3 will stop accepting new connections but continue to service existing ones if sent a SIGINT.
So a simple script is all I need. Thanks again.
Cheers
Mick
---------------------------------------------------------------------
blog: baldric.net gpg fingerprint: FC23 3338 F664 5E66 876B 72C0 0A1F E60B 5BAD D312
---------------------------------------------------------------------
-
mick -
nev young