This module provides the logic that is needed to integrate a process into the Unix service (daemon) architecture. It deals with the following aspects, all of which may be used/ignored and configured using commandline options:
- Select the
port(s)to be used by the server
- Run the startup of the process as root to perform privileged tasks and the server itself as unpriviledged user, for example to open ports below 1000.
- Fork and detach from the controlling terminal
- Handle console and debug output using a file and/or the syslog daemon.
- Manage a pid file
The typical use scenario is to write a file that loads the following components:
- The application code, including http handlers (see http_handler/3).
- This library
In the code below,
?- [load]. loads the remainder of the webserver
code. This is often a sequence of use_module/1 directives.
:- use_module(library(http/http_unix_daemon)). :- [load].
The program entry point is http_daemon/0, declared using initialization/2. This main be overruled using a new declaration after loading this library. The new entry point will typically call http_daemon/1 to start the server in a preconfigured way.
:- use_module(library(http/http_unix_daemon)). :- initialization(run, main). run :- ... http_daemon(Options).
Now, the server may be started using the command below. See http_daemon/0 for supported options.
% [sudo] swipl mainfile.pl [option ...]
Below are some examples. Our first example is completely silent, running
on port 80 as user
% swipl mainfile.pl --user=www --pidfile=/var/run/http.pid
Our second example logs HTTP interaction with the syslog daemon for
debugging purposes. Note that the argument to
--debug= is a Prolog
term and must often be escaped to avoid misinterpretation by the Unix
shell. The debug option can be repeated to log multiple debug topics.
% swipl mainfile.pl --user=www --pidfile=/var/run/http.pid \ --debug='http(request)' --syslog=http
Broadcasting The library uses broadcast/1 to allow hooking certain events:
- Run after fork, just before starting the HTTP server. Can be used to load additional files or perform additional initialisation, such as starting additional threads. Recall that it is not possible to start threads before forking.
- Run after starting the HTTP server.
- Start the HTTP server as a daemon process. This predicate
processes the commandline arguments below. Commandline arguments
that specify servers are processed in the order they appear
using the following schema:
- Arguments that act as default for all servers.
--https=Specis followed by arguments for that server until the next
--https=Specor the end of the options.
- If no
--https=Specappears, one HTTP server is created from the specified parameters.
--workers=10 --http --https --http=8080 --https=8443 --http=localhost:8080 --workers=1 --https=8443 --workers=25
Start HTTP server at Port. It requires root permission and the
--user=Userto open ports below 1000. The default port is 80. If
--httpsis used, the default port is 443.
Only listen to the given IP address. Typically used as
--ip=localhostto restrict access to connections from localhost if the server itself is behind an (Apache) proxy server running on the same host.
- Enable debugging Topic. See debug/3.
- Write debug messages to the syslog daemon using Ident
When started as root to open a port below 1000, this option
must be provided to switch to the target user for operating
the server. The following actions are performed as root, i.e.,
before switching to User:
- open the
- write the pidfile
- setup syslog interaction
- Read the certificate, key and password file (
- open the
May be used in addition to
--user. If omitted, the login group of the target user is used.
- Write the PID of the daemon process to File.
- Send output of the process to File. By default, all Prolog console output is discarded.
If given as
--fork=false, the process runs in the foreground.
Create a plain HTTP server. If the argument is missing or
true, create at the specified or default address. Else use the given port and interface. Thus,
--httpcreates a server at port 80,
--http=8080creates one at port 8080 and
--http=localhost:8080creates one at port 8080 that is only accessible from
--http, but creates an HTTPS server. Use
--cipherlistto configure SSL for this server.
- The server certificate for HTTPS.
- The server private key for HTTPS.
File holding the password for accessing the private key. This
is preferred over using
--password=PWas it allows using file protection to avoid leaking the password. The file is read before the server drops privileges when started with the
- The password for accessing the private key. See also `--pwfile`.
- One or more cipher strings separated by colons. See the OpenSSL documentation for more information. Starting with SWI-Prolog 7.5.11, the default value is always a set of ciphers that was considered secure enough to prevent all critical attacks at the time of the SWI-Prolog release.
--no-forkand presents the Prolog toplevel after starting the server.
- Use the debugger to trace http_daemon/1.
Action to perform on
kill -HUP <pid>. Default is
reload(running make/0). Alternative is
quit, stopping the server.
Other options are converted by argv_options/3 and passed to http_server/1. For example, this allows for:
- Set the number of workers for the multi-threaded server.
http_daemon/0 is defined as below. The start code for a specific server can use this as a starting point, for example for specifying defaults.
http_daemon :- current_prolog_flag(argv, Argv), argv_options(Argv, _RestArgv, Options), http_daemon(Options).
- Start the HTTP server as a daemon process. This predicate processes
a Prolog option list. It is normally called from http_daemon/0,
which derives the option list from the command line arguments.
Error handling depends on whether or not
interactive(true)is in effect. If so, the error is printed before entering the toplevel. In non-interactive mode this predicate calls
- http_certificate_hook(+CertFile, +KeyFile, -Password) is semidet[multifile]
- Hook called before starting the server if the --https option is used. This hook may be used to create or refresh the certificate. If the hook binds Password to a string, this string will be used to decrypt the server private key as if the --password=Password option was given.
- http_server_hook(+Options) is semidet[multifile]
- Hook that is called to start the HTTP server. This hook must be
http_server(Handler, Options). The default is provided by start_server/1.
- http:sni_options(-HostName, -SSLOptions) is multi[multifile]
- Hook to provide Server Name Indication (SNI) for TLS servers. When starting an HTTPS server, all solutions of this predicate are collected and a suitable sni_hook/1 is defined for ssl_context/3 to use different contexts depending on the host name of the client request. This hook is executed before privileges are dropped.