How to automatically restart lsphp when it runs in detached mode (the default)

[roy]

Restarting the main lsws service does not restart the lsphp processes it spawns, as one might expect, and the wiki only mentions a command to do so, as if invoked manually. It's quite important to do this after system updates, and easy to automate with systemd:

1. Create a service definition named /usr/local/lib/systemd/system/lsphp-detached-restart@.service and set its contents as below, adjusting the touched path to match your server's $VH_ROOT prefix:
   

   [Unit]
   Description=Ensure detached lsphp services restart with lsws
   PartOf=lsws.service
   
   [Service]
   Type=oneshot
   RemainAfterExit=yes
   UMask=0333
   ExecStart=/bin/true
   ExecStop=/bin/touch /var/www/%i/.lsphp_restart.txt
   
   [Install]
   WantedBy=lsws.service

2. The %i in the file is replaced by the service instance name, so you can enable the service for each vhost user:
   

   systemctl enable --now lsphp-detached-restart@user1.service lsphp-detached-restart@user2.service

The service has directives to make it a soft dependency of the main lsws service, so it will start, restart and stop in sync with that. The true is just a successful no-op to let the service start. However, when it stops, it marks the detached php processes as outdated. I chose to do it on stop to try to avoid race conditions during the main service startup.

 

[serpent_driver]

LiteSpeed Wiki is very outdated and only contains information up to version 5.3. You should therefore look for relevant entries in the documentation.

https://docs.litespeedtech.com/lsws/extapp/php/configuration/modes/

 

[roy]

Thanks for the link, but the documentation for detached mode is the same there. We're using detached mode as I found the lsphp processes in other modes behaved as though the executing users were not members of supplemental groups I'd added them to, whereas in detached mode they behaved as expected. I need supplemental groups so that I can maintain user isolation, but grant access to specific Unix sockets.

The needrestart command would always complain about lsws, even when I'd just restarted it. It was because the lsphp processes were still using outdated binaries. The above service fixes that.