Manage web application start and restart on Ubuntu with systemd
I will show you how to let your application start on server startup and restart on failure.
This article is part of a series:
- Part1: Config a fresh Ubuntu server
- Part2: Config Nginx to serve over https using certbot on Ubuntu
- Part3: Manage web application start and restart on Ubuntu with systemd
Table of contents
Create a system user
You should do this to not give your application more access it needs. In order to create a no-login-, no-home-directory-, system-user issue sudo useradd -r -s /bin/false username
. "-r" will create a system user without home directory. "-s bin/false" will change the users login shell to a non-existing one so the user won't be able to login.
Control access to the filesystem
If you don't need to access the filesystem you can skip this step. Otherwise you should enable your previously created user to access only specific paths on your system.
The right place to put variable files on your system is "/var", use "/var/log" for log files and "/var/lib" for other files. For example for file uploads.
In order to make an example we will enable our application to read and write some files to the hard disk. So we choose "/var/lib/myServiceName" to store the data.
sudo mkdir /var/lib/myServiceName
- creates the directorysudo chown username /var/lib/myServiceName
- makes your user the owner of the directorysudo chmod 755 /var/lib/myServiceName
- "755" allows your user to "read (4+), write (2+) and execute (1+)" while only "read and execute" to other system users, if you only need to read from this folder you should use "555" instead, or if you want that only the owning user can "read, write and execute" the files you could even use "700".
Systemd file, where the action starts
Once you have figured out how to start your application all you need to do is add the following file using sudo nano /etc/systemd/system/myServiceName.service
and modify it according your needs.
Lines you should modify:
- "Description": choose a good descrpition to recognize your application and tell what it does
- "User": the name of your newly created user
- "Group": the name of your newly created user - the command to create the user also creates a group with the same name
- "ExecStart": the start script of your application, make sure the user you created has access to the resources. You can control this with the "chown" and "chmod" commands we have seen previously
- "WorkingDirectory": set the current working directory (cwd) of your application. This matters for example when your application needs to resolve relative paths.
- "Environment": here you can set some environment variables for your application. If you dont need that, you can remove those lines.
[Unit]
Description=your web app description
After=network.target
StartLimitIntervalSec=0
[Service]
Type=simple
Restart=always
RestartSec=1
User=username
Group=username
ExecStart=your start script here for example "/usr/bin/node index.js" use it without quotes
WorkingDirectory=/srv/www/example.com
Environment=NODE_ENV=production
Environment=PORT=3005
[Install]
WantedBy=multi-user.target
Now run sudo systemctl enable myServiceName.service
in order to make sure your service restarts on server restart.
If you are ready to run your service type sudo systemctl start myServiceName
.
If you need a detailed log when something goes wrong use sudo journalctl --unit=myServiceName -e
. "--unit=myServiceName" to filter for your service. "-e" to jump to the end of the log.
This was a short one. It's really not to hard if somebody tells you what to do. 😁
List of commands
sudo useradd -r -s /bin/false username
- create a system user- "-r" will create a system user without home directory
- "-s bin/false" will change the users login shell to a non-existing one so the user won't be able to login
sudo mkdir /var/lib/myServiceName
- creates a directory and all directories in the pathsudo chown username /var/lib/myServiceName
- makes your user the owner of the directorysudo chmod 755 /var/lib/myServiceName
- "755" allows your user to "read (4+), write (2+) and execute (1+) (4+2+1=7)", the next number sets the rights for the user group, the last one for everyone
Links
- https://chmod-calculator.com/ - helps you to calculate chmod rights
- https://www.shellbefehle.de/befehle/chmod/ - chmod explained well, its in german though
Sources
- image taken from https://unsplash.com/photos/r9T0LZv8xWQ