I run two tails mirrors. One in NYC, the other in SanFrancisco. They each serve around 2-3 TiB of data per month. In common with my other servers, occasionally I need to interrupt those VMs in order to effect a system upgrade. I had to do this very recently with my upgrade of all my debian servers to wheezy.
Most software upgrades do not need a system restart. But once I had switched the kernels on the servers I had no other choice but to reboot. However, given the popularity of my mirrors and the fact that some clients are apparently on the end of slow lines whilst downloading large ISO images (tcptrack showed some connections running at 2-4 KB/s), I was reluctant to simply pull the plug for fear of interrupting some poor user’s long download before completion. I could, of course, just be brutal. After all, they are my servers, I pay for them, and the client gets the software for nothing, But brutality just doesn’t feel right.
Waiting for existing connections to finish whilst watching for new ones and then shutting down seemed like a really good way to go nuts slowly. I needed a simple graceful way of blocking incoming connections whilst continuing to serve existing established connections.
It turns out that lighttpd will do just what I want if sent a SIGINT i.e. send the process a SIGINT signal and lighty will stop accepting new connections but continue to serve existing connections until they are all complete. The server then will shut down entirely. This is not well documented. Here is a one-line script to do just that.
# shut down lighty in a friendly manner. Send a SIGINT to lighttpd process so that it stops
# accepting new connections, but continues to service existing connections. Downloads will
# continue uninterrupted until all connections are closed, then lighty will close.
/bin/kill -INT `cat /var/run/lighttpd.pid`
(Yes, I know that is more than one line.)