Graceful Shutdown

Graceful shutdown is the practice of handling termination signals (SIGTERM, SIGINT) to allow an application to finish processing in-flight requests, close database connections, flush buffers, and release resources before the process exits. Without graceful shutdown, active requests are abruptly terminated, database transactions may be left in an inconsistent state, and cached data may be lost.

The standard graceful shutdown sequence for an HTTP server involves: (1) receiving SIGTERM, (2) stopping acceptance of new connections, (3) signaling the load balancer or service registry that the instance is draining (e.g., failing readiness checks), (4) waiting for in-flight requests to complete within a configurable timeout, (5) closing database connection pools and other resources, and (6) exiting with code 0. If in-flight requests don't complete within the timeout, the process should force-exit to avoid hanging indefinitely.

In containerized environments, Kubernetes sends SIGTERM and waits for the terminationGracePeriodSeconds (default 30s) before sending SIGKILL. The application's shutdown timeout must be less than this value. Docker has a similar stop_grace_period. Node.js applications must be careful with PID 1 signal handling -- using tini or dumb-init as the init process ensures SIGTERM is properly forwarded to the Node process rather than being ignored.