Web serving
This chapter provides an overview of the changes that are made to the IBM HTTP Server for i (5770-DG1).
This chapter describes the following topics:
13.1 Triggered cache manager removed
Triggered cache manager support (option 1of 5770-DG1) was removed from the licensed products list in IBM i 7.1.
13.2 Web server search engine and web crawler support removed
The web server search engine and crawler support was removed in IBM i 7.1.
The following commands were removed:
•Configure HTTP Search (CFGHTTPSCH)
•Start HTTP Crawler (STRHTTPCRL)
•End HTTP Crawler (ENDHTTPCRL)
•Resume HTTP Crawler (RSMHTTPCRL)
Any existing CL programs that use these commands might need to be modified. Any web interfaces that use the search support must be modified so it no longer uses this removed option.
13.3 Plug-ins and LoadModule directives
These directives apply to all IBM HTTP servers that are associated with WebSphere Application Server Version 6.1 (5733-W61) or Version 7 (5733-W70) when you upgrade to
IBM i 7.1.
IBM i 7.1.
All Application Server service programs that implement the HTTP plug-ins might need to be updated before you start the HTTP servers on IBM i 7.1.
For more information related to WebSphere Application Server in IBM i 7.1, see 14.1, “IBM Integrated Web Services for i” on page 552.
In IBM i 7.1, the LoadModule directives that are used by external HTTP servers that are associated with WebSphere Application Server Version 6.1 and WebSphere Application Server Version 7 changed.
For HTTP servers that are associated with WebSphere Application Server Version 6.1 or Version 7, the LoadModule directive must be changed to match the following format:
LoadModule was_ap20_module /QSYS.LIB/<product_library>.LIB/QSVTAP22.SRVPGM
Where <product_library> is the product library for the Application Server installation.
The product library for each WebSphere Application Server installation on your system contains the program and service program objects for the installed product:
•For WebSphere Application Server V6.1:
– The product library name for Version 6.1 is QWAS61x (where x is A, B, C, and so on).
– The product library for the first WebSphere Application Server V6.1 product that is installed on the system is QWAS61A.
•For WebSphere Application Server V7:
– The product library name for Version 7 is QWAS7x (where x is A, B, C, and so on).
– The product library for the first WebSphere Application Server V7 product that is installed on the system is QWAS7A.
The product library can be determined by examining the <profile_root>/properties/.instance.properties file, where <profile_root> is the root directory of the associated WebSphere Application Server profile.
In the.instance.properties file, <product_library> is specified by the was.install.library property.
The LoadModule directive can be modified from the IBM Web Administration for i window.
The following example assumes that a WebSphere Application Server 7 server instance WAS70TOMV was created on IBM i 6.1:
1. Start the IBM Systems Director Navigator for i and click the IBM i Tasks Page link on the Welcome window, as shown in Figure 13-1.
Figure 13-1 IBM i Navigator - Welcome window
Figure 13-2 IBM Web Administration for i
The IBM Web Administration for i window opens, as shown in Figure 13-3.
Figure 13-3 IBM Web Administration for i - Manage HTTP Servers
Complete the following steps:
1. From the Manage tab, click HTTP Servers.
2. Select your server from the Server menu.
3. Click Edit Configuration file in the navigation frame.
Figure 13-4 shows the configuration file of the corresponding HTTP server instance WEB_TOMV that was configured.
|
Display Configuration File
HTTP server: WEB_TOMV
Selected file: /www/web_tomv/conf/httpd.conf
1 WebSpherePluginConfig /QIBM/UserData/WebSphere/AppServer/V7/Base/profiles/WAS70TOMV/config/cells/MERCURE_WAS70TOMV/nodes/MERCURE.BE.IBM.COM-node/servers/IHS_WEB_TOMV/plugin-cfg.xml
2 LoadModule was_ap20_module /QSYS.LIB/QHTTPSVR.LIB/QSVT2070.SRVPGM
3 # HTTP server (powered by Apache) configuration
4 DocumentRoot /www/web_tomv/htdocs
5 ServerRoot /www/web_tomv
6 Options -ExecCGI -FollowSymLinks -SymLinksIfOwnerMatch -Includes -IncludesNoExec -Indexes -MultiViews
7 Listen *:10000
8 LogFormat "%h %T %l %u %t "%r" %>s %b "%{Referer}i" "%{User-Agent}i"" combined
9 LogFormat "%{Cookie}n "%r" %t" cookie
10 LogFormat "%{User-agent}i" agent
11 LogFormat "%{Referer}i -> %U" referer
12 LogFormat "%h %l %u %t "%r" %>s %b" common
13 CustomLog logs/access_log combined
14 SetEnvIf "User-Agent" "Mozilla/2" nokeepalive
15 SetEnvIf "User-Agent" "JDK/1.0" force-response-1.0
16 SetEnvIf "User-Agent" "Java/1.0" force-response-1.0
17 SetEnvIf "User-Agent" "RealPlayer 4.0" force-response-1.0
18 SetEnvIf "User-Agent" "MSIE 4.0b2;" nokeepalive
19 SetEnvIf "User-Agent" "MSIE 4.0b2;" force-response-1.0
20 <Directory />
21 Order Deny,Allow
22 Deny From all
23 </Directory>
24 <Directory /www/web_tomv/htdocs>
25 Order Allow,Deny
26 Allow From all
27 </Directory>
|
Figure 13-4 WEB_TOMV HTTP server configuration file
4. Look for the library name that is associated with the WebSphere Application Server instance within the.instance.properties file at following path within the IFS, QIBMUserDataWebSphereAppServerV7BaseprofilesWAS70TOMVproperties, as shown in Figure 13-5.
|
instance.name=WAS70TOMV
instance.type=appserver
instance.creating.product=BASE
instance.use.j9=false
instance.j9.path=$(j9path)
instance.j9.version=classic
default.server.name=WAS70TOMV
was.install.library=QWAS7A
was.install.path=/QIBM/ProdData/WebSphere/AppServer/V7/Base
|
Figure 13-5 was.install.library property within the.instance.properties file
5. Update the LoadModule directive by changing QHTTPSVR to QWAS7A and change QSVT2070 to QSVTAP22, as shown in Figure 13-6.
|
WebSpherePluginConfig /QIBM/UserData/WebSphere/AppServer/V7/Base/profiles/WAS70TOMV/config/cells/MERCURE_WAS70TOMV/nodes/MERCURE.BE.IBM.COM-node/servers/IHS_WEB_TOMV/plugin-cfg.xml
LoadModule was_ap20_module /QSYS.LIB/QWAS7A.LIB/QSVTAP22.SRVPGM
# HTTP server (powered by Apache) configuration
DocumentRoot /www/web_tomv/htdocs
ServerRoot /www/web_tomv
Options -ExecCGI -FollowSymLinks -SymLinksIfOwnerMatch -Includes -IncludesNoExec -Indexes -MultiViews
Listen *:10000
LogFormat "%h %T %l %u %t "%r" %>s %b "%{Referer}i" "%{User-Agent}i"" combined
LogFormat "%{Cookie}n "%r" %t" cookie
LogFormat "%{User-agent}i" agent
LogFormat "%{Referer}i -> %U" referer
LogFormat "%h %l %u %t "%r" %>s %b" common
CustomLog logs/access_log combined
SetEnvIf "User-Agent" "Mozilla/2" nokeepalive
SetEnvIf "User-Agent" "JDK/1.0" force-response-1.0
SetEnvIf "User-Agent" "Java/1.0" force-response-1.0
SetEnvIf "User-Agent" "RealPlayer 4.0" force-response-1.0
SetEnvIf "User-Agent" "MSIE 4.0b2;" nokeepalive
SetEnvIf "User-Agent" "MSIE 4.0b2;" force-response-1.0
<Directory />
Order Deny,Allow
Deny From all
</Directory>
<Directory /www/web_tomv/htdocs>
Order Allow,Deny
Allow From all
</Directory>
|
Figure 13-6 LoadModule Directive
6. On the IBM Web Administration for i window, which is shown in Figure 13-7, click Apply to change the configuration file.
Figure 13-7 IBM Web Administration for i - Applying changes to the configuration file
7. You now get a message that the configuration was successfully changed. Do not restart the server now. Click OK and from now on you can start the upgrade from IBM i 6.1 towards IBM i 7.1. After the upgrade, the HTTP server can be successfully started on
IBM i 7.1.
IBM i 7.1.
|
Note: The above example shows a manual update of IBM i 6.1 httpd.conf configuration file to support the WebSphere Application Server Plug-in path change in IBM i 7.1. PTF SI44746 is now available that does this update automatically when you start the HTTP server.
|
13.4 HTTP Server for i with HA IPv6 support
Highly available HTTP servers take advantage of IBM i clustering technology and make it possible to build a highly available website. High availability improves the availability of business-critical web applications that are built with static Hypertext Markup Language (HTML) pages or Common Gateway Interface (CGI) programs.
Before IBM i 7.1, only IPv4 addresses were supported by PowerHA. Now PowerHA for i on IBM i 7.1 fully supports IPv6 address (including all HA-related APIs, commands, and GUIs), so HA IPv6 support was added to HTTP Server for i on IBM i 7.1. You can use IPv6 addresses to configure all web servers in the cluster and access your web applications that are running in the highly available web server environment.
|
Network requirement: The IPv6 network among the clients and the cluster must be set up already and available for access. Every client must be able to ping through the clustered IPv6 address.
|
HTTP Server for i with HA IPv6 support has the following requirements:
•Software requirements:
– 5770SS1 40 HA Switchable Resources
– 5770DG1 *BASE HTTP Server for i
– 5770HAS *BASE IBM Po werHA for i Standard Edition
– 5770HAS 1 PowerHA for i Enterprise Edition
•Required PTFs: Current Group PTF for 5770DG1 SF99368 (minimum level 10)
13.5 IBM HTTP Server for i support for TLSv1.1 and TLSv1.2
IBM HTTP Server for i (5770-DG1) now supports Transport Layer Security Protocol (TLS) v1.1 and v1.2.
For details about configuring TLSv1.1 and TLSv1.2 see 9.4, “System SSL support for transport layer security version 1.2” on page 437. You can also refer to the following Secure Sockets Layer (SSL) topic in the IBM i 7.1 Knowledge Center:
The system value, QSSLPCL, must be changed to include the TLSV1.2 value if you want to use this version of TLS.
For configuring SSL and TLS, use the following directives in the HTTP Server configuration file (httpd.conf):
•SSLVersion
•SSLProxyVersion
•SSLCipherSpec
•SSLCipherBan
•SSLCipherRequire
•SSLProxyCipherSpec
TLSv1.1 or TLSv1.2 can be specified by using SSLVersion or SSLProxyVersion directives. Other directives in the list can specify the ciphers used from the Table 13-1.
Table 13-1 List of TLS ciphers now supported for IBM i SSL based applications
|
HEX
|
Short
Name |
Key
Size |
Long Name
|
SSL
V3 |
TLS
v1.0 |
TLS
v1.1 |
TLS
v1.2 |
|
0x01
|
31
|
0
|
TLS_RSA_WITH_NULL_MD5
|
x
|
x
|
x
|
x
|
|
0x02
|
32
|
0
|
TLS_RSA_WITH_NULL_SHA
|
x
|
x
|
x
|
x
|
|
0x03
|
33
|
40
|
TLS_RSA_EXPORT_WITH_RC4_40_MD5
|
x
|
x
|
|
|
|
0x04
|
34
|
128
|
TLS_RSA_WITH_RC4_128_MD
|
x
|
x
|
x
|
x
|
|
0x05
|
35
|
128
|
TLS_RSA_WITH_RC4_128_SHA
|
x
|
x
|
x
|
x
|
|
0x06
|
36
|
40
|
TLS_RSA_EXPORT_WITH_RC2_CBC_40_MD5
|
x
|
x
|
|
|
|
0x09
|
39
|
56
|
TLS_RSA_WITH_DES_CBC_SHA
|
x
|
x
|
x
|
|
|
0x0A
|
3A
|
168
|
TLS_RSA_WITH_3DES_EDE_CBC_SHA
|
x
|
x
|
x
|
x
|
|
0x2F
|
X2F
|
128
|
TLS_RSA_WITH_AES_128_CBC_SHA
|
|
x
|
x
|
x
|
|
0x35
|
X35
|
256
|
TLS_RSA_WITH_AES_256_CBC_SHA
|
|
x
|
x
|
x
|
|
0x3B
|
X3B
|
0
|
TLS_RSA_WITH_NULL_SHA256
|
|
|
|
x
|
|
0x3C
|
X3C
|
128
|
TLS_RSA_WITH_AES_128_CBC_SHA256
|
|
|
|
x
|
|
0x3D
|
X3D
|
256
|
TLS_RSA_WITH_AES_256_CBC_SHA256
|
|
|
|
x
|
For example, the HTTP Server configuration file (httpd.conf) can include the following directives:
SSLVersion TLSV1.2
SSLCipherSpec TLS_RSA_WITH_AES_256_CBC_SHA256
The latest enhancement for TLSv1.1 and TLSv1.2 added the last three ciphers:
TLS_RSA_WITH_NULL_SHA256
TLS_RSA_WITH_AES_128_CBC_SHA256
TLS_RSA_WITH_AES_256_CBC_SHA256
For more information about the IBM HTTP Server for i, see the IBM i 7.1 Knowledge Center:
13.6 Large file support for IBM HTTP Server for i
IBM HTTP Server for i was enhanced to support files larger than 2 GB. Complete details, prerequisites, and impact for modules and plug-ins is described in the following IBM HTTP Server for i - Large File Support Overview article in IBM developerWorks:
For clients that still require functionality from plug-ins that were added before the December 2012 PTF groups, they might need to recompile those plug-ins to enable the new support.
For clients using IBM WebSphere Application Server on IBM i, installing the latest fix packs provides the corrected HTTP server plug-in. For more information, see the IBM i Technology Updates, Web integration on i wiki on IBM developerWorks:
..................Content has been hidden....................
You can't read the all page of ebook, please click here login for view all page.