2012년 9월 12일 수요일

IBM HTTP Server

Installation
  Ensure you have the IBM Developer Kit, Java Technology Edition Version 1.4, installed on your machine.   Files included
       * gskit.sh
       * setup.jar
       * A GSKit run-time executable:
       * Linux for Intel: gsk7bas_295-7.0-1.10.i386.rpm
       Go to the directory where you uncompressed the install image and type
java -jar setup.jar
    To do a silent installation, type:
java -jar setup.jar -silent -options silent.res
    To customize the install options, edit the silent.res text file. All options are set to true
    by   default. To disable an  option, set its value to false
       * Choose the language in which to run the installation.
       * The license agreement accept
       * The default directory : /opt/IBMHIHS/
       * Type of installation : typical
     cd IHS
./install                launches the installer HTTP Server 6.0
Accept License agreement
Next
Install Directory Directory name
/opt/IBMIHS
Select Custom
    Product Installation
    HTTPServer base
    Security
Click Next
IBM Http Server communicates using the port numbers below
HTTP Port   80
HTTP Administration Port  8008
Click Next
IBM HTTP Server 6.0 will be installed in the following location:
/opt/IBMIHS  with the following features:
HTTPServer base Security
Next
Installalation Completed
Then a checkbox to launch the Websphere Application server
launch the WebSphere Application Server - Plugin Install
Uninstall the IBM http Server
   Go to the directory where you installed the IBM HTTP Server. Change to the_uninst directory 
   Type                   java -jar uninstall.jar
   Silent uninstall type       java -jar uninstall.jar -silent
Looking at known problems on the UNIX platform
Getting the suexec module to work
The suexec module does not work unless IBM HTTP Server V2.0 is installed to the default location.
Running the /<ihs install root>/bin/httpd command
Source the /<ihs install root>/bin/envvars file first to ensure you can run the /<ihs install root>/bin/httpd command to start the IBM HTTP Server. To source the envvars file, enter . /<ihs install root>/bin/envvars at the
command line. The envvars file contains the path to the libraries needed to run the /<ihs install root>/bin/httpd command.
http://publib.boulder.ibm.com/infocenter/wasinfo/v6r1/index.jsp?topic=/com.ibm.websphere.ihs.doc/info/welcome_ihs.html
Enabling access to the administration server using the htpasswd utility
The administration server is installed with authentication enabled. This means that the administration server will not accept a connection without a valid user ID and password. This is done to protect the IBM HTTP Server
configuration file from unauthorized access.
Procedure
Launch the htpasswd utility that is shipped with the administration server. This utility creates and updates the files used to store user names andpassword for basic authentication of users who access your Web server. Locate htpasswd in the bin directory.
./htpasswd -cm <install_dir>/conf/admin.passwd [login name]
where <install_dir> is the IBM HTTP Server installation directory and [login name] is the user ID that you use to log into the administration server.
Results
The password file is referenced in the admin.conf file with the AuthUserFile directive.
Running the setupadm script  (/opt/IBMIHS/bin/setupadm)
The setupadm script establishes permissions for configuration file updates.  About this task
You cannot update the configuration files after a default server installation, unless you run the setupadm script, or you set permissions manually.
The setupadm script prompts you for the following input:
    * User ID - The user ID that you use to log on to the administration server. The script creates this user ID.
    * Group name - The administration server accesses the configuration files  and authentication files
       through   group file permissions. The script creates the specified group through this script.
    * Directory - The directory where you can find configuration files and  authentication files.
    * File name - The following file groups and file permissions change:
          o Single file name
          o File name with wildcard
          o All (default) - All of the files in the specific directory
          o Processing - The setupadm script changes the group and file  permissions of the configuration files
             and authentication files.
The administration server requires read and write access to configuration files and authentication files to perform Web server configuration data administration. In addition to the Web server files, you must change the
permissions to the targeted plug-in configuration files.
Setting Permissions manually
Once you have created a user and group, set up file permissions as follows:
   1. Update the permissions for the targeted IBM HTTP Server conf directory.
         At a command prompt, change to the directory where you installed IBM HTTP Server.
         Type the following commands:
                   chgrp <group_name> <directory_name>
                   chmod g+rw <directory_name>
   2. Update the file permission for the targeted IBM HTTP Server configuration files.
          At a command prompt, change to the directory that contains the configuration files.
         Type the following commands:
                   chgrp <group_name> <file_name>
                   chmod g+rw <file_name>
   3. Update the admin.conf configuration file for the IBM HTTP Server administration server.
        Change to the IBM HTTP Server administration server admin.conf directory.
        Search for the following lines in the admin.conf file:
            User nobody
            Group nobody
         3. Change those lines to reflect the user ID and unique group name
  4. Update the file permission for the targeted plug-in configuration files.
         1. At a command prompt, change to the directory that contains the plug-in configuration files.
         2. Type the following commands:
                  chgrp <group_name> <file_name>
                 chmod g+rw <file_name>
Key differences from the Apache HTTP Server
IBM HTTP Server is based on the Apache HTTP Server. IBM HTTP Server includes the following additional features not available  in the Apache HTTP Server:
  • Support for the WebSphere administrative console.
  • InstallShield for multiple platforms enables consistent installation of the IBM HTTP Server on different platforms.
  • Dynamic content generation with FastCGI.
  • Operational differences between Apache and IBM HTTP Server
  • The apachectl command is the only supported command to start IBM HTTP Server. You cannot directly invoke the httpd command because it will not find the required libraries. The apachectl command is the preferred command to start Apache V2.0 and higher, but the httpd command might work on the Apache server as expected, depending on the platform and how Apache was built. You can specify httpd options on the apachectl command line.
  • IBM HTTP Server supports the suEXEC program, which provides for execution of CGI scripts under a particular user ID.
  • If you use the suEXEC program, you must install the IBM HTTP Server to the default installation directory only. The suEXEC program uses the security model which requires that all configuration paths are hard-coded in theexecutable file, and the paths chosen for IBM HTTP Server are those of the default installation directory.
  • When an Apache user chooses an installation location for Apache at compile time, the suEXEC program is pre-built with the chosen paths, so this issue is seen by the Apache users.
  • Customers need to use the suEXEC program with arbitrary configuration paths can build it with Apache on their platform and use the generated suEXEC binary with IBM HTTP Server. Customers must save and restore their custom suEXEC file when applying IBM HTTP Server maintenance.

Configuring IBM HTTP Server
Special considerations for IBM HTTP Server.
The IBM HTTP Server and administration server configuration files, httpd.conf and admin.conf respectively, support only single-byte characters (SBCS). This restriction applies to all operating system platforms.
Learn about FastCGI
FastCGI is an interface between Web servers and applications which combines some of the performance characteristics of native Web server modules with the Web server independence of the Common Gateway Interface (CGI) programming interface.  IBM HTTP Server provides FastCGI support with the mod_fastcgi module. The mod_fastcgi module implements the capability for IBM HTTP Server to manage FastCGI applications and to allow them to process requests.
A FastCGI application typically uses a programming library such as the FastCGI development kit from http://www.fastcgi.com/. IBM HTTP Server does not provide a FastCGI programming library for use by FastCGI applications.
Example of mod_fastcgi configuration
Load the mod_fastcgi module into the server, and then configure FastCGI using the FastCGI directives.
The following directive is required to load mod_fastcgi into the server
LoadModule fastcgi_module modules/mod_fastcgi.so
A complete configuration example for UNIX and Linux platforms. In this example, the /opt/IBM/HTTPServer/fcgi-bin/ directory contains FastCGI applications, including the echo.exe application. Requests from Web browsers for the /fcgi-bin/echo URI will be handled by the FastCGI echo.exe application
LoadModule fastcgi_module modules/mod_fastcgi.so
<IfModule mod_fastcgi.c>
ScriptAlias /fcgi-bin/ "/opt/IBM/HTTPServer/fcgi-bin/"
<Directory "/opt/IBM/HTTPServer/fcgi-bin/"
                  AllowOverride None
       Options +ExecCGI  
       SetHandler fastcgi-script
</Directory>
FastCGIServer "/opt/IBM/HTTPServer/fcgi-bin/echo" -processes 1
</IfModule>
IBM HTTP Server remote administration
IBM HTTP Server remote administration using WebSphere Application Server Network Deployment: You can administer and configure IBM HTTP Server using the WebSphere Administrative Console. The IBM HTTP Server installation includes the IBM administration server, which installs by default during a typical IBM
HTTP Server installation. When you install IBM HTTP Server on a machine without the WebSphere Application Server, the IBM administration server is necessary for administration. In order for the IBM administration server to handle requests for the administration of IBM HTTP Server, the IBM administration server must be started and defined to an unmanaged WebSphere Application Server node. Administration of IBM HTTP Server is available without the IBM administration server if the IBM HTTP Server is installed on a machine with a WebSphere managed node.
You must define IBM HTTP Server through the WebSphere administrative console. Once defined, an administrator can administer and configure IBM HTTP Server through the WebSphere administrative console. Administration includes the ability to start and stop the IBM HTTP Server. You can display and edit the
IBM HTTP Server configuration file, and you can view the IBM HTTP Server error and access logs. The plug-in configuration file can be generated for IBM HTTP Server and propagated to the remote or locally-installed IBM HTTP Server.
On Linux platforms - troubleshooting:
/opt/IBM/HTTPServer/logs/error_log
Setting Up SSL and Certs
http://publib.boulder.ibm.com/infocenter/wasinfo/v6r0/index.jsp
Steps for this task
  • Use the IBM HTTP Server IKEYMAN utility to create a CMS key database file  and self signed server certificate.
  • Enable SSL directives in the IBM HTTP Server httpd.conf configuration file .
  • Uncomment the LoadModule ibm_ssl_module modules/mod_ibm_ssl.so configuration directive.
  •     Create an SSL virtual host stanza in the httpd.conf file using the following examples and directives.

LoadModule ibm_ssl_module modules/mod_ibm_ssl.so
            <IfModule mod_ibm_ssl.c>
              Listen 443
              <VirtualHost *:443>
                SSLEnable
              </VirtualHost>
            </IfModule>
            SSLDisable  
            KeyFile "c:/Program Files/IBM HTTP Server/key.kdb"
Setting up SSL enabled https
On Sql,
   /opt/IBMIHS/conf/http.conf.sql
   Edit the file to include
ServerName sql
   ServerRoot "/opt/IBMIHS"
      LoadModule ibm_ssl_module     modules/mod_ibm_ssl.so
   <IfModule mod_ibm_ssl.c>
      Listen 443
      <VirtualHost *:443>
       SSLEnable
      </VirtualHost>
   </IfModule>
   SSLDisable      
   KeyFile "/opt/IBMIHS/keys/key.kdb"
   User wasadmin
   Group wwwwas
   DocumentRoot "/opt/IBMIHS/htdocs/en_US"
   ServerAdmin seela@cse.yorku.ca
To generate the key.kdb file /opt/IBMIHS/bin/ikeyman sets up a graphical interface
Select Key Database File
New
Gui: key database type - select CMS
Filename key.kdb
Location: /opt/IBMIHS/keys
Passwd : root passwd
Confirm
Set expiration time: 1460 Days
Stash the password file:
Two files are generated:
   key.kdb
   key.sth
But now start the apache server /opt/IBMIHS/bin
./apachectl -k stop
./apachectl -k start -f /opt/IBMIHS/conf/httpd.conf.sql
Testing the web browser  https://sql.cs.yorku.ca will not work
Disabled the firewall
/sbin/iptables -F
               (-F option is to flush the tables)
Now we can connect
Add firewalls rules
/etc/sysconfig/iptables  - added the following lines
-A RH-Firewall-1-INPUT -s 130.63.92.0/255.255.255.0 -p tcp -m tcp --tcp-flags SYN,RST,ACK SYN -j ACCEPT
-A RH-Firewall-1-INPUT -s 130.63.90.0/255.255.255.0 -p tcp -m tcp --tcp-flags SYN,RST,ACK SYN -j ACCEPT
-A RH-Firewall-1-INPUT -s 130.63.86.0/255.255.255.0 -p tcp -m tcp --tcp-flags SYN,RST,ACK SYN -j ACCEPT
-A RH-Firewall-1-INPUT -s 130.63.96.0/255.255.255.0 -p tcp -m tcp --tcp-flags SYN,RST,ACK SYN -j ACCEPT
Secure Sockets Layer protocol
SSL ensures the data that is transferred between a client and a server remains private. This protocol enables the client to authenticate the identity of the server. SSL Version 3, requires authentication of the client identity.
When your server has a digital certificate, SSL-enabled browsers can communicate  securely with your server, using SSL
SSL uses a security handshake to initiate a secure connection between the client and the server.
During the handshake, the client and server agree on the security keys to use for the session
After the handshake, SSL encrypts and decrypts all the information in both the HTTPS request and the server response, including:
    * The URL requested by the client
    * The contents of any submitted form
    * Access authorization information, like user names and passwords
    * All data sent between the client and the server
HTTPS represents a unique protocol that combines SSL and HTTP. Specify https:// as an anchor in HTML documents that link to SSL-protected documents
A client user can also open a URL by specifying https:// to request an SSL-protected document.
Because HTTPS (HTTP + SSL) and HTTP are different protocols and use different ports (443 and 80, respectively), you can run both SSL and non-SSL requests simultaneously. This capability enables you to provide information to users without security, while providing specific information only to browsers making
secure requests.
Uninstalling the IBM HTTP Server
This section contains procedures for uninstalling the IBM HTTP Server. The uninstaller program is customized for each product installation, with specific disk locations and routines for removing installed features. The uninstaller program does not remove configuration and log files
Steps for this task
   1. Stop IBM HTTP Server.
   2. Change directories to the directory where you installed the IBM HTTP Server, then go to the
       _uninst    directory
   3. Double-click uninstall to launch the uninstaller program. You can also choose to do a silent uninstall
      by running the uninstall -silent command. The uninstall process on Linux and UNIX systems does
      not automatically uninstall the GSKit. You have to uninstall the GSKit manually by using the
      native uninstall method.
   4. Click Next to begin uninstalling the product.The Uninstaller wizard displays a Confirmation panel that
      lists the product and features that you are uninstalling
   5.  Click Next to continue uninstalling the product. The Uninstaller wizard deletes existing profiles first.
     After deleting profiles, the Uninstaller wizard deletes core product files by component.
   6. Click Finish to close the wizard after the wizard removes the product.
Result
The IBM HTTP Server uninstallation is now complete. The removal is logged in the  ihs_install_directory/ihsv6_uninstall.log file.
Starting and stopping IBM HTTP Server
You can use the WebSphere administrative console to start and stop IBM HTTP Server. You can also use commands. See the following topics for more information:
Choose to do a silent uninstall by running the uninstall -silent command. The uninstall process on Linux and UNIX systems does not automatically uninstall the GSKit. You have to uninstall the GSKit manually by using the native uninstall method.
Click Next to begin uninstalling the product.The Uninstaller wizard displays a Confirmation panel that lists the product and features that you are uninstalling.
Click Next to continue uninstalling the product. The Uninstaller wizard deletes existing profiles first. After deleting profiles, the Uninstaller wizard deletes core product files by component.
Click Finish to close the wizard after the wizard removes the product.
Result
The IBM HTTP Server uninstallation is now complete. The removal is logged in the ihs_install_directory/ihsv6_uninstall.log file.
You can use the WebSphere administrative console to start and stop IBM HTTP Server. You can also use commands. See the following topics for more information:
    * Starting and stopping IBM HTTP Server with the WebSphere Application Server administrative console
    * Starting IBM HTTP Server on Linux and UNIX platforms
    * Starting IBM HTTP Server on Windows operating systems
Starting IBM HTTP Server on Linux and UNIX platforms
    * /opt/IBMIHS/bin/apachectl start|stop
To start IBM HTTP Server using an alternate configuration file, run the
apachectl -k start -f path_to_configuration_file command.
To stop IBM HTTP Server using an alternate configuration file, run the
apachectl -k stop -f path_to_configuration_file command

댓글 없음:

댓글 쓰기