IBM HTTP Server<\/p>\n
Installation<\/p>\n
Ensure you have the IBM Developer Kit, Java Technology Edition Version 1.4, installed on your machine. Files included<\/p>\n
* gskit.sh
\n* setup.jar
\n* A GSKit run-time executable:
\n* Linux for Intel: gsk7bas_295-7.0-1.10.i386.rpm
\nGo to the directory where you uncompressed the install image and type
\njava -jar setup.jar
\nTo do a silent installation, type:
\njava -jar setup.jar -silent -options silent.res
\nTo customize the install options, edit the silent.res text file. All options are set to true
\nby default. To disable an option, set its value to false
\n* Choose the language in which to run the installation.
\n* The license agreement accept
\n* The default directory : \/opt\/IBMHIHS\/
\n* Type of installation : typical
\ncd IHS<\/p>\n
.\/install launches the installer HTTP Server 6.0<\/p>\n
Accept License agreement
\nNext<\/p>\n
Install Directory Directory name
\n\/opt\/IBMIHS<\/p>\n
Select Custom
\nProduct Installation
\nHTTPServer base
\nSecurity<\/p>\n
Click Next<\/p>\n
IBM Http Server communicates using the port numbers below<\/p>\n
HTTP Port 80
\nHTTP Administration Port 8008<\/p>\n
Click Next<\/p>\n
IBM HTTP Server 6.0 will be installed in the following location:
\n\/opt\/IBMIHS with the following features:
\nHTTPServer base Security<\/p>\n
Next<\/p>\n
Installalation Completed
\nThen a checkbox to launch the Websphere Application server
\nlaunch the WebSphere Application Server – Plugin Install
\nUninstall the IBM http Server
\nGo to the directory where you installed the IBM HTTP Server. Change to the_uninst directory
\nType java -jar uninstall.jar
\nSilent uninstall type java -jar uninstall.jar -silent
\nLooking at known problems on the UNIX platform<\/p>\n
Getting the suexec module to work
\nThe suexec module does not work unless IBM HTTP Server V2.0 is installed to the default location.
\nRunning the \/<ihs install root>\/bin\/httpd command
\nSource the \/<ihs install root>\/bin\/envvars file first to ensure you can run the \/<ihs install root>\/bin\/httpd command to start the IBM HTTP Server. To source the envvars file, enter . \/<ihs install root>\/bin\/envvars at the
\ncommand line. The envvars file contains the path to the libraries needed to run the \/<ihs install root>\/bin\/httpd command.
\nhttp:\/\/publib.boulder.ibm.com\/infocenter\/wasinfo\/v6r1\/index.jsp?topic=\/com.ibm.websphere.ihs.doc\/info\/welcome_ihs.html<\/p>\n
Enabling access to the administration server using the htpasswd utility<\/p>\n
The administration server is installed with authentication enabled. This means that the administration server will not accept a connection without a valid user ID and password. This is done to protect the IBM HTTP Server
\nconfiguration file from unauthorized access.<\/p>\n
Procedure
\nLaunch the htpasswd utility that is shipped with the administration server. This utility creates and updates the files used to store user names andpassword for basic authentication of users who access your Web server. Locate htpasswd in the bin directory.
\n.\/htpasswd -cm <install_dir>\/conf\/admin.passwd [login name]
\nwhere <install_dir> is the IBM HTTP Server installation directory and [login name] is the user ID that you use to log into the administration server.
\nResults
\nThe password file is referenced in the admin.conf file with the AuthUserFile directive.<\/p>\n
Running the setupadm script (\/opt\/IBMIHS\/bin\/setupadm)<\/p>\n
The setupadm script establishes permissions for configuration file updates. About this task<\/p>\n
You cannot update the configuration files after a default server installation, unless you run the setupadm script, or you set permissions manually.<\/p>\n
The setupadm script prompts you for the following input:<\/p>\n
* User ID – The user ID that you use to log on to the administration server. The script creates this user ID.
\n* Group name – The administration server accesses the configuration files and authentication files
\nthrough group file permissions. The script creates the specified group through this script.
\n* Directory – The directory where you can find configuration files and authentication files.
\n* File name – The following file groups and file permissions change:
\no Single file name
\no File name with wildcard
\no All (default) – All of the files in the specific directory
\no Processing – The setupadm script changes the group and file permissions of the configuration files
\nand authentication files.
\nThe administration server requires read and write access to configuration files and authentication files to perform Web server configuration data administration. In addition to the Web server files, you must change the
\npermissions to the targeted plug-in configuration files.
\nSetting Permissions manually<\/p>\n
Once you have created a user and group, set up file permissions as follows:<\/p>\n
1. Update the permissions for the targeted IBM HTTP Server conf directory.
\nAt a command prompt, change to the directory where you installed IBM HTTP Server.
\nType the following commands:
\nchgrp <group_name> <directory_name>
\nchmod g+rw <directory_name><\/p>\n
2. Update the file permission for the targeted IBM HTTP Server configuration files.
\nAt a command prompt, change to the directory that contains the configuration files.
\nType the following commands:
\nchgrp <group_name> <file_name>
\nchmod g+rw <file_name><\/p>\n
3. Update the admin.conf configuration file for the IBM HTTP Server administration server.
\nChange to the IBM HTTP Server administration server admin.conf directory.
\nSearch for the following lines in the admin.conf file:<\/p>\n
User nobody
\nGroup nobody<\/p>\n
3. Change those lines to reflect the user ID and unique group name<\/p>\n
4. Update the file permission for the targeted plug-in configuration files.
\n1. At a command prompt, change to the directory that contains the plug-in configuration files.
\n2. Type the following commands:
\nchgrp <group_name> <file_name>
\nchmod g+rw <file_name><\/p>\n
Key differences from the Apache HTTP Server<\/p>\n
IBM HTTP Server is based on the Apache HTTP Server. IBM HTTP Server includes the following additional features not available in the Apache HTTP Server:<\/p>\n
Support for the WebSphere administrative console.
\nInstallShield for multiple platforms enables consistent installation of the IBM HTTP Server on different platforms.
\nDynamic content generation with FastCGI.
\nOperational differences between Apache and IBM HTTP Server
\nThe apachectl command is the only supported command to start IBM HTTP Server. You cannot directly invoke the httpd command because it will not find the required libraries. The apachectl command is the preferred command to start Apache V2.0 and higher, but the httpd command might work on the Apache server as expected, depending on the platform and how Apache was built. You can specify httpd options on the apachectl command line.
\nIBM HTTP Server supports the suEXEC program, which provides for execution of CGI scripts under a particular user ID.
\nIf you use the suEXEC program, you must install the IBM HTTP Server to the default installation directory only. The suEXEC program uses the security model which requires that all configuration paths are hard-coded in theexecutable file, and the paths chosen for IBM HTTP Server are those of the default installation directory.
\nWhen an Apache user chooses an installation location for Apache at compile time, the suEXEC program is pre-built with the chosen paths, so this issue is seen by the Apache users.
\nCustomers need to use the suEXEC program with arbitrary configuration paths can build it with Apache on their platform and use the generated suEXEC binary with IBM HTTP Server. Customers must save and restore their custom suEXEC file when applying IBM HTTP Server maintenance.<\/p>\n
Configuring IBM HTTP Server<\/p>\n
Special considerations for IBM HTTP Server.
\nThe IBM HTTP Server and administration server configuration files, httpd.conf and admin.conf respectively, support only single-byte characters (SBCS). This restriction applies to all operating system platforms.<\/p>\n
Learn about FastCGI<\/p>\n
FastCGI is an interface between Web servers and applications which combines some of the performance characteristics of native Web server modules with the Web server independence of the Common Gateway Interface (CGI) programming interface. IBM HTTP Server provides FastCGI support with the mod_fastcgi module. The mod_fastcgi module implements the capability for IBM HTTP Server to manage FastCGI applications and to allow them to process requests.<\/p>\n
A FastCGI application typically uses a programming library such as the FastCGI development kit from http:\/\/www.fastcgi.com\/. IBM HTTP Server does not provide a FastCGI programming library for use by FastCGI applications.<\/p>\n
Example of mod_fastcgi configuration<\/p>\n
Load the mod_fastcgi module into the server, and then configure FastCGI using the FastCGI directives.
\nThe following directive is required to load mod_fastcgi into the server
\nLoadModule fastcgi_module modules\/mod_fastcgi.so<\/p>\n
A complete configuration example for UNIX and Linux platforms. In this example, the \/opt\/IBM\/HTTPServer\/fcgi-bin\/ directory contains FastCGI applications, including the echo.exe application. Requests from Web browsers for the \/fcgi-bin\/echo URI will be handled by the FastCGI echo.exe application<\/p>\n
LoadModule fastcgi_module modules\/mod_fastcgi.so
\n<IfModule mod_fastcgi.c>
\nScriptAlias \/fcgi-bin\/ “\/opt\/IBM\/HTTPServer\/fcgi-bin\/”<\/p>\n
<Directory “\/opt\/IBM\/HTTPServer\/fcgi-bin\/”
\nAllowOverride None
\nOptions +ExecCGI
\nSetHandler fastcgi-script
\n<\/Directory><\/p>\n
FastCGIServer “\/opt\/IBM\/HTTPServer\/fcgi-bin\/echo” -processes 1
\n<\/IfModule><\/p>\n
IBM HTTP Server remote administration
\nIBM HTTP Server remote administration using WebSphere Application Server Network Deployment: You can administer and configure IBM HTTP Server using the WebSphere Administrative Console. The IBM HTTP Server installation includes the IBM administration server, which installs by default during a typical IBM
\nHTTP Server installation. When you install IBM HTTP Server on a machine without the WebSphere Application Server, the IBM administration server is necessary for administration. In order for the IBM administration server to handle requests for the administration of IBM HTTP Server, the IBM administration server must be started and defined to an unmanaged WebSphere Application Server node. Administration of IBM HTTP Server is available without the IBM administration server if the IBM HTTP Server is installed on a machine with a WebSphere managed node.<\/p>\n
You must define IBM HTTP Server through the WebSphere administrative console. Once defined, an administrator can administer and configure IBM HTTP Server through the WebSphere administrative console. Administration includes the ability to start and stop the IBM HTTP Server. You can display and edit the
\nIBM HTTP Server configuration file, and you can view the IBM HTTP Server error and access logs. The plug-in configuration file can be generated for IBM HTTP Server and propagated to the remote or locally-installed IBM HTTP Server.<\/p>\n
On Linux platforms – troubleshooting:
\n\/opt\/IBM\/HTTPServer\/logs\/error_log
\nSetting Up SSL and Certs
\nhttp:\/\/publib.boulder.ibm.com\/infocenter\/wasinfo\/v6r0\/index.jsp<\/p>\n
Steps for this task<\/p>\n
Use the IBM HTTP Server IKEYMAN utility to create a CMS key database file and self signed server certificate.
\nEnable SSL directives in the IBM HTTP Server httpd.conf configuration file .
\nUncomment the LoadModule ibm_ssl_module modules\/mod_ibm_ssl.so configuration directive.
\nCreate an SSL virtual host stanza in the httpd.conf file using the following examples and directives.<\/p>\n
LoadModule ibm_ssl_module modules\/mod_ibm_ssl.so
\n<IfModule mod_ibm_ssl.c>
\nListen 443
\n<VirtualHost *:443>
\nSSLEnable
\n<\/VirtualHost>
\n<\/IfModule>
\nSSLDisable
\nKeyFile “c:\/Program Files\/IBM HTTP Server\/key.kdb”<\/p>\n
<\/p>\n
Setting up SSL enabled https<\/p>\n
On Sql,
\n\/opt\/IBMIHS\/conf\/http.conf.sql<\/p>\n
Edit the file to include
\nServerName sql
\nServerRoot “\/opt\/IBMIHS”
\nLoadModule ibm_ssl_module modules\/mod_ibm_ssl.so<\/p>\n
<IfModule mod_ibm_ssl.c>
\nListen 443
\n<VirtualHost *:443>
\nSSLEnable
\n<\/VirtualHost>
\n<\/IfModule>
\nSSLDisable
\nKeyFile “\/opt\/IBMIHS\/keys\/key.kdb”
\nUser wasadmin
\nGroup wwwwas<\/p>\n
DocumentRoot “\/opt\/IBMIHS\/htdocs\/en_US”
\nServerAdmin seela@cse.yorku.ca
\nTo generate the key.kdb file \/opt\/IBMIHS\/bin\/ikeyman sets up a graphical interface
\nSelect Key Database File
\nNew
\nGui: key database type – select CMS
\nFilename key.kdb
\nLocation: \/opt\/IBMIHS\/keys
\nPasswd : root passwd
\nConfirm<\/p>\n
Set expiration time: 1460 Days
\nStash the password file:
\nTwo files are generated:
\nkey.kdb
\nkey.sth<\/p>\n
But now start the apache server \/opt\/IBMIHS\/bin
\n.\/apachectl -k stop
\n.\/apachectl -k start -f \/opt\/IBMIHS\/conf\/httpd.conf.sql<\/p>\n
Testing the web browser https:\/\/sql.cs.yorku.ca will not work<\/p>\n
Disabled the firewall
\n\/sbin\/iptables -F
\n(-F option is to flush the tables)<\/p>\n
Now we can connect<\/p>\n
Add firewalls rules
\n\/etc\/sysconfig\/iptables – added the following lines
\n-A RH-Firewall-1-INPUT -s 192.168.9.0\/255.255.255.0 -p tcp -m tcp –tcp-flags SYN,RST,ACK SYN -j ACCEPT
\n-A RH-Firewall-1-INPUT -s 192.168.9.0\/255.255.255.0 -p tcp -m tcp –tcp-flags SYN,RST,ACK SYN -j ACCEPT
\n-A RH-Firewall-1-INPUT -s 192.168.9.0\/255.255.255.0 -p tcp -m tcp –tcp-flags SYN,RST,ACK SYN -j ACCEPT
\n-A RH-Firewall-1-INPUT -s 192.168.9.0\/255.255.255.0 -p tcp -m tcp –tcp-flags SYN,RST,ACK SYN -j ACCEPT<\/p>\n
<\/p>\n
Secure Sockets Layer protocol
\nSSL ensures the data that is transferred between a client and a server remains private. This protocol enables the client to authenticate the identity of the server. SSL Version 3, requires authentication of the client identity.
\nWhen your server has a digital certificate, SSL-enabled browsers can communicate securely with your server, using SSL
\nSSL uses a security handshake to initiate a secure connection between the client and the server.
\nDuring the handshake, the client and server agree on the security keys to use for the session<\/p>\n
After the handshake, SSL encrypts and decrypts all the information in both the HTTPS request and the server response, including:<\/p>\n
* The URL requested by the client
\n* The contents of any submitted form
\n* Access authorization information, like user names and passwords
\n* All data sent between the client and the server<\/p>\n
HTTPS represents a unique protocol that combines SSL and HTTP. Specify https:\/\/ as an anchor in HTML documents that link to SSL-protected documents
\nA client user can also open a URL by specifying https:\/\/ to request an SSL-protected document.<\/p>\n
Because HTTPS (HTTP + SSL) and HTTP are different protocols and use different ports (443 and 80, respectively), you can run both SSL and non-SSL requests simultaneously. This capability enables you to provide information to users without security, while providing specific information only to browsers making
\nsecure requests.<\/p>\n
Uninstalling the IBM HTTP Server<\/p>\n
This section contains procedures for uninstalling the IBM HTTP Server. The uninstaller program is customized for each product installation, with specific disk locations and routines for removing installed features. The uninstaller program does not remove configuration and log files<\/p>\n
Steps for this task
\n1. Stop IBM HTTP Server.
\n2. Change directories to the directory where you installed the IBM HTTP Server, then go to the
\n_uninst directory
\n3. Double-click uninstall to launch the uninstaller program. You can also choose to do a silent uninstall
\nby running the uninstall -silent command. The uninstall process on Linux and UNIX systems does
\nnot automatically uninstall the GSKit. You have to uninstall the GSKit manually by using the
\nnative uninstall method.
\n4. Click Next to begin uninstalling the product.The Uninstaller wizard displays a Confirmation panel that
\nlists the product and features that you are uninstalling
\n5. Click Next to continue uninstalling the product. The Uninstaller wizard deletes existing profiles first.
\nAfter deleting profiles, the Uninstaller wizard deletes core product files by component.
\n6. Click Finish to close the wizard after the wizard removes the product.<\/p>\n
Result<\/p>\n
The IBM HTTP Server uninstallation is now complete. The removal is logged in the ihs_install_directory\/ihsv6_uninstall.log file.
\nStarting and stopping IBM HTTP Server<\/p>\n
You can use the WebSphere administrative console to start and stop IBM HTTP Server. You can also use commands. See the following topics for more information:
\nChoose to do a silent uninstall by running the uninstall -silent command. The uninstall process on Linux and UNIX systems does not automatically uninstall the GSKit. You have to uninstall the GSKit manually by using the native uninstall method.
\nClick Next to begin uninstalling the product.The Uninstaller wizard displays a Confirmation panel that lists the product and features that you are uninstalling.
\nClick Next to continue uninstalling the product. The Uninstaller wizard deletes existing profiles first. After deleting profiles, the Uninstaller wizard deletes core product files by component.
\nClick Finish to close the wizard after the wizard removes the product.<\/p>\n
Result<\/p>\n
The IBM HTTP Server uninstallation is now complete. The removal is logged in the ihs_install_directory\/ihsv6_uninstall.log file.
\nYou can use the WebSphere administrative console to start and stop IBM HTTP Server. You can also use commands. See the following topics for more information:<\/p>\n
* Starting and stopping IBM HTTP Server with the WebSphere Application Server administrative console
\n* Starting IBM HTTP Server on Linux and UNIX platforms
\n* Starting IBM HTTP Server on Windows operating systems<\/p>\n
Starting IBM HTTP Server on Linux and UNIX platforms<\/p>\n
* \/opt\/IBMIHS\/bin\/apachectl start|stop<\/p>\n
To start IBM HTTP Server using an alternate configuration file, run the
\napachectl -k start -f path_to_configuration_file command.
\nTo stop IBM HTTP Server using an alternate configuration file, run the
\napachectl -k stop -f path_to_configuration_file command<\/p>\n
<\/p>\n
<\/p>\n
<\/p>\n","protected":false},"excerpt":{"rendered":"
IBM HTTP Server<\/p>\n
Installation<\/p>\n
Ensure you have the IBM Developer Kit, Java Technology Edition Version 1.4, installed on your machine. Files included<\/p>\n
* gskit.sh * setup.jar * A GSKit run-time executable: * Linux for Intel: gsk7bas_295-7.0-1.10.i386.rpm Go to the directory where you uncompressed the install image and type java -jar setup.jar To do a silent […]<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[1],"tags":[],"_links":{"self":[{"href":"https:\/\/mohan.sg\/index.php?rest_route=\/wp\/v2\/posts\/2483"}],"collection":[{"href":"https:\/\/mohan.sg\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/mohan.sg\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/mohan.sg\/index.php?rest_route=\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/mohan.sg\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=2483"}],"version-history":[{"count":1,"href":"https:\/\/mohan.sg\/index.php?rest_route=\/wp\/v2\/posts\/2483\/revisions"}],"predecessor-version":[{"id":2484,"href":"https:\/\/mohan.sg\/index.php?rest_route=\/wp\/v2\/posts\/2483\/revisions\/2484"}],"wp:attachment":[{"href":"https:\/\/mohan.sg\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=2483"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/mohan.sg\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=2483"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/mohan.sg\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=2483"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}