Internet Express Version 6.7 for Tru64 UNIX: Internet Express for Tru64 UNIX Administration Guide

Chapter 7 Web Services Administration

  Table of Contents

  Glossary

  Index

The Internet Express Administration utility lets you manage the following Web service components:

Secure Web Server Administration

The Secure Web Server (powered by Apache) is an implementation of the Apache Software Foundation's (ASF) Apache HTTP server for Tru64 UNIX. It contains a packaged, integrated, and tested version of many of the popular components of the Apache Web Server (Open-SSL, mod_ssl, PHP, fastcgi, and others) and the modules that are used with it. The Secure Web Server integrates other features beyond the core modules supplied by the ASF, including:

  • Support for Dynamic Shared Objects (DSO)

  • Support for SSL connections (https) using a DSO module

  • Support for APXS, which allows third party modules to be built against and used with an installed Secure Web Server

  • SUexec enabled in the server (additional configuration required to enable it)

  • Support for the Atalla hardware accelerator cards

In addition, all modules (except for auth_digest) are provided with the Apache code base are built in or provided as a DSO.

The Secure Web Server provides a Web-based administration interface that allows an administrator to perform common management tasks on the Web server. You access these administration pages from your Web browser, as described in Section : Accessing the Secure Web Servers.

Managing the Secure Web Server involves the following tasks:

Notes:

Only those Web servers that are installed are presented by the Administration utility. For example, if the Internet Monitor is not installed, the Administration Server will not appear. Similarly, if you do not create a public Web server instance when installing the Secure Web Server subset, the public server will not appear.

Internet Express Version 6.0 and later allows you to choose either Apache Version 1.3 or Version 2.0, or both for the public Web server. The Administration Web server continues to use Apache Version 1.3.

Accessing the Secure Web Servers

The Secure Web Server provides the following servers for managing Internet services:

  • The public Web server uses a configured instance of the Secure Web Server on Port 80, the default Web server port. The installation procedure lets you select this port for the public Web server based on Apache Version 2.0 or Apache Version 1.3. If you choose to install both Apache versions for public Web servers, you can use Port 80 for only one server instance and must select a different port for the other. You can use the Administration Web Server to toggle between servers.

  • The Administration Web Server, based on Apache Version 1.3, is installed and configured on Port 8081.

  • The SSL-enabled Secure Web Server is configured on Port 443.

  • The Internet Monitor Administration Server is installed and configured on Port 8086.

Table 7-1 summarizes the ports on which the administration accounts are installed by default, and shows the URLs for accessing these accounts. In the URLs listed, host.domain.name represents the fully qualified host name of the local system (the system on which Internet Express is installed). For information on how to allow access from a remote system when running the Secure Web Server, see the Secure Web Server Administration Guide.

Table 7-1 Internet Express Ports and URLs

Port NumberDescriptionURL
80Public Web Server listening on the default http: port (if configured)
http://host.domain.name:80/
8081Administration Web Server
http://host.domain.name:8081/
443Secure Socket Layer (SSL) Web Server
https://host.domain.name:443/
8086Internet Monitor Administration Server
http://host.domain.name:8086/

 

To access the Secure Web Servers, follow these steps:

  1. From an HTML-based Web browser, enter the URL, indicating either port 80 or 8081, as described in Table 7-1.

    The Administration Web Server is initially accessible from the local system only. For information on how to allow access from a remote system, see the Secure Web Server Administration Guide.

  2. Enter a user name and password.

    The default user name for the Web server administration account is admin. During installation, the system administrator set a password to be used for the Web server administration accounts. To change the password for ports 80 or 8081, see the Secure Web Server Administration Guide.

When you access the Web server, you are given access to privileged files and can perform system management tasks until exiting the browser. Do not leave an Administration session unattended. Limit access to the admin account to those individuals authorized to perform Internet system management tasks.

In a TruCluster Server environment, the Secure Web Server runs on all cluster members concurrently. Connections are distributed among the cluster members based on how the cluster alias has been configured. See the cluamgr(8) reference page.

Web Server Management

All Web server management operations are performed using port 8081, the Administration Web Server. All activity is recorded in the associated log files described in the Secure Web Server Administration Guide.

Management tasks available from the Secure Web Server administration menus include the following items. Steps for performing these tasks are described in the Secure Web Server Administration Guide, unless otherwise noted.

  • Change configuration parameters, including tuning parameters, access control entries, listening ports and addresses, virtual hosts, URL defaults, HTML directory aliases, CGI directory aliases, and logging and reporting parameters.

  • Manage user accounts, displaying status and viewing information for the public Web server.

  • Change configuration parameters (Section : Changing Configuration Parameters).

  • Change passwords for the Administration Web Server (Section : Changing the Password for the Administration Web Server).

  • Allow remote access to the Administration Web Server.

  • View server activity reports, access log files and error log files, and refresh these files.

  • Start and stop Web servers.

  • Change the password for the Administration Web Server.

  • Allow remote access to the Internet Monitor Administration Server (Section : Allowing Remote Access to the Internet Monitor Administration Server).

  • Use the Secure Socket Layer (SSL) with the Secure Web Server.

Changing Configuration Parameters

A configuration parameter is specified by a directive and is stored in one of the configuration files listed in Table 7-2.

Table 7-2 Configuration Files for Secure Web Servers

ServerConfiguration File
Public Web Server 1.3 (based on Apache Version 1.3)
/usr/internet/httpd/public/conf/httpd.conf
Public Web Server 2.0 (based on Apache Version 2.0)
/usr/opt/hpapache2/conf/httpd.conf
Administration Web Server
/usr/internet/httpd/admin/conf/httpd.conf
Internet Monitor Administration Server
/usr/internet/httpd/monitor_admin/conf/httpd.conf

 

You can specify the following types of configuration parameters using the Administration utility. (See the Secure Web Server Administration Guide for detailed information on specifying each configuration parameter.)

  • Server tuning parameters

  • Access control entries

  • Listening ports and addresses

  • Virtual hosts

  • URL defaults

  • HTML directory aliases

  • CGI directory aliases

  • Logging and reporting parameters

The Secure Web Server configuration files are read in the following order:

  • httpd.conf

  • srm.conf

  • access.conf

Note:

By default, the configuration files access.conf and srm.conf do not contain any directives. While they remain supported in Internet Express Version 6.4, all directives are defined in httpd.conf.

If you specify the same directive in more than one configuration file, the first directive found takes precedence.

In the tables in the following sections, a directive enclosed in angle brackets can be defined using multiple lines and must be delimited by a <directive>...</directive> pair (where directive is the directive name). The following example shows the proper syntax for a multiple-line directive:

<Limit GET POST>
order deny,allow
deny from all
allow from host1.domain.name domain2.name<
/Limit>

Through the Change Configuration Parameters menu for each server, theSecure Web Server Administration utility allows you to set many of the frequently used configuration parameters. If you want to take advantage of more specializedWeb Server functionality, you must manually edit the configuration files listed in Table 7-2. Avoid modifying the configuration parameters that are handled by the Administration utility when manually editing these files.

For a complete listing of Secure Web Server directives, visit the following Web site:

http://www.apache.org/docs/mod/directives.html

Changing the Password for the Administration Web Server

To change the password used for the Administration Web Server, follow these steps:

  1. Under Web on the Manage Components menu, choose Secure Web Server.

  2. From the Secure Web Server Administration menu, choose Change Passwords for All Administration Servers.

  3. Enter the new password in the New Password field and again in the Verify New Password field.

  4. Click on Submit.

The new password takes effect immediately.

If you decide not to change the password, cancel the operation by clicking on one of the following:

  • The Clear button at the bottom of the form

  • One of the links on the navigation bar at the top of the form to go to another Administration menu

Allowing Remote Access to the Internet Monitor Administration Server

The installation procedure installs the Internet Monitor Administration Server on port 8086, and initially allows access to the server from the local system only.

To allow access to the Internet Monitor Administration Server from remote systems, follow these steps:

  1. From the Administration utility Main menu, choose Manage Components.

  2. Under Web on the Manage Components menu, choose Secure Web Server.

  3. From the Secure Web Server Administration menu, choose Manage the Internet Monitor Administration Server.

  4. From the Manage the Internet Monitor Administration Server menu, choose Change Configuration Parameters.

  5. From the Change Internet Monitor Administration Server Configuration Parameters menu, choose Change Access Control Entries.

  6. On the Change Internet Monitor Administration Server Access Control Entries form, choose Directory /usr/internet/monitor/web from the Existing Access Control Entries list box, then click on Modify. The Modify Internet Monitor Administration Server Access Control Entry form then displays.

  7. In the Hosts Allowed Access field, enter one of the following:

    • host.domain.name for a specific host

    • .domain.name for a specific domain

    • all for any remote host

  8. Click on Submit.

  9. On the confirmation page, click on Submit to reload the Web server configuration file.

ht://Dig Search Tool Administration

The ht://Dig search tool is a complete World Wide Web index and search system for a domain or an Intranet. The tool does not replace the need for powerful Internet-wide search systems like Lycos, Infoseek, Google, and AltaVista. Rather, ht://Dig covers the search needs for a single company, campus, or subsection of a Web site. In contrast with a WAIS-based or Web server-based search engine, ht://Dig can easily span several Web servers. The type of Web server does not matter, as long as the server understands common protocols like HTTP.

Internet Express provides a version of ht://Dig in the IAEHTDIG subset, which requires the Apache Web Server subset (IAEAPCH). See the Internet Express Installation Guide for information on installing ht://Dig.

After installation, the Internet Express Installation script informs you that the search engine and indexer have been successfully installed, then instructs you to create the search index (Section : Creating the Search Index) and begin the search (Section : Searching the Index). You can perform either of these functions from the Internet Express Administration utilityTru64 UNIX or the command shell.

Creating the Search Index

Internet Express provides a link from the Manage Components menu for creating a search index using ht://Dig. Perform the following steps:

  1. From the Administration utility Main menu, choose Manage Components

  2. Under Web on the Manage Components menu, choose Ht://Dig Index and Search System. The Ht://Dig Indexing and Search Administration page is displayed (Figure 7-1).

    Figure 7-1 Ht://Dig Indexing and Search Administration Page

    Ht://Dig Indexing and Search Administration
Page

  3. To check if the Public Web Server is running, click on Start/Stop the Public Web Server which connects to the Web Server Administration page. If the Public Web Server is not running, you can start it at this time from the Web Server Administration page.

  4. Click on the htdig symlink button to enable the search function. This action makes the ht://Dig files available from the document root.

    The form refreshes with a link to the ht://Dig search page on your server (Figure 7-2).

    Figure 7-2 Link to Ht://Dig Search Index Page

    Link to Ht://Dig Search Index Page

  5. Click on the documents symlink button to enable indexing. This action makes the Internet Express documents available from your document root.

  6. To update the ht://Dig configuration file (/usr/internet/www/conf/htdig.conf) to specify a start URL or exclude URLs from the search, enter the URL information in the respective fields and click on Update Ht://Dig configuration. Figure 7-3 shows the lower part of the Ht://Dig Indexing and Search Administration page with a message that the configuration information has been updated.

    Figure 7-3 Updated Ht://Dig Configuration File Message

    Updated Ht://Dig Configuration File
Message

You can also configure the ht://Dig search index and run a search fromTru64 UNIX the command shell. After installing ht://Dig, the Internet Express installation script displays the following message, prompting you to create a search index on the server:

    To create an index of this server, review the configuration in
  /usr/internet/www/conf/htdig.conf and run /usr/internet/www/bin/rundig

For example, to configure ht://Dig to index the Internet Express documentation, follow these steps:

  1. Create a symlink to the Internet Express documentation and the ht://dig documents in /usr/internet/httpd/htdocs, as follows:

    # cd /usr/internet/httpd/htdocs
    # ln -s /usr/internet/docs/IASS documents
    # ln -s /usr/internet/www/htdocs/htdig htdig
  2. Edit the /usr/internet/www/conf/htdig.conf file and change the value of start_url“”, replacing hostname with your system's host name:

    start_url:    http://hostname/documents
    
  3. Create the search index, as follows:

    # /usr/internet/www/bin/rundig -v

Searching the Index

After creating the search index (Section : Creating the Search Index), search the index by opening the search page.

From the Ht://Dig Indexing and Search Administration page, click on the Ht://Dig Search Page link.

Alternately, from your Web browser, enter the following URL

http://hostname/htdig/search.html

“”where hostname is your system's host name.

Documentation

Documentation for ht://Dig is installed in the /usr/internet/docs/htdig/ directory and is also available at http://www.htdig.org.