Sun Java System Web Server 6.1 SP9 Administrator's Guide

Using Sun Java System Web Server Features with Virtual Servers

Sun Java System Web Server has many features, such as SSL and access control, that you can use with virtual servers. Many of these features involve configuration for all servers, for a server instance, for a class of virtual servers, or an individual virtual server. The following sections describe the features and provide information on where to look for more information.

This section includes the following topics:

Using SSL with Virtual Servers

If you want to use SSL on a virtual server, you use an IP-address-based virtual server. The customary port is 443. It is difficult to use SSL on a URL-host-based virtual server because Sun Java System Web Server must read the request before determining which URL host to send the request to. Once the server reads the request, the initial handshake, where security information is exchanged, has already happened.

The only exception is when URL-Host-based virtual servers all have the same SSL configuration, including the same server certificate, using “wildcard certificates.” For more information, see Chapter 7, Using Certificates and Keys.

One way to implement SSL with virtual servers is to have two listen sockets, one using SSL and listening to port 443, and one that is not using SSL. A user would typically access the virtual server through the non-SSL listen socket. When the need to have secure transactions arises, users could click a button on the web page to start initiating secure transactions. After that, the requests go through the secure listen socket.

Because SSL transactions are much slower than non-SSL transactions, this design limits the SSL transactions to only the ones that are necessary. Faster, non-SSL connections are used the rest of the time.

For more information on setting up and using security with your Sun Java System Web Server and virtual servers, see Chapter 7, Using Certificates and Keys . For a diagram of a sample SSL configuration with virtual servers, see Example 2: Secure Server.

Using Access Control with Virtual Servers

With virtual servers you have the ability to set up access control on a per virtual server basis. You can even configure it so that each virtual server can have user and group authentication using an LDAP database. For more information, see Controlling Access for Virtual Servers.

Using CGIs with Virtual Servers

You can use CGIs on virtual servers. There are several settings that you can configure on for access and security reasons.

For more information on setting up and using CGIs, see Installing CGI Programs.

Using Configuration Styles with Virtual Servers

Configuration styles are an easy way to apply a set of options to specific files or directories that your various virtual servers maintain. For more information on using configuration styles see Chapter 18, Applying Configuration Styles.