Allowing Users to Monitor Individual Virtual Servers

A special user interface exists for the administrators of individual virtual servers that allows them to view settings for their virtual servers and to view their access and error logs. For example, if you have an intranet with three virtual servers for three different departments, each department can view their settings and log files individually.

For security reasons, this administration user interface is on a separate port from either the administration server port or the web server instance port.

This user interface runs on a virtual server within the administration server. This virtual server is set up by default and is called useradmin. You must set up a listen socket in the administration server that is separate from the listen socket the administration server runs on, so that people can access the virtual server administration user interface without having access to your administration server port.

The following figure, Allowing Users to Monitor Individual Virtual Servers, shows the administrators of individual virtual servers accessing the useradmin virtual server in order to access the information for their virtual servers.

Figure 13–1 Configuring Virtual Server Administrator’s User Interface

When you turn on a virtual server, if you edit certain settings in the Administration Server’s /config/server.xml file, users can administer it, through the following URL:

server_name:port/user-app/server_instance/virtual_server_ID

For example:

sun:9999/user-app/sun/vs2

The server instance doesn’t include the “https” portion of the server instance name.

To determine the virtual server ID, look up the server.xml file of the server instance.

The following figure shows the user interface that the end users see:

Figure 13–2 Virtual Server Administration user interface

After you install Sun Java System Web Server 6.1, you will find that the server_root/https-admserv/config/server.xml file contains certain commented-out entries that create:

• a default listen socket for a virtual server called useradmin.

• a virtual server class for the virtual server.

To set up useradmin, all you need to do is to uncomment these entries.

To configure your server to use this feature

1. Create a new listen socket that runs a port separate from the port that the administration server uses.

   For example, if your administration server runs on port 8888, this new listen socket must have a different port number. Using a different listen socket helps safeguard your administration server.

   For security reasons, you cannot add this listen socket through the user interface. Instead, you add it in the administration server’s server.xml file.

2. Open the administration server’s server.xml file, found at server_root/https-admserv/config/server.xml.

3. Uncomment the commented lines containing default values for the LS, VSCLASS, and VS elements. Example:

   <!--
   <LS id="ls2" port="9999" servername="plaza" 
   defaultvs="useradmin">
   -->
   <!--
   <VSCLASS id="userclass" objectfile="userclass.obj.conf">
       <VS id="useradmin" connections="ls2" mime="mime1" 
   aclids="acl1"  urlhosts="plaza">
           <PROPERTY name="docroot" value="/export1/wsinst/docs">
           <USERDB id="default">
           <WEBAPP uri="/user-app" 
   path="/export1/wsinst/bin/https/webapps/user-app">
       </VS>
   </VSCLASS>
   -->

   This action will enable useradmin, created on a separate port for security reasons.

4. Save your changes to server.xml.

5. Apply the changes by restarting the Administration Server.

6. For any virtual server in any server instance, you should now be able to access the administrator UI by using the following URL:

   server_name:port/user-app/server_instance/virtual_server_ID

   For example:

   plaza:9999/user-app/plaza/https-plaza

Access Control

To protect the virtual server administration from unauthorized users, you can set up ACLs. Because the URI for each virtual server is unique, you can set access so that only the correct administrator can access the settings for a virtual server.

For more information, see Chapter 10, Controlling Access to Your Server.”

Log Files

Each virtual server can have its own log files. By default, all virtual servers share the log file of the server instance. If you allow users to view their log files, in most cases you should change the log file settings so that each virtual server has its own access and error log.

For more information, see Configuring Virtual Server Log Settings.