Sun ONE logo      Previous      Contents      Index      Next     

Sun ONE Web Server 6.1 Administrator's Guide


About This Guide
What’s In This Guide?
How This Guide Is Organized
Part I: Server Basics
Part II: Using the Administration Server
Part III: Configuring and Monitoring
Part IV: Managing Virtual Servers and Services
Part V: Appendixes
Using the Sun ONE Web Server Documentation
Documentation Conventions
Product Support

Part 1 Server Basics

Chapter 1   Introduction to Sun ONE Web Server
Sun ONE Web Server
What’s New in Sun ONE Web Server 6.1
Java Servlet 2.3 and JavaServer Pages (JSP) 1.2 Support
JDK 1.4.1_03 Support
WebDAV Support
NSAPI Filters Support
HTTP Compression Support
New Search Engine Support
Enhanced Security
JNDI Support
JDBC Support
Sun ONE Studio 5 Support
NSS 3.3.5 and NSPR 4.1.5 Support
PHP Compatibility
Enhanced Hardware Accelerator Encryption Support
Start on Boot Option
Additional Features
Administering and Managing Sun ONE Web Servers
Sun ONE Web Server Configuration
Administration Server
Server Manager
Class Manager
Virtual Server Manager
Using the Resource Picker
Wildcards Used in the Resource Picker

Chapter 2   Administering Sun ONE Web Servers
Starting the Administration Server
UNIX/Linux Platforms
Windows Platforms
Running Multiple Servers
Virtual Servers
Installing Multiple Instances of the Server
Removing a Server
Migrating a Server From a Previous Version

Part 2 Using the Administration Server

Chapter 3   Managing Users and Groups
Accessing Information About Users and Groups
About Directory Services
Types of Directory Services
Configuring a Directory Service
Understanding Distinguished Names (DNs)
Using LDIF
Creating Users
Creating a New User in an LDAP-based Authentication Database
Guidelines for Creating LDAP-based User Entries
How to Create a New User Entry
Directory Server User Entries
Creating a New User in a File-based Authentication Database
Creating a New User Entry
Creating a New User in a Digest-based Authentication Database
Managing Users
Finding User Information
Building Custom Search Queries
Editing User Information
Managing a User’s Password
Managing User Licenses
Renaming Users
Removing Users
Creating Groups
Static Groups
Guidelines for Creating Static Groups
To Create a Static Group
Dynamic Groups
How Sun ONE Web Server Implements Dynamic Groups
Groups Can Be Static and Dynamic
Dynamic Group Impact on Server Performance
Guidelines for Creating Dynamic Groups
To Create a Dynamic Group
Managing Groups
Finding Group Entries
The “Find all groups whose” Field
Editing Group Attributes
Adding Group Members
Adding Groups to the Group Members List
Removing Entries from the Group Members List
Managing Owners
Managing See Alsos
Removing Groups
Renaming Groups
Creating Organizational Units
Managing Organizational Units
Finding Organizational Units
The “Find all units whose” Field
Editing Organizational Unit Attributes
Renaming Organizational Units
Deleting Organizational Units

Chapter 4   J2EE-based Security for Web Container and Web Applications
About Sun ONE Web Server Security
Overview of ACL-based Access Control
Overview of J2EE/Servlet-based Access Control
Realm-based Security
Realm-based User Authentication
LDAP realm
File realm
Solaris realm
Certificate realm
Custom Realm
Native Realm
Role-based Authorization
Mapping Roles to Restricted Areas
Defining Access Control by Roles
How to Configure a Realm
Using the Administration Interface
Editing the server.xml File
Configuring the Native Realm
Specifying the Default Realm
Using Programmatic Security
Deciding When to Use the J2EE/Servlet Authentication Model

Chapter 5   Setting Administration Preferences
Shutting Down the Administration Server
Editing Listen Socket Settings
Changing the User Account (UNIX/Linux)
Changing the Superuser Settings
Allowing Multiple Administrators
Specifying Log File Options
Viewing Log Files
The Access Log File
The Error Log File
Archiving Log Files
Using schedulerd Control-based Log Rotation (UNIX/Linux)
Configuring Directory Services
Restricting Server Access

Chapter 6   Using Certificates and Keys
Certificate-based Authentication
Using Certificates for Authentication
Server Authentication
Client Authentication
Virtual Server Certificates
Creating a Trust Database
Creating a Trust Database
Using password.conf
Start an SSL-enabled Server Automatically
Requesting and Installing a VeriSign Certificate
Requesting a VeriSign Certificate
Installing a VeriSign Certificate
Requesting and Installing Other Server Certificates
Required CA Information
Requesting Other Server Certificates
Installing Other Server Certificates
Installing a Certificate
Migrating Certificates When You Upgrade
Using the Built-in Root Certificate Module
Managing Certificates
Installing and Managing CRLs and CKLs
Installing a CRL or CKL
Managing CRLs and CKLs
Setting Security Preferences
SSL and TLS Protocols
Using SSL to Communicate with LDAP
Enabling Security for Listen Sockets
Turning Security On
Selecting a Server Certificate for a Listen Socket
Selecting Ciphers
Configuring Security Globally
Using External Encryption Modules
Installing the PKCS#11Module
Using modutil to Install a PKCS#11 Module
Using pk12util
Selecting the Certificate Name for a Listen Socket
FIPS-140 Standard
Setting Client Security Requirements
Requiring Client Authentication
To Require Client Authentication
Mapping Client Certificates to LDAP
Using the certmap.conf File
Creating Custom Properties
Sample Mappings
Setting Stronger Ciphers
Considering Additional Security Issues
Limit Physical Access
Limit Administration Access
Choosing Solid Passwords
Creating Hard-to-Crack Passwords
Changing Passwords or PINs
Changing Passwords
Limiting Other Applications on the Server
UNIX and Linux
Preventing Clients from Caching SSL Files
Limiting Ports
Knowing Your Server’s Limits
Making Additional Changes to Protect Servers
Specifying chroot for a Virtual Server Class
Specifying chroot for a Virtual Server

Chapter 7   Managing Server Clusters
About Clusters
Guidelines for Using Server Clusters
Setting Up a Cluster
Adding a Server to a Cluster
Modifying Server Information
Removing Servers from a Cluster
Controlling Server Clusters
Adding Variables

Part 3 Configuring, Monitoring, and Performance Tuning

Chapter 8   Configuring Server Preferences
Starting and Stopping the Server
Setting the Termination Timeout
Restarting the Server (UNIX/Linux)
Starting SSL-enabled Servers Automatically
Restarting With Inittab (UNIX/Linux)
Restarting With the System RC Scripts (UNIX/Linux)
Restarting the Server Manually (UNIX/Linux)
Stopping the Server Manually (UNIX/Linux)
Restarting the Server (Windows)
Using the Automatic Restart Utility (Windows)
Tuning Your Server for Performance
Editing the magnus.conf File
Adding and Editing Listen Sockets
Choosing MIME Types
Restricting Access
Restoring Configuration Settings
Configuring the File Cache
Adding and Using Thread Pools
The Native Thread Pool and Generic Thread Pools (Windows)
Thread Pools (UNIX/Linux)
Editing Thread Pools
Using Thread Pools

Chapter 9   Controlling Access to Your Server
What Is Access Control?
Setting Access Control for User-Group
Default Authentication
Basic Authentication
SSL Authentication
Digest Authentication
Installing the Digest Authentication Plug-in
Other Authentication
Setting Access Control for Host-IP
Using Access Control Files
Configuring the ACL User Cache
How Access Control Works
Setting Access Control
Setting Access Control Globally
Setting Access Control for a Server Instance
Selecting Access Control Options
Setting the Action
Specifying Users and Groups
Specifying the From Host
Restricting Access to Programs
Setting Access Rights
Writing Customized Expressions
Turning Off Access Control
Responding When Access is Denied
Limiting Access to Areas of Your Server
Restricting Access to the Entire Server
Restricting Access to a Directory (Path)
Restricting Access to a URI (Path)
Restricting Access to a File Type
Restricting Access Based on Time of Day
Restricting Access Based on Security
Securing Access Control With Distributed Administration
Securing Access to Resources
Securing Access to Server Instances
Enabling IP-based Access Control
Working with Dynamic Access Control Files
Using .htaccess Files
Enabling .htaccess from the User Interface
Enabling .htaccess from magnus.conf
Converting Existing .nsconfig Files to .htaccess Files
Using htaccess-register
Example of an .htaccess File
Supported .htaccess Directives
.htaccess Security Considerations
Controlling Access for Virtual Servers
Accessing Databases from Virtual Servers
Specifying LDAP Databases in the User Interface
Editing Access Control Lists for Virtual Servers
Creating ACLs For File-based Authentication
Creating an ACL for a Directory Service Based on File Authentication
Creating an ACL for a Directory Service Based on .htaccess Authentication
Migrating Existing .htaccess information to the File Authentication Database
Creating an ACL for a Directory Service Based on Digest Authentication

Chapter 10   Using Log Files
About Log Files
Logging on the UNIX and Windows Platform
Default Error Logging
Logging Using syslog
Logging Using the Windows eventlog
Log Levels
About Virtual Servers and Logging
Redirecting Application and Server Log Output
Archiving Log Files
Internal-daemon Log Rotation
Scheduler-based Log Rotation
Setting Access Log Preferences
Easy Cookie Logging
Setting Error Logging Options
For the Administration Server instance
For the Server Instance
Configuring the LOG Element
Viewing an Access Log File
Viewing the Error Log File
Running the Log Analyzer
Viewing Events (Windows)

Chapter 11   Monitoring Servers
Monitoring the Server Using Statistics
Enabling Statistics
Using Statistics
Using Quality of Service
Quality of Service Example
Setting Up Quality of Service
Required Changes to obj.conf
Known Limitations to Quality of Service
SNMP Basics
The Sun ONE Web Server MIB
Setting Up SNMP
Using a Proxy SNMP Agent (UNIX/Linux)
Installing the Proxy SNMP Agent
Starting the Proxy SNMP Agent
Restarting the Native SNMP Daemon
Reconfiguring the SNMP Native Agent
Installing the SNMP Master Agent
Enabling and Starting the SNMP Master Agent
Starting the Master Agent on Another Port
Manually Configuring the SNMP Master Agent
Editing the Master Agent CONFIG File
Defining sysContact and sysLocation Variables
Configuring the SNMP Subagent
Starting the SNMP Master Agent
Manually Starting the SNMP Master Agent
Starting the SNMP Master Agent Using the Administration Server
Configuring the SNMP Master Agent
Configuring the Community String
Configuring Trap Destinations
Enabling the Subagent
Understanding SNMP Messages

Chapter 12   Configuring Naming and Resources
Enabling and Disabling Java
Configuring JVM Settings
Configuring General Settings
Configuring Path Settings
Configuring JVM Options
Configuring the JVM Profiler
About J2EE Naming Services and Resources
JDBC Datasources
JDBC Connection Pools
Java Mail Sessions
Custom Resources
External JNDI Resources
About Java Naming and Directory Interface (JNDI)
J2EE Naming Services
Naming References and Binding Information
Naming References in J2EE Standard Deployment Descriptor
Application Environment Entries
References to Resources
Resource Environment References
Initial Naming Context
JNDI Connection Factories
Creating Java-based Resources
Creating a New JDBC Connection Pool
Using the Administration Interface
Using the Command-Line Interface
Creating a JDBC Resource
Using the Administration Interface
Using the Command Line Interface
Creating Custom Resources
Using the Administration Interface
Using the Command Line Interface
Creating External JNDI Resources
Using the Administration Interface
Using the Command Line Interface
Modifying Java-based Resources
Modifying a JDBC Connection Pool
Modifying a JDBC Resource
Modifying a Custom Resource
Modifying an External JNDI Resource
Deleting Java-based Resources
Deleting a JDBC Connection Pool
Deleting a JDBC Resource
Deleting a Custom Resource
Deleting an External JNDI Resource

Part 4 Managing Virtual Servers and Services

Chapter 13   Using Virtual Servers
Virtual Servers Overview
Multiple Server Instances
Virtual Server Classes
The obj.conf File
Virtual Servers in a Class
The Default Class
Listen Sockets
Virtual Servers
Types of Virtual Servers
IP-Address-Based Virtual Servers
URL-Host-Based Virtual Servers
Default Virtual Server
Virtual Server Selection for Request Processing
Document Root
Log Files
Migrating Virtual Servers from a Previous Release
Using Sun ONE Web Server Features with Virtual Servers
Using SSL with Virtual Servers
Using Access Control with Virtual Servers
Using CGIs with Virtual Servers
Using Configuration Styles with Virtual Servers
Using the Virtual Server User Interface
The Class Manager
The Virtual Server Manager
Using Variables
Dynamic Reconfiguration
Setting Up Virtual Servers
Creating a Listen Socket
Creating a Virtual Server Class
Editing or Deleting a Virtual Server Class
Specifying Services Associated with a Virtual Server Class
Creating a Virtual Server
Specifying Settings Associated with a Virtual Server
Allowing Users to Monitor Individual Virtual Servers
Access Control
Log Files
Deploying Virtual Servers
Example 1: Default Configuration
Example 2: Secure Server
Example 3: Intranet Hosting
Example 4: Mass Hosting

Chapter 14   Creating and Configuring Virtual Servers
Creating a Virtual Server
Editing Virtual Server Settings
Editing Using the Class Manager
Editing Virtual Server Settings
Configuring Virtual Server MIME Settings
Configuring Virtual Server ACL Settings
Configuring Virtual Server Security
Configuring Virtual Server Quality of Service Settings
Configuring Virtual Server Log Settings
Enabling Logging for a Virtual Server
Configuring Virtual Server Java Web Application Settings
Editing Using the Virtual Server Manager
Generating Reports for a Virtual Server
Choosing a Directory Service for a Virtual Server
Deleting a Virtual Server

Chapter 15   Extending Your Server With Programs
Overview of Server-Side Programs
Types of Server-Side Applications That Run on the Server
How Server-Side Applications Are Installed on the Server
Java Servlets and JavaServer Pages (JSP)
Overview of Servlets and JavaServer Pages
What the Server Needs to Run Servlets
Deploying Web Applications
Using the server.xml File
Using the Administration Server Interface
Using the Command Line Interface
Deploying Servlets and JSPs Not in Web Applications
Configuring JVM Settings
Deleting Version Files
Installing CGI Programs
Overview of CGI
Specifying a CGI Directory
Configuring Unique CGI Attributes for Each Software Virtual Server
Specifying CGI as a File Type
Downloading Executable Files
Installing Windows CGI Programs
Overview of Windows CGI Programs
Specifying a Windows CGI Directory
Specifying Windows CGI as a File Type
Installing Shell CGI Programs for Windows
Overview of Shell CGI Programs for Windows
Specifying a Shell CGI Directory (Windows)
Specifying Shell CGI as a File Type (Windows)
Using the Query Handler

Chapter 16   Content Management
Setting the Primary Document Directory
Setting Additional Document Directories
Customizing User Public Information Directories (UNIX/Linux)
Restricting Content Publication
Loading the Entire Password File on Startup
Using Configuration Styles
Enabling Remote File Manipulation
Configuring Document Preferences
Setting the Document Preferences
Entering an Index Filename
Selecting Directory Indexing
Specifying a Server Home Page
Specifying a Default MIME Type
Configuring URL Forwarding
Customizing Error Responses
Changing the Character Set
Setting the Document Footer
Using htaccess
Restricting Symbolic Links (UNIX/Linux)
Setting up Server-Parsed HTML
Setting Cache Control Directives
Using Stronger Ciphers
Configuring the Server for Content Compression
Configuring the Server to Serve Precompressed Content
Configuring the Server to Compress Content on Demand
Compression-related Changes in obj.conf

Chapter 17   Applying Configuration Styles
Creating a Configuration Style
Assigning a Configuration Style
Listing Configuration Style Assignments
Editing a Configuration Style
Removing a Configuration Style

Chapter 18   Using Search
About Search
Enabling the Search Application for a Virtual Server
Disabling the Search Application for a Virtual Server
About Search Collections
Creating a Collection
Configuring a Collection
Updating a Collection
Removing a Collection
Maintaining a Collection
Reindexing a Collection
Adding Scheduled Collection Maintenance
Editing Scheduled Collection Maintenance
Removing Scheduled Collection Maintenance
Performing a Search
The Search Page
Making a Query
Advanced Search
Viewing Search Results
Customizing Search Pages
Search Interface Components
Customizing the Search Query Page
In a horizontal bar
In a Sidebar Block
Customizing the Search Results Page
Customizing Form and Results in Separate Pages
Tag Conventions
Tag Specifications

Chapter 19   Web Publishing with WebDAV
About WebDAV
Common WebDAV Terminology
Using WebDAV
Enabling WebDAV
Enabling WebDAV for the Server Instance
Enabling WebDAV for a Virtual Server Class
Enabling WebDAV for a Collection
Creating a WebDAV Collection
Editing a WebDAV Collection
Configuring WebDAV
Configuring WebDAV at the Virtual Server Level
Configuring WebDAV at the URI Level
Using Source URI and Translate:f Header on a WebDAV-Enabled Server
Locking and Unlocking Resources
Exclusive Locks
Shared Locks
Lock Management
Minimum Lock Timeout
Example of a Lock Request
Enabling Access Control for WebDAV
Restricting Access on WebDAV-Enabled Resources
Security Considerations

Part 5 Appendixes

Appendix A   Command Line Utilities
HttpServerAdmin (Virtual Server Administration)
HttpServerAdmin Syntax
control Command
create Command
Create Virtual Server Class
Create Listen Socket
Create Virtual Server
Create JDBC Connection Pool
Create JDBC Resource
Create Custom Resource
Create External JNDI Resource
Create Mail Resource
delete Command
Delete Class
Delete Listen Socket
Delete Virtual Server
Delete JDBC Connection Pool
Delete JNDI Resource
list Command

Appendix B   Hypertext Transfer Protocol
About Hypertext Transfer Protocol (HTTP)
Request Method
Request Header
Request Data
Status Code
Response Header
Response Data

Appendix C   ACL File Syntax
ACL File Syntax
Authentication Methods
Authorization Statements
Hierarchy of Authorization Statements
Attribute Expressions
Operators For Expressions
The Default ACL File
General Syntax Items
Referencing ACL Files in obj.conf

Appendix D   Support for Internationalization and Localization
Entering Multibyte Data
File or Directory Names
LDAP Users and Groups
Support for Multiple Character Encodings
Language Preferences
Configuring the Server to Serve Localized Content



Previous      Contents      Index      Next     

Copyright 2003 Sun Microsystems, Inc. All rights reserved.