Contents

About This Guide

What’s In This Guide?

How This Guide Is Organized

Part I: Server Basics

Part II: Using the Administration Server

Part III: Configuring and Monitoring

Part IV: Managing Virtual Servers and Services

Part V: Appendixes

Using the Sun ONE Web Server Documentation

Documentation Conventions

Product Support

Part 1 Server Basics

Chapter 1   Introduction to Sun ONE Web Server

Sun ONE Web Server

What’s New in Sun ONE Web Server 6.1

Java Servlet 2.3 and JavaServer Pages (JSP) 1.2 Support

JDK 1.4.1_03 Support

WebDAV Support

NSAPI Filters Support

HTTP Compression Support

New Search Engine Support

Enhanced Security

JNDI Support

JDBC Support

Sun ONE Studio 5 Support

NSS 3.3.5 and NSPR 4.1.5 Support

PHP Compatibility

Enhanced Hardware Accelerator Encryption Support

Start on Boot Option

Additional Features

Administering and Managing Sun ONE Web Servers

Sun ONE Web Server Configuration

Administration Server

Server Manager

Class Manager

Virtual Server Manager

Using the Resource Picker

Wildcards Used in the Resource Picker

Chapter 2   Administering Sun ONE Web Servers

Starting the Administration Server

UNIX/Linux Platforms

Windows Platforms

Running Multiple Servers

Virtual Servers

Installing Multiple Instances of the Server

Removing a Server

Migrating a Server From a Previous Version

Part 2 Using the Administration Server

Chapter 3   Managing Users and Groups

Accessing Information About Users and Groups

About Directory Services

Types of Directory Services

Configuring a Directory Service

Understanding Distinguished Names (DNs)

Using LDIF

Creating Users

Creating a New User in an LDAP-based Authentication Database

Guidelines for Creating LDAP-based User Entries

How to Create a New User Entry

Directory Server User Entries

Creating a New User in a File-based Authentication Database

Creating a New User Entry

Creating a New User in a Digest-based Authentication Database

Managing Users

Finding User Information

Building Custom Search Queries

Editing User Information

Managing a User’s Password

Managing User Licenses

Renaming Users

Removing Users

Creating Groups

Static Groups

Guidelines for Creating Static Groups

To Create a Static Group

Dynamic Groups

How Sun ONE Web Server Implements Dynamic Groups

Groups Can Be Static and Dynamic

Dynamic Group Impact on Server Performance

Guidelines for Creating Dynamic Groups

To Create a Dynamic Group

Managing Groups

Finding Group Entries

The “Find all groups whose” Field

Editing Group Attributes

Adding Group Members

Adding Groups to the Group Members List

Removing Entries from the Group Members List

Managing Owners

Managing See Alsos

Removing Groups

Renaming Groups

Creating Organizational Units

Managing Organizational Units

Finding Organizational Units

The “Find all units whose” Field

Editing Organizational Unit Attributes

Renaming Organizational Units

Deleting Organizational Units

Chapter 4   J2EE-based Security for Web Container and Web Applications

About Sun ONE Web Server Security

Overview of ACL-based Access Control

Overview of J2EE/Servlet-based Access Control

Realm-based Security

Realm-based User Authentication

LDAP realm

File realm

Solaris realm

Certificate realm

Custom Realm

Native Realm

Role-based Authorization

Mapping Roles to Restricted Areas

Defining Access Control by Roles

How to Configure a Realm

Using the Administration Interface

Editing the server.xml File

Configuring the Native Realm

Specifying the Default Realm

Using Programmatic Security

Deciding When to Use the J2EE/Servlet Authentication Model

Chapter 5   Setting Administration Preferences

Shutting Down the Administration Server

Editing Listen Socket Settings

Changing the User Account (UNIX/Linux)

Changing the Superuser Settings

Allowing Multiple Administrators

Specifying Log File Options

Viewing Log Files

The Access Log File

The Error Log File

Archiving Log Files

Using schedulerd Control-based Log Rotation (UNIX/Linux)

Configuring Directory Services

Restricting Server Access

Chapter 6   Using Certificates and Keys

Certificate-based Authentication

Using Certificates for Authentication

Server Authentication

Client Authentication

Virtual Server Certificates

Creating a Trust Database

Creating a Trust Database

Using password.conf

Start an SSL-enabled Server Automatically

Requesting and Installing a VeriSign Certificate

Requesting a VeriSign Certificate

Installing a VeriSign Certificate

Requesting and Installing Other Server Certificates

Required CA Information

Requesting Other Server Certificates

Installing Other Server Certificates

Installing a Certificate

Migrating Certificates When You Upgrade

Using the Built-in Root Certificate Module

Managing Certificates

Installing and Managing CRLs and CKLs

Installing a CRL or CKL

Managing CRLs and CKLs

Setting Security Preferences

SSL and TLS Protocols

Using SSL to Communicate with LDAP

Enabling Security for Listen Sockets

Turning Security On

Selecting a Server Certificate for a Listen Socket

Selecting Ciphers

Configuring Security Globally

SSLSessionTimeout

SSLCacheEntries

SSL3SessionTimeout

Using External Encryption Modules

Installing the PKCS#11Module

Using modutil to Install a PKCS#11 Module

Using pk12util

Selecting the Certificate Name for a Listen Socket

FIPS-140 Standard

Setting Client Security Requirements

Requiring Client Authentication

To Require Client Authentication

Mapping Client Certificates to LDAP

Using the certmap.conf File

Creating Custom Properties

Sample Mappings

Setting Stronger Ciphers

Considering Additional Security Issues

Limit Physical Access

Limit Administration Access

Choosing Solid Passwords

Creating Hard-to-Crack Passwords

Changing Passwords or PINs

Changing Passwords

Limiting Other Applications on the Server

UNIX and Linux

Windows

Preventing Clients from Caching SSL Files

Limiting Ports

Knowing Your Server’s Limits

Making Additional Changes to Protect Servers

Specifying chroot for a Virtual Server Class

Specifying chroot for a Virtual Server

Chapter 7   Managing Server Clusters

About Clusters

Guidelines for Using Server Clusters

Setting Up a Cluster

Adding a Server to a Cluster

Modifying Server Information

Removing Servers from a Cluster

Controlling Server Clusters

Adding Variables

Part 3 Configuring, Monitoring, and Performance Tuning

Chapter 8   Configuring Server Preferences

Starting and Stopping the Server

Setting the Termination Timeout

Restarting the Server (UNIX/Linux)

Starting SSL-enabled Servers Automatically

Restarting With Inittab (UNIX/Linux)

Restarting With the System RC Scripts (UNIX/Linux)

Restarting the Server Manually (UNIX/Linux)

Stopping the Server Manually (UNIX/Linux)

Restarting the Server (Windows)

Using the Automatic Restart Utility (Windows)

Tuning Your Server for Performance

Editing the magnus.conf File

Adding and Editing Listen Sockets

Choosing MIME Types

Restricting Access

Restoring Configuration Settings

Configuring the File Cache

Adding and Using Thread Pools

The Native Thread Pool and Generic Thread Pools (Windows)

Thread Pools (UNIX/Linux)

Editing Thread Pools

Using Thread Pools

Chapter 9   Controlling Access to Your Server

What Is Access Control?

Setting Access Control for User-Group

Default Authentication

Basic Authentication

SSL Authentication

Digest Authentication

Installing the Digest Authentication Plug-in

Other Authentication

Setting Access Control for Host-IP

Using Access Control Files

Configuring the ACL User Cache

How Access Control Works

Setting Access Control

Setting Access Control Globally

Setting Access Control for a Server Instance

Selecting Access Control Options

Setting the Action

Specifying Users and Groups

Specifying the From Host

Restricting Access to Programs

Setting Access Rights

Writing Customized Expressions

Turning Off Access Control

Responding When Access is Denied

Limiting Access to Areas of Your Server

Restricting Access to the Entire Server

Restricting Access to a Directory (Path)

Restricting Access to a URI (Path)

Restricting Access to a File Type

Restricting Access Based on Time of Day

Restricting Access Based on Security

Securing Access Control With Distributed Administration

Securing Access to Resources

Securing Access to Server Instances

Enabling IP-based Access Control

Working with Dynamic Access Control Files

Using .htaccess Files

Enabling .htaccess from the User Interface

Enabling .htaccess from magnus.conf

Converting Existing .nsconfig Files to .htaccess Files

Using htaccess-register

Example of an .htaccess File

Supported .htaccess Directives

.htaccess Security Considerations

Controlling Access for Virtual Servers

Accessing Databases from Virtual Servers

Specifying LDAP Databases in the User Interface

Editing Access Control Lists for Virtual Servers

Creating ACLs For File-based Authentication

Creating an ACL for a Directory Service Based on File Authentication

Creating an ACL for a Directory Service Based on .htaccess Authentication

Migrating Existing .htaccess information to the File Authentication Database

Creating an ACL for a Directory Service Based on Digest Authentication

Chapter 10   Using Log Files

About Log Files

Logging on the UNIX and Windows Platform

Default Error Logging

Logging Using syslog

Logging Using the Windows eventlog

Log Levels

About Virtual Servers and Logging

Redirecting Application and Server Log Output

Archiving Log Files

Internal-daemon Log Rotation

Scheduler-based Log Rotation

Setting Access Log Preferences

Easy Cookie Logging

Setting Error Logging Options

For the Administration Server instance

For the Server Instance

Configuring the LOG Element

Viewing an Access Log File

Viewing the Error Log File

Running the Log Analyzer

Viewing Events (Windows)

Chapter 11   Monitoring Servers

Monitoring the Server Using Statistics

Enabling Statistics

Using Statistics

Using Quality of Service

Quality of Service Example

Setting Up Quality of Service

Required Changes to obj.conf

Known Limitations to Quality of Service

SNMP Basics

The Sun ONE Web Server MIB

Setting Up SNMP

Using a Proxy SNMP Agent (UNIX/Linux)

Installing the Proxy SNMP Agent

Starting the Proxy SNMP Agent

Restarting the Native SNMP Daemon

Reconfiguring the SNMP Native Agent

Installing the SNMP Master Agent

Enabling and Starting the SNMP Master Agent

Starting the Master Agent on Another Port

Manually Configuring the SNMP Master Agent

Editing the Master Agent CONFIG File

Defining sysContact and sysLocation Variables

Configuring the SNMP Subagent

Starting the SNMP Master Agent

Manually Starting the SNMP Master Agent

Starting the SNMP Master Agent Using the Administration Server

Configuring the SNMP Master Agent

Configuring the Community String

Configuring Trap Destinations

Enabling the Subagent

Understanding SNMP Messages

Chapter 12   Configuring Naming and Resources

Enabling and Disabling Java

Configuring JVM Settings

Configuring General Settings

Configuring Path Settings

Configuring JVM Options

Configuring the JVM Profiler

About J2EE Naming Services and Resources

JDBC Datasources

JDBC Connection Pools

Java Mail Sessions

Custom Resources

External JNDI Resources

About Java Naming and Directory Interface (JNDI)

J2EE Naming Services

Naming References and Binding Information

Naming References in J2EE Standard Deployment Descriptor

Application Environment Entries

References to Resources

Resource Environment References

Initial Naming Context

JNDI Connection Factories

Creating Java-based Resources

Creating a New JDBC Connection Pool

Using the Administration Interface

Using the Command-Line Interface

Creating a JDBC Resource

Using the Administration Interface

Using the Command Line Interface

Creating Custom Resources

Using the Administration Interface

Using the Command Line Interface

Creating External JNDI Resources

Using the Administration Interface

Using the Command Line Interface

Modifying Java-based Resources

Modifying a JDBC Connection Pool

Modifying a JDBC Resource

Modifying a Custom Resource

Modifying an External JNDI Resource

Deleting Java-based Resources

Deleting a JDBC Connection Pool

Deleting a JDBC Resource

Deleting a Custom Resource

Deleting an External JNDI Resource

Part 4 Managing Virtual Servers and Services

Chapter 13   Using Virtual Servers

Virtual Servers Overview

Multiple Server Instances

Virtual Server Classes

The obj.conf File

Virtual Servers in a Class

The Default Class

Listen Sockets

Virtual Servers

Types of Virtual Servers

IP-Address-Based Virtual Servers

URL-Host-Based Virtual Servers

Default Virtual Server

Virtual Server Selection for Request Processing

Document Root

Log Files

Migrating Virtual Servers from a Previous Release

Using Sun ONE Web Server Features with Virtual Servers

Using SSL with Virtual Servers

Using Access Control with Virtual Servers

Using CGIs with Virtual Servers

Using Configuration Styles with Virtual Servers

Using the Virtual Server User Interface

The Class Manager

The Virtual Server Manager

Using Variables

Dynamic Reconfiguration

Setting Up Virtual Servers

Creating a Listen Socket

Creating a Virtual Server Class

Editing or Deleting a Virtual Server Class

Specifying Services Associated with a Virtual Server Class

Creating a Virtual Server

Specifying Settings Associated with a Virtual Server

Allowing Users to Monitor Individual Virtual Servers

Access Control

Log Files

Deploying Virtual Servers

Example 1: Default Configuration

Example 2: Secure Server

Example 3: Intranet Hosting

Example 4: Mass Hosting

Chapter 14   Creating and Configuring Virtual Servers

Creating a Virtual Server

Editing Virtual Server Settings

Editing Using the Class Manager

Editing Virtual Server Settings

Configuring Virtual Server MIME Settings

Configuring Virtual Server ACL Settings

Configuring Virtual Server Security

Configuring Virtual Server Quality of Service Settings

Configuring Virtual Server Log Settings

Enabling Logging for a Virtual Server

Configuring Virtual Server Java Web Application Settings

Editing Using the Virtual Server Manager

Generating Reports for a Virtual Server

Choosing a Directory Service for a Virtual Server

Deleting a Virtual Server

Chapter 15   Extending Your Server With Programs

Overview of Server-Side Programs

Types of Server-Side Applications That Run on the Server

How Server-Side Applications Are Installed on the Server

Java Servlets and JavaServer Pages (JSP)

Overview of Servlets and JavaServer Pages

What the Server Needs to Run Servlets

Deploying Web Applications

Using the server.xml File

Using the Administration Server Interface

Using the Command Line Interface

Deploying Servlets and JSPs Not in Web Applications

Configuring JVM Settings

Deleting Version Files

Installing CGI Programs

Overview of CGI

Specifying a CGI Directory

Configuring Unique CGI Attributes for Each Software Virtual Server

Specifying CGI as a File Type

Downloading Executable Files

Installing Windows CGI Programs

Overview of Windows CGI Programs

Specifying a Windows CGI Directory

Specifying Windows CGI as a File Type

Installing Shell CGI Programs for Windows

Overview of Shell CGI Programs for Windows

Specifying a Shell CGI Directory (Windows)

Specifying Shell CGI as a File Type (Windows)

Using the Query Handler

Chapter 16   Content Management

Setting the Primary Document Directory

Setting Additional Document Directories

Customizing User Public Information Directories (UNIX/Linux)

Restricting Content Publication

Loading the Entire Password File on Startup

Using Configuration Styles

Enabling Remote File Manipulation

Configuring Document Preferences

Setting the Document Preferences

Entering an Index Filename

Selecting Directory Indexing

Specifying a Server Home Page

Specifying a Default MIME Type

Configuring URL Forwarding

Customizing Error Responses

Changing the Character Set

Setting the Document Footer

Using htaccess

Restricting Symbolic Links (UNIX/Linux)

Setting up Server-Parsed HTML

Setting Cache Control Directives

Using Stronger Ciphers

Configuring the Server for Content Compression

Configuring the Server to Serve Precompressed Content

Configuring the Server to Compress Content on Demand

Compression-related Changes in obj.conf

Chapter 17   Applying Configuration Styles

Creating a Configuration Style

Assigning a Configuration Style

Listing Configuration Style Assignments

Editing a Configuration Style

Removing a Configuration Style

Chapter 18   Using Search

About Search

Enabling the Search Application for a Virtual Server

Disabling the Search Application for a Virtual Server

About Search Collections

Creating a Collection

Configuring a Collection

Updating a Collection

Removing a Collection

Maintaining a Collection

Reindexing a Collection

Adding Scheduled Collection Maintenance

Editing Scheduled Collection Maintenance

Removing Scheduled Collection Maintenance

Performing a Search

The Search Page

Making a Query

Advanced Search

Viewing Search Results

Customizing Search Pages

Search Interface Components

Header

Footer

Form

Results

Customizing the Search Query Page

In a horizontal bar

In a Sidebar Block

Customizing the Search Results Page

Customizing Form and Results in Separate Pages

Tag Conventions

Tag Specifications

Chapter 19   Web Publishing with WebDAV

About WebDAV

Common WebDAV Terminology

Using WebDAV

Enabling WebDAV

Enabling WebDAV for the Server Instance

Enabling WebDAV for a Virtual Server Class

Enabling WebDAV for a Collection

Creating a WebDAV Collection

Editing a WebDAV Collection

Configuring WebDAV

Configuring WebDAV at the Virtual Server Level

Configuring WebDAV at the URI Level

Using Source URI and Translate:f Header on a WebDAV-Enabled Server

Locking and Unlocking Resources

Exclusive Locks

Shared Locks

Lock Management

Minimum Lock Timeout

Example of a Lock Request

Enabling Access Control for WebDAV

Restricting Access on WebDAV-Enabled Resources

Security Considerations

Part 5 Appendixes

Appendix A   Command Line Utilities

HttpServerAdmin (Virtual Server Administration)

HttpServerAdmin Syntax

control Command

Options

Syntax

Parameters

Examples

create Command

Options

Create Virtual Server Class

Create Listen Socket

Create Virtual Server

Create JDBC Connection Pool

Syntax

Options

Example

Create JDBC Resource

Syntax

Options

Example

Create Custom Resource

Syntax

Options

Example

Create External JNDI Resource

Syntax

Options

Example

Create Mail Resource

Syntax

Options

Example

delete Command

Options

Delete Class

Delete Listen Socket

Delete Virtual Server

Delete JDBC Connection Pool

Delete JNDI Resource

list Command

Syntax

Options

Example

Appendix B   Hypertext Transfer Protocol

About Hypertext Transfer Protocol (HTTP)

Requests

Request Method

Request Header

Request Data

Responses

Status Code

Response Header

Response Data

Appendix C   ACL File Syntax

ACL File Syntax

Authentication Methods

Authorization Statements

Hierarchy of Authorization Statements

Attribute Expressions

Operators For Expressions

The Default ACL File

General Syntax Items

Referencing ACL Files in obj.conf

Appendix D   Support for Internationalization and Localization

Entering Multibyte Data

File or Directory Names

LDAP Users and Groups

Support for Multiple Character Encodings

WebDAV

Search

Language Preferences

Configuring the Server to Serve Localized Content

Glossary

Index

Previous      Contents      Index      Next

---

Copyright 2003 Sun Microsystems, Inc. All rights reserved.