The Listener elements are as follows:
Defines an HTTP listen socket.
When you create a secure listen socket through the Server Manager, security is automatically turned on globally in magnus.conf. When you create a secure listen socket manually in server.xml, security must be turned on by editing magnus.conf.
The following table describes subelements for the LS element.
Table 2–12 LS subelements
Element |
Required |
Description |
---|---|---|
zero or one |
Contains a text description of the listen socket. |
|
zero or one |
Defines Secure Socket Layer (SSL) parameters. |
The following table describes attributes for the LS element.
Table 2–13 LS attributes
Attribute |
Default |
Description |
---|---|---|
none |
(optional) The socket family type. A socket family type cannot begin with a number. When you create a secure listen socket in the server.xml file, security must be turned on in magnus.conf. When you create a secure listen socket in the Server Manager, security is automatically turned on globally in magnus.conf. |
|
any |
Specifies the IP address of the listen socket. Can be in dotted-pair or IPv6 notation. Can also be any for INADDR_ANY. |
|
port |
none |
Port number to create the listen socket on. Legal values are 1 - 65535. On UNIX, creating sockets that listen on ports 1 - 1024 requires superuser privileges. Configuring an SSL listen socket to listen on port 443 is recommended. Two different IP addresses can’t use the same port. |
security |
false |
(optional) Determines whether the listen socket runs SSL. Legal values are on, off, yes, no, 1, 0, true, false. You can turn SSL2 or SSL3 on or off and set ciphers using an SSLPARAMS subelement for this listen socket. The Security setting in the magnus.conf file globally enables or disables SSL by making certificates available to the server instance. Therefore, Security in magnus.conf must be on or security in server.xml does not work. For more information, see Chapter 3, Syntax and Use of magnus.conf. |
acceptorthreads |
1 |
(optional) Number of acceptor threads for the listener. The recommended value is the number of processors in the machine. Legal values are 1 - 1024. |
family |
none |
(optional) The socket family type. Legal values are inet, inet6, and nca. Use the value inet6 for IPv6 listen sockets. When using the value of inet6, IPv4 addresses will be prefixed with ::ffff: in the log file. Specify nca to make use of the Solaris Network Cache and Accelerator. |
blocking |
false |
(optional) Determines whether the listen socket and the accepted socket are put in to blocking mode. Use of blocking mode may improve benchmark scores. Legal values are on, off, yes, no, 1, 0, true, false. |
servername |
none |
Tells the server what to put in the host name section of any URLs it sends to the client. This affects URLs the server automatically generates; it doesn’t affect the URLs for directories and files stored in the server. This name should be the alias name if your server uses an alias. If you append a colon and port number, that port will be used in URLs the server sends to the client. |
Defines SSL (Secure Socket Layer) parameters.
none
The following table describes attributes for the SSLPARAMS element.
Table 2–14 SSLPARAMS attributes
Attribute |
Default |
Description |
---|---|---|
Server-Cert |
The nickname of the server certificate in the certificate database or the PKCS#11 token. In the certificate, the name format is tokenname:nickname. Including the tokenname: part of the name in this attribute is optional. |
|
false |
(optional) Determines whether SSL2 is enabled. Legal values are on, off, yes, no, 1, 0, true, and false. If both SSL2 and SSL3 are enabled for a virtual server, the server tries SSL3 encryption first. If that fails, the server tries SSL2 encryption. |
|
none |
(optional) A space-separated list of the SSL2 ciphers used, with the prefix + to enable or - to disable, for example +rc4. Allowed values are rc4, rc4export, rc2, rc2export, idea, des, desede3. |
|
true |
(optional) Determines whether SSL3 is enabled. Legal values are on, off, yes, no, 1, 0, true and false. If both SSL2 and SSL3 are enabled for a virtual server, the server tries SSL3 encryption first. If that fails, the server tries SSL2 encryption. |
|
none |
(optional) A space-separated list of the SSL3 ciphers used, with the prefix + to enable or - to disable, for example +rsa_des_sha. Allowed SSL3 values are rsa_rc4_128_md5, rsa_3des_sha, rsa_des_sha, rsa_rc4_40_md5, rsa_rc2_40_md5, rsa_null_md5. Allowed TLS values are rsa_des_56_sha, rsa_rc4_56_sha. |
|
true |
(optional) Determines whether TLS is enabled. Legal values are on, off, yes, no, 1, 0, true, and false. |
|
true |
(optional) Determines whether TLS rollback is enabled. Legal values are on, off, yes, no, 1, 0, true, and false. TLS rollback should be enabled for Microsoft Internet Explorer 5.0 and 5.5. |
|
false |
(optional) Determines whether SSL3 client authentication is performed on every request, independent of ACL-based access control. Legal values are on, off, yes, no, 1, 0, true, and false. |
Defines MIME types.
The most common way that the server determines the MIME type of a requested resource is by invoking the type-by-extension directive in the ObjectType section of the obj.conf file. The type-by-extension function does not work if no MIME element has been defined in the SERVER element.
The following table describes attributes for the MIME element.
Table 2–15 MIME attributes
Attribute |
Default |
Description |
---|---|---|
id |
none |
Internal name for the MIME types listing. The MIME types name cannot begin with a number. |
file |
none |
The name of a MIME types file. For more information, see Chapter 6, MIME Types. |
Defines the type of the requested resource.
none
The following table describes attributes for the TYPE element.
Table 2–16 TYPE attributes
Attribute |
Default |
Description |
---|---|---|
type |
none |
Defines the type of the requested resource. |
language |
none |
Defines the content language. |
encoding |
none |
Defines the content-encoding. |
extensions |
none |
Defines the file extensions associated with the specified resource. |
References one ACL file.
The following table describes subelements for the ACLFILE element.
Table 2–17 ACLFILE subelements
Element |
Required |
Description |
---|---|---|
zero or one |
Contains a text description of the ACLFILE element. |
The following table describes attributes for the ACLFILE element.
Table 2–18 ACLFILE attributes
Attribute |
Default |
Description |
---|---|---|
id |
none |
Internal name for the ACL file listing. An ACL file listing name cannot begin with a number. |
file |
none |
A space-separated list of ACL files. Each ACL file must have a unique name. For information about the format of an ACL file, see the Sun Java System Web Proxy Server 4.0.2Administration Guide. The name of the default ACL file is generated.https-server_id.acl, and the file resides in the server_root/server_id/httpacl directory. To use this file, you must reference it in server.xml. |
Defines the user database used by the server.
The following table describes subelements for the USERDB element.
Table 2–19 USERDB subelements
Element |
Required |
Description |
---|---|---|
zero or one |
Contains a text description of this element. |
The following table describes attributes for the USERDB element.
Table 2–20 USERDB attributes
Attribute |
Default |
Description |
---|---|---|
id |
none |
The user database name in the server’s ACL file. A user database name cannot begin with a number. |
database |
none |
The user database name in the dbswitch.conf file. |
basedn |
none |
(optional) Overrides the base DN lookup in the dbswitch.conf file. However, the basedn value is still relative to the base DN value from the dbswitch.conf entry. |
certmaps |
none |
(optional) Specifies which certificate mapped to LDAP entry mappings (defined in certmap.conf) to use. If not present, all mappings are used. All lookups based on mappings in certmap.conf are relative to the final base DN of the server. |