test

Sun Java System Application Server Platform Edition 8.2 Administration Guide

Chapter 12 Configuring the HTTP Service

This chapter describes how to configure virtual servers and HTTP listeners for the HTTP service component of the Application Server.

About the HTTP Service

What Is the HTTP Service?

The HTTP service is the component of the Application Server that provides facilities for deploying web applications and for making deployed web applications accessible by HTTP clients. (See To deploy a web application.) These facilities are provided by means of two kinds of related objects, virtual servers and HTTP listeners.

Virtual Servers

A virtual server, sometimes called a virtual host, is an object that allows the same physical server to host multiple Internet domain names. All virtual servers hosted on the same physical server share the Internet Protocol (IP) address of that physical server. A virtual server associates a domain name for a server (such as www.aaa.com) with the particular server on which the Application Server is running.

Note –

Do not confuse an Internet domain with the administrative domain of the Application Server.

For instance, assume you want to host these domains on your physical server:

www.aaa.com
www.bbb.com
www.ccc.com

Assume also that www.aaa.com, www.bbb.com, and www.ccc.com have web modules web1, web2, and web3, respectively, associated with them.

This means that all of these URLs are handled by your physical server:

http://www.aaa.com:8080/web1
http://www.bbb.com:8080/web2
http://www.ccc.com:8080/web3

The first URL is mapped to virtual host www.aaa.com, the second URL is mapped to virtual host www.bbb.com, and the third is mapped to virtual host www.ccc.com.

On the other hand, the following URL results in a 404 return code, because web3 isn’t registered with www.bbb.com:

http://www.bbb.com:8080/web3

For this mapping to work, make sure that www.aaa.com, www.bbb.com, and www.ccc.com all resolve to your physical server’s IP address. They need to be registered with the DNS server for your network. In addition, on a UNIX system, add these domains to your /etc/hosts file (if the setting for hosts in your /etc/nsswitch.conf file includes files).

When the Application Server is started, it starts the following virtual servers automatically:

For development, testing, and deployment of web services in a non-production environment, server is often the only virtual server required. In a production environment, additional virtual servers provide hosting facilities for users and customers so that each appears to have its own web server, even though there is only one physical server.

HTTP Listeners

Each virtual server provides connections between the server and clients through one or more HTTP listeners. Each HTTP listener is a listen socket that has an IP address, a port number, a server name, and a default virtual server.

HTTP listeners must have a unique combination of port number and IP address. For example, an HTTP listener can listen on all configured IP addresses on a given port for a machine by specifying the IP address 0.0.0.0. Alternatively, the HTTP listener can specify a unique IP address for each listener, but use the same port.

Since an HTTP listener is a combination of IP address and port number, you can have multiple HTTP listeners with the same IP address and different port numbers (for example, 1.1.1.1:8081 and 1.1.1.1:8082), or with different IP addresses and the same port number (for example, 1.1.1.1:8081 and 1.2.3.4:8081, if your machine was configured to respond to both these addresses).

However, if an HTTP listener uses the 0.0.0.0 IP address, which listens on all IP addresses on a port, you cannot create HTTP listeners for additional IP addresses that listen on the same port for a specific IP address. For example, if an HTTP listener uses 0.0.0.0:8080 (all IP addresses on port 8080), another HTTP listener cannot use 1.2.3.4:8080.

Because the system running the Application Server typically has access to only one IP address, HTTP listeners typically use the 0.0.0.0 IP address and different port numbers, with each port number serving a different purpose. If the system does have access to more than one IP address, each address can serve a different purpose.

By default, when the Application Server starts, it has the following HTTP listeners:

All these listeners use the IP address 0.0.0.0 and the port numbers specified as the HTTP server port numbers during installation of the Application Server. If the Application Server uses the default port number values, http-listener-1 uses port 8080, http-listener-2 uses port 8181, and admin-listener uses port 4848.

Each HTTP listener has a default virtual server. The default virtual server is the server to which the HTTP listener routes all request URLs whose host component does not match any of the virtual servers that are associated with the HTTP listener (a virtual server is associated with an HTTP listener by listing the HTTP listener in its http-listeners attribute).

In addition, specify the number of acceptor threads in the HTTP listener. Acceptor threads are threads that wait for connections. The threads accept connections and put them in a queue, where they are then picked up by worker threads. Configure enough acceptor threads so that there is always one available when a new request comes in, but few enough so that they do not provide too much of a burden on the system. In the Application Server, there is no distinction between acceptor and request processing (worker) threads: each HTTP listener thread is responsible for accepting and processing requests. For this reason, the HTTP listeners in the Application Server’s default configuration use 50 acceptor threads.

The HTTP listener’s server name is the host name that appears in the URLs the server sends to the client as part of a redirect. This attribute affects URLs the server automatically generates; it does not affect the URLs for directories and files stored in the server. This name is normally the alias name if the server uses an alias. If a client sends a Host: header, that host name supersedes the HTTP listener’s server name value in redirects.

Specify a redirect port to use a different port number from that specified in the original request. A redirect occurs in one of these situations:

Specify also whether security is enabled for an HTTP listener and what kind of security is used (for example, which SSL protocol and which ciphers).

To access a web application deployed on the Application Server, use the URL http://localhost:8080/ (or https://localhost:8181/ if it is a secure application), along with the context root specified for the web application. To access the Admin Console, use the URL http://localhost:4848/ or http://localhost:4848/asadmin/ (its default context root).

Because a virtual server must specify an existing HTTP listener, and because it cannot specify an HTTP listener that is already being used by another virtual server, create at least one HTTP listener before creating a new virtual server.

Admin Console Tasks for the HTTP Service

ProcedureTo configure the HTTP Service

  1. In the tree component, expand the Configuration node.

  2. Select the HTTP Service node.

  3. On the HTTP Service page, you can set properties that apply to all of the service’s HTTP listeners.

    The following table lists these properties.

    Property Name  

    Description  

    Default Value  

    bufferSize

    Specifies the size (in bytes) of the buffer to be provided for input streams created by HTTP listeners. 

    4096 

    connectionTimeout

    Specifies the number of milliseconds HTTP listeners wait, after accepting a connection, for the request URI line to be presented. 

    12000 (12 seconds) 

    maxKeepAliveRequests

    Specifies the maximum number of HTTP requests that can be pipelined until the connection is closed by the server. Set this property to 1 to disable HTTP/1.0 keep-alive, as well as HTTP/1.1 keep-alive and pipelining. 

    1000 

    traceEnabled

    If set to true, enables the TRACE operation. Set this property to false to make the Application Server less susceptible to cross-site scripting attacks. 

    true 

    accessLogBufferSize

    Specifies the size, in bytes, of the buffer where access log calls are stored. If the value is less than 5120, a warning message is issued, and the value is set to 5120. 

    32,768 bytes 

    accessLogWriterInterval

    The number of seconds before the log will be written to the disk. The access log is written when the buffer is full or when the interval expires. If the value is 0, then the buffer is always written even if it is not full. This means that each time the server is accessed, the log message is stored directly to the file. 

    300 seconds 

  4. Click the Access Log tab to configure access log rotation.

  5. Click Save.

  6. Stop and restart the Application Server.

ProcedureTo configure the HTTP Service access log

Use this page to enable and configure rotation for the access logs for the virtual servers. These logs are in the domain-dir/logs/access directory and are named as follows: virtual-server-name_access_log%YYYY;%MM;%DD-%hh;h%mm;m%ss;s.

Click Default to load the default values.

  1. Check the File Rotation box to turn on file rotation.

    By default, file rotation is enabled.

  2. From the Rotation Policy drop-down list, choose a policy.

    The only policy available is time.

  3. In the Rotation Interval field, type a numeric value to specify the number of minutes between rotations of the access log.

    This field is valid only if the Rotation Policy is time. The default is 1440 minutes.

  4. In the Rotation Suffix field, type a string value to specify the suffix to be added to the log file name after rotation.

    The default is %YYYY;%MM;%DD;-%hh;h%mm;m%ss;s.

  5. In the Format field, enter a string value to specify the format of the access log.

    Use the formats shown in the following table. The default format is %client.name% %auth-user-name% %datetime% %request% %status% %response.length%.

    Data  

    Token  

    Client Host Name 

    %client.name%

    Client DNS 

    %client.dns%

    System Date 

    %datetime%

    Full HTTP Request line 

    %request%

    Status 

    %status%

    Response Content Length 

    %response.length%

    Referer Header 

    %header.referer%

    User-agent 

    %header.user-agent%

    HTTP Method 

    %http-method%

    HTTP URI 

    %http-uri%

    HTTP Query String 

    %query-str%

    HTTP Protocol Version 

    %http-version%

    Accept Header 

    %header.accept%

    Date Header 

    %header.date%

    If-Modified-Since Header 

    %header.if-mod-since%

    Authorization Header 

    %header.auth%

    Any valid HTTP header value defined in RFC 2616 (any is also a valid header value; it is specified as a variable here)

    %header.any%

    Name of Authorized User 

    %auth-user-name%

    Value of a Cookie 

    %cookie.value%

    Virtual Server ID 

    %vs.id%

  6. Click Save to save the changes, or Load Defaults to return to the default settings.

Admin Console Tasks for Virtual Servers

ProcedureTo create a virtual server

  1. In the tree component, expand the Configuration node.

  2. Expand the HTTP Service node.

  3. Select the Virtual Servers node.

  4. On the Virtual Servers page, click New.

    The Create Virtual Server page appears.

  5. In the ID field, type a unique name for the virtual server.

    This value is used to identify the virtual server internally. It is not exposed to HTTP clients. The host names that are exposed to HTTP clients must be specified in the Hosts field.

  6. In the Hosts field, type the host name or names for the machine on which the server is running.

    Use either actual or virtual host names that are registered with the DNS server for your network (and, on a UNIX system, in your /etc/hosts file).

  7. In the area opposite State, select either On, Off, or Disabled.

    The default is On.

  8. Leave the HTTP Listeners field empty.

    It is filled in automatically when you create an HTTP listener and associate it with this server.

    Use of this field requires that you specify an existing HTTP listener. You must not, however, specify a listener that is used by another virtual server; if you do, an error appears in the server log when you restart the server. Since a listener must be associated with an existing virtual server when it is created, all existing listeners are used by another virtual server.

  9. From the Default Web Module drop-down list, choose the deployed web module (if any) that is to respond to all requests that cannot be mapped to other web modules deployed to the virtual server.

    If a Default Web Module is not specified, the web module that has an empty context root is used. If there is no web module with an empty context root, a system default web module is created and used.

  10. In the Log File field, type the path name of the file where logging messages from this virtual server will appear.

    Leave this field empty to send logging messages to the default server log, domain-dir/logs/server.log.

  11. In the Additional Properties area, click Add Property to add a property for the virtual server.

    Whether you specify properties or not, the new server has the default properties docroot and accesslog, set to default values.

    The following table lists the available virtual server properties.

    Property Name  

    Description  

    docroot

    Absolute path to root document directory for server. 

    Default is domain-dir/docroot.

    accesslog

    Absolute path to server access logs. 

    Default is domain-dir/logs/access.

    sso-enabled

    If false, single sign-on is disabled for this virtual server, and users must authenticate separately to every application on the virtual server. 

    Single sign-on across applications on the Application Server is supported by servlets and JSP pages. This feature allows multiple applications that require the same user sign-on information to share this information, rather than have the user sign on separately for each application. 

    Default is true. 

    sso-max-inactive-seconds

    Specifies the number of seconds after which a user’s single sign-on record becomes eligible for purging if no client activity is received. Since single sign-on applies across several applications on the same virtual server, access to any of the applications keeps the single sign-on record active. 

    Default is 300 seconds (5 minutes). Higher values provide longer single sign-on persistence for users at the expense of more memory use on the server. 

    sso-reap-interval-seconds

    Specifies the number of seconds between purges of expired single sign-on records. 

    Default is 60. 

    allowLinking

    If true, resources that are symbolic links will be served for all web applications deployed on this virtual server. Individual web applications may override this setting by using the sun-web-app property allowLinking in the sun-web.xml file:

    <sun-web-app>
   <property name="allowLinking" 
      value="{true|false}"/>
</sun-web-app>

    Default is true. 

  12. Click OK to save the virtual server.

  13. Stop and restart the Application Server.

Equivalent asadmin command

create-virtual-server

ProcedureTo edit a virtual server

  1. In the tree component, expand the Configuration node.

  2. Expand the HTTP Service node.

  3. Select the Virtual Servers node.

  4. Select the virtual server to be edited.

  5. On the Edit Virtual Server page, you can perform these tasks:

    • Change the host name in the Hosts field.

    • Change the value of the State setting.

    • Add or remove an HTTP listener.

    • Change the Default Web Module selection.

    • Change the Log File value.

    • Add, remove, or modify properties.

  6. Click Save to save the changes.

ProcedureTo delete a virtual server

  1. In the tree component, expand the Configuration node.

  2. Expand the HTTP Service node.

  3. Select the Virtual Servers node.

  4. On the Virtual Servers page, check the box next to the name of the virtual server to be deleted.

  5. Click Delete.

    It is possible to delete the __asadmin virtual server, but this is not recommended. If you plan to do so, first copy the virtual-server elements of the Application Server’s domain.xml file to a safe place so that the settings can be restored if needed.

Equivalent asadmin command

delete-virtual-server

Admin Console Tasks for HTTP Listeners

ProcedureTo create an HTTP listener

  1. In the tree component, expand the Configuration node.

  2. Expand the HTTP Service node.

  3. Select the HTTP Listeners node.

  4. On the HTTP Listeners page, click New.

    The Create HTTP Listener page appears.

  5. In the Name field, type a name for the listener.

  6. In the Listener field, remove the check from the Enabled box if you do not want to enable the listener when the server restarts.

  7. In the Network Address field, type 0.0.0.0 if you want the listener to listen on all IP addresses for the server, using a unique port value. Otherwise, type a valid IP address for the server.

  8. In the Listener Port field, type a unique port value if the Network Address field is 0.0.0.0, or the desired port value if you are using another IP address.

  9. Choose a virtual server from the Default Virtual Server drop-down list.

  10. In the Server Name field, type the host name to be used in the URLs the server sends to the client. This name is the alias name if your server uses an alias.

    If your server does not use an alias, leave this field empty.

  11. In the Advanced area, perform any of the following tasks:

    • To redirect requests to another port, type a value in the Redirect Port field. The Application Server automatically redirects the request if these two conditions exist:

      • This listener is supporting non-SSL requests.

      • A request is received for which a matching security constraint requires SSL transport.

        By default, the Application Server uses the port number specified in the original request.

    • Change the number of Acceptor Threads.

    • Remove the check from the Powered By box to disable the inclusion of the X-Powered-By: Servlet/2.4 header in servlet-generated HTTP response headers.

      The Java Servlet 2.4 Specification defines this header, which containers may add to servlet-generated responses. Similarly, the JavaServer Pages PagesTM (JSPTM) 2.0 Specification defines an X-Powered-By: JSP/2.0 header to be added (on an optional basis) to responses that use JSP technology. The inclusion of the X-Powered-By: JSP/2.0 header is enabled by default for web applications. The goal of these headers is to aid web site administrators in gathering statistical data about the use of Servlet and JSP technology.

      For information on enabling and disabling the X-Powered-By header for JSP pages, see the chapter entitled “Deployment Descriptor Files” in the Application Server Developer’s Guide. See Further Information for a link to this document.

      Production environments might decide to omit the generation of X-Powered-By headers to hide their underlying technology.

  12. To create a listener that is not secure, click OK.

  13. Stop and restart the Application Server.

  14. In the SSL section of this page, you can configure the listener to use SSL, TLS, or both SSL and TLS security.

    To set up a secure listener, do the following:

  15. Check the Enabled box in the Security field.

  16. To force clients to authenticate themselves to the server when using this listener, check the Enabled box in the Client Authentication field.

  17. Enter the name of an existing server key pair and certificate in the Certificate NickName field. See the Security chapter for more information.

  18. In the SSL3/TLS section:

    1. Check the security protocol(s) to be enabled on the listener. Check either SSL3 or TLS, or both.

    2. Check the cipher suite used by the protocol(s). To enable all cipher suites, check All Supported Cipher Suites. You can also enable individual cipher suites.

  19. Click OK, then stop and restart the Application Server.

  20. The listener is now listed in the HTTP Listeners field for the virtual server that is specified as the Default Virtual Server.

Equivalent asadmin commands

create-http-listener and create-ssl

ProcedureTo edit an HTTP listener

  1. In the tree component, expand the Configuration node.

  2. Expand the HTTP Service node.

  3. Select the HTTP Listeners node.

  4. Select the HTTP listener to be edited.

  5. On the Edit HTTP Listener page, modify any of the settings.

  6. Click Save to save the changes.

ProcedureTo delete an HTTP listener

  1. In the tree component, expand the Configuration node.

  2. Expand the HTTP Service node.

  3. Select the HTTP Listeners node.

  4. On the HTTP Listeners page, check the box next to the name of the HTTP listener to be deleted.

  5. Click Delete.

    It is possible to delete the http-listener-1, http-listener-2, and admin-listener HTTP listeners, but this is not recommended. If you plan to do so, first copy the http-listener elements of the Application Server’s domain.xml file to a safe place so that the settings can be restored if needed.

Equivalent asadmin command

delete-http-listener