This chapter summarizes the important configuration files not discussed in other chapters. Configuration files that should never be modified are not listed in this module.
The following configuration files are described in alphabetical order:
Configures how a certificate, designated by name, is mapped to an LDAP entry, designated by issuerDN.
server_root/bin/https/install/misc server_root/userdb
certmap name issuerDNname:property1 [value1] name:property2 [value2] ...
The default certificate is named default, and the default issuerDN is also named default. Therefore, the first certmap defined in the file must be as follows:
certmap default default
You can use # at the beginning of a line to indicate a comment.
Sun Java System Web Server 6.1 SP10 Administrator’s Guide
The following table describes properties in the certmap.conf file. The left column lists the property names. The second column from the left lists allowed values. The third column from the left lists default values. The right column lists property descriptions.
Table 6–1 certmap.conf Properties
Specifies the LDAP directory that Sun Java System Web Server uses.
server_root/userdb
directory name LDAP_URLname:property1 [value1] name:property2 [value2] ...
The default contents of this file are as follows:
directory default null:///none
Edit the file as follows for anonymous binding over SSL:
directory default ldaps://directory.sun.com:636:/dc%3Dcom
Edit the file as follows for anonymous binding not over SSL:
directory default ldap://directory.sun.com:389:/dc%3Dcom
The following table describes properties in the dbswitch.conf file. The Property column lists the property names. The Allowed Values column from the left lists allowed values. The Default Value column from the left lists default values. The Description column lists property descriptions.
Table 6–2 dbswitch.conf Properties
Property |
Allowed Values |
Default Value |
Description |
---|---|---|---|
A positive integer |
8 |
The number of LDAP connections for the database. |
|
off, on, recursive |
on |
Determines how dynamic groups are handled. If off, dynamic groups are not supported. If on, dynamic groups are supported. If recursive, dynamic groups can contain other groups. |
|
A valid DN |
The DN used for connecting to the database. If both binddn and bindpw are not present, binding is anonymous. |
||
The password used for connecting to the database. If both binddn and bindpw are not present, binding is anonymous. |
|||
A valid DN (relative to the LDAP URL) |
none |
If present, the default value of the base DN for the request’s virtual server is determined by a dc tree search of the connection group’s servername attribute, starting at the dcsuffix DN. If not present, the default value of the base DN is the base DN value in the LDAP URL. The basedn attribute of a USERDB element in the server.xml file overrides this value. |
|
off, on |
off |
Specifies whether the database can perform digest authentication. If on, a special Directory Server plug-in is required. For information about how to install this plug-in, see the Sun Java System Web Server 6.1 SP10 Administrator’s Guide. |
|
keyfile, digest, htaccess |
keyfile |
Specifies what type of file auth-db will be used |
|
Specifies the path to the keyfile. Required, if syntax is set to keyfile. |
|||
Specifies the path to the digestfile. Required, if syntax is set to digestfile. |
|||
Path to the AuthGroupFile. If the groupfile is the same as the userfile, this file contains both user and group data, otherwise it contains only group data. Required if syntax is set to htaccess. For more information about the syntax of the AuthGroupFile, see the Sun Java System Web Server 6.1 SP10 Administrator’s Guide. |
|||
Path to the AuthUserFile. If the userfile is the same as the groupfile, this file contains both user and group data, otherwise it contains only user data. Required if syntax is set to htaccess. For more information about the syntax of the AuthUserFile, see the Sun Java System Web Server 6.1 SP10 Administrator’s Guide. |
Configures features specific to the Sun Java System Web Server for deployed web applications.
The META-INF or WEB-INF directory of a module or application.
The following table shows where to find more information about Sun Java System Web Server deployment descriptors. The left column lists the deployment descriptors, and the right column lists where to find more information about those descriptors.
Table 6–3 Sun Java System Web Server Deployment Descriptors
Deployment Descriptor |
Where to Find More Information |
---|---|
sun-web.xml |
Sun Java System Web Server 6.1 SP10 Programmer’s Guide to Web Applications. |
Sets permissions for access to the server instance. This is the default ACL file; you can create and use others.
server_root/config
Sun Java System Web Server 6.1 SP10 Administrator’s Guide
The login module definition configuration file used by the Java Authentication and Authorization Service (JAAS) for client authentication.
server_root/config
Sets file cache parameters. This file is present only if file cache parameters have been changed from their defaults.
server_root/https-admserv/config
parameter=value
Sun Java System Web Server 6.1 SP10 Performance Tuning, Sizing, and Scaling Guide
The following table describes properties in the nsfc.conf file. The left column lists the property names. The second column from the left lists allowed values. The third column from the left lists default values. The right column lists property descriptions.
Table 6–4 nsfc.conf Properties
Attribute |
Allowed Values |
Default Value |
Description |
---|---|---|---|
on, off |
on |
Enables the file cache. |
|
on, off |
on |
Enables caching of file contents, as well as file information for files smaller than MediumFileSizeLimit (smaller than SmallFileSizeLimit if TransmitFile is on). |
|
Number of seconds |
30 |
The maximum age of a valid cache entry. This setting controls how long cached information is used once a file has been cached. An entry older than MaxAge is replaced by a new entry for the same file. |
|
Limited by available memory |
537600 (525K) |
(UNIX only) Maximum size of a file that can be cached as a memory-mapped file (if TransmitFile is off). |
|
Limited by available memory |
10485760(10 M) |
Total size of all files that are cached as memory-mapped files (if TransmitFile is off). |
|
Limited by available memory |
2048 (2K) |
(UNIX only) Maximum size of a file that can be read into memory. |
|
Limited by available memory |
1048576 (UNIX, 1 M), 0 (Windows) |
Total size of all files that are read into memory. |
|
on, off |
on (Windows), off (UNIX) |
Enables use of the TransmitFile system call. Not supported on IRIX, Compaq, Solaris, or Linux. |
|
1024 |
Maximum number of files in the file cache. |
||
Limited by available memory |
0 |
Initial number of hash buckets. If 0, the number of hash buckets is dynamically determined as 2 * MaxFiles + 1. |
|
on, off |
on |
(Windows only) Prevents sharing violations by copying files to a temporary directory. |
|
path |
<TempDir>/<server_id>-file-cache |
Specifies a temporary directory for the file cache if CopyFiles is on. <TempDir> is the value of TempDir in the magnus.conf file. See TempDir <server_id> is the server instance id. |
By default, the Sun Java System Web Server prompts the administrator for the SSL key database password before starting up. If you want the Web Server to be able to restart unattended, you need to save the password in a password.conf file. Be sure that your system is adequately protected so that this file and the key databases are not compromised.
server_root/config
This file is not present by default. You must create it if you need it.
PKCS#11_module_name:password
If you are using the internal PKCS#11 software encryption module that comes with the server, type the following:
internal:password
If you are using a different PKCS#11 module, for example for hardware encryption or hardware accelerators, you will need to specify the name of the PKCS#11 module, followed by the password.
Sun Java System Web Server 6.1 SP10 Administrator’s Guide
Controls what access applications have to resources. This is the standard J2SE policy file. The J2SE SecurityManager is not active by default in Sun Java System Web Server 6.1. The policies granted in this policy file do not have any effect unless the SecurityManager is turned on in server.xml.
If you wish to use the J2SE SecurityManager you can turn it on by adding the following JVM options:
<JVMOPTIONS>-Djava.security.manager</JVMOPTIONS> <JVMOPTIONS>-Djava.security.policy=server_root/config/server.policy</JVMOPTIONS>
server_root/config
grant [codeBase "path"] {
permission permission_class "package", "permission_type";
...
};
The files obj.conf.clfilter, magnus.conf.clfilter, and server.xml.clfilter contain filter specifications for cluster management operations.
server_root/config