Defines a health checker for the parent server-ref or cluster-ref element.
none
The following table describes attributes for the health-checker element.
Table 1–67 health-checker Attributes
Attribute |
Default |
Description |
---|---|---|
/ |
Specifies the URL to ping to determine the health state of a listener. This must be a relative URL. |
|
30 |
Specifies the interval between health checks. A value of zero means that health checking is disabled. |
|
10 |
Specifies the maximum time in which a server must respond to a health check request to be considered healthy. If interval-in-seconds is greater than zero, timeout-in-seconds must be less than or equal to interval-in-seconds. |
Defines an access log file for a virtual-server. The access-log subelement of the virtual server’s parent http-service element determines the access log file’s format and rotation settings.
none
The following table describes attributes for the http-access-log element.
Table 1–68 http-access-log Attributes
Attribute |
Default |
Description |
---|---|---|
${com.sun.aas.instanceRoot}/logs/access |
(optional) Specifies the location of the access log file. |
|
true |
(optional) If true, specifies that only the IP address of the user agent is listed. If false, performs a DNS lookup. |
Configures the HTTP file cache.
none
The following table describes attributes for the http-file-cache element.
Table 1–69 http-file-cache Attributes
Attribute |
Default |
Description |
---|---|---|
false (developer profile) true (cluster and enterprise profiles) |
(optional) If true, enables the file cache. |
|
false (developer profile) true (cluster and enterprise profiles) |
(optional) If true, enables caching of the file content if the file size exceeds the small-file-size-limit-in-bytes. |
|
30 |
(optional) Specifies the maximum age of a file cache entry. |
|
537600 |
(optional) Specifies the maximum size of a file that can be cached as a memory mapped file. |
|
10485760 |
(optional) Specifies the total size of all files that are cached as memory mapped files. |
|
2048 |
(optional) Specifies the maximum size of a file that can be read into memory. |
|
1048576 |
(optional) Specifies the total size of all files that are read into memory. |
|
false |
(optional) If true, enables the use of TransmitFileSystem calls. Meaningful only for Windows. |
|
1024 |
(optional) Specifies the maximum number of files in the file cache. |
|
0 |
(optional) Specifies the initial number of hash buckets. |
Defines an HTTP listen socket. The connection-pool subelement of the parent http-service element also configures some listen socket settings.
The following table describes subelements for the http-listener element.
Table 1–70 http-listener Subelements
Element |
Required |
Description |
---|---|---|
zero or one |
Defines Secure Socket Layer (SSL) parameters. |
|
zero or more |
Specifies a property or a variable. |
The following table describes attributes for the http-listener element.
Table 1–71 http-listener Attributes
Attribute |
Default |
Description |
---|---|---|
none |
The unique listener name. An http-listener name cannot begin with a number. |
|
none |
IP address of the listener. Can be in dotted-pair or IPv6 notation. Can be any (for INADDR_ANY) to listen on all IP addresses. Can be a hostname. |
|
none |
Port number on which the listener listens. Legal values are 1 - 65535. On UNIX, creating sockets that listen on ports 1 - 1024 requires superuser privileges. Configuring an SSL listener to listen on port 443 is standard. |
|
none |
(optional) Specifies the external port on which the connection is made. |
|
(optional) Deprecated. Do not use. |
||
false |
(optional) If true, uses a blocking socket for servicing a request. |
|
1 |
(optional) Specifies the number of processors in the machine. To set the number of request processing threads, use the thread-count attribute of the request-processing element. |
|
false |
(optional) Determines whether the listener runs SSL. To turn SSL2 or SSL3 on or off and set ciphers, use an ssl subelement. |
|
none |
References the id attribute of the default virtual-server for this particular listener. |
|
none |
Tells the server what to put in the host name section of any URLs it sends to the client. This affects URLs the server automatically generates; it doesn’t affect the URLs for directories and files stored in the server. If your server uses an alias, the server-name should be the alias name. If a colon and port number are appended, that port is used in URLs the server sends to the client. If load balancing is enabled, use the server name of the load balancer. |
|
none |
(optional) If the listener is supporting non-SSL requests and a request is received for which a matching <security-constraint> requires SSL transport, the request is automatically redirected to the port number specified here. If load balancing is enabled, use the redirect port of the load balancer. |
|
true |
(optional) If true, X-Powered-By headers are used according to the Servlet 2.4 and JSP 2.0 specifications. |
|
enabled |
true |
(optional) Determines whether the listener is active. If set to false, any attempts to connect to the listener result in a socket exception (java.net.ConnectException). In Enterprise Server versions prior to 9.1, a listener whose enabled attribute was set to false returned a 404 response code for any requests sent to it. To achieve this behavior in the current Enterprise Server version, set the listener's enabled attribute to true, and set every associated virtual server's state to off. A virtual-server lists its associated listeners in its http-listeners attribute. |
The following table describes properties for the http-listener element. Any of these properties can be defined as an http-service property, so that it applies to all http-listener elements.
Table 1–72 http-listener Properties
Property |
Default |
Description |
---|---|---|
true |
If true, recycles internal objects instead of using the VM garbage collector. |
|
0 |
Specifies the number of reader threads, which read bytes from the non-blocking socket. |
|
4096 |
Specifies the length of the acceptor thread queue. Once full, connections are rejected. |
|
4096 |
Specifies the length of the reader thread queue. Once full, connections are rejected. |
|
true |
If true, specifies that the NIO direct ByteBuffer is used. In a limited resource environment, it might be faster to use non-direct Java's ByteBuffer by setting a value of false. |
|
false |
If true, indicates that this http-listener element receives traffic from an SSL-terminating proxy server. Overrides the authPassthroughEnabled property of the parent http-service element. |
|
com.sun.enterprise.web.ProxyHandlerImpl |
Specifies the fully qualified class name of a custom implementation of the com.sun.appserv.ProxyHandler abstract class that this http-listener uses. Only used if the authPassthroughEnabled property of this http-listener and the parent http-service element are both set to true. Overrides the proxyHandler property of the parent http-service element. |
|
none |
Specifies a comma-separated list of protocols that can use the same port. Allowed values are ws/tcp (SOAP over TCP), http, https and tls. For example, if you set this property to http,https and set the port to 4567, you can access the port with either http://host:4567/ or https://host:4567/. Specifying this property at the http-service level overrides settings at the http-listener level. If this property is not set at either level, this feature is disabled. |
|
4096 |
Specifies the size, in bytes, of the buffer to be provided for input streams created by HTTP listeners. |
|
30 |
Specifies the number of seconds HTTP listeners wait, after accepting a connection, for the request URI line to be presented. |
|
250 |
Specifies the maximum number of HTTP requests that can be pipelined until the connection is closed by the server. Set this property to 1 to disable HTTP/1.0 keep-alive, as well as HTTP/1.1 keep-alive and pipelining. |
|
true |
If true, enables the TRACE operation. Set this property to false to make the Enterprise Server less susceptible to cross-site scripting attacks. |
|
false |
If true, enables Comet support for this listener. If your servlet or JSP page uses Comet technology, make sure it is initialized when the Enterprise Server starts up by adding the load-on-startup element to your web.xml file. For example: <servlet> <servlet-name>CheckIn</servlet-name> <servlet-class>CheckInServlet</servlet-class> <load-on-startup>0</load-on-startup> </servlet> |
|
off |
Specifies use of HTTP/1.1 GZIP compression to save server bandwidth. Allowed values are:
If the content-length is not known, the output is compressed only if compression is set to on or force. |
|
text/html,text/xml,text/plain |
Specifies a comma-separated list of MIME types for which HTTP compression is used. |
|
empty String (regexp matching disabled) |
Specifies a comma-separated list of regular expressions matching user-agents of HTTP clients for which compression should not be used. |
|
none |
Specifies the minimum size of a file when compression is applied. |
|
none |
Specifies the location of the Certificate Revocation List (CRL) file to consult during SSL client authentication. This can be an absolute or relative file path. If relative, it is resolved against domain-dir. If unspecified, CRL checking is disabled. |
|
none |
Specifies the name of the trust management algorithm (for example, PKIX) to use for certification path validation. |
|
5 |
Specifies the maximum number of non-self-issued intermediate certificates that can exist in a certification path. This property is considered only if trustAlgorithm is set to PKIX. A value of zero implies that the path can only contain a single certificate. A value of -1 implies that the path length is unconstrained (there is no maximum). Setting a value less than -1 causes an exception to be thrown. |
|
true |
if false, the connection for a servlet that reads bytes slowly is closed after the connectionUploadTimeout is reached. |
|
5 |
Specifies the timeout for uploads. Applicable only if disableUploadTimeout is set to false. |
|
UTF-8 |
Specifies the character set used to decode the request URIs received on this HTTP listener. Must be a valid IANA character set name. Overrides the uriEncoding property of the parent http-service element. |
|
4096 |
Specifies the maximum size in bytes of the body of a POST request. POST requests greater than this size are rejected. A value of zero means the maximum post size is unlimited. |
Configures HTTP protocol settings.
none
The following table describes attributes for the http-protocol element.
Table 1–73 http-protocol Attributes
Attribute |
Default |
Description |
---|---|---|
HTTP/1.1 |
(optional) Specifies the version of the HTTP protocol used. |
|
true |
(optional) If true, looks up the DNS entry for the client. |
|
ISO-8859-1;en;ISO-8859-1 |
(optional) Specifies the request type used if no MIME mapping is available that matches the file extension. The format is a semicolon-delimited string consisting of the content-type, encoding, language, and charset. |
|
text/html;ISO-8859-1;en;ISO-8859-1 |
(optional) Specifies the default response type. The format is a semicolon-delimited string consisting of the content-type, encoding, language, and charset. |
|
AttributeDeprecated |
(optional) Deprecated. Do not use. |
|
AttributeDeprecated |
(optional) Deprecated. Do not use. |
|
true |
(optional) Not implemented. Use ssl subelements of http-listener elements. |
Defines the HTTP service.
The following table describes subelements for the http-service element.
Table 1–74 http-service Subelements
Element |
Required |
Description |
---|---|---|
zero or one |
Defines access log settings for each http-access-log subelement of each virtual-server. |
|
one or more |
Defines an HTTP listen socket. |
|
one or more |
Defines a virtual server. |
|
zero or one |
Configures request processing threads. |
|
zero or one |
Configures keep-alive threads. |
|
zero or one |
Defines a pool of client HTTP connections. |
|
zero or one |
Configures HTTP protocol settings. |
|
zero or more |
Specifies a property or a variable. |
The following table describes properties for the http-service element. These properties apply to all http-listener subelements, except for accessLoggingEnabled, accessLogBufferSize, and accessLogWriterInterval, which apply to all virtual-server subelements.
Table 1–75 http-service Properties
Property |
Default |
Description |
---|---|---|
true |
If true, enables the monitoring cache. |
|
5000 |
Specifies the interval between refreshes of the monitoring cache. |
|
10000 |
Specifies the number of SSL sessions to be cached. |
|
86400 |
Specifies the interval at which SSL3 sessions are cached. |
|
100 |
Specifies the interval at which SSL2 sessions are cached. |
|
true |
If true, recycles internal objects instead of using the VM garbage collector. |
|
0 |
Specifies the number of reader threads, which read bytes from the non-blocking socket. |
|
4096 |
Specifies the length of the acceptor thread queue. Once full, connections are rejected. |
|
4096 |
Specifies the length of the reader thread queue. Once full, connections are rejected. |
|
true |
If true, specifies that the NIO direct ByteBuffer is used. In a limited resource environment, it might be faster to use non-direct Java's ByteBuffer by setting a value of false. |
|
false |
If true, indicates that the http-listener subelements receive traffic from an SSL-terminating proxy server, which is responsible for forwarding any information about the original client request (such as client IP address, SSL keysize, and authenticated client certificate chain) to the HTTP listeners using custom request headers. Each http-listener subelement can override this setting for itself. |
|
com.sun.enterprise.web.ProxyHandlerImpl |
Specifies the fully qualified class name of a custom implementation of the com.sun.appserv.ProxyHandler abstract class, which allows a back-end application server instance to retrieve information about the original client request that was intercepted by an SSL-terminating proxy server (for example, a load balancer). An implementation of this abstract class inspects a given request for the custom request headers through which the proxy server communicates the information about the original client request to the Enterprise Server instance, and returns that information to its caller. The default implementation reads the client IP address from an HTTP request header named Proxy-ip, the SSL keysize from an HTTP request header named Proxy-keysize, and the SSL client certificate chain from an HTTP request header named Proxy-auth-cert. The Proxy-auth-cert value must contain the BASE-64 encoded client certificate chain without the BEGIN CERTIFICATE and END CERTIFICATE boundaries and with \n replaced with % d% a. Only used if authPassthroughEnabled is set to true. Each http-listener subelement can override the proxyHandler setting for itself. |
|
none |
Specifies a comma-separated list of protocols that can use the same port. Allowed values are ws/tcp (SOAP over TCP), http, https and tls. For example, if you set this property to http,https and the port is 4567, you can access the port with either http://host:4567/ or https://host:4567/. Specifying this property at the http-service level overrides settings at the http-listener level. If this property is not set at either level, this feature is disabled. |
|
4096 |
Specifies the size, in bytes, of the buffer to be provided for input streams created by HTTP listeners. |
|
30 |
Specifies the number of seconds HTTP listeners wait, after accepting a connection, for the request URI line to be presented. |
|
250 |
Specifies the maximum number of HTTP requests that can be pipelined until the connection is closed by the server. Set this property to 1 to disable HTTP/1.0 keep-alive, as well as HTTP/1.1 keep-alive and pipelining. |
|
true |
If true, enables the TRACE operation. Set this property to false to make the Enterprise Server less susceptible to cross-site scripting attacks. |
|
false (developer and cluster profiles) true (enterprise profile) |
If true, enables access logging for all virtual-server subelements that do not specify this property. If false, disables access logging for all virtual-server subelements that do not specify this property. |
|
32768 |
Specifies the size, in bytes, of the buffer where access log calls are stored. If the value is less than 5120, a warning message is issued, and the value is set to 5120. |
|
300 |
Specifies the number of seconds before the log is written to the disk. The access log is written when the buffer is full or when the interval expires. If the value is 0, the buffer is always written even if it is not full. This means that each time the server is accessed, the log message is stored directly to the file. |
|
false (developer and cluster profiles) true (enterprise profile) |
If true, single sign-on is enabled by default for all web applications on all virtual servers on this server instance that are configured for the same realm. If false, single sign-on is disabled by default for all virtual servers, and users must authenticate separately to every application on each virtual server. The sso-enabled property setting of the virtual-server element overrides this setting for an individual virtual server. At the http-service level, you cannot change the sso-max-inactive-seconds and sso-reap-interval-seconds values from their defaults. However, you can change these values at the virtual-server level. |
|
true |
if false, the connection for a servlet that reads bytes slowly is closed after the connectionUploadTimeout is reached. |
|
5 |
Specifies the timeout for uploads. Applicable only if disableUploadTimeout is set to false. |
|
UTF-8 |
Specifies the character set used to decode the request URIs received on http-listener subelements that do not define this property. Must be a valid IANA character set name. |
|
4096 |
Specifies the maximum size in bytes of the body of a POST request. POST requests greater than this size are rejected. A value of zero means the maximum post size is unlimited. |