If you have installed Sun WebServer 2.0, you can upgrade to Sun WebServer 2.1 by uninstalling the reinstalling the software. If you have Sun WebServer 1.0, the Sun WebServer 1.0 configuration files must be converted into files compatible with Sun WebServer 2.1. This document is a guide to this conversion. Refer to the Sun WebServer 2.1 documentation for details on the new features of Sun WebServer 2.1.
Even though Sun WebServer 1.0 was able to support multiple instances of the HTTP server running concurrently, starting, stopping, and restarting the server worked best with a single instance of the HTTP daemon. Sun WebServer 2.1 improves support for multiple instances by providing each httpd daemon on the system with a unique name. One is able to start, stop, and restart individual instances by using their names. See the man page htserver(1m) for more information.
Sun WebServer 2.1 has also expanded support of virtual hosts. Each virtual host is now associated with a web site and given its own subtree in the file system, which contains the configuration files for that host as well as the host's document root. While Sun WebServer 1.0 maintained all configuration information for a virtual host in the global configuration file httpd.conf, Sun WebServer 2.1 stores most of this information in a site configuration file located relative to the root of the web site. Placing most of the site-specific configuration information at the web site rather than in a single file makes Sun WebServer 2.1 more scalable than Sun WebServer 1.0 and simplifies the administration of individual web sites.
Sun WebServer 1.0 had two primary configuration files in the default location /etc/http/:
httpd.conf: Basic configuration information for the server and all its virtual hosts
access.acl: URL access control settings
Sun WebServer 2.1 partitions the directives in these files into server-level configuration files for server instances and site-level configuration files for individual web sites.
Server-level configuration files are installed in /etc/http/ by default. <instance_name> below is the unique name of the httpd instance using the file. An instance name is associated with a server instance when it is created using the Sun WebServer GUI or the htserver add command.
<instance_name>.httpd.conf: Basic server configuration information
access.conf: URL access controls
realm.conf: Realm information
mime.types: MIME types and encodings
Site-level configuration files are installed to the web site subtree by default. <site_name> below refers to the name of the web site using this file.
<site_name>.site.conf: Basic site configuration information
access.conf: URL access controls
realm.conf: Realm information
mime.types: MIME types and encodings
map.conf: URL mappings
content.conf: Content information
All of the file names listed above are suggested names. The only fixed configuration file name is /etc/http/httpd-instances.conf. Each server instance name and basic configuration file is listed in httpd-instances.conf, and each server configuration file in turn refers to the other configuration files by name.
Sun WebServer 2.1 has added numerous command line utilities for modification of its configuration files. These utilities are used at various locations in this document to explain migration to Sun WebServer 2.1. Please refer to the Sun WebServer 2.1 man pages for details on all Sun WebServer utilities available from the command line. For the commands referenced in this document, refer to the htserver(1m), hthost(1m), and htrealm(1m) man pages. For information on the referenced configuration files see httpd.conf(4), httpd.site.conf(4), access.conf(4), and realms.conf(4). Sun WebServer 2.1 also has an GUI, located in the package SUNWhtadm
, that can be used to administer all aspects of the HTTP server. To access the GUI, you must also install SUNWixklg
and SUNWixavm
.
Before converting a Sun WebServer 1.0 configuration into the Sun WebServer 2.1 format, first add a basic Sun WebServer 2.1 instance to the system. This server will contain the general file structure used in Sun WebServer 2.1 and will provide default configuration files that can be modified with the values from the Sun WebServer 1.0 server.
Type the following at the command line (as "root
"):
# htserver add "server1" |
This command creates a new Sun WebServer 2.1 server-level configuration file and a default web site. The locations where new files are installed are listed below:
/etc/http/server1.httpd.conf: Server configuration file
/var/http/server1/: Root of the new server
/ver/http/server1/websites/default_site/: Site path of default web site
/var/http/server1/websites/default_site/conf/: Location of site configuration file
The Sun WebServer 1.0 /etc/http/httpd.conf file contains the basic directives for configuring the server as a whole, the individual virtual hosts, and the ports. The three primary block types are the server{}
block, the url{}
block, and the port{}
block. Each of these types will be discussed in this section.
server{}
Block Converting the server{}
block from Sun WebServer 1.0 to Sun WebServer 2.1 format is relatively straightforward. Most of the directives in 1.0 are the same in 2.1, with the following exceptions listed below:
acl_delegate_depth
The acl_delegate_depth
directive, and the concept of delegation of access controls, is no longer supported in Sun WebServer. See "Migrating the Sun WebServer 1.0 access.acl File" in this document.
acl_enable
The acl_enable
directive has been changed to access_enable
.
acl_enable
directive Search for the following Sun WebServer 1.0 directive in /etc/http/httpd.conf:
acl_enable yes |
Replace it in /etc/http/server1.httpd.conf with the following directive:
access_enable yes |
acl_file
The acl_file
directive is no longer supported in the server{}
block, because the server-level access control file is now configured to be: /etc/http/access.conf. This file name cannot be changed.
map
The map
directive is no longer supported in the server{}
block. All URL mappings must be made in a web site's map.conf file.
mime_add
The mime_add
directive is no longer supported in Sun WebServer 2.1. All mime types must be specified in the mime.types file at either the server or site level.
mime_add
directive Given the following Sun WebServer 1.0 directive:
server { mime_add "image/.jpeg" "JPG" } |
Make sure a mime.types file is specified in /etc/http/server1.httpd.conf:
If this file is shared among all the servers, changes will effect all httpd daemons
server { mime_file "/etc/http/mime.types } |
Add the new MIME mappings to the /etc/http/mime.types file:
image/jpeg JPG |
server{}
Block Conversion Given the following Sun WebServer 1.0 server{}
block in /etc/http/httpd.conf:
server { server_root "/var/http/demo/" server_user "root" mime_add "image/jpeg" "JPG" mime_default_type text/html acl_enable "yes" acl_file "/etc/http/access.acl" acl_delegate_depth 3 map /cgi-bin/ /var/http/cgi-bin/ cgi } |
Modify the server{}
block in /etc/http/server1.httpd.conf:
server { server_root "/var/http/demo/" server_user "http" mime_file "/etc/http/mime.types" mime_default_type text/html access_enable "yes" } |
Add the MIME mapping to the /etc/http/mime.types file specified in (2):
image/jpeg JPG |
url{}
BlockIn Sun WebServer 1.0, all the configuration parameters for a virtual host were found in a single location in the /etc/http/httpd.conf file. In Sun WebServer 2.1, global information for the virtual host is located in the server-level configuration file, and more specific information is located in the site-level configuration file.
url{}
block to 2.1Add a new web site to the 2.1 server using the hthost command line utility.
Modify the new configuration files created with the Sun WebServer 1.0 values, or with Sun WebServer 2.1 equivalents.
Add a web site (widgets), to the current server (server1):
# hthost add -i server1 -h widgets \ -s /var/http/server1/websites/widgets |
This will add the following entry to the server-level configuration file, /etc/http/server1.httpd.conf:
url //widgets { site_enable "yes" site_path "/var/http/server1/websites/widgets" site_config "conf/widgets.site.conf" } |
It will also create a new web site at: /var/http/server1/websites/widgets/. The following configuration files will be placed in the directory /var/http/server1/websites/widgets/conf/:
widgets.site.conf
access.conf
realms.conf
map.conf
content.conf
servlets.properties
Most of the configuration parameters from the Sun WebServer 1.0 url{}
blocks will be placed in the site-level configuration file, widgets.site.conf. One exception is setting the ports on which a virtual host listens. For each virtual host, one must specify on which IP addresses and ports it accepts connections. (This is different than in 1.0, where this information was stored in the port{}
blocks using the hosts_supported
directive.) IP address:port pairs are termed "connection end points" in Sun WebServer 2.1. All web sites should have their connection end points specified (with the exception of the default web site, which listens on all interfaces and does not allow connection end points to
be defined). For more information on connection end points, see httpd.conf (4).
To have the virtual host, widgets, accept connections on IP address 129.128.127.126 on port 80, and all IP addresses on port 1880, write the following in /etc/http/server1.httpd.conf:
url //widgets { site_enable "yes" site_path "/var/http/server1/websites/widgets" site_config "conf/widgets.site.conf" conn_end_points 129.128.127.126:80:1880 } |
Not specifying IP address to the left of the colon (:) defaults to "all IP addresses" in a HTTP 1.1 virtual host. Also note that all connection end points specified must be mapped by port{}
blocks.
Most of the Sun WebServer 1.0 url{}
block configuration directives can be copied directly into the Sun WebServer 2.1 site-level configuration file, /var/http/server1/websites/widgets/conf/widgets.site.conf, with following exceptions:
All Sun WebServer 2.1 URL mappings are now stored in a separate file: map.conf.
Given the following Sun WebServer 1.0 directive in /etc/http/httpd.conf:
url //widgets { map /cgi-bin/ /var/http/shared/cgi-bin/ cgi } |
Add the following line to the /var/http/server1/websites/widgets/conf/map.conf file at the widgets site:
map /cgi-bin/ /var/http/shared/cgi-bin/ cgi |
mime_add
mime_add
directive Given the following Sun WebServer 1.0 directive in /etc/http/httpd.conf:
url //widgets { mime_add "image/jpeg" "JPG" } |
Uncomment the mime_file
directive in /var/http/server1/websites/widgets/conf/widgets.site.conf:
url //widgets { mime_file "conf/mime.types" } |
Add the new mime mappings to the /var/http/server1/websites/widgets/conf/mime.types file:
image/jpeg JPG |
port{}
BlockThere are two primary changes to the port{}
blocks in Sun WebServer 2.1: the hosts_supported
directive is no longer valid as the ports a host listens on are now listed using the conn_end_points
directive in the url{}
block, and all ports must have an ip_address
specified. The IP address 0.0.0.0 is special and means "all valid IP addresses on this machine".
port{}
block for a specific IP address Given the following Sun WebServer 1.0 port{}
block:
port 80 { ip_address 129.128.127.126 keepalive_enable "yes" request_timeout 180 hosts_supported widgets } |
Modify the widgets url{}
block in /etc/http/server1.httpd.conf to have conn_end_points
specified correctly:
url //widgets { site_enable "yes" site_path "/var/http/server1/websites/widgets" site_config "conf/widgets.site.conf" conn_end_points 129.128.127.126:80 } |
Add the port{}
block to /etc/http/server1.httpd.conf (without the hosts_supported
directive):
port 80 { ip_address 129.128.127.126 keepalive_enable "yes" request_timeout 180 } |
port{}
block for all IP addresses Given the following Sun WebServer 1.0 port{}
block example:
port 1880 { keepalive_enable "yes" request_timeout 180 hosts_supported widgets } |
Modify the widgets url{}
block in /etc/http/server1.httpd.conf to have conn_end_points
specified correctly:
url //widgets { site_enable "yes" site_path "/var/http/server1/websites/widgets" site_config "conf/widgets.site.conf" conn_end_points :1880 } |
Add the ip_address
directive with the value 0.0.0.0 to the port{}
block in /etc/http/server1.httpd.conf:
port 1880 { ip_address 0.0.0.0 keepalive_enable "yes" request_timeout 180 } |
Access control has changed substantially between Sun WebServer 1.0 and 2.1. Sun WebServer 2.1 access control documentation should be reviewed before attempting to migrate the old Sun WebServer access control structure to the new. The most significant changes are listed below:
The concept of realm has been greatly expanded, and a new configuration file, realm.conf, has been added.
Delegation of access control has been removed.
The access controls specified for the "/sws-administration" URL are used throughout Sun WebServer to determine the server administrator when the URL is specified in the server-level access.conf or the site administrator when specified in the site-level access.conf.
There is a single server-level access.conf file for all the instances on the system (located at /etc/http/access.conf). This file contains a single "/sws-administration" URL to define who is allowed to administer all instances.
Each web site also has its own site-level access.conf file to specify site administrators.
Realms can now use more sources for user data. A realm can authenticate a user against a standard HTPASSWD
database or NIS+ database.
To migrate the Sun WebServer 1.0 access.acl file to 2.1, one needs to create or select authentication realms, modify the access control syntax for the mapped URLs to reflect the new 2.1 syntax, and collect the access controls in the access.acl file and delegated files to the access.conf files in each of the individual web sites.
In Sun WebServer 1.0, the realm
directive had little significance other than as an identifier for the browser (printed in the authentication dialog box). In Sun WebServer 2.1, the realm specifies a pre-existing set of users and groups used for authenticating access to a URL. Realm information is stored in the realms.conf file. HTPASSWD
realms have a directory associated with them as well (defined in realm.conf) which contains the "users" and "groups" files to be used in the authentication. The password_file
and group_file
directives in Sun WebServer 1.0 ACLs are therefore obsolete. All 1.0 realms will be HTPASSWD
realms in
2.1 since these user-created databases were the only source available in 1.0.
Given the following Sun WebServer 1.0 access control in /etc/http/access.acl for host widgets:
url /reports { realm Managers authentication_type basic password_file /usr/auth/Managers/Maners_users group_file /usr/auth/Managers/Managers_groups + group report_managers - user Joe } |
Create a realm to hold the password and group file. This can be done as follows:
# htrealm add -i server1 -h widgets -r Managers -s HTPASSWD |
This command will add the following entry to the realms.conf for the site widgets:
realm Managers { realm_source HTPASSWD } |
It also creates the following directory at the site widgets:
/var/http/server1/websites/widgets/conf/realms/Managers/ |
Copy the users and groups file into the Managers directory:
# cp /usr/auth/Managers/Managers_users \ /var/http/server1/websites/widgets/conf/realms/Managers/users # cp /usr/auth/Managers/Managers_groups \ /var/http/server1/websites/widgets/conf/realms/Managers/groups |
Remove the file directives from the Sun WebServer 1.0 ACL and place the new ACL in the Sun WebServer 2.1 ACL file: /var/http/server1/websites/widgets/conf/access.conf:
url /reports { realm Managers authentication_type basic + group report_managers - user Joe } |
The concept of delegation has been removed from Sun WebServer 2.1. All the access controls that were previously located within delegated files must be relocated into the single access.conf for a particular site.
Given the following Sun WebServer 1.0 ACL and delegated file:
ACL in /etc/http/access.acl:
url /statistics { delegate /var/http/acls/.admin_acl } |
/var/http/acls/.admin_acl file:
realm admin password_file /usr/auth/admin_user group_file /usr/auth/admin_group + group stat_admins |
These must be collapsed into a single ACL:
The realm admin
must have been created first; see the previous example.
url /statistics { realm admin + group stat_admins } |
Given the following Sun WebServer 1.0 ACL and delegated file:
ACL in access.acl:
url /statistics { delegate /var/http/acls/.admin_acl } |
/var/http/acls/.admin_acl file (the ownership of this file is joe:adm
)
realm admins password_file /usr/auth/admin_user group_file /usr/auth/admin_group + group stat_admins |
These must be collapsed into a single ACL:
url /statistics { realm admins administrators { user joe group adm } + group stat_admins } |
The example below shows a full conversion of Sun WebServer 1.0 httpd.conf and access.acl files to Sun WebServer 2.1. New 2.1 directives are ignored in the example below, unless they are explicitly required for the conversion.
Given the following Sun WebServer 1.0 /etc/http/httpd.conf file:
server { server_root "/var/http/demo" server_user "root" mime_file "/etc/http/mime.types" mime_default_type text/html acl_enable "yes" acl_file "/etc/http/access.acl" acl_delegate_depth 3 cache_enable "yes" cache_small_file_cache_size 8 cache_large_file_cache_size 256 cache_max_file_size 1 cache_verification_time 10 map /cgi-bin/ /var/http/demo/cgi-bin/ cgi map /sws-icons/ /var/http/demo/sws-icons/ mime_add "appication/java" class mime_add "audio/basic" au mime_add "audio/basic" snd } url { doc_root "/var/http/demo/public" user_doc_enable "no" user_doc_root "public_html" cgi_enable "no" cgi_dns_enable "no" cgi_suffix_enable "no" cgi_user "nobody" log_type "elf" log_prefix "/var/http/logs/http" log_max_files 7 log_cycle_time 1440 log_max_file_size 1048576 ssi_enable "no" ssi_exec "no" ssi_xbithack "off" mime_add "application/x-csh" csh mime_add "application/xsh" sh } url //widgets { doc_root "/var/http/widgets/public" user_doc_enable "yes" user_doc_root "public_html" cgi_enable "yes" cgi_dns_enable "yes" cgi_suffix_enable "yes" cgi_user "nobody" log_type "clf" log_prefix "/var/http/logs/widgets" log_max_files 7 log_cycle_time 1440 log_max_file_size 1048576 ssi_enable "yes" ssi_exec "yes" ssi_xbithack "full" map /cgi-bin/ /var/http/widgets/cgi-bin/ cgi map /sws-icons/ /var/http/widgets/sws-icons/ } port 80 { keepalive_enable "yes" request_timeout 180 } port 1880 { ip_address 129.128.127.126 keepalive_enable "yes" request_timeout 180 hosts_supported widgets } |
Create a new server for conversion (we will modify the configuration files that are created for the new server with the 1.0 values):
#htserver add "server1" |
Add a web site, widgets:
# hthost add -i server1 -h widgets \ -s /var/http/server1/websites/widgets |
Modify the server-level file /etc/http/server1.httpd.conf:
server { server_root "/var/http/server1/" server_user "root" mime_file "/etc/http/mime.types" mime_default_type text/html access_enable "yes" cache_enable "yes" cache_small_file_cache_size 8 cache_large_file_cache_size 256 cache_max_file_size 1 cache_verification_time 10 } url { site_path /var/http/server1/websites/default_site site_config "conf/default_site.site.conf" site_enable "yes" } url //widgets { site_enable "yes" site_path "/var/http/server1/websites/widgets" site_config "conf/widgets.site.conf" conn_end_points 129.128.127.126:1880 :80 } port 80 { ip_address 0.0.0.0 keepalive_enable "yes" request_timeout 180 } port 1880 { ip_address 129.128.127.126 keepalive_enable "yes" request_timeout 180 } |
Modify /etc/http/mime.types:
application/java class audio/basic au snd |
Modify /var/http/server1/websites/default_site/conf/default_site.site.conf:
url { doc_root /var/http/demo/public map_file conf/map.conf realm_file conf/realms.conf access_file conf/access.conf content_file conf/content.conf mime_file conf/mime.types user_doc_enable "no" user_doc_root "public_html" cgi_enable "no" cgi_dns_enable "no" cgi_suffix_enable "no" cgi_user "nobody" log_type "elf" log_prefix "/var/http/server1/logs/default" log_max_files 7 log_cycle_time 1440 log_max_file_size 1048576 ssi_enable "no" ssi_exec "no" ssi_xbithack "off" } |
Create /var/http/server1/websites/default_site/conf/mime.types:
application/x-csh csh application/x-sh sh |
Modify /var/http/server1/websites/default_site/conf/map.conf:
map /cgi-bin/ /var/http/demo/cgi-bin/ cgi map /sws-icons/ /var/http/demo/sws-icons/ |
Modify /var/http/server1/websites/widgets/conf/widgets.site.conf:
url { doc_root /var/http/widgets/public map_file conf/map.conf realm_file conf/realms.conf access_file conf/access.conf content_file conf/content.conf mime_file conf/mime.types user_doc_enable "yes" cgi_enable "yes" cgi_dns_enable "yes" cgi_suffix_enable "yes" cgi_user "nobody" log_type "clf" log_prefix "/var/http/server1/logs/widgets" log_max_files 7 log_cycle_time 1440 log_max_file_size 1048576 ssi_enable "yes" ssi_exec "yes" ssi_xbithack "full" } |
Modify /var/http/server1/websites/widgets/conf/map.conf:
map /cgi-bin/ /var/http/widgets/cgi-bin/ cgi map /sws-icons/ /var/http/widgets/sws-icons/ |
Given the following Sun WebServer 1.0 /etc/http/access.acl file and delegated file /var/http/widgets/widgets.acl:
/etc/http/access.acl:
url "/sws-administration" { authentication_type md5 realm serverAdmin password_file /etc/http/swsadmin.pw + user * } url "/statistics" { authentication_type basic realm statsRealm password_file /var/http/demo/stats/usrs group_file /var/http/demo/stats/grps + user * } url "//widgets" { delegate /var/http/widgets/widgets.acl } |
/var/http/widgets/widgets.acl:
url "/" { authentication_type basic realm widgetsRealm password_file /var/http/widgets/users group_file /var/http/widgets/groups + user * - user Joe - group thoseDenied } |
Create a global serverAdmin
realm (in /etc/http/realms/), and replace its users file with /etc/http/swsadmin.pw
If the realm already exists, then run just the copy command.
# htrealm add -r serverAdmin -s HTPASSWD # cp /etc/http/swsadmin.pw /etc/http/realms/serverAdmin/users |
Create a global statsRealm
and replace its users and groups files with those specified in the "/statistics" URL above. Add this new realm to the realms.conf files of both the default site and the widgets site:
<hostname> below refers to the hostname of the workstation, which is used to specify the default site.
# htrealm add -r statsRealm -s HTPASSWD # cp /var/http/demo/stats/usrs /etc/http/realms/statsRealm/users # cp /var/http/demo/stats/grps /etc/http/realms/statsRealm/groups # htrealm add -i server1 -h widgets -r statsRealm \ -s HTPASSWD -d /etc/http/realms/statsRealm # htrealm add -i server1 -h <hostname> -r statsRealm \ -s HTPASSWD -d /etc/http/realms/statsRealm |
Create a local widgetsRealm at the widgets site and replace its users and groups files with those specified above:
# htrealm add -i server1 -h widgets -r widgetsRealm -s HTPASSWD # cp /var/http/widgets/users \ var/http/server1/websites/widgets/conf/realms/widgetsRealm/ # cp /var/http/widgets/groups \ /var/http/server1/websites/widgets/conf/realms/widgetsRealm/ |
Modify /etc/http/access.conf:
url /sws-administration { authentication_type md5 realm serverAdmin + user * } |
Modify /var/http/server1/websites/default_site/conf/access.conf:
# Specify /sws-administration ACL here for site administration, # create a siteAdmin realm and add administrators to that realm # url "/sws-administration" { # authentication_type md5 # realm siteAdmin # + user * # } url "/statistics" { authentication_type basic realm statsRealm + user * } |
Modify /var/http/server1/websites/widgets/conf/access.conf:
# Specify /sws-administration ACL here for site administration url "/statistics" { authentication_type basic realm statsRealm + user * } url "/" { authentication_type basic realm widgetsRealm + user * - user Joe - group thoseDenied } |