Chapter 1   Introduction to iPlanet Web Server


This chapter introduces iPlanet Web Server and discusses some of the fundamental server concepts. Read it to obtain an overview of how iPlanet Web Server works.

This chapter includes the following sections:

• iPlanet Web Server

• iPlanet Web Server Architecture

• How iPlanet Web Server is Configured

• Administration Server

• Server Manager

• Netscape Console

• Sending Error Information

iPlanet Web Server

---

iPlanet Web Server is an extremely powerful multi-process, multi-threaded, secure web server built on open standards that enables your business enterprise to seamlessly integrate with other internal and external systems. By providing high performance, reliability, scalability, and manageability, iPlanet Web Server solves the business-critical needs of your web site, regardless of the size of your enterprise.

This section includes the following topics:

• iPlanet Web Server Features

• Administering and Managing iPlanet Web Servers

iPlanet Web Server Features

iPlanet Web Server is primarily designed to provide access to your business HTML files. In addition, it offers the following features:

• Security—Users can establish encrypted and authenticated transactions between clients and the server through the Secure Sockets Layer (SSL) 3.0 protocol. In addition, iPlanet Web Server employs the following security-based standards: Public Key Cryptography Standard (PKCS) #11, which defines the interface used for communication between SSL and PKCS #11 modules; Federal Information Processing Standards (FIPS)-140; and special certificates that work with 56 bits.

• Access control—You can protect confidential files or directories by implementing access control (viewing, editing, and version control) by username, password, domain name, or IP address. This feature also represents another aspect of the NSAPI Content Management plug-in, which enables an end user (the owner of a document) to set access control on a document, rather than having to ask the administrator to accomplish the task.

• High performance—Delivers high performance for dynamic and secure content with features such as HTTP1.1, multi-threading, and support for SSL hardware accelerators.

• Standards-based—iPlanet Web Server includes support for a wide range of web software standards, including: JDK 1.2; Servlets 2.1; JavaServer Pages 1.1; HTTP 1.1; and various security-based standards, including PKCS #11, FORTEZZA, FIPS-140, and 128-bit step-up certificates.

• Server-side Java Servlet and JavaServer Pages support—enables development of server plugins, dynamic content, presentation logic, and JDBC database access.

• Server-side JavaScript support—enables development of scripting applications that access the database using native drivers.

• Additional features—Support for multiple processes and process monitors, failover, automatic recovery, and dynamic log rotation.

Administering and Managing iPlanet Web Servers

You can manage your iPlanet Web Server(s) via the following user interfaces:

• iPlanet Web Server Administration Server

• Server Manager

• Netscape Console

In previous releases, the FastTrack Server and other Netscape servers were administered by a single server, called the Administration Server. In the 4.x release, the "administration server" is now just an additional instance of the iPlanet Web Server, called iPlanet Web Server Administration Server, or Administration Server. You use the Administration Server to administer all of your iPlanet Web Server instances. For more information, see Administration Server.

For managing individual instances of iPlanet Web Server, you can use the Server Manager. For more information, see Server Manager.

If you have other 4.x iPlanet Web Servers, you can manage them through the Netscape Console, a client-based Java application. For more information, see Netscape Console or Managing Servers with Netscape Console.

iPlanet Web Server Architecture

---

iPlanet Web Server incorporates a modular architecture that integrates seamlessly with all of the products in the Netscape/iPlanet family of servers. You can use the Netscape Console when you need to perform administrative functions across all of the Netscape/iPlanet servers. In addition, the iPlanet Web Server includes an administration server interface for coordinating administrative functions across all of your web servers. Note that this administrative interface is itself another instance of iPlanet Web Server.

iPlanet Web Server includes the following software modules:

• Content Engines

• Server Extensions

• Runtime Environments

• Application Services

These server modules are described in the following sections.

Content Engines

iPlanet Web Server content engines are designed for manipulating customer data. The following three content engines make up the Web Publishing layer of the iPlanet Web Server architecture: HTTP (Web Server), Content Management, and the Search (Verity).

The HTTP engine represents the core of the iPlanet Web Server. From a functional perspective, the rest of the iPlanet Web Server architecture resides on top of this engine for performance and integration functionality.

The Content Management engine enables you to manage your server's content. You create and store HTML pages, JavaServer Pages, and other files such as graphics, text, sound, or video on your server. When clients connect to your server, they can view your files provided they have access to them.

The Search engine enables iPlanet Web Server users to search the contents and attributes of documents on the server. As the server administrator, you can create a customized text search interface that works with various types of documents formats, such as HTML, Microsoft Word, Adobe PDF, and WordPerfect. iPlanet Web Server converts many types of non-HTML documents into HTML as it indexes them so that users can use your web browser to view the documents that are found for their search.

Server Extensions

The iPlanet Web Server extensions enable you to extend or replace the function of the server to better suit your business operations. The following server extensions are part of the core iPlanet Web Server architecture:

• Common Gateway Interface (CGI)

• Netscape Server Application Programming Interface (NSAPI)

• Java Servlets and JavaServer Pages

• SHTML & JavaScript

Common Gateway Interface (CGI) is a stand-alone application development interface that enables you to create programs that process your client requests dynamically.

Netscape Server Application Programming Interface (NSAPI) is used to implement the functions the server calls when processing a request (Server Application Functions) which provide the core and extended functionality of the iPlanet Web Server. It allows the server's processing of requests to be divided into small steps which may be arranged in a variety of ways for speed and flexible configuration.

Java Servlets and JavaServer Pages extensions enable all Java servlet and JavaServer page meta-functions, including instantiation, initialization, destruction, access from other components, and configuration management. Java servlets and JavaServer pages, are reusable Java applications that run on a web server rather than in a web browser.

Runtime Environments

In addition to the various server extensions, iPlanet Web Server includes a set of runtime environments which support the server extensions. These runtime environments include the following:

• CGI Processor

• NSAPI Engine

• Java Virtual Machine (JVM)

• JavaScript Virtual Machine

Application Services

Finally, the iPlanet Web Server architecture includes a set of application services for various application-specific functions. These application services include the following:

• LiveWire Database Service

• Security & Access Control

• Session Management Service

• File System Service

• Mail Service

How iPlanet Web Server is Configured

---

iPlanet Web Server is configured to enable you to turn on or off various features, determine how to respond to individual client requests, and write programs that run on and interact with the server's operation. The instructions (called directives) which identify these options are stored in configuration files. iPlanet Web Server reads the configuration files on startup and during client requests to map your choices with the desired server activity. For more information about these files, see iPlanet Web Server Configuration Files.

The server includes a number configuration files which are stored in server_root/config when installed on your computer.

This section includes the following topics:

• iPlanet Web Server Component Options

• iPlanet Web Server Configuration Files

• Single-Server Configuration

• Multiple-Server Configuration

iPlanet Web Server Component Options

The following component options are available when you install iPlanet Web Server:

• iPlanet Web Server Core

• Java Runtime Environment

• Java and Servlets

iPlanet Web Server Configuration Files

iPlanet Web Server includes a variety of configuration files that enable you to set various global variables, and to customize how the server responds to specific events and client requests. You can modify the configuration files automatically using the Administrator Server or Server Manager user interface settings, or manually by editing the files directly. For more information, see Performance Configuration.

The main iPlanet Web Server configuration files are: magnus.conf, obj.conf, mime.types, and admpw. These configuration files are described in this section.

---

Note

There are a number of configuration files iPlanet Web Server uses when your server is set up as part of a cluster of iPlanet Web Servers (these files include a .clfilter file extension). For more information regarding how you can configure a cluster of iPlanet Web Servers, including important guidelines, see About Clusters

---

magnus.conf: the main iPlanet Web Server configuration file. This file contains global server configuration information (such as, port, security, and so on). This file sets the values for variables that configure the server during initialization. iPlanet Web Sever reads this file and executes the variable settings on startup. The server does not read this file again until it is restarted, so you must restart the server every time you make changes to this file. For more information, see Viewing Server Settings.

obj.conf: the server's object configuration file. This file contains additional initialization information, settings for server customization, and instructions that the server uses to process requests from clients (such as browsers). iPlanet Web Server reads this file every time it processes a client request. For more information, see Viewing Server Settings.

For more information about the actual file syntax and the specific directives used by the obj.conf and magnus.conf configuration files, see the NSAPI Programmer's Guide for iPlanet Web Server.

mime.types: the MIME (Multi-purpose Internet Mail Extension) type configuration file. This file maps file extensions to MIME types, to enable the server to determine the type of content being requested. For example, requests for resources with .html extensions indicate that the client is requesting an HTML file, while requests for resources with .gif extensions indicate that the client is requesting an image file in GIF format. For more information, see Specifying a Default MIME Type. Note that you must restart the server every time you make changes to this file.

admpw: the username and password file for the Administrator Server superuser. For more information, see Changing the Superuser Settings.

Single-Server Configuration

If you have installed iPlanet Web Server on a single server, the installation process places all the files under the server root directory that you specified during installation.

All Platforms

For all platforms, the following directories are created under the server root directory:

• alias contains the key and certificate files for all Netscape/iPlanet servers (for example, https-adserv-serverid-cert7.db and secmod.db).

• bin contains the binary files for the server, such as the actual server, the Administration Server forms, and so on. In addition, this directory includes the https/install folder that contains files needed for migrating server settings and default configuration files needed for backward compatibility.

• docs is the server's default primary document directory, where your server's content files are usually kept. If you are migrating settings from an existing server, this directory doesn't appear until you finish the migration process.

• extras contains the log analyzer and log analysis tools.
  • The flexanlg directory contains a command-line log analyzer. This log analyzer analyzes files in flexlog format.

  • The log_anly directory contains the log analysis tool that runs through the Server Manager. This log analyzer analyzes files in common log format only.

• httpacl contains the files that store access control configuration information in the generated.server-identifier.acl and genwork.server-identifier.acl files. The file generated.server-identifier.acl contains changes you make using the Server Manager access control forms after saving your changes; genwork.server-identifier.acl contains your changes before you save your changes.

• https-admserv contains the directories for the Administration Server. This directory has the following subdirectories and files:
  • For Unix/Linux platforms, this directory contains shell scripts to start, stop, and restart the server and a script to rotate log files.

  • conf_bk contains backup copies of the server's configuration files.

  • config contains the server's configuration files: admpw, cron.conf, dsgw.conf, dsgwfilter.conf, dsgwlanguage.conf, dsgw-orgperson.conf, dsgwserarchprefs.conf, magnus.conf, magnus.conf.clfilter, mime.types, ns-cron.conf, obj.conf, obj.conf.clfilter, servers.lst. Working copies are kept here. For more information on magnus.conf and obj.conf, see the NSAPI Programmer's Guide for iPlanet Web Server.

  • logs contains any error or access log files.

  • startsvr.bat is the script that starts the Server Manager. The Server Manager lets you configure all servers installed in the server root directory.

  • stopsvr.bat is the script that stops the Server Manager.

• https-server_id.domain are the directories for each server you have installed on the machine. Each server directory has the following subdirectories and files:
  • ClassCache contains classes and Java files, generated as result of the compilation of JavaServer pages.

  • conf_bk contains backup copies of the server's configuration files.

  • config contains the Administration Server configuration files.

  • logs contains the Administration Server log files.

  • search contains the following directories: admin and collections

  • SessionData contains session database data from MMapSessionManager.

  • startsvr.bat is the script that starts the Server Manager. The Server Manager lets you configure all servers installed in the server root directory.

  • stopsvr.bat is the script that stops the Server Manager.

• manual contains the online manuals for the product.

• plugins contains directories for Java, search, and other plugins. This directory has the following subdirectories:
  • content_mgr contains directories for your server's content.

  • htaccess contains server plugin for .htaccess access control and htconvert, an .nsconfig to .htaccess converter.

  • include contains various include files.

  • lib contains shared libraries.

  • nsacl contains information for your server's access control lists.

  • loadbal contains the required files for the Resonate load-balancer integration plugin.

  • nsapi contains header files and example code for creating your own functions using NSAPI. For more information, see the iPlanet documentation web site at: http://www.iplanet.com/docs

  • samples/js contains the Application Manager and the samples for server-side JavaScript. Note that this is available only if JavaScript was installed.

  • search contains information for your server's search plugins.

  • snmp contains information for your server's SNMP plugins.

• setup contains the various iPlanet Web Server setup files.

• userdb contains user databases and related information.

• LICENSE.txt is the license file.

• README.txt is the readme file that contains a link to the iPlanet Web Server Release Notes.

Unix and Linux Platforms

In addition to the files and directories described in All Platforms the following files are created at the server-root directory for Unix and Linux platforms:

• startconsole launches a browser to the Administration Server page.

The following files are created under the server-root/https-admserv directory for Unix and Linux platforms:

• ClassCache contains classes and Java files, generated as result of the compilation of JavaServer pages.

• conf_bk contains backup copies of the server's configuration files.

• config contains the Administration Server configuration files.

• logs contains the Administration Server log files.

• SessionData contains session database data from MMapSessionManager.

• restart is the script that restarts the Server Manager.

• rotate

• start is the script that starts the Server Manager. The Server Manager lets you configure all servers installed in the server root directory.

• stop is the script that stops the Server Manager.

Multiple-Server Configuration

You can also have multiple Web servers running on the same server—all of which can be configured from a single-server administration interface called Administration Server, or from the client-side application, Netscape Console. For more information about Netscape Console, see Netscape Console.

For more information regarding how to use the Administration Server to configure multiple servers on your machine, see Setting Encryption Preferences.

Administration Server

---

The Administration Server is a web-based server that contains the Java and JavaScript forms you use to configure all of your iPlanet Web Servers.

After installing iPlanet Web Server, you use your browser to navigate to the Administration Server page and use its forms to configure your iPlanet Web Servers. When you submit the forms, the Administration Server modifies the configuration for the server you were administering.

The URL you use to navigate to the Administration Server page depends on the computer host name and the port number you choose for the Administration Server when you install iPlanet Web Server. For example, if you installed the Administration Server on port 1234, the URL would look like this:

http://myserver.mozilla.com:1234

Before you can get to any forms, the Administration Server prompts you to authenticate yourself. This means you need to type a user name and password. You set up the "superuser" user name and password when you install iPlanet Web Server on your computer. After installation, you can use distributed administration to give multiple people access to different forms in the Administration Server. For more information about distributed administration, see Enabling Distributed Administration.

The first page you see when you access the Administration Server, is called Servers. You use the buttons on this page to manage, add, remove, and migrate your iPlanet Web Servers. The Administration Server provides the following tabs for your administration-level tasks:

• Servers

• Preferences

• Global Settings

• Users and Groups

• Security

• Cluster Mgmt (Cluster Management)
  

  ---

  Note	You must enable cookies in your browser to run the CGI programs necessary for configuring your server.

  ---

  
  

For more information on using the Administration Server, including information regarding these administration-level tasks, see Administering iPlanet Web Servers.

Server Manager

---

The Server Manager is a web-based interface that contains the Java and JavaScript forms you use to configure individual instances of iPlanet Web Server.

This section includes the following topics:

• Accessing the Server Manager

• Using the Resource Picker

• Wildcards Used in the Resource Picker

Accessing the Server Manager

You can access the Server Manager for iPlanet Web Server by performing the following steps:

1. Install and start your iPlanet Web Server.

   The Administration Server displays the Servers page.

2. In the Manage Servers area, select the desired server and click Manage.

   iPlanet Web Server displays the Server Manager Preferences page, as shown in the following illustration:

Figure 1-1    The iPlanet Web Server Server Manager

---

Note	Note that you must enable cookies in your browser to run the CGI programs necessary for configuring your server.

---

You use the links on the Preferences page to manage the following options:

• Turn iPlanet Web Server on/off

• Server settings

• Restore configuration

• Performance tuning actions

• Native thread pool

• Generic thread pool

• Global MIME types

• Network settings

• Error responses

• Dynamic configuration files

• Restrict access

• Encryption preferences

• Stronger ciphers

In addition, the Server Manager provides the following tabs for additional iPlanet Web Server managerial tasks:

• Programs

• Servlets

• Security

• Status

• Styles

• Content Mgmt

• Web Publishing

• Search

For more information, see "Server Manager",

Using the Resource Picker

Most of the Server Manager pages configure the entire iPlanet Web Server. Some pages can configure either the entire server or files or directories that the server maintains. These pages include the Resource Picker, shown in Figure 1-2, at the top. The Resource Picker lets you specify what resource to configure.

Figure 1-2    Resource Picker

Pick a resource from the drop-down list for configuration. Click Browse to browse your primary document directory; clicking Options allows you to choose other directories. Click Wildcard to configure files with a specific extension.

Wildcards Used in the Resource Picker

In many parts of the server configuration, you specify wildcard patterns to represent one or more items to configure. Please note that the wildcards for access control and text search may be different from those discussed in this section.

Wildcard patterns use special characters. If you want to use one of these characters without the special meaning, precede it with a backslash (\) character.

Table 1-1 Resource Picker wildcard patterns 

Wildcard Pattern	Description
*	Match zero or more characters.
?	Match exactly one occurrence of any character.
|	An or expression. The substrings used with this operator can contain other special characters such as * or $. The substrings must be enclosed in parentheses, for example, (a|b|c), but the parentheses cannot be nested.
$	Match the end of the string. This is useful in or expressions.
[abc]	Match one occurrence of the characters a, b, or c. Within these expressions, the only character that needs to be treated as a special character is ]; all others are not special.
[a-z]	Match one occurrence of a character between a and z.
[^az]	Match any character except a or z.
*~	This expression, followed by another expression, removes any pattern matching the second expression.
*.iplanet.com	Matches any string ending with the characters .iplanet.com.
quark|energy).iplanet.com	Matches either quark.iplanet.com or energy.iplanet.com.
198.93.9[23].???	Matches a numeric string starting with either 198.93.92 or 198.93.93 and ending with any 3 characters.
*.*	Matches any string with a period in it.
~iplanet-*	Matches any string except those starting with iplanet-.
*.iplanet.com~ quark.iplanet.com	Matches any host from domain iplanet.com except for a single host quark.iplanet.com.
*.iplanet.com~ (quark|energy|neutrino).iplanet.com	Matches any host from domain iplanet.com except for hosts quark.iplanet.com, energy.iplanet.com, and neutrino.iplanet.com.
*.com~*.iplanet.com	Matches any host from domain com except for hosts from subdomain iplanet.com.

Netscape Console

---

Netscape Console is a Java application that provides server administrators with a graphical interface for managing all Netscape/iPlanet servers from one central location anywhere within your enterprise network. From any installed instance of Netscape Console, you can see and access all the Netscape/iPlanet servers on your enterprise's network to which you have been granted access rights. You can log in from any system connected to your network to manage a remote server or to make changes in a centralized directory.

---

Note

For any given instance of Netscape Console, the limits of the network it can administer are defined by the set of resources whose configuration information is stored in the same configuration directory. That is the maximum set of hosts and servers that can appear in the Console window. For a given administrator using Netscape Console, the actual number of visible servers and hosts may be fewer, depending on the access permissions that administrator has.

For complete documentation on Netscape Console, see Managing Servers with Netscape Console.

---

Sending Error Information

---

iPlanet Web Server includes an error-handling mechanism called the Quality Feedback Agent. The Quality Feedback Agent enables you to automatically send error information (stack and register dump) to the Sun-Netscape Alliance if your iPlanet Web Server crashes.

By enabling the Quality Feedback Agent, you can assist the Sun-Netscape Alliance in determining the cause of errors that occur in the server. The Quality Feedback Agent only sends the Sun-Netscape Alliance information to help determine the cause of the error; it does not send documents or other sensitive information.

Details on Data Collected by the Quality Feedback Agent

The Quality Feedback Agent collects only the information needed to analyze and fix errors in the iPlanet Web Server. The following table summarizes all of the information collected by the agent and the reason why the Sun-Netscape Alliance collects this information.

Table 1-2 Data Collected by Quality Feedback Agent 

Data Collected	OS-specific Data	Reason for Data Collection
Stack Trace	Windows & Unix/Linux: Stack Trace	Shows where iPlanet Web Server failed and what functions were called just before the failure.
PC (Program Counter)	Windows & Unix/Linux: PC	Can be used to see if the iPlanet Web Server was in a bad state when it failed.
Registers	Windows: Processor Registers Unix/Linux: No	Provides the state of the processor at the time of the failure.
Dynamic Libraries	Windows: Loaded dlls Unix/Linux: ELF32 Shared Objects	Shows any additional dlls that might have been running with or missing from the iPlanet Web Server when it failed.
Threads	Windows: Threads in Active Process Unix/Linux: No	Identifies potential race conditions with other applications or with different processes in the iPlanet Web Server.
OS Version	Windows: Windows Version Unix/Linux: Unix Version	Provides the OS version. This information is necessary because the way the iPlanet Web Server interacts with different versions of an OS can cause different kinds of failures.
Processor Type	Windows: Processor Information Unix/Linux: Processor Information	Provides the processor version. This information is necessary because the iPlanet Web Server, like many software applications, can behave differently when it is running on different-speed processors.
Stack Data	Windows & Unix/Linux: Top 2048 bytes on the stack	Shows the value of variables passed into a function that was running at the time of failure.

Using the Quality Feedback Agent

The Quality Feedback Agent enables you to automatically send error information (stack and register dump) to the Sun-Netscape Alliance if your iPlanet Web Server crashes.

By enabling the Quality Feedback Agent, you can assist the Sun-Netscape Alliance in determining the cause of errors that occur in the server. The Quality Feedback Agent only sends the Sun-Netscape Alliance information to help determine the cause of the error; it does not send documents or other sensitive information.

---

Note	If JVM is enabled, you can not use Quality Feedback Agent.

---

To enable the Quality Feedback Agent for your iPlanet Web Server, perform the following procedures:

1. If necessary, edit your master.ini file to allow the Quality Feedback Agent to send data through your firewall to the Sun-Netscape Alliance. For more information, see Editing master.ini.

2. Edit magnus.conf to enable the Quality Feedback Agent (plus any optional parameters) for your iPlanet Web server. For more information, see Editing magnus.conf.

Editing master.ini

If you are using automatic proxy configuration, and you want to use the Quality Feedback Agent to send incident reports to the Sun-Netscape Alliance, you need to edit the master.ini file to contain the appropriate proxy configuration information.

To enable the Quality Feedback Agent, perform the following steps:

1. If you are using an HTTP proxy, or both an HTTP and SOCKS proxy, open the file master.ini in the server_root/bin/https/bin directory.

2. Add the following three lines of code to your master.ini file, using your proxy host name, domain, and port:

   UseUserHTTPProxyInfo=1

   UserHTTPProxyHost="yourproxy.yourdomain.com"

   UserHTTPProxyPort=xxxx

If you are using a SOCKS Proxy, add the following three lines of code to your master.ini file:

UseUserSOCKSInfo=1

UserSOCKSHost="yourproxy.yourdomain.com"

UserSOCKSPort=xxxx

Editing magnus.conf

To turn on the Quality Feedback Agent for your iPlanet Web server, add TalkBack on to your magnus.conf file. To disable it, either delete TalkBack, or specify TalkBack off.

In addition, there are two optional magnus.conf file variables for the Quality Feedback Agent:

• TalkbackMaxIncidents: If the server crashes more often than this number within a time interval, the Quality Feedback Agent will be turned off automatically. The default is 5.

• TalkbackInterval: The interval used by the parameter above, in seconds. The default is 86400 seconds (24 hours).

Note that both variables have no effect unless the Quality Feedback Agent is turned on. Once you restart the server, the counters are reset and the whole process starts over.