Previous      Contents      Index      Next
Sun Java System Application Server 8 2004Q4 Beta Platform Edition Administration Guide

Chapter 11
Configuring the HTTP Service

This chapter describes how to configure virtual servers and HTTP listeners for the HTTP service component of the Application Server.

About the HTTP Service
Admin Console Tasks for the HTTP Service
Admin Console Tasks for HTTP Listeners
Admin Console Tasks for Virtual Servers

---

About the HTTP Service

What Is the HTTP Service?
Virtual Servers
HTTP Listeners

What Is the HTTP Service?

The HTTP service is the component of the Application Server that provides facilities for deploying Web applications and for making deployed Web applications accessible by HTTP clients. (See "Deploying a Web Application".) These facilities are provided by means of two kinds of related objects, virtual servers and HTTP listeners.

Virtual Servers

A virtual server, sometimes called a virtual host, is an object that allows the same physical server to host multiple Internet domain names. All virtual servers hosted on the same physical server share the Internet Protocol (IP) address of that physical server. A virtual server associates a domain name for a server (such as www.aaa.com) with the particular server on which the Application Server is running.

Note: Do not confuse an Internet domain with the administrative domain of the Application Server. (See "Administrative Domains".)

For instance, assume you want to host these domains on your physical server:

www.aaa.com
www.bbb.com
www.ccc.com

Assume also that www.aaa.com, www.bbb.com, and www.ccc.com have web modules web1, web2, and web3, respectively, associated with them.

This means that all of these URLs are handled by your physical server:

http://www.aaa.com:8080/web1
http://www.bbb.com:8080/web2
http://www.ccc.com:8080/web3

The first URL is mapped to virtual host www.aaa.com, the second URL is mapped to virtual host www.bbb.com, and the third is mapped to virtual host www.ccc.com.

On the other hand, the following URL results in a 404 return code, because web3 isn't registered with www.bbb.com:

http://www.bbb.com:8080/web3

For this mapping to work, make sure that www.aaa.com, www.bbb.com, and www.ccc.com all resolve to your physical server's IP address. They need to be registered with the DNS server for your network. In addition, on a UNIX system, add these domains to your /etc/hosts file (if the setting for hosts in your /etc/nsswitch.conf file includes files).

When the Application Server is started, it starts the following virtual servers automatically:

A virtual server named server, which hosts all user-defined Web modules
A virtual server named __asadmin, which hosts all administration-related Web modules (specifically, the Admin Console)

For development, testing, and deployment of Web services in a non-production environment, server is often the only virtual server required. In a production environment, additional virtual servers provide hosting facilities for users and customers so that each appears to have its own Web server, even though there is only one physical server.

HTTP Listeners

Each virtual server provides connections between the server and clients through one or more HTTP listeners. Each HTTP listener is a listen socket that has an IP address, a port number, a server name, and a default virtual server.

HTTP listeners must have a unique combination of port number and IP address. For example, an HTTP listener can listen on all configured IP addresses on a given port for a machine by specifying the IP address 0.0.0.0. Alternatively, the HTTP listener can specify a unique IP address for each listener, but use the same port.

Since an HTTP listener is a combination of IP address and port number, you can have multiple HTTP listeners with the same IP address and different port numbers (for example, 1.1.1.1:8081 and 1.1.1.1:8082), or with different IP addresses and the same port number (for example, 1.1.1.1:8081 and 1.2.3.4:8081, if your machine was configured to respond to both these addresses).

However, if an HTTP listener uses the 0.0.0.0 IP address, which listens on all IP addresses on a port, it is not possible to create HTTP listeners for additional IP addresses that listen on the same port for a specific IP address. For example, if an HTTP listener uses 0.0.0.0:8080 (all IP addresses on port 8080), another HTTP listener cannot use 1.2.3.4:8080.

Because the system running the Application Server typically has access to only one IP address, HTTP listeners typically use the 0.0.0.0 IP address and different port numbers, with each port number serving a different purpose. If the system does have access to more than one IP address, each address can serve a different purpose.

By default, when the Application Server starts, it has the following HTTP listeners:

Two HTTP listeners named http-listener-1 and http-listener-2, associated with the virtual server named server. The listener named http-listener-1 does not have security enabled; http-listener-2 has security enabled.
An HTTP listener named admin-listener, associated with the virtual server named __asadmin.

All these listeners use the IP address 0.0.0.0 and the port numbers specified as the HTTP server port numbers during installation of the Application Server. If the Application Server uses the default port number values, http-listener-1 uses port 8080, http-listener-2 uses port 8181, and admin-listener uses port 4848.

Each HTTP listener has a default virtual server. The default virtual server is the server to which the HTTP listener routes all request URLs whose host component does not match any of the virtual servers that are associated with the HTTP listener (a virtual server is associated with an HTTP listener by listing the HTTP listener in its http-listeners attribute).

In addition, specify the number of acceptor threads in the HTTP listener. Acceptor threads are threads that wait for connections. The threads accept connections and put them in a queue, where they are then picked up by worker threads. Configure enough acceptor threads so that there is always one available when a new request comes in, but few enough so that they do not provide too much of a burden on the system. In the Application Server, there is no distinction between acceptor and request processing (worker) threads: each HTTP listener thread is responsible for accepting and processing requests. For this reason, the HTTP listeners in the Application Server's default configuration use 50 acceptor threads.

The HTTP listener's server name is the host name that appears in the URLs the server sends to the client as part of a redirect. This attribute affects URLs the server automatically generates; it does not affect the URLs for directories and files stored in the server. This name is normally the alias name if the server uses an alias. If a client sends a Host: header, that host name supersedes the HTTP listener's server name value in redirects.

Specify a redirect port to use a different port number from that specified in the original request. A redirect occurs in one of these situations:

If a client tries to access a resource that no longer exists at the specified URL (that is, the resource has moved to another location), the server redirects the client to the new location (instead of returning a 404), by returning a designated response code and including the new location in the response's Location header.
If a client tries to access a resource that is protected (for example, SSL) on the regular HTTP port, the server redirects the request to the SSL-enabled port. In this case, the server returns a new URL in the Location response header, in which the original nonsecure port has been replaced with the SSL-enabled port. The client then connects to this new URL.

Specify also whether security is enabled for an HTTP listener and what kind of security is used (for example, which SSL protocol and which ciphers).

To access a Web application deployed on the Application Server, use the URL http://localhost:8080/ (or https://localhost:8181/ if it is a secure application), along with the context root specified for the Web application. To access the Admin Console, use the URL http://localhost:4848/ or http://localhost:4848/asadmin/ (its default context root).

Because a virtual server must specify an existing HTTP listener, and because it cannot specify an HTTP listener that is already being used by another virtual server, create at least one HTTP listener before creating a new virtual server.

---

Admin Console Tasks for the HTTP Service

Configuring the HTTP Service
Configuring the HTTP Service Access Log

Configuring the HTTP Service

To configure the HTTP service, follow these steps:

In the tree component, expand the Configuration node.
Select the HTTP Service node.
The HTTP Service page allows the setting of properties that apply to all of the service's HTTP listeners.

The following table lists these properties.

Table 11-1 HTTP Service Properties 

Property Name	Description	Default Value
bufferSize	Specifies the size (in bytes) of the buffer to be provided for input streams created by HTTP listeners.	2048
connectionTimeout	Specifies the number of milliseconds HTTP listeners wait, after accepting a connection, for the request URI line to be presented.	60000 (60 seconds)
maxKeepAliveRequests	Specifies the maximum number of HTTP requests that can be pipelined until the connection is closed by the server. Setting this attribute to 1 disables HTTP/1.0 keep-alive, as well as HTTP/1.1 keep-alive and pipelining.	100
tcpNoDelay	If set to true, the TCP_NO_DELAY option is set on all HTTP listeners. This option improves performance, under most circumstances.	true

Click the Access Log tab to configure access log rotation.
Click Save.

Configuring the HTTP Service Access Log

Use this page to enable and configure rotation for the access logs for the virtual servers. These logs are in the install_dir/domains/domain_name/logs/access directory and are named as follows:

virtual_server_name_access_log.yyyy-mm-dd.txt

Click Load Defaults to load the default values. To change the rotation properties for these logs, do the following:

Check the File Rotation box to turn on file rotation. By default, file rotation is disabled.
From the Rotation Policy drop-down list, choose a policy. (The only policy available is time.)
In the Rotation Interval field, type a numeric value to specify the number of minutes between rotations of the access log. This field is valid only if the Rotation Policy is time. The default is 1440 minutes.
In the Rotation Suffix field, type a string value to specify the suffix to be added to the log file name after rotation. The default is %YYYY;%MM;%DD;-%hh;h%mm;m%ss;s.
In the Format field, enter a string value to specify the format of the access log. Use the formats shown in the following table. The default format is %client.dns;%auth-user-name;%system.date;%request;%status;
%response.length;.

Table 11-2 Token Values for Access Log Format 

Data	Token
Client Host Name	%client.name;
Client DNS	%client.dns;
System Date	%datetime;
Full HTTP Request line	%request;
Status	%status;
Response Content Length	%response.length;
Referer Header	%header.referer;
User-agent	%header.user-agent;
HTTP Method	%http-method;
HTTP URI	%http-uri;
HTTP Query String	%query-str;
HTTP Protocol Version	%http-version;
Accept Header	%header.accept;
Date Header	%header.date;
If-Modified-Since Header	%header.if-mod-since;
Authorization Header	%header.auth;
Any valid HTTP header value defined in RFC 2616 (any is also a valid header value; it is specified as a variable here)	%header.any;
Name of Authorized User	%auth-user-name;
Value of a Cookie	%cookie.value;
Virtual Server ID	%vs.id;

Click Save to save the changes, or Load Defaults to return to the default settings.

---

Admin Console Tasks for Virtual Servers

Creating a Virtual Server
Editing a Virtual Server
Deleting a Virtual Server

Creating a Virtual Server

To create a virtual server, follow these steps:

In the tree component, expand the Configuration node.
Expand the HTTP Service node.
Select the Virtual Servers node.
On the Virtual Servers page, click New. The Create Virtual Server page appears.
In the ID field, type the name of the domain. This value is used to identify the virtual server internally. It is not exposed to HTTP clients. The host names that are exposed to HTTP clients must be specified in the Hosts field.
In the Hosts field, type the host name or names for the machine on which the server is running. Use either actual or virtual host names that are registered with the DNS server for your network (and, on a UNIX system, in your /etc/hosts file).
In the area opposite State, select either On, Off, or Disabled. The default is On.
Leave the HTTP Listeners field empty. It is filled in automatically when you create an HTTP listener and associate it with this server.

(Use of this field requires that you specify an existing HTTP listener. You must not, however, specify a listener that is used by another virtual server; if you do, the Application Server will not restart and you will have to delete the new virtual server manually from the domain.xml file. Since a listener must be associated with an existing virtual server when it is created, all existing listeners are used by another virtual server.)

From the Default Web Module drop-down list, choose the deployed Web module (if any) that is to respond to all requests that cannot be mapped to other web modules deployed to the virtual server.

If a Default Web Module is not specified, the web module that has an empty context root is used. If there is no web module with an empty context root, a system default web module is created and used.

In the Log File field, type the path name of the file where logging messages from this virtual server will appear. Leave this field empty to send logging messages to the default server log (install_dir/domains/domain1/logs/server.log).
In the Additional Properties area, click Add Property to add a property for the virtual server. Whether you specify properties or not, the new server has the default properties docroot and accesslog, set to default values.
Click OK to save the virtual server.
Stop and restart the Application Server.

The following table lists the available properties.

Table 11-3 Virtual Server Properties 

Property Name	Description
docroot	Absolute path to root document directory for server. Default is install_dir/domains/domain1/docroot
accesslog	Absolute path to server access logs. Default is install_dir/domains/domain1/logs/access.
sso-enabled	If false, single sign-on is disabled for this virtual server, and users must authenticate separately to every application on the virtual server. Single sign-on across applications on the Application Server is supported by servlets and JSP pages. This feature allows multiple applications that require the same user sign-on information to share this information, rather than have the user sign on separately for each application. Default is true.
sso-max-inactive-seconds	Specifies the number of seconds after which a user's single sign-on record becomes eligible for purging if no client activity is received. Since single sign-on applies across several applications on the same virtual server, access to any of the applications keeps the single sign-on record active. Default is 300 seconds (5 minutes). Higher values provide longer single sign-on persistence for users at the expense of more memory use on the server.
sso-reap-interval-seconds	Specifies the number of seconds between purges of expired single sign-on records. Default is 60.

Equivalent asadmin command: create-virtual-server

Editing a Virtual Server

To edit a virtual server, follow these steps:

In the tree component, expand the Configuration node.
Expand the HTTP Service node.
Select the Virtual Servers node.
Select the virtual server to be edited.
On the Edit Virtual Server page, it is possible to perform these tasks:
Change the host name in the Hosts field.
Change the value of the State setting.
Add or remove an HTTP listener.
Change the Default Web Module selection.
Change the Log File value.
Add, remove, or modify properties.
Click Save to save your changes.
Stop and restart the Application Server.

Deleting a Virtual Server

To delete a virtual server, follow these steps:

In the tree component, expand the Configuration node.
Expand the HTTP Service node.
Select the Virtual Servers node.
On the Virtual Servers page, check the box next to the name of the virtual server to be deleted.
Click Delete.
Stop and restart the Application Server.

It is possible to delete the __asadmin virtual server, but this is not recommended. If you plan to do so, first copy the virtual-server elements of the Application Server's domain.xml file to a safe place so that the settings can be restored if needed.

Equivalent asadmin command: delete-virtual-server

---

Admin Console Tasks for HTTP Listeners

Creating an HTTP Listener
Editing an HTTP Listener
Deleting an HTTP Listener

Creating an HTTP Listener

To create an HTTP listener, follow these steps:

In the tree component, expand the Configuration node.
Expand the HTTP Service node.
Select the HTTP Listeners node.
On the HTTP Listeners page, click New. The Create HTTP Listener page appears.
In the Name field, type a name for the listener.
In the Listener field, remove the check from the Enabled box if you do not want to enable the listener when the server restarts.
In the Network Address field, type 0.0.0.0 if you want the listener to listen on all IP addresses for the server, using a unique port value. Otherwise, type a valid IP address for the server.
In the Listener Port field, type a unique port value if the Network Address field is 0.0.0.0, or the desired port value if you are using another IP address.
Choose a virtual server from the Default Virtual Server drop-down list.
In the Server Name field, type the host name to be used in the URLs the server sends to the client. This name is the alias name if your server uses an alias. If your server does not use an alias, leave this field empty.
In the Advanced area, perform any of the following tasks:
To redirect requests to another port, type a value in the Redirect Port field. The Application Server automatically redirects the request if these two conditions exist:
This listener is supporting non-SSL requests.
A request is received for which a matching security constraint requires SSL transport.

By default, the Application Server uses the port number specified in the original request.

Change the number of Acceptor Threads.
Remove the check from the Powered By box to disable the inclusion of the X-Powered-By: Servlet/2.4 header in servlet-generated HTTP response headers.

The Java Servlet 2.4 Specification defines this header, which containers may add to servlet-generated responses. Similarly, the JavaServer Pages™ (JSP™) 2.0 Specification defines an X-Powered-By: JSP/2.0 header to be added (on an optional basis) to responses that use JSP technology. The inclusion of the X-Powered-By: JSP/2.0 header is enabled by default for web applications. The goal of these headers is to aid Web site administrators in gathering statistical data about the use of Servlet and JSP technology.

For information on enabling and disabling the X-Powered-By header for JSP pages, see the chapter entitled "Deployment Descriptor Files" in the Application Server Developer's Guide.

Production environments might decide to omit the generation of X-Powered-By headers to hide their underlying technology.

To create a listener that is not secure, click OK.

In the Security section of this page, it is possible to configure the listener to use SSL, TLS, or both SSL and TLS security.

To set up a secure listener, do the following:

Check the Enabled box in the Security field.
To force clients to authenticate themselves to the server when using this listener, check the Enabled box in the Client Authentication field.
Enter the name of an existing server keypair and certificate in the Certificate NickName field. See the Security chapter for more information.
In the SSL3/TLS section:
Check the security protocol(s) to be enabled on the listener. Check either SSL3 or TLS, or both.
Check the cipher suite used by the protocol(s). To enable all cipher suites, check All Supported Cipher Suites. You can also enable individual cipher suites.

The listener is now listed in the HTTP Listeners field for the virtual server that is specified as the Default Virtual Server.

Stop and restart the Application Server in order to use the new HTTP listener.

Equivalent asadmin command: create-http-listener

Editing an HTTP Listener

To edit an HTTP listener, follow these steps:

In the tree component, expand the Configuration node.
Expand the HTTP Service node.
Select the HTTP Listeners node.
Select the HTTP listener to be edited.
On the Edit HTTP Listener page, modify any of the settings.
Click Save to save the changes.
Stop and restart the Application Server.

Deleting an HTTP Listener

To delete an HTTP listener, follow these steps:

In the tree component, expand the Configuration node.
Expand the HTTP Service node.
Select the HTTP Listeners node.
On the HTTP Listeners page, check the box next to the name of the HTTP listener to be deleted.
Click Delete.
Stop and restart the Application Server.

It is possible to delete the http-listener-1, http-listener-2, and admin-listener HTTP listeners, but this is not recommended. If you plan to do so, first copy the http-listener elements of the Application Server's domain.xml file to a safe place so that the settings can be restored if needed.

Equivalent asadmin command: delete-http-listener

Previous      Contents      Index      Next

---

Copyright 2004 Sun Microsystems, Inc. All rights reserved.