HTTP provides access to filesystems using the HTTP and HTTPS protocols and the HTTP extension Web-based Distributed Authoring and Versioning (WebDAV). This lets clients access shared filesystems through a web browser or as a local filesystem, if their client software supports it.
The HTTPS server uses either a self-signed security certificate or a customer-supplied certificate. To obtain a customer-supplied certificate, you must generate a Certificate Signing Request (CSR) and send it to the Certificate Authority (CA) for signature. After the signed certificate is returned from the CA, it can be installed on the appliance. If a certificate is signed by a non-root CA, you must also obtain certificates from the second- and higher-level CAs. For more information on certificate management, please refer to the Oracle ZFS Storage Appliance Administration Guide.
The following properties are available:
Require Client Login - Clients must authenticate before share access is allowed, and files they create will have their ownership. If this is not set, files created will be owned by the HTTP service with user "nobody".
Protocols - Select which access methods to support: HTTP, HTTPS, or both.
HTTP Port (for incoming connections) - HTTP port, the default is port 80.
HTTPS Port (for incoming secure connections) - HTTP port, the default port is 443.
SSL/TLS versions and ciphers - SSL/TLS protocol versions and ciphers for HTTP connections. The defaults are TLSv1.1, TLSv1.2 and their associated ciphers. TLSv1.0 is not enabled by default due to security concerns, but it can be enabled for backward compatibility. In the BUI, the list of available ciphers changes based on the selected versions. Some selected SSL/TLS protocol versions and/or ciphers are removed after a software upgrade if they are no longer supported. To avoid service unavailability, keep the default settings unless otherwise needed or as instructed by Oracle Support.
When Require Client Login is enabled, the Oracle ZFS Storage Appliance denies access to clients that do not supply valid authentication credentials for a local user, an NIS user, or an LDAP user. Active Directory authentication is not supported. Only basic HTTP authentication is supported. Unless HTTPS is being used, this transmits the username and password unencrypted, which may not be appropriate for all environments. If Require Client Login is disabled, the appliance does not try to authenticate credentials.
Regardless of authentication, permissions are not masked from created files and directories. Newly created files have permissions read and write by everyone. Newly created directories have permissions read, write, and execute by everyone.