Compaq Secure Web Server
Version 1.2 for OpenVMS Alpha
(based on Apache)Installation and Configuration Guide
Contents
Chapter 1
Installation Requirements and PrerequisitesBefore you can install the Compaq Secure Web Server for OpenVMS Alpha (based on Apache), you should verify that your system meets the minimum hardware and software requirements described below.
1.1 Hardware Requirements
You can install the Compaq Secure Web Server for OpenVMS on any AlphaServer system or Alpha workstation running OpenVMS Version 7.2-1 or higher.
1.2 Software Requirements
See the Supported Configurations Page for the prerequisites and supported products with version requirements for each release of Compaq Secure Web Server and its associated kits.
The Compaq Secure Web Server requires the following software:
- OpenVMS Alpha Version 7.2-1 or higher
- Compaq TCP/IP Services for OpenVMS Version 5.0A or higher
1.2.1 MultiNet and TCPware Network Products
If you are using MultiNet or TCPware from Process Software Corporation, instead of Compaq TCP/IP Services for OpenVMS, you should be aware of the following information.
The Compaq Secure Web Server has been tested and verified using Compaq TCP/IP Services for OpenVMS. There are no known problems running Compaq Secure Web Server with other TCP/IP network products such as MultiNet and TCPware, but Compaq has not formally tested and verified these other products.
MultiNet and TCPware require ECO kits for the Compaq Secure Web Server. These ECO kits are subject to change. For the latest ECO kit information, contact Process Software and ask for the ECO kits required to run the Compaq Secure Web Server. Send network connectivity questions regarding the Compaq Secure Web Server for OpenVMS on TCPware and MultiNet via email to support@process.com.
1.2.2 CSWS_JAVA Requirements
The Compaq Secure Web Server for OpenVMS supports an optional kit, CSWS_JAVA, which includes the following Apache Jakarta technologies: Tomcat 3.2.4 (JavaServer Pages 1.1, Java Servlet 2.2, MOD_JK, and MOD_JSERV) and Ant. (Note: Ant is a partial implementation of the Jakarta Ant subproject and its use is limited to building the included sample web applications and simple user-written web applications for Tomcat.)
CSWS_JAVA also includes the older CSWS_JSERV kit, which includes the following Apache Java projects: MOD_JSERV, Java Servlet 2.0, and JSSI 1.1.1.
CSWS_JAVA Version 1.1 for the Compaq Secure Web Server for OpenVMS Alpha requires the following software:
- OpenVMS Alpha Version 7.2-1 (or higher)
- Compaq Secure Web Server Version 1.1-1 (or higher) for OpenVMS Alpha
- Compaq Java Development Kit Version 1.2.2 (or higher) for OpenVMS Alpha
- All patches required for Compaq Java Development Kit for OpenVMS Alpha
For production environments, Compaq recommends that you install CSWS_JAVA on an ODS-5 enabled disk. Your installation of the Compaq Secure Web Server can remain on an ODS-2 disk.
1.2.3 CSWS_PERL Requirements
Perl has become the premier scripting language of the Web, as most CGI programs are written in Perl. The Compaq Secure Web Server for OpenVMS supports an optional kit, CSWS_PERL. This kit includes MOD_PERL, an interface between Perl and the Compaq Secure Web Server which lets you write modules entirely in Perl. The CSWS_PERL kit requires the following software:
- OpenVMS Alpha Version 7.2-1 or higher
- Compaq Secure Web Server Version 1.2 (or higher) for OpenVMS Alpha
- Perl Version 5.6.1
Note
The Compaq Secure Web Server for OpenVMS works with a specific version of Perl. You can have more than one version of Perl installed on your system as long as you are careful about how you define logical names. Make sure the Compaq Secure Web Server can only see its required version of Perl.1.2.4 CSWS_PHP Requirements
PHP is a server-side, cross-platform, HTML embedded scripting language that lets you create dynamic web pages. PHP-enabled web pages are treated the same as regular HTML pages, and you can create and edit them the way you normally create regular HTML pages. The CSWS_PHP kit requires the following software:
- OpenVMS Alpha Version 7.2-1 or higher
- Compaq Secure Web Server Version 1.2 (or higher) for OpenVMS Alpha
CSWS_PHP does not require configuration after you install the kit.
1.2.5 Building the Apache HTTP Server from Source Code
Compaq Secure Web Server Version 1.2 for OpenVMS is based on Apache 1.3.20. Source code and instructions for building an Apache HTTP server for OpenVMS can be found at the
Compaq Secure Web Server for OpenVMS web site
If you are building an Apache HTTP Server from source code, you also need:
- Compaq C Version 6.2
Chapter 2
Installation and ConfigurationRead this chapter to install and configure the Compaq Secure Web Server for OpenVMS. Installation and configuration consists of the following steps:
- Read the release notes
- Install the server and optional modules
- Configure the server
- Review the post configuration checklist
- Test the installation
Detailed instructions for completing each of these steps are provided below.
2.1 Read the Release Notes
Before you begin the installation, you should read the release notes provided with the kit.
Compaq Secure Web Server for OpenVMS Alpha Release Notes.
2.2 Install the Server and Optional Modules
The following kits are provided with this release:
- Compaq Secure Web Server for OpenVMS (CSWS)
- CSWS_JAVA
- CSWS_PERL
- CSWS_PHP
CSWS_JAVA, CSWS_PERL, and CSWS_PHP are optional modules. You can install the Compaq Secure Web Server by itself or you can install it with one or more of the optional modules. You can install the optional modules later, if you choose.
Before you begin, do the following:
- Decide what you want to install.
- Review the software requirements in Section 1.2 for the server and each optional module you are installing.
Server requirements
CSWS_JAVA requirements
CSWS_PERL requirements
CSWS_PHP requirements- Decide where you want to install the kit. Please note:
- The Compaq Secure Web Server, CSWS_JAVA, CSWS_PERL, and CSWS_PHP are all installed in the same directory (required).
- By default, they are installed in SYS$COMMON. However, Compaq recommends that you specify another location.
Follow these instructions to install the Compaq Secure Web Server by itself or with one or both of the optional modules:
- The Compaq Secure Web Server for OpenVMS kit is provided as a compressed, self-extracting file. To download it from the OpenVMS website, fill out and submit the registration form at:
Compaq Secure Web Server for OpenVMS Alpha
If you obtain the Compaq Secure Web Server from the OpenVMS website, at this time you should also download any optional modules you want to install.
CSWS_JAVA for the Compaq Secure Web Server for OpenVMS Alpha
CSWS_PERL for the Compaq Secure Web Server for OpenVMS Alpha
CSWS_PHP for the Compaq Secure Web Server for OpenVMS Alpha- Make sure you are logged in as a privileged OpenVMS user (for example, SYSTEM).
- You need to select UIC group and member numbers for the APACHE$WWW account that will be created by the installation procedure. Compaq recommends that you use an empty or new UIC group (without current members). Servers typically use the highest unused UIC group (for example, [370,1]).
To ensure that the UIC you chose for APACHE$WWW has READ and WRITE access to the intended login device, use the SHOW DEVICE/FULL command. For example:
$ SHOW DEVICE/FULL DKB0: Disk $DKB0:, device type RZ56, is online, mounted, file-oriented device, shareable, error logging is enabled. Error count 0 Operations completed 392750 Owner process "" Owner UIC [1,4] Owner process ID 00000000 Dev Prot S:RWPL,O:RWPL,G:R,W Reference count 317 Default buffer size 512 Total blocks 1299174 Sectors per track 54 Total cylinders 1604 Tracks per cylinder 15 Volume label "SYSTEM_DISK" Relative volume number 0 Cluster size 3 Transaction count 278 Free blocks 367632 Maximum files allowed 162396 Extend quantity 5 Mount count 1- Decompress the server kit with the following command:
$ RUN CPQ-AXPVMS-CSWS-V0102--1.PCSI-DCX-AXPEXE
The system displays information about the file compression version and help information about the command syntax. When you see the following prompt:
Decompress into (file specification):
press ENTER.
The system expands the file and names it. Do not rename this file.
- To decompress CSWS_JAVA, enter the following command:
$ RUN CPQ-AXPVMS-CSWS_JAVA-V0101--1.PCSI-DCX-AXPEXE
At the Decompress into (file specification): prompt, press return. The system expands the file and names it. Do not rename this file.- To decompress CSWS_PERL, enter the following command:
$ RUN CPQ-AXPVMS-CSWS_PERL-V0101--1.PCSI-DCX-AXPEXE- To decompress CSWS_PHP, enter the following command:
$ RUN CPQ-AXPVMS-CSWS_PHP-V0100--1.PCSI-DCX-AXPEXE
At the Decompress into (file specification): prompt, press return. The system expands the file and names it. Do not rename this file.- Start the installation with the PRODUCT INSTALL command. Use the /DESTINATION qualifier to specify a target device and directory for the installation (recommended). If you don't specify a destination, the software will be installed in SYS$COMMON. Choose the appropriate PRODUCT INSTALL command from the following list.
Important
Review the software requirements for the server and each optional module you are about to install. To prevent installation problems, make sure the required software is installed before you enter the PRODUCT INSTALL command.
To install the server, use the following command:
$ PRODUCT INSTALL CSWS /DESTINATION=device:[directory-name]
To install the server and one or more of the optional modules, specify CSWS and the CSWS_nnnn kit name on the PRODUCT INSTALL command line, separated by commas. For example, to install the server and CSWS_PERL, use the following command:
$ PRODUCT INSTALL CSWS, CSWS_PERL /DESTINATION=device:[directory-name]The installation proceeds and displays product information as well as post-installation instructions. The installation is finished when you see the DCL prompt ($).
After the installation, you must configure the Compaq Secure Web Server. Do not attempt to start the server or configure any optional modules before you have configured the server.
2.2.1 Sample Installation
Following is an example of the Compaq Secure Web Server product installation for the default destination (SYS$COMMON:[APACHE]).
$ PRODUCT INSTALL CSWS /DESTINATION=DISK$DKA0:[000000] The following product has been selected: CPQ AXPVMS CSWS V1.2 Layered Product Do you want to continue? [YES] Configuration phase starting ... You will be asked to choose options, if any, for each selected product and for any products that may be installed to satisfy software dependency requirements. CPQ AXPVMS CSWS V1.2 Compaq Computer Corporation & The Apache Software Foundation. * This product does not have any configuration options. Execution phase starting ... The following product will be installed to destination: CPQ AXPVMS CSWS V1.2 DISK$OPNWID_72:[000000] Portion done: 0%...10%...20%...30%...40%...50%...60%...70%...80%...90%...100% The following product has been installed: CPQ AXPVMS CSWS V1.2 Layered Product CPQ AXPVMS CSWS V1.2 Release notes are available in SYS$HELP:CSWS*.RELEASE_NOTES. Compaq highly recommends that you read these release notes. For the most up-to-date documentation, including release notes, Frequently Asked Questions (FAQs), and information about configuring and running the Compaq Secure Web Server, please see the web pages at: http://www.openvms.compaq.com/openvms/products/ips/apache/csws_doc.html Post-installation tasks are required for the Compaq Secure Web Server. The OpenVMS Installation and Configuration Guide gives detailed directions. This information is a brief checklist. Configure OpenVMS aspects of the Compaq Secure Web Server by: $ @SYS$MANAGER:APACHE$CONFIG If the OpenVMS username APACHE$WWW does not exist, you will be prompted to create that username. File ownerships are set to UIC [APACHE$WWW], etc. After configuration, start the Compaq Secure Web Server manually by entering: $ @SYS$STARTUP:APACHE$STARTUP Check that neither SYLOGIN.COM nor the LOGIN.COM write any output to SYS$OUTPUT:. Look especially for a $ SET TERMINAL/INQUIRE. Start the Compaq Secure Web Server at system boot time by adding the following lines to SYS$MANAGER:SYSTARTUP_VMS.COM: $ file := SYS$STARTUP:APACHE$STARTUP.COM $ if f$search("''file'") .nes. "" then @'file' Shutdown the Apache server at system shutdown time by adding the following lines to SYS$MANAGER:SYSHUTDWN.COM: $ file := SYS$STARTUP:APACHE$SHUTDOWN.COM $ if f$search("''file'") .nes. "" then @'file' Test the installation using your favorite Web browser. Replace host.domain in the following URL (Uniform Resource Locator) with the information for the Compaq Secure Web Server just installed, configured, and started. URL http://host.domain/ should display the standard introductory page from the Apache Software Foundation. This has the bold text "It Worked! The Apache Web Server is Installed on this Web Site!" at the top and the Apache server logo prominently displayed at the bottom. If you do not see this page, check the Compaq Secure Web Server release notes, particularly the Frequently Asked Questions section. Thank you for using the Compaq Secure Web Server.2.3 Configure the Server
After you have installed the Compaq Secure Web Server, you are ready to configure it.
The installation wrote values, such as the name of the directory where the Compaq Secure Web Server is installed, to the file:
SYS$COMMON:[SYSMGR]APACHE$CONFIG_DEFAULT.DATThe information stored in this file provides the default values you see during configuration. Do not try to modify the contents of this file.
The configuration procedure gives you the opportunity to separate the server components - server application, server system files, and server content files - and store them wherever it is most appropriate in your environment. By default they are all configured in SYS$COMMON or the destination you specified on the PRODUCT INSTALL command line. During configuration you are asked if you would like to specify different locations.
If you have an OpenVMS Cluster, read Section 3.13 before you continue with the configuration.
2.3.1 Configuring a Single Server
Most users need only to run a single server on a given system. When that server configuration is started, it usually exists as a main process and multiple child processes to handle multiple user requests. Those child processes may also generate subprocesses to handle certain types of requests (such as CGI scripts).
For information about configuring multiple servers, see Section 2.3.3.
To configure a single server, enter the following command:
$ @SYS$MANAGER:APACHE$CONFIGThis command procedure asks you a number of questions about the OpenVMS run-time environment for the Compaq Secure Web Server. These values are written into the following data file:
$SYS$MANAGER:APACHE$CONFIG.DAT2.3.2 Sample Configuration of a Single Server
This section shows a sample configuration dialog after you have completed the installation of the Compaq Secure Web Server.
This sample illustrates the following:
- A configuration for the default installation destination of DISK$DKA0:[APACHE].
- A configuration for the first time. When you configure the Compaq Secure Web Server for the first time, you are asked to provide account information. This allows the Compaq Secure Web Server to create an OpenVMS account (called APACHE$WWW) for the server to use. In this sample dialog, the account has a UIC group number of 377 and a member number of 1.
- When the user is asked for the device and directory where the installation procedure installed the software, the user chose the default, DISK$DKA0:[APACHE].
- When the user is asked for the device and directory for the system-specific files, the user chose the default for the name of the system (MYHOST): DISK$DKA0:[APACHE.SPECIFIC.MYHOST].
- The user chose to define the logical names APACHE$SPECIFIC, APACHE$COMMON, and APACHE$ROOT systemwide.
- The user chose to enable MOD_SSL.
- The user chose not to set any command-line arguments for the server. For more information about command-line arguments, see the Compaq Secure Web Server SSL User Guide
- The user chose to set the owner UIC on Compaq Secure Web Server files.
$ @SYS$MANAGER:APACHE$CONFIG Compaq Secure Web Server V1.2 for OpenVMS Alpha [based on Apache] This procedure helps you define the parameters and the operating environment required to run the Compaq Secure Web Server on this system. [Creating OpenVMS username "APACHE$WWW" ] [Starting SYS$COMMON:[APACHE]APACHE$ADDUSER.COM ] Press enter to continue... PLEASE NOTE: You will be prompted for the following information: Full name for APACHE$WWW: ! Full name of site server administrator/owner. Password: ! Password for the APACHE$WWW account UIC Group Number: ? ! Question mark will display a list of all ! UIC groups currently in use. Quite useful. ! Please pick a group separate from all other ! usernames. ! Servers are usually given the first unused group, ! starting at [377,*] and working down. DO _not_ ! go below SYSGEN parameter MAXSYSGROUP. UIC Member Number: 1 ! Question mark will display a list of all ! UIC members currently in use in that group. ! %UAF-W-BADSPC, no user matches specification ! means the group is empty. ********************************************************************* * Creating a NEW user account... * * * * If at ANY TIME you need help about a prompt, just type "?". * ********************************************************************* *** Processing APACHE$WWW's account *** Full name for APACHE$WWW: Compaq Secure Web Server Password (password is not echoed to terminal) [APACHE$WWW]: UIC Group number [200]: 377 UIC Member number: 1 %UAF-I-ADDMSG, user record successfully added %UAF-I-RDBADDMSGU, identifier APACHE$WWW value [000377,000001] added to rights database %UAF-I-RDBADDMSGU, identifier AP_HTTPD value [000377,177777] added to rights database %UAF-I-MDFYMSG, user record(s) updated %UAF-I-MDFYMSG, user record(s) updated %UAF-I-DONEMSG, system authorization file modified %UAF-I-RDBDONEMSG, rights database modified Check newly created account: Username: APACHE$WWW Owner: COMPAQ SECURE WEB SERVER Account: AP_HTTPD UIC: [377,1] ([AP_HTTPD,APACHE$WWW]) CLI: DCL Tables: DCLTABLES Default: APACHE$ROOT:[000000] LGICMD: LOGIN Flags: LockPwd DisNewMail DisMail DisReport Primary days: Mon Tue Wed Thu Fri Secondary days: Sat Sun Primary 000000000011111111112222 Secondary 000000000011111111112222 Day Hours 012345678901234567890123 Day Hours 012345678901234567890123 Network: ##### Full access ###### ##### Full access ###### Batch: ----- No access ------ ----- No access ------ Local: ----- No access ------ ----- No access ------ Dialup: ----- No access ------ ----- No access ------ Remote: ----- No access ------ ----- No access ------ Expiration: (none) Pwdminimum: 6 Login Fails: 0 Pwdlifetime: 90 00:00 Pwdchange: (pre-expired) Last Login: (none) (interactive), (none) (non-interactive) Maxjobs: 0 Fillm: 300 Bytlm: 200000 Maxacctjobs: 0 Shrfillm: 0 Pbytlm: 0 Maxdetach: 0 BIOlm: 300 JTquota: 4096 Prclm: 20 DIOlm: 300 WSdef: 15000 Prio: 4 ASTlm: 610 WSquo: 30000 Queprio: 4 TQElm: 610 WSextent: 30000 CPU: (none) Enqlm: 2000 Pgflquo: 250000 Authorized Privileges: NETMBX TMPMBX Default Privileges: NETMBX TMPMBX %UAF-I-NOMODS, no modifications made to system authorization file %UAF-I-RDBNOMODS, no modifications made to rights database Please verify that this account does not validate any site-specific security policy. This account will enabled and it will have no expiration date. Is everything satisfactory with the account [YES]: PLEASE NOTE: The APACHE$WWW account was created with the minimum SYSUAF quotas to run the server. On almost all systems, the server should start but these parameters will need to be increased to improve performance or to keep up with increased demands. See Release notes for details. Please provide the device and directory where the kit was installed. Device and directory where the kit was installed? [DISK$DKA0:[APACHE]] Please provide the device and the directory for this specific system. Each system in a cluster has its own rooted logical name for writing system-specific files (e.g. the LOG files). The device and directory specified here will be used exclusively by this system. This command procedure creates the system-specific directory and the necessary subdirectories. You do not need to create these directories yourself. Device and directory for this system? [DISK$DKA0:[APACHE.SPECIFIC.MYHOST]] Do you want to define the logical names APACHE$SPECIFIC, APACHE$COMMON, and APACHE$ROOT systemwide for this configuration? If you are planning to run a single web server on this system, then these logical names should be made systemwide (the default). If you are planning to run multiple web servers on this system, only one of the APACHE$CONFIG data files should be used to define the systemwide logicals. Define systemwide logicals? [YES] Do you want to enable the security features provided by MOD_SSL? If so, the server will support the HTTPS (HTTP over the Secure Socket Layer) protocol. Enable MOD_SSL? [YES] You can specify optional command-line arguments for the server below. (For example, specify "-D<name>" to define a name for the <IfDefine> directives or specify "-d<path>" to specify the ServerRoot directory.) Note that the optional arguments are case-sensitive. There are currently no optional command-line arguments. Change this value? [NO] To operate successfully, the server processes must have read access to the installed files and read-write access to certain other files and directories. Compaq recommends that you use this procedure to set the owner UIC on the CSWS files and directories to match the server. You should do this each time the product is installed, but it only has to be done once for each installation on a cluster. WARNING: The owner UIC for some files in APACHE$COMMON:[000000...] is not the server UIC (APACHE$WWW). This may cause the web server process to fail with a protection violation. Set owner UIC on CSWS files? [YES] Setting ownership on files. This could take a minute or two. . . . Configuration is complete. To start the server: $ @SYS$STARTUP:APACHE$STARTUP.COM $ @SYS$STARTUP:APACHE$STARTUP.COM %APACHE-S-PROC_ID, identification of created process is 0000CD46 $ SHOW SYSTEM /OWNER_UIC=[APACHE$WWW] OpenVMS V7.2-1 on node MYHOST 5-MAR-2001 15:35:12.53 Uptime 34 04:28:25 Pid Process Name State Pri I/O CPU Page flts Pages 0000CD46 APACHE$00 LEF 6 1035 0 00:00:02.19 504 523 0000C547 APACHE$00000 LEF 6 845 0 00:00:01.32 402 482 0000CB48 APACHE$00001 LEF 6 849 0 00:00:01.27 410 482 0000C949 APACHE$00002 LEF 6 843 0 00:00:01.16 408 484 0000C74A APACHE$00003 LEF 6 842 0 00:00:01.37 408 482 0000C34B APACHE$00004 LEF 4 842 0 00:00:01.38 402 4822.3.3 Configuring Multiple Servers
For some advanced configurations, it may be necessary to run two or more servers on the same system. For example, you may decide to run multiple virtual hosts on the same system and have each virtual host serviced by a separate server.
For each server process, run the APACHE$CONFIG.COM command procedure to define the OpenVMS operating environment for each server. In particular, each server must have its own APACHE$SPECIFIC directory into which it writes its output files.
To configure an additional server, enter the following command:
$ @SYS$MANAGER:APACHE$CONFIG CONFIGURE filenamewhere filename is the file specification of the disk file where the APACHE$CONFIG.COM command procedure saves the values provided by the user.
2.3.4 Sample Configuration of Multiple Servers
This section shows a sample configuration dialog of a second server after you have completed the installation of the Compaq Secure Web Server and configured the first server.
This sample illustrates the following:
- A configuration for the default installation destination: DISK$DKA0:[APACHE].
- The user specified the file name APACHE$MYHOST_1. The full file specification for the APACHE$CONFIG.COM data file is SYS$MANAGER:APACHE$MYHOST_1.DAT.
- This configuration does not create a new account, because that operation is done only once.
- When the user is asked for the device and directory where the installation procedure installed the software, the user chose the default, DISK$DKA0:[APACHE].
- When the user is asked for the device and directory for the system-specific files, the user entered a new location for the system-specific files: DISK$DKA0:[APACHE.SPECIFIC.MYHOST_1].
- The user chose not to define the logical names APACHE$SPECIFIC, APACHE$COMMON, and APACHE$ROOT systemwide. The other server configuration defines these logical names. That APACHE$CONFIG.COM data file is essentially the default configuration. Therefore, this APACHE$CONFIG.COM configuration should not define these logical names systemwide.
- The user chose not to enable MOD_SSL.
- The user chose to add the command-line argument -DMYHOST_1. This will define the name MYHOST_1 so that the HTTPD.CONF can contain an <IfDefine MYHOST_1> directive. For more information about command-line arguments, see the Compaq Secure Web Server SSL User Guide
- The user chose not to set the owner UIC on Compaq Secure Web Server files. The owner UIC has already been set during an earlier run of the APACHE$CONFIG.COM procedure.
- The APACHE$CONFIG.COM procedure has created processwide logical names for APACHE$SPECIFIC, APACHE$COMMON, and APACHE$ROOT that match the APACHE$MYHOST_1 data file. Even though the systemwide logical name for APACHE$ROOT points to another location, the processwide definition for APACHE$ROOT is appropriate for this server. Therefore, the user can conveniently edit the APACHE$ROOT:[CONF]HTTPD.CONF file.
- The user must reference the APACHE$MYHOST_1 data file as the second parameter to the APACHE$STARTUP.COM command procedure.
$ @SYS$MANAGER:APACHE$CONFIG CONFIGURE APACHE$MYHOST_1 Compaq Secure Web Server V1.2 for OpenVMS Alpha [based on Apache] This procedure helps you define the parameters and the operating environment required to run the Compaq Secure Web Server on this system. Please provide the device and directory where the kit was installed. Device and directory where the kit was installed? [DISK$DKA0:[APACHE]] Please provide the device and the directory for this specific system. Each system in a cluster has its own rooted logical name for writing system-specific files (e.g. the LOG files). The device and directory specified here will be used exclusively by this system. This command procedure creates the system-specific directory and the necessary subdirectories. You do not need to create these directories yourself. Device and directory for this system? [DISK$DKA0:[APACHE.SPECIFIC.MYHOST]] DISK$DKA0:[APACHE.SPECIFIC.MYHOST_1] Do you want to define the logical names APACHE$SPECIFIC, APACHE$COMMON, and APACHE$ROOT systemwide for this configuration? If you are planning to run a single web server on this system, then these logical names should be made systemwide (the default). If you are planning to run multiple web servers on this system, only one of the APACHE$CONFIG data files should be used to define the systemwide logicals. Define systemwide logicals? [YES] NO Do you want to enable the security features provided by MOD_SSL? If so, the server will support the HTTPS (HTTP over the Secure Socket Layer) protocol. Enable MOD_SSL? [YES] NO You can specify optional command-line arguments for the server below. (For example, specify -D<name> to define a name for the <IfDefine> directives or specify -d<path> to specify the ServerRoot directory.) Note that the optional arguments are case-sensitive. There are currently no optional command-line arguments. Change this value? [NO] YES New command-line arguments? -DMYHOST_1 To operate successfully, the server processes must have read access to the installed files and read-write access to certain other files and directories. Compaq recommends that you use this procedure to set the owner UIC on the CSWS files and directories to match the server. You should do this each time the product is installed, but it only has to be done once for each installation on a cluster. Set owner UIC on CSWS files? [YES] NO Configuration is complete. To start the server: $ @SYS$STARTUP:APACHE$STARTUP.COM START APACHE$MYHOST_1 $ SHOW LOGICAL /PROCESS APACHE$* (LNM$PROCESS_TABLE) "APACHE$COMMON" = "MYHOST$DKA0:[APACHE.]" "APACHE$ROOT" = "MYHOST$DKA0:[APACHE.SPECIFIC.MYHOST_1.]" = "APACHE$COMMON:" "APACHE$SERVER_PID" = "0000D755" "APACHE$SPECIFIC" = "MYHOST$DKA0:[APACHE.SPECIFIC.MYHOST_1.]" $ SHOW SYSTEM /OWNER_UIC=[APACHE$WWW] OpenVMS V7.2-1 on node MYHOST 6-MAR-2001 12:01:34.25 Uptime 35 00:54:40 Pid Process Name State Pri I/O CPU Page flts Pages 0000CD46 APACHE$00 LEF 6 1052 0 00:00:02.59 505 524 0000C547 APACHE$00000 LEF 6 914 0 00:00:01.40 416 497 0000CB48 APACHE$00001 LEF 6 916 0 00:00:01.37 424 497 0000C949 APACHE$00002 LEF 6 1176 0 00:00:01.42 443 520 0000C74A APACHE$00003 LEF 6 1019 0 00:00:01.63 429 504 0000C34B APACHE$00004 LEF 6 909 0 00:00:01.47 416 497 0000C34C APACHE$00005 LEF 6 841 0 00:00:01.20 412 484 0000C056 APACHE$01 LEF 6 382 0 00:00:00.34 430 328 0000C457 APACHE$01000 LEF 6 252 0 00:00:00.26 322 310 0000C958 APACHE$01001 LEF 6 252 0 00:00:00.20 322 310 0000C959 APACHE$01002 LEF 6 252 0 00:00:00.29 318 310 0000AA5A APACHE$01003 LEF 6 256 0 00:00:00.26 320 310 0000C95B APACHE$01004 LEF 4 252 0 00:00:00.28 314 3102.3.5 Specifying the READ Function
You can specify the READ function to the APACHE$CONFIG.COM procedure, as follows:
$ @SYS$MANAGER:APACHE$CONFIG READ [filename]where filename is an optional file specification of a Compaq Secure Web Server configuration file created by APACHE$CONFIG.COM (the default is SYS$MANAGER:APACHE$CONFIG.DAT).
The READ function parses the specified configuration file and sets the APACHE$SPECIFIC, APACHE$COMMON, and APACHE$ROOT processwide logical names to appropriate values for that configuration file.
If you want to edit the clusterwide server configuration file (HTTPD.CONF), you can define the APACHE$COMMON logical name and use the logical name to edit the file by entering:
$ @SYS$MANAGER:APACHE$CONFIG READ $ EDIT APACHE$COMMON:[CONF]HTTPD.CONFFor example, if you have an alternate Compaq Secure Web Server configuration file for an additional server called APACHE$ALIAS_2.DAT, you can define the APACHE$SPECIFIC logical name and use it to examine the SSL key files for that server as follows:
$ @SYS$MANAGER:APACHE$CONFIG READ APACHE$ALIAS_2.DAT $ DIRECTORY APACHE$SPECIFIC:[CONF.SSL_KEY]Because it may be important to identify the running server process that corresponds to a particular configuration file, the READ function also defines a logical name called APACHE$SERVER_PID. This logical name is equivalent to the process ID of the running server, or a blank space (" ") if there is no running server for the specified configuration file.
Note
When you use APACHE$STARTUP.COM, APACHE$SHUTDOWN.COM, or APACHE$CONFIG.COM on a Compaq Secure Web Server configuration data file, the process logical names are set to reflect that configuration.For example, if you have an alternate Compaq Secure Web Server configuration file for an additional server called APACHE$ALIAS_2.DAT, and you have your process logical names set to reflect that configuration, you may decide to start your default configuration by entering:
$ @SYS$STARTUP:APACHE$STARTUPYou have now changed the processwide logical names to reflect the default configuration: the processwide logical names will be the same as the systemwide logical names. To restore the processwide logical names, use the APACHE$CONFIG.COM READ function:
$ @SYS$MANAGER:APACHE$CONFIG READ APACHE$ALIAS_2.DAT2.3.6 Managing Multiple Servers
This section describes how to manage multiple web servers. For example, consider the case where a site is using three servers, as follows:
- SYS$MANAGER:APACHE$CONFIG.DAT is the default configuration file for the host MYHOST. The system-specific directory is MYHOST$DKA0:[APACHE.SPECIFIC.MYHOST.] and the server is started with the command-line argument -DMYHOST.
- SYS$MANAGER:APACHE$MYHOST_1.DAT is the first additional configuration file. The system-specific directory is MYHOST$DKA0:[APACHE.SPECIFIC.MYHOST_1.] and the server is started with the command-line argument -DMYHOST_1.
- SYS$MANAGER:APACHE$MYHOST_2.DAT is the second additional configuration file. The system-specific directory is MYHOST$DKA0:[APACHE.SPECIFIC.MYHOST_2.] and the server is started with the command-line argument -DMYHOST_2.
The following sections discuss the issues you may encounter when managing the preceding three servers.
2.3.6.1 HTTPD.CONF
Because there are multiple servers at work, there must be some differences in the HTTPD.CONF file for each server. You can maintain the HTTPD.CONF file in two different ways: maintain multiple HTTPD.CONF files or a single HTTPD.CONF file.
To create and maintain multiple HTTPD.CONF files, you rely on the fact that each server has a separate configuration-specific root directory. You can use the APACHE$CONFIG READ command (described in the previous section) to set the processwide logical name APACHE$SPECIFIC to the configuration-specific directory. You then edit the file APACHE$SPECIFIC:[CONF]HTTPD.CONF.
To maintain a single clusterwide HTTPD.CONF file, you can can use the -D command-line argument to enable optional sections of the HTTPD.CONF file. For example, each server has to listen on a different port. The default HTTPD.CONF file contains both a PORT (old) and LISTEN (new) directive pointing to port 80. You should comment out the PORT 80 directive and use the following directives to set up your LISTEN ports. The clusterwide HTTPD.CONF file might therefore contain the following lines:
<IfDefine MYHOST> Listen 80 </IfDefine> <IfDefine MYHOST_1> Listen 8010 </IfDefine> <IfDefine MYHOST_2> Listen 8020 </IfDefine>2.3.6.2 Processes for Multiple Servers
To start the multiple server configuration described in the previous section, you need to use multiple startup commands:
$ @SYS$STARTUP:APACHE$STARTUP START $ @SYS$STARTUP:APACHE$STARTUP START APACHE$MYHOST_1 $ @SYS$STARTUP:APACHE$STARTUP START APACHE$MYHOST_2After the servers have been started, you may want to write procedures to monitor the status of the servers. To examine the main server process for each configuration data file, you can use the APACHE$CONFIG READ command to define the APACHE$SERVER_PID logical name for each data file. If the logical name is a blank space, that means that the server process is down. Otherwise, the logical name is the process identifier of the parent process.
If the parent process is known, you can get the name of the process and look for all processes that begin with the parent process' name. For example, a DCL procedure might look similar to the following:
$ @SYS$MANAGER:APACHE$CONFIG READ APACHE$MYHOST_1 $ parent_pid = f$trnlnm("apache$server_pid") $ if (parent_pid .eqs. " ") $ then [server is not running] $ endif . . . $ parent_prcnam = f$getjpi(parent_pid,"prcnam") $ parent_uic = f$getjpi(parent_pid,"uic") $ context = "" $ t1 = f$context("process", context, "uic", parent_uic, "eql") $find_next_process: $ pid = f$pid(context) $ if (pid .nes. "") $ then $ t1 = f$getjpi(pid,"prcnam") $ if (f$locate(parent_prcnam,t1) .eq. 0) $ then . . . $ endif $ goto find_next_process $ endif2.3.6.3 LOGIN.COM
Each server process runs the optional APACHE$ROOT:[000000]LOGIN.COM. Sometimes it is necessary for the LOGIN.COM procedure to be interpretted differently for one set of web server processes than another set of processes. There are two ways to accomplish this.
One method is to build and maintain a separate LOGIN.COM file for a given configuration and place it in the configuration-specific directory (APACHE$SPECIFIC:[000000]LOGIN.COM). All of the web server processes associated with the related configuration data file will use that LOGIN.COM file. All other processes will use some other LOGIN.COM.
Another method is to use a single, clusterwide LOGIN.COM (APACHE$COMMON:[000000]LOGIN.COM), but include conditional statements to test for known values for the APACHE$SPECIFIC logical name. For example:
$ t1 = f$trnlnm("apache$specific") $ t2 = "MYHOST$DKA0:[APACHE.SPECIFIC.MYHOST_1.]" $ if (t1 .eqs. t2) then . . .2.3.7 Viewing the Certificate
You need a valid server certificate to run the Compaq Secure Web Server in SSL mode. Configuration creates a self-signed certificate and installs it. If you want to view the certificate before starting the server, use the OpenSSL Certificate Tool as described in the Compaq Secure Web Server SSL User Guide
After configuring the Compaq Secure Web Server, do not start the server. Follow the instructions in the Section 2.4.
2.4 Post Configuration Checklist
After you configure the Compaq Secure Web Server, perform the following tasks to ensure a successful startup:
- Configure CSWS_JAVA, if you've just installed it. (You can install and configure either CSWS_JSERV or CSWS_JAVA, but not both.)
- You can (optionally) configure CSWS_PERL now or later.
- You can (optionally) configure CSWS_PHP now or later.
- Run AUTOGEN.
- Check disk quota.
- Check for SET TERMINAL/INQUIRE.
Each of these tasks is explained below. Once you have completed them, you can test the installation by starting the Compaq Secure Web Server.
2.4.1 Configure CSWS_JAVA
If you installed the CSWS_JAVA module, you must configure it before you can start the server. For instructions, see CSWS_JAVA for the Compaq Secure Web Server for OpenVMS Alpha Installation Guide and Release Notes.
2.4.2 Configure CSWS_PERL
You are not required to configure CSWS_PERL before starting the server. CSWS_PERL is preconfigured with default values that let you execute PERL scripts. If you want to change the default configuration, you should do so now, before you start the server. To change the default configuration, edit APACHE$ROOT:[CONF]MOD_PERL.CONF. For more information, see
CSWS_PERL for Compaq Secure Web Server for OpenVMS Alpha Installation Guide and Release Notes
2.4.3 Configure CSWS_PHP
You are not required to configure CSWS_PHP before starting the server. CSWS_PHO is preconfigured with default values. If you want to change the default configuration, you should do so now, before you start the server. To change the default configuration, edit APACHE$ROOT:[CONF]MOD_PHP.CONF. For more information, see
CSWS_PHP for Compaq Secure Web Server for OpenVMS Alpha Installation Guide and Release Notes
2.4.4 Run AUTOGEN
After the installation, run SYS$UPDATE:AUTOGEN.COM (AUTOGEN) to evaluate your system parameters and make adjustments based on your hardware configuration and system workload. On the Compaq Secure Web Server for OpenVMS, AUTOGEN will probably increase the page file size and the number of swap file pages.
2.4.5 Check Disk Quota
If the disk quota is too low, the Compaq Secure Web Server will not start. Either raise the disk quota for the user account APACHE$WWW, or grant the account the EXQUOTA privilege, thus allowing it to bypass disk quota restrictions. Use the following commands:
$ SHOW QUOTA/USER=[server-uic]/DISK=device-name
$ SET PROCESS/PRIVILEGES=EXQUOTA node-name::APACHE$WWW2.4.6 Check for SET TERMINAL/INQUIRE
When the Compaq Secure Web Server for OpenVMS is started, the following login files are executed:
- SYLOGIN.COM (system login file)
- LOGIN.COM (login file for APACHE$WWW)
Check these files to make sure that any SET TERMINAL/INQUIRE statements are executed only in INTERACTIVE mode. For example:
$ IF F$MODE() .eqs "INTERACTIVE" then $ SET TERMINAL/INQUIREFailure to do so might result in ill-formed HTML intermittently being returned to clients. This problem might also appear when executing CGI scripts.
2.5 Test the Installation
Now you will manually start the Compaq Secure Web Server to verify the installation and configuration of the server. Enter the following command:
$ @SYS$STARTUP:APACHE$STARTUP2.5.1 Browser Test
You can test the installation using your web browser. Replace host.domain in the following URL with the information for the Compaq Secure Web Server you just installed:
HTTP://host.domain/If this is a new installation, the browser should display the standard introductory page with the following bold text at the top:
"If you see this, it means that the installation of the Apache web server software on this system was successful."The Apache logo is displayed at the bottom.
2.5.2 TELNET Test
You can also use TELNET on the local host to test the installation. Note: If you are running Compaq TCP/IP Services Version 5.1 for OpenVMS, user input is not echoed. However, the resulting output is the same for Version 5.0A and 5.1.
Use the following procedure to test the installation:
- Enter the following command:
$ TELNET 0 80
The following text is displayed:
%TELNET-I-TRYING, Trying ... 127.0.0.1 %TELNET-I-SESSION, Session 01, host localhost, port 80 -TELNET-I-ESCAPE, Escape character is ^]- Press ENTER and enter the following HTTP command:
HEAD / HTTP/1.0- Press ENTER twice.
Text similar to the following is displayed:
HTTP/1.1 200 OK Date: Tue, 4 Sept 2001 17:05:05 GMT Server: Apache/1.3.20 (OpenVMS) Last-Modified: Mon, 3 Sept 2001 15:33:27 GMT ETag: "33dfec-681-39295347" Accept-Ranges: bytes Content-Length: 1665 Connection: close Content-Type: text/html %TELNET-S-REMCLOSED, Remote connection closed -TELNET-I-SESSION, Session 01, host localhost, port 80You should receive several lines of text from the Compaq Secure Web Server.
2.5.3 Troubleshooting
If you do not receive a response from the Compaq Secure Web Server, check the following:
- Look in your SYLOGIN.COM file and make sure there is no SET TERMINAL/INQUIRE statement for NETWORK processes.
- Make sure the APACHE$WWW account exists and is not disabled.
- Look for the following files:
- APACHE$ROOT:[000000]APACHE$$SERVER.LOG
- APACHE$ROOT:[LOGS]ERROR_LOG
2.6 What's Next
After you have successfully tested the installation, perform any of the following tasks that are relevant for you:
- If you are upgrading from a previous version or beta kit of the Compaq Secure Web Server, you can merge the previous versions of files commonly modified by system administrators with the newly installed versions of these files. See Section 2.7.
- If you enabled MOD_SSL, follow the instructions for verifying SSL in the Compaq Secure Web Server SSL User Guide.
- Read Chapter 3 for information on starting and stopping the server, using HTTPD.CONF to customize the server environment, and other OpenVMS specific topics.
2.7 Merge Changes to Files You Have Customized (upgrade customers only)
If you have installed a previous version or beta kit of the Compaq Secure Web Server, it is removed automatically before the new kit is installed.
When the previous version of the Compaq Secure Web Server is removed, the PCSI utility removes only the files and directories it installed. Any files you have created are not affected.
Note
Files installed by the Compaq Secure Web Server that are commonly modified by system administrators are not removed. However, the new kit contains updated versions of these files. Be sure to transfer any edits you made to the previous versions of these files to the new versions.These commonly modified files are as follows:
- [APACHE]LOGIN.COM
- [APACHE.HTDOCS]INDEX.HTML
- [APACHE.CONF]HTTPD.CONF
If you modified the file [APACHE.CONF]MIME.TYPES, you need to copy the file to another location before you begin the installation. This file is removed during the installation. (Compaq recommends that you use the AddTypes directive instead of modifying the MIME.TYPES file.)
The new kit contains an updated version of this file. After you save your current version, restore the file and incorporate your local modifications with the new version.
2.8 Installing Optional Modules at a Later Time
If you didn't install the optional modules (CSWS_JAVA, CSWS_PHP, or CSWS_PERL) when you installed the server, follow these instructions for installing them at a later time. Before you begin, make sure:
- You have installed the required software.
- You have already installed the Compaq Secure Web Server.
- You install CSWS_JAVA, CSWS_PHP, and CSWS_PERL in the same directory as you installed the server.
Use the appropriate command from the list below.
To install CSWS_JAVA, use the following command:
$ PRODUCT INSTALL CSWS_JAVA /DESTINATION=device:[directory-name]\bold)To install CSWS_PERL, use the following command:
$ PRODUCT INSTALL CSWS_PERL /DESTINATION=device:[directory-name]To install CSWS_PHP, use the following command:
$ PRODUCT INSTALL CSWS_PHP/DESTINATION=device:[directory-name]To choose from a list of products, use the following command:
$ PRODUCT INSTALL * /DESTINATION= device:[directory-name]The installation procedure displays a list of all PCSI kits in the current directory. For example:
1 - CPQ AXPVMS CSWS V1.2 Layered Product 2 - CPQ AXPVMS CSWS_PERL V1.1 Layered Product 3 - CPQ AXPVMS CSWS_JAVA V1.1 Layered Product 4 - CPQ AXPVMS CSWS_PHP V1.0 Layered Product 5 - All products listed above 6 - Exit Choose one or more items from the menu separated by commas:Enter the appropriate number(s). If you enter more than one number, use a comma as a separator. The installation procedure asks you to confirm your choices, then displays installation and configuration information for the products you have selected.
The installation is complete when the dollar sign prompt ($) is displayed.
After you install CSWS_JAVA, you must configure it. For more information, see Section 2.4.1.
CSWS_PERL is preconfigured, but you can change the configuration. For more informaiton, see Section 2.4.2.
Chapter 3
Running the Compaq Secure Web Server on OpenVMSIn general, you can run the Compaq Secure Web Server on OpenVMS as you would run Apache with MOD_SSL on any platform. However, there are some exceptions. This chapter describes the functions that behave differently or are not available, as well as any enhancements that are specific to OpenVMS.
3.1 Starting and Stopping the Server
Starting and stopping the Compaq Secure Web Server requires enhanced privileges (DETACH, SYSNAM, WORLD, etc.). Start and stop the server from a privileged account such as SYSTEM.
3.1.1 Starting the Server
Start the Compaq Secure Web Server with the following command:
$ @SYS$STARTUP:APACHE$STARTUP [parameter1] [parameter2]parameter1 is optional and can have the following values:
Value Description START Creates the Compaq Secure Web Server as a detached network process; default value GRACEFUL Sends a restart signal to the server, but existing client connections are not interrupted. Idle child processes are immediately deleted and replaced. Busy child processes are replaced when the connection is terminated RESTART Sends a restart signal to the server to have it reread APACHE$ROOT:[CONF]HTTPD.CONF RUN Runs the server on the current process parameter2 is an optional file specification of a configuration file built and maintained by APACHE$CONFIGURE.COM. The default value is SYS$MANAGER:APACHE$CONFIG.DAT.
To automate the startup of the Compaq Secure Web Server when the system is booted, add the following commands to the SYS$MANAGER:SYSTARTUP_VMS.COM file:
$ FILE := SYS$STARTUP:APACHE$STARTUP.COM $ IF F$SEARCH("''FILE'") .NES. "" THEN @'FILE'3.1.2 Stopping the Server
You can shut down the Compaq Secure Web Server with the following command:
$ @SYS$STARTUP:APACHE$SHUTDOWN [parameter1] [parameter2]parameter1 is optional and can have the following values:
Value Description GRACEFUL Sends a restart signal to the server, but existing client connections are not interrupted. Idle child processes are immediately deleted and replaced. Busy child processes are replaced when the connection is terminated RESTART Sends a restart signal to the server to have it reread APACHE$ROOT:[CONF]HTTPD.CONF SHUTDOWN Stops the detached network process; default value STOP Same as SHUTDOWN parameter2 is an optional file specification of a configuration file built and maintained by APACHE$CONFIGURE.COM. The default value is SYS$MANAGER:APACHE$CONFIG.DAT.
To automate the shutdown of the Compaq Secure Web Server when the system is shut down, add the following commands to the SYS$MANAGER:SYSHUTDOWN.COM file:
$ FILE := SYS$STARTUP:APACHE$SHUTDOWN.COM $ IF F$SEARCH("''FILE'") .NES. "" THEN @'FILE'
Note
The Compaq Secure Web Server will not shut down as long as the APACHE$WWW process is running. If you have a problem with shutting down the server, use the following command to see if APACHE$WWW processes are still running:
$ SHOW SYSTEM/OWNER_UIC=[APACHE$WWW]Server processes have the process name APACHE$nn, where nn is an integer number. Child processes have the process name APACHE$nnmmm, where APACHE$nn is the server and mmm is an integer number.
If APACHE$WWW is still running, use the following command to stop it. You should then be able to shut down the server.
$ STOP PROCESS/ID=<apache-pid>3.2 Server Log File
The server log file for APACHE$WWW is written to:
APACHE$SPECIFIC:[000000]APACHE$$SERVER.LOG
3.3 Performance Considerations
You should have prior experience tuning the performance of the OpenVMS operating system. For general information on OpenVMS performance, see the OpenVMS Performance Management Manual.
Recommendations for improving performance on a Compaq Secure Web Server are provided below and in the
Compaq Secure Web Server for OpenVMS Alpha Release Notes.
3.3.1 Limits and Quotas
The following table shows sample values for the APACHE$WWW system user account (SYSUAF) from a working and exercised Compaq Secure Web Server with a light to moderate load. These values are presented as an example of a system performing well within its context. If you should experience performance difficulties, refer to this table for guidelines in making adjustments. For heavier loads, we point out which values, in our experience, need to be increased as load increases. Keep in mind that no one set of values will be appropriate for all situations.
Table 3-1 Sample Values for the APACHE$WWW SYSUAF Parameter Default On Compaq Secure Web Server ASTLM (NonPooled) Total number of asynchronous system trap (AST) operations and scheduled wake-up requests the user can have queued at one time
250 610 Or BIOLM + DIOLM + 10
BIOLM (NonPooled) Number of outstanding buffered I/O operations permitted for a user's process
150 300 You might also need to increase the SYSGEN parameter CHANNELCNT because it limits BIOLM,DIOLM, and FILLM.
BYTLM (Pooled) Amount of buffer space a user's process can use
64000 200000 Increase this value for a heavy load.
DIOLM (NonPooled) Number of outstanding direct I/O operations permitted to a user's process
150 300 You might also need to increase the SYSGEN parameter CHANNELCNT because it limits BIOLM,DIOLM, and FILLM.
ENQLM (Pooled) Specifies the lock queue limit
2000 2000 FILLM (Pooled) Number of files a user's process can have opened at one time. Includes the number of network logical links that can be active at the same time
100 300 Increase this value for a heavy load. You might also need to increase the SYSGEN parameter CHANNELCNT because it limits BIOLM,DIOLM, and FILLM.
JTQUOTA (Pooled) Byte quota for the jobwide logical name table
4096 8192 PGFLQUO (Pooled) Number of pages the user's process can use in the system page file
50000 250000 If you increase PGFLQUO, you should monitor the free size of the system page and swap files; they may need to be increased.
PRCLM (Pooled) Number of subprocesses a user's process can create
8 20 You should increase this value for a heavy load.
TQELM (Pooled) Number of entries a user's process can have in the timer queue or the number of temporary common event flag clusters a user's process can have
10 610 Or BIOLM + DIOLM + 10
To change the quotas for the APACHE$WWW SYSUAF, use the system manager account and run the AUTHORIZE utility. For example:
$ SET DEFAULT SYS$SYSTEM $ RUN AUTHORIZE UAF> SHOW APACHE$WWW Username: APACHE$WWW Owner: APACHE WEBSERVER ... Maxjobs: 0 Fillm: 100 Bytlm: 64000 Maxacctjobs: 0 Shrfillm: 0 Pbytlm: 0 Prclm: 8 DIOlm: 150 WSdef: 2000 ... UAF> MODIFY APACHE$WWW/FILLM=300/PRCLM=20 %UAF-I-MDFYMSG, user record(s) updated UAF> EXIT $3.3.2 Server Experiencing Medium to High Usage
After you install the server and have been running it, look in the log file for errors of the "cannot open" variety. Errors of this type often indicate you need to modify system parameters. Try the following:
- Set FILLM to limit the number of files a user's process can have open.
- Set the SYSGEN parameter CHANNELCNT to 1024 (unless it is already set to a higher value).
Note
Whenever you change system parameters, you must reboot the system to enable the new settings.3.3.3 Global Pages and Global Sections
If a browser installation stalls, this could be an indication that the number of global pages or global sections is too low. Run AUTOGEN to evaluate the number of global pages and global sections you need. Some browsers might need more.
3.3.4 Excessive File Build Up
A large number of .LOG and .PID files can amass over time in the directories APACHE$ROOT:[0000000] and APACHE$ROOT:[LOGS]. Purging these files can become a burden on application or system managers.
System managers should manually use explicit SET DIRECTORY/VERSION commands on these two directories.
3.4 Customizing the Server Environment
The installation procedure creates a file named HTTPD.CONF and places it in APACHE$ROOT:[CONF]. The HTTPD.CONF file stores information that the Compaq Secure Web Server uses to set up the server environment. HTTPD.CONF has been tailored to use OpenVMS syntax, but its overall functionality is essentially identical to HTTPD.CONF on the UNIX platform.
HTTPD.CONF contains an explanation for each line that it can execute. You can refer to these explanations when customizing the file for your environment. You can also refer to any generally available Apache documentation on HTTPD.CONF.
Note the following about HTTPD.CONF on OpenVMS:
- No directives have been deleted or added to the Apache template except an Include directive for MOD_SSL. Installing CSWS_JAVA or CSWS_PERL will also append Include directives specific to these modules.
- MOD_OSUSCRIPT has been added to enable CGI scripts originally written for the OSU server.
- MOD_AUTH_OPENVMS enables authentication using OpenVMS usernames and passwords.
- UNIX style path names are recognized by OpenVMS. You can use either UNIX style or OpenVMS style path names in the configuration file. However, you cannot intermix the two styles within a specification. Compaq recommends UNIX style path names.
- In an OpenVMS cluster, you can specify either clusterwide or system-specific files. For more information, see Section 3.13.1.
3.5 Running Multiple Servers
If your web server consistently experiences high load, you may need to run multiple servers (which is running more than one server process on a given system).
3.5.1 Defining Multiple Configurations
To configure and start multiple servers, you must first create and maintain multiple APACHE$CONFIG.COM configuration files.
The DCL command procedure APACHE$CONFIG.COM accepts two optional parameters. The first parameter is the verb, and the default is CONFIGURE. The second parameter is a configuration file, and the default is SYS$MANAGER:APACHE$CONFIG.DAT. To create a new APACHE$CONFIG.COM configuration file, specify some other file specification for the second parameter.
For example, the server defined by the file SYS$MANAGER:APACHE$CONFIG.DAT for the system called MYHOST, will, by default, write its system-specific files in the directory:
device:[directory.APACHE.SPECIFIC.MYHOST]where the CSWS kit was installed in device:[directory].
To create another server configuration, perform the following steps.
- Run APACHE$CONFIG.COM by entering a command similar to the following:
$ @SYS$MANAGER:APACHE$CONFIG CONFIGURE SYS$MANAGER:APACHE$MYHOST_1.DAT- Specify a new system-specific directory for that configuration:
device:[directory.APACHE.SPECIFIC.MYHOST_1]- Edit the HTTPD.CONF configuration file for that system-specific directory:
$ EDIT APACHE$ROOT:[CONF]HTTPD.CONF
(For example, this server must listen on a different port number than the main server for that system.)APACHE$CONFIG.COM creates the system-specific directory and the necessary subdirectories (such as [.HTDOCS] and [.CONF]). You do not need to create these directories yourself.
3.5.2 Multiple Installations
During the configuration dialog, Compaq Secure Web Server assumes that the same directory will be used for the clusterwide files. In other words, all of the servers should use the images from the same location. Compaq does not recommend installing different versions of the Compaq Secure Web Server in different locations and then running two or more versions of the software on the same system at the same time.
The configuration and startup procedures must install certain shareable image libraries systemwide. If different versions of the Compaq Secure Web Server are started on the same system, some server processes will fail by attempting to run with incompatible shareable images.
3.5.3 Starting and Stopping Multiple Servers
To start the server for this configuration, enter the following command:
$ @SYS$STARTUP:APACHE$STARTUP START SYS$MANAGER:APACHE$MYHOST_1.DATTo shutdown this server, enter:
$ @SYS$STARTUP:APACHE$SHUTDOWN SHUTDOWN SYS$MANAGER:APACHE$MYHOST_1.DATIf the system has three such servers, the system startup file might include the following:
$ @SYS$STARTUP:APACHE$STARTUP $ @SYS$STARTUP:APACHE$STARTUP START SYS$MANAGER:APACHE$MYHOST_1.DAT $ @SYS$STARTUP:APACHE$STARTUP START SYS$MANAGER:APACHE$MYHOST_2.DATSimilarly, if you want to shut down the Compaq Secure Web Server, you need to stop all three servers, as follows:
$ @SYS$STARTUP:APACHE$SHUTDOWN $ @SYS$STARTUP:APACHE$SHUTDOWN SHUTDOWN SYS$MANAGER:APACHE$MYHOST_1.DAT $ @SYS$STARTUP:APACHE$SHUTDOWN SHUTDOWN SYS$MANAGER:APACHE$MYHOST_2.DAT3.6 Modules and Directives
Following is a list of the modules included in the Compaq Secure Web Server for OpenVMS distribution kit. The list shows the directives supported in each module. All supported modules and directives function as documented by the Apache Software Foundation.
HTTP_CORE.CAccessConfig
AccessFileName
AllowOverride
AuthName
AuthType
BindAddress
CoreDumpDirectory
DefaultType
<Directory>
<DirectoryMatch>
DocumentRoot
ErrorDocument
ErrorLog
<Files>
<FilesMatch>
HostnameLookups
IdentityCheck
<IfDefine>
<IfModule>
Include
KeepAlive
KeepAliveTimeout
<Limit>
<LimitExcept>
LimitRequestBody
LimitRequestFields
LimitRequestLine
Listen
ListenBacklog
<Location>
<LocationMatch>
LogLevel
MaxClients
MaxKeepAliveRequests
MaxRequestPerChild
MaxSpareServers
MinSpareServers
NameVirtualHost
Options
PidFile
Port
Require
ResourceConfig
Satisfy
SendBufferSize
ServerAdmin
ServerAlias
ServerName
ServerPath
ServerRoot
ServerSignature
ServerTokens
ServerType
StartServers
TimeOut
UseCanonicalName
VirtualHost
MOD_ACCESS.Callow
deny
order
MOD_ACTIONS.CAction
Script
MOD_ALIAS.CAlias
AliasMatch
Redirect
RedirectMatch
RedirectTemp
RedirectPermanent
ScriptAlias
ScriptAliasMatch
MOD_ASIS.C
MOD_AUTH.CAuthGroupFile
AuthUserFile
MOD_AUTH_OPENVMS.C OpenVMS specific
MOD_AUTOINDEX.CAddAlt
AddAltByEncoding
AddAltyByType
AddDescription
AddIcon
AddIconByEncoding
AddIconByType
DefaultIcon
FancyIndexing
HeaderName
IndexIgnore
IndexOptions
IndexOrderDefault
ReadmeName
MOD_CGI.CScriptLog
ScriptLogBuffer
ScriptLogLength
MOD_DEFINE.CDefine
DefineTagOpenVMS & OpenVMS specific. Redefines the Define tag to an ampersand (&) instead of the default dollar sign ($).
MOD_DIR.CDirectoryIndex
MOD_ENV.CSetEnv
UnsetEnv
MOD_IMAP.CImapBase
ImapDefault
ImapMenu
MOD_INCLUDE.C
MOD_INFO.CAddModuleInfo
MOD_LOG_CONFIG.CCustomLog
LogFormat
TransferLog
MOD_MIME.CAddCharset
AddEncoding
AddHandler
AddLanguage
AddType
DefaultLanguage
ForceType
RemoveHandler
SetHandler
TypesConfig
MOD_NEGOTIATION.CCacheNegotiatedDocs
LanguagePriority
MOD_PROXY.CProxyRequests
ProxyRemote
ProxyPass
ProxyPassReverse
AllowConnect
ProxyBlock
ProxyReceiveBufferSize
NoProxy
ProxyDomain
ProxyVia
CacheRoot
CacheSize
CacheMaxExpire
CacheDefaultExpire
CacheLastModifiedFactor
CacheGcInterval
CacheDirLevels
CacheDirLength
CacheForceCompletion
NoCache
MOD_REWRITE.CRewriteEngine
RewriteOptions
RewriteLog
RewriteLogLevel
RewriteLock
RewriteMap
RewriteBase
RewriteCond
RewriteRule
MOD_OSUSCRIPT.C OpenVMS specific
MOD_SETENVIF.CBrowserMatch
BrowserMatchNoCase
SetEnvIf
SetEnvIfNoCase
MOD_SO.CLoadModule
MOD_STATUS.CExtendedStatus
MOD_UNIQUE_ID.C
MOD_USERDIR.CUserDir
Next Contents