=c======================================= #ifdef IPv6 Admin Guide for HP-UX Apache-based Web Server for IPv6 #endif #ifdef PA Admin Guide for HP-UX Apache-based Web Server #endif #ifdef IPF Admin Guide for HP-UX Apache-based Web Server #endif ========================================== TABLE OF CONTENTS Important Changes - Increasing the Number of Available File Descriptors - HP-UX Apache-based Web Server Restructuring - Apache API Changes from Previous Releases #ifdef B.11.23 - Changed behavior of Scriptsock directive for mod_cgid #endif - Added mod_jk2 support - mod_jk moved from Tomcat Product to Apache Product - Added two new directives CGIScriptTimeoutEnabled and CGIScriptTimeout - Enabling multiple cgi daemons using ScriptMultipleDaemons directive Setup - Prerequisites #ifdef IPv6 - Additional IPv6-specific Prerequisites #endif #ifdef B.11.23 - IPv6-specific System Information #endif - Installation - Starting and Stopping HP-UX Apache-based Web Server Configuration - Configuration Files - Admin Guides - Moving the Root Directory - Automatic Restart of Apache - Enabling more file descriptors - Configuring mod_jk and mod_jk2 - Running Multiple instances of Apache #ifdef IPv6 IPV6 Information - Functionality Supported - Supporting Components - Enabling/Disabling IPv6 #endif #ifdef B.11.23 IPV6 Information - Functionality Supported - Supporting Components - Enabling/Disabling IPv6 #endif Troubleshooting Known Bugs Tuning - Using Directives - Using Modules - Configuring HP-UX Environment - Other Configuration Legal Notices ====================================== IMPORTANT CHANGES -------------------------------------- This feature release of HP-UX Apache-based Web Server contains support for Microsoft(R) FrontPage Server Extensions, more PHP extensions, different cryptography libraries used for SSL transactions and version upgrades. Increasing the Number of Available File Descriptors -------------------------------------- HP-UX Apache-based Web Server version A.2.0.48.00 and later are compiled with _USE_BIG_FDS to raise the maximum allowed number of simultaneous open files, or maximum number of file descriptors, from 2048 to 60000 per process (depending on the system configuration). This value is specified by the constant MAXFUPLIM (and the equivalents _MAXFUPLIM and FD_SETSIZE). To enable this feature requires changes to the HP-UX environment as specified in, HTMLANCHOR=#BIG_FDS Enabling more file descriptors HP-UX Apache-based Web Server Restructuring -------------------------------------- Starting with the HP-UX Web Server Suite, HP-UX Apache-based Web Server, HP-UX Webmin-based Admin, and HP-UX Tomcat-based Servlet Engine are separate installable components and now reside under their own directory structure. Each component has its own root directory under /opt/hpws22. The new directories are: /opt/hpws22/apache/ /opt/hpws22/tomcat/ /opt/hpws22/webmin/ /opt/hpws22/apache/ includes the Apache binary (httpd) as well as HP add-on features such as mod_authnz_ldap, mod_perl, mod_php, etc. This structure reflects HP-UX Web Server Suite's flexibility for installing and running Apache, Webmin, Tomcat Tools either separately or in combination. Documentation common to all products (Migration Guides, FAQ) is delivered with the HP-UX Webmin-based Admin product. To access these documents, it must be installed. Uninstalling HP-UX Webmin-based Admin may lead to inaccessibility of HP-UX Web Server Suite documentation by other components of the suite that may still be installed. For more information on resolving this condition, please refer to /opt/hpws22/apache/hpws_docs/.hp_docs/README IMPORTANT NOTE: -------------------------------------- HP-UX Apache-based Web Server will no longer automatically start after installation, you will have to start it manually. Apache API Changes from Previous Releases -------------------------------------- The following has changed between this release and earlier releases of Apache 2.x. - Changes between Apache 2.0.x and Apache 2.2.x Apache version is upgraded. It provides all the functionalities provided by opensource including HP specific functionalities - Changes between Apache 2.0.49 and Apache 2.0.50 This version of Apache is principally a bug fix release. Of particular note is that 2.0.50 addresses two security vulnerabilities: A remotely triggered memory leak in http header parsing can allow a denial of service attack due to excessive memory consumption. Fixes a mod_ssl buffer overflow in the FakeBasicAuth code for a (trusted) client certificate subject DN which exceeds 6K in length. - Changes between Apache 2.0.48 and Apache 2.0.49 This version of Apache is principally a bug fix release. Of particular note is that 2.0.49 addresses three security vulnerabilities: Apache does not filter terminal escape sequences from error logs, which could make it easier for attackers to insert those sequences into terminal emulators. Starvation issue on listening sockets occurs when a short-lived connection on a rarely-accessed listening socket will cause a child to hold the accept mutex and block out new connections. Memory leak in mod_ssl allows a remote denial of service attack against a SSL-enabled server by sending plain HTTP requests to the SSL port. - Changes between Apache 2.0.47 and Apache 2.0.48 This version of Apache is principally a bug fix release. Of particular note is that 2.0.48 addresses two security vulnerabilities: mod_cgid mishandling of CGI redirect paths could result in CGI output going to the wrong client when a threaded MPM is used. A buffer overflow could occur in mod_alias and mod_rewrite when a regular expression with more than 9 captures is configured. This release is compatible with modules compiled for 2.0.42 and later versions. - Changes between Apache 2.0.43 and Apache 2.0.45/2.0.46 This release is binary-compatible with Apache 2.0.42 and greater. All the modules compiled with Apache 2.0.42 or greater will continue to work with this version. - Changes between Apache 2.0.39 and Apache 2.0.43 This release is binary-compatible only with 2.0.42, and no other previous releases. All modules must be recompiled in order to work with this version. For example, a module compiled to work with 2.0.39 will not work with 2.0.43. The definitions of the following functions have changed to include an additional parameter, ap_init_filter_func: ap_register_input_filter ( ... ) ap_register_output_filter ( ... ) More information can be found in /opt/hpws22/apache/include/util_filter.h. - Changes between Apache 2.0.32 and Apache 2.0.39 Apart from the following API changes, 2.0.32-based modules may have to be recompiled for 2.0.39, due to redefinition of some data structures. If a module is based on the 2.0.32 or earlier API, it may be affected by name changes for apr_lock-related functions. Make sure to verify that the module is using the correct name and rebuild if needed. The following table lists the name changes for the apr_lock-related functions. More information can be found in /opt/hpws22/apache/include/apr_thread_mutex.h. v.2.0.32 (or earlier): corresponding function in v.2.0.39: -------------------------- ------------------------------------ apr_lock_create ( ... ); apr_thread_mutex_create ( ... ); apr_lock_acquire ( ... ); apr_thread_mutex_lock ( ... ); apr_lock_release ( ... ); apr_thread_mutex_unlock ( ... ); apr_lock_destroy ( ... ); apr_thread_mutex_destroy ( ... ); #ifdef B.11.23 Changed behavior of Scriptsock directive for mod_cgid -------------------------------------- The behavior of 'Scriptsock' directive has been changed to fix multiple bugs in mod_cgid, including: - httpd hangs if 'read' is used in the CGI script - the POST operation to a CGI script fails to complete Old Behavior: The httpd daemon opens a AF_UNIX socket (based on the value given by Scriptsock directive) to connect to the CGI daemon. New Behavior: option 1: Using AF_INET socket by specifying a port number in Scriptsock directive. The httpd daemon opens a AF_INET socket to the CGI daemon. The CGI daemon will listen on the localhost (127.0.0.1), using the port specified by the Scriptsock directive. By default, the CGI daemon will listen on default port 127.0.0.1:5080 NOTE: HP has found that binding to the localhost address (127.0.0.1), provides the same level of security as offered by the AF_UNIX socket. option 2: Continue to use the old behavior. This will not have the fix for the above problems. If Scriptsock directive is not specified, by default, the httpd daemon opens a AF_INET socket to the CGI daemon. The CGI daemon will listen on default port 127.0.0.1:5080 Examples of using the Scriptsock directive: ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ 1. Scriptsock 8000 the CGID will listen on 127.0.0.1:8000 2. Scriptsock logs/cgisock The httpd daemon opens a AF_UNIX socket (based on the value given by Scriptsock directive) to connect to the CGI daemon. 3. Scriptsock 8000logs/cgisock the CGID will listen on 127.0.0.1:8000, the string logs/cgisock is discarded. 4. NO Scriptsock is defined in httpd.conf the CGI daemon will listen on the default port: 127.0.0.1:5080 #endif Added mod_jk2 support -------------------------------------- For more information on mod_jk2 please visit: http://jakarta.apache.org/tomcat/tomcat-4.1-doc/jk2/jk2/confighowto.html mod_jk moved from Tomcat Product to Apache Product -------------------------------------- mod_jk is moved to /opt/hpws22/apache/modules. #ifdef PA If HP-UX Tomcat-based Servlet Engine is used with HP-UX Apache-based Web Server via the mod_jk connector, then the ld version on the system needs to be atleast B.11.37 or later. The patch numbers corresponding to B.11.37 are: PHSS_28869 for HP-UX 11.00 or PHSS_28871 for HP-UX 11i (11.11) You may need different patches, if the above-mentioned patches have been superseded. #endif Added two new directives CGIScriptTimeoutEnabled and CGIScriptTimeout -------------------------------------- mod_cgid from 2.0.59.00 onwards supports two new directives which can be configured to control the amount of time cgi scripts are allowed to run on the server. These can be configured in the apache configuration file httpd.conf as below: - CGIScriptTimeoutEnabled : Allows to set the timeout for cgi scripts. When the value of this directive is set to "On", the default timeout for the cgi scripts would be set to the value of TimeOut directive, unless it is overridden by CGIScriptTimeout directive as shown below. Usage: CGIScriptTimeoutEnabled On Default: Off If the CGIScriptTimeoutEnabled is set to "Off", then there is no timeout for the cgi scripts even if CGIScriptTimeout is configured with a value. So, make sure CGIScriptTimeoutEnabled is On, whenever you need a timeout to be configured. - CGIScriptTimeout : The maximum amount of time in seconds a cgi script is allowed to run. This value overrides the one set by TimeOut directive. CGIScriptTimeoutEnabled should be set to "On" to use this directive. Usage: CGIScriptTimeout 250 Default: Set to the value of TimeOut directive if CGIScriptTimeoutEnabled is set to "On Enabling multiple cgi daemons using ScriptMultipleDaemons directive ---------------------------------------- - ScriptMultipleDaemons: mod_cgid from 2.0.59.00 onwards supports this directive, which can be configured to create multiple cgi daemons (rather than one daemon which is the default) during Apache startup. Configure this directive to a reasonable value(integer) to improve cgid performance. Usage: ScriptMultipleDaemons Default: By default only one daemon is created for serving cgi requests NOTE: This directive should appear after 'Scriptsock' directive as shown below: Scriptsock logs/cgisock ScriptMultipleDaemons 10 ====================================== SETUP -------------------------------------- Prerequisites -------------------------------------- 1. See individual Admin Guides for each component to determine patch requirements. HTMLANCHOR=ldap.admin.guide LDAP Admin Guide HTMLANCHOR=php.admin.guide PHP Admin Guide HTMLANCHOR=ssl.admin.guide SSL Admin Guide HTMLANCHOR=suexec.admin.guide suEXEC Admin Guide HTMLANCHOR=frontpage.admin.guide Frontpage Admin Guide HTMLANCHOR=webproxy.admin.guide.pdf Webproxy Admin Guide #ifdef PA HP-UX Apache-based Web Server binaries are dependent on the B.11.37 or later versions of ld and libdld. To determine the version on your machine, - Type 'ld -V' - Type 'what /usr/lib/libdld.sl' - Install either PHSS_28869 for HP-UX 11.00 or PHSS_28871 for HP-UX 11i (11.11) or later to solve this problem. To download, go to the IT Resource Center for Americas and Asia Pacific (http://us-support.external.hp.com/) or Europe (http://europe-support.external.hp.com/). Under Maintenance/Support click on "Individual Patches". Scroll down to "retrieve a specific patch by entering the patch name" and enter the patch number in the input field. Note that on any given system, the versions of ld and libdld should be the same. HTMLNAME=MOD_DEFLATE mod_deflate requires zlib 1.1.4 library, which is available from the HP-UX Porting Archive Center (http://hpux.cs.utah.edu) which provides this library in source form and also HP-UX binaries. 2. Building Apache modules in C and C++ requires gcc (version 3.0 or later). To download, go to the "Developer & Solution Partner Portal" at http://www.hp.com/go/dspp and search for gcc. Alternatively, http://h21007.www2.hp.com/dspp/tech/tech_TechSoftwareDetailPage_IDX/1,1703,547,00.html C++ plug-in modules should be built with the Classic C++ runtimes libraries, -lCsup, -lstd, and -lstream. Classic C++ runtime libraries are the default on PA so plug-ins can be compiled using the default or by explicitly selecting the Classic C++ runtime libraries with the -AP compile option: Using the default, g++ -shared -o mod_hello.so -I/opt/hpws22/apache/include -Wno-deprecated \ -fPIC mod_hello.cpp To specify the -AP option, g++ -shared -AP -o mod_hello.so -I/opt/hpws22/apache/include -Wno-deprecated \ -fPIC mod_hello.cpp For more information about C++ libraries, please see http://www.hp.comd/go/C++. #endif #ifdef IPv6 HP-UX Apache-based Web Server binaries are dependent on the B.11.37 or later versions of ld and libdld. To determine the version on your machine, - Type 'ld -V' - Type 'what /usr/lib/libdld.sl' - Install either PHSS_28871 for HP-UX 11i (11.11) or later to solve this problem. To download, go to the IT Resource Center for Americas and Asia Pacific (http://us-support.external.hp.com/) or Europe (http://europe-support.external.hp.com/). Under Maintenance/Support click on "Individual Patches". Scroll down to "retrieve a specific patch by entering the patch name" and enter the patch number in the input field. Note that on any given system, the versions of ld and libdld should be the same. mod_deflate requires zlib 1.1.4 library, which is available from the HP-UX Porting Archive Center (http://hpux.cs.utah.edu) which provides this library in source form and also HP-UX binaries. 2. Building Apache modules in C and C++ requires gcc (version 3.0 or later). To download, go to the "Developer & Solution Partner Portal" at http://www.hp.com/go/dspp and search for gcc. Alternatively, http://h21007.www2.hp.com/dspp/tech/tech_TechSoftwareDetailPage_IDX/1,1703,547,00.html C++ plug-in modules should be built with the Classic C++ runtimes libraries, -lCsup, -lstd, and -lstream. Classic C++ runtime libraries are the default on PA so plug-ins can be compiled using the default or by explicitly selecting the Classic C++ runtime libraries with the -AP compile option: Using the default, g++ -shared -o mod_hello.so -I/opt/hpws22/apache/include -Wno-deprecated \ -fPIC mod_hello.cpp To specify the -AP option, g++ -shared -AP -o mod_hello.so -I/opt/hpws22/apache/include -Wno-deprecated \ -fPIC mod_hello.cpp For more information about C++ libraries, please see http://www.hp.comd/go/C++. #endif #ifdef IPF 2. Building Apache modules in C and C++ requires aCC. For more information go to http://www.hp.com/go/hpc++ within the "Developer & Solution Partner Portal" at http://dsportal.eservices.hp.com/. C++ plug-in modules should be built with the Standard C++ runtimes libraries, -lstd_v2 and -lCsup. Standard C++ runtime libraries are the default on IPF so plug-ins can be compiled using the default or by explicitly selecting the Standard C++ runtime libraries with the -AA compile option: Using the default, #ifdef IA64_64 aCC -b +DD64 -mt +z -I/opt/hpws22/apache/include -o mod_hello.so \ mod_hello.cpp #endif #ifdef IA64_32 aCC -b -mt +z -I/opt/hpws22/apache/include -o mod_hello.so \ mod_hello.cpp #endif To specify the -AA option, aCC -b +DD64 -AA -mt +z -I/opt/hpws22/apache/include -o mod_hello.so \ mod_hello.cpp For more information about C++ libraries, please see http://www.hp.comd/go/C++. #endif #ifdef PA 3. Building DSOs using /opt/hpws22/apache/bin/apxs depends on Perl. The expected location for Perl is /opt/perl/bin/perl. Either download and install Perl, or change the path in the apxs script to the Perl location installed on your machine. Download and install Perl _PERL_REVISION for HP-UX 11.0 and 11i (PA-RISC) from HP Software Depot: http://software.hp.com/ Search for: Perl _PERL_REVISION #endif #ifdef IPv6 3. Building DSOs using /opt/hpws22/apache/bin/apxs depends on Perl. The expected location for Perl is /opt/perl/bin/perl. Either download and install Perl, or change the path in the apxs script to the Perl location installed on your machine. Download and install Perl _PERL_REVISION for HP-UX 11.0 and 11i (PA-RISC) from HP Software Depot: http://software.hp.com/ Search for: Perl _PERL_REVISION #endif #ifdef IPF 3. Building DSOs using /opt/hpws22/apache/bin/apxs depends on Perl. There are two version of Perl available for IPF: 32-bit version and 64-bit version. By default all Perl scripts bundled with Apache expect 32-bit Perl and #endif #ifdef IA64_64 mod_perl requires 64-bit Perl. The expected location for Perl is /opt/perl_64/bin/perl. #endif #ifdef IA64_32 mod_perl requires 32-bit Perl. The expected location for Perl is /opt/perl/bin/perl. #endif #ifdef IPF To use 32-bit Perl: Download and install Perl _PERL_REVISION for HP-UX 11i Version 1.6 (IPF) from HP Software Depot: http://software.hp.com/ Search for: Perl _PERL_REVISION Make sure to select the 32-bit version of Perl for IPF. If you prefer to use different Perl change the path in the apxs script to the Perl location installed on your machine. #endif HTMLNAME=PERL_MODPERL 4. HP-UX Apache-based Web Server binary is perl-enabled. That is, mod_perl is built as a DSO module and is distributed as part of the HP-UX Apache-based Web Server release bundle. However, mod_perl has not been enabled in the default installation. Follow these steps to configure and enable mod_perl: #ifdef PA a. Download and install Perl _PERL_REVISION for HP-UX 11.0/11i (PA-RISC) from HP Software Depot: http://software.hp.com/ http://www.software.hp.com/cgi-bin/swdepot_parser.cgi/cgi/displayProductInfo.pl?productNumber=PERL Search for: Perl _PERL_REVISION #endif #ifdef IPv6 a. Download and install Perl _PERL_REVISION for HP-UX 11.0/11i (PA-RISC) from HP Software Depot: http://software.hp.com/ http://www.software.hp.com/cgi-bin/swdepot_parser.cgi/cgi/displayProductInfo.pl?productNumber=PERL Search for: Perl _PERL_REVISION #endif #ifdef IPF a. Download and install Perl _PERL_REVISION on HP-UX 11i Versions 1.6 for IPF from HP Software Depot: http://software.hp.com/ http://www.software.hp.com/cgi-bin/swdepot_parser.cgi/cgi/displayProductInfo.pl?productNumber=PERL Search for: Perl _PERL_REVISION #ifdef IA64_64 Make sure to select the 64-bit version of Perl for IPF. #endif #ifdef IA64_32 Make sure to select the 32-bit version of Perl for IPF. #endif b. Edit /opt/hpws22/apache/conf/httpd.conf and uncomment the line (i.e. remove the beginning '#' character). LoadModule perl_module modules/mod_perl.so To have mod_perl handle all scripts ending in *.pl, make sure that the section enclosed in ... is uncommented. This step will make HP-UX Apache-based Web Server perl-ready. c. Restart the HP-UX Apache-based Web Server /opt/hpws22/apache/bin/apachectl stop /opt/hpws22/apache/bin/apachectl start #ifdef IPv6 Additional IPv6-specific Prerequisites -------------------------------------- 1. IPv6 product installed. HP-UX 11i (11.11): IPv6 requires a separate (free) IPv6 product to be installed. The product Number is T1306AA IPv6 Product is available at: http://www.software.hp.com/ Search for: T1306AA 2. BIND 9.2.0 This product is required for the correct functioning of nslookup and other DNS related utilities for IPv6 addresses. BIND 9.2.0 is available at: http://www.software.hp.com/ Search for: BIND 3. Java support requires Java 1.4. Go to http://www.hp.com/go/java/ Select Java 1.4 4. Other Perl dependencies, such as apxs, are not affected by IPv6. Perl can be downloaded from Software Depot: http://www.software.hp.com/ Search for: Perl _PERL_REVISION #endif #ifdef B.11.23 IPv6-specific System Information -------------------------------------- 1. IPv6 support is available by default on HP-UX 11i version 2. You do not need a separate installation of any IPv6 product. #endif Installation -------------------------------------- Information on installing all products of HP-UX Web Server Suite can be found in HTMLANCHOR=/hp_docs/getting.started Getting Started The user configurable files of HP-UX Apache-based Web Server will be saved as per the standard HP-UX newconfig methodology. More information can be found in the newconfig section of HTMLANCHOR=/hp_docs/getting.started Getting Started. Starting and Stopping HP-UX Apache-based Web Server -------------------------------------- Note: In the default installation you must be root to start/stop the HP-UX Apache-based Web Server. Apache ------ To start the HP-UX Apache-based Web Server: $/opt/hpws22/apache/bin/apachectl start To stop the HP-UX Apache-based Web Server: $/opt/hpws22/apache/bin/apachectl stop To start the HP-UX Apache-based Web Server with SSL capability: Uncomment the "#Include conf/extra/httpd-ssl.conf" line in /opt/hpws22/apache/conf/httpd.conf file $/opt/hpws22/apache/bin/apachectl start IF YOU HAVE ADDED A NEW SERVER KEY (CERTIFICATE) WHICH HAS A PEM ENCODED PASS PHRASE, YOU WILL BE PROMPTED TO ENTER IT HERE To stop the HP-UX Apache-based Web Server with SSL capability: $/opt/hpws22/apache/bin/apachectl stop For server startup with PHP, suexec and ldap authentication, see the corresponding Admin guides located in /opt/hpws22/hp_docs/apache/. For server startup with WebDAV, when your server is running, see the FAQ located at http://yourserver.com/hp_docs/faq/, or use Webmin and access http://yourserver.com:10000/hp_docs/faq/. ====================================== CONFIGURATION -------------------------------------- Configuration Files -------------------------------------- The HP-UX Apache-based Web Server 2.x has additional configuration files beyond the /opt/hpws22/apache/conf/httpd.conf file. These configuration files are specific to a major component and are found in the following locations by default: Apache: /opt/hpws22/apache/conf/httpd.conf Apache (SSL): /opt/hpws22/apache/conf/extra/httpd-ssl.conf Apache (caching): /opt/hpws22/apache/conf/cache.conf PHP: /opt/hpws22/apache/conf/php.ini auth_ldap: /opt/hpws22/apache/conf/ldap.conf mod_authnz_ldap/mod_ldap (caching): /opt/hpws22/apache/conf/ldap.conf mod_jk: /opt/hpws22/apache/conf/mod_jk.conf /opt/hpws22/apache/conf/workers.properties mod_jk2: /opt/hpws22/apache/conf/mod_jk2.conf /opt/hpws22/apache/conf/workers2.properties Aapachempm /opt/hpws22/apache/extra/httpd-mpm.conf Admin Guides -------------------------------------- Refer to the following documents included with the software located in the /opt/hpws22/hp_docs/ directory. If HP-UX Apache-based Web Server has been started with the default configuration, these documents can be viewed at http://yourserver.com/hp_docs. These are also viewable via Webmin at http://yourserver.com:10000/hp_docs/. HTMLANCHOR=apache.admin.guide Apache Admin Guide HTMLANCHOR=ldap.admin.guide LDAP Admin Guide HTMLANCHOR=php.admin.guide PHP Admin Guide HTMLANCHOR=ssl.admin.guide SSL Admin Guide HTMLANCHOR=suexec.admin.guide suEXEC Admin Guide HTMLANCHOR=frontpage.admin.guide Frontpage Admin Guide HTMLANCHOR=webproxy.admin.guide.pdf Webproxy Admin Guide Moving the Root Directory ---------------------------------------- The altroot.sh script has been provided to easily move the entire /opt/hpws22/ directory, including HP-UX Apache-based Web Server, HP-UX Tomcat-based Servlet Engine, HP-UX Webmin-based Admin Tools. The script is located in the /opt/hpws22/util/ directory. Detailed information is located in the HTMLANCHOR=/hp_docs/utilities.user.guide General Utilities User Guide. Automatic Restart of Apache ----------------------------------------- If you would like to automatically restart HP-UX Apache-based Web Server at boot-up time, you will have to modify the specific components configuration file: #ifdef PA /etc/rc.config.d/hpws22_apacheconf for HP-UX Apache-based Web Server #endif #ifdef IPv6 /etc/rc.config.d/hpws22_apacheconf for HP-UX Apache-based Web Server #endif #ifdef IA64_64 /etc/rc.config.d/hpws22_apacheconf for HP-UX Apache-based Web Server #endif #ifdef IA64_32 /etc/rc.config.d/hpws22_apache32conf for HP-UX Apache-based Web Server #endif #ifdef PA Bydefault HPWS22_APACHE_START Flag is set to 1.If you want to start apache in ssl or non-ssl mode uncomment or comment "#Include conf/extra/httpd-ssl.conf" line in /opt/hpws22/apache/conf/httpd.conf file #endif #ifdef IPv6 Bydefault HPWS22_APACHE_START Flag is set to 1.If you want to start apache in ssl or non-ssl mode uncomment or comment "#Include conf/extra/httpd-ssl.conf" line in /opt/hpws22/apache/conf/httpd.conf file #endif #ifdef IA64_64 Bydefault HPWS22_APACHE_START Flag is set to 1.If you want to start apache in ssl or non-ssl mode uncomment or comment "#Include conf/extra/httpd-ssl.conf" line in /opt/hpws22/apache/conf/httpd.conf file #endif #ifdef IA64_32 Bydefault HPWS22_APACHE32_START Flag is set to 1.If you want to start apache in ssl or non-ssl mode uncomment or comment "#Include conf/extra/httpd-ssl.conf" line in /opt/hpws22/apache/conf/httpd.conf file #endif NOTE: (1) If you intend to start HP-UX Apache-based Web Server in SSL-mode, ensure that the Certificate key file is not encrypted with a password. In the case that the key file requires a password, the system bootup will hang. (2) With their default configurations, the startup of HP Apache-based Web Server 1.3 has higher precedence over HP-UX Apache-based Web Server _HPWS_GENERIC_REVISION at reboot time. Therefore, if both 1.3 and _HPWS_GENERIC_REVISION are configured to use the same port number and set to be restarted at boot time, only 1.3 would come up. Therefore, it is recommended that the user set the config files (/etc/rc.config.d/apacheconf for 1.3 and #ifdef PA /etc/rc.config.d/hpws22_apacheconf for _HPWS_GENERIC_REVISION) to start either HP #endif #ifdef IPv6 /etc/rc.config.d/hpws22_apacheconf for _HPWS_GENERIC_REVISION) to start either HP #endif #ifdef IA64_64 /etc/rc.config.d/hpws22_apacheconf for _HPWS_GENERIC_REVISION) to start either HP #endif #ifdef IA64_32 /etc/rc.config.d/hpws22_apache32conf for _HPWS_GENERIC_REVISION) to start either HP #endif Apache-based Web Server 1.3 or HP-UX Apache-based Web Server _HPWS_GENERIC_REVISION. Starting both HP Apache-based Web Server 1.3 and HP-UX Apache-based Web Server _HPWS_GENERIC_REVISION at reboot time is currently supported. - To automatically start HP-UX Apache-based Web Server at boot-up time. #ifdef PA By default the HPWS22_APACHE_START variable is to 1. If you do not desire this feature, set the HPWS22_APACHE_START variable to 0. The line below shows how to turn it off. HPWS22_APACHE_START=0 The startup scripts have a direct dependency on the HPWS22_APACHE_HOME variable, and expects HP-UX Apache-based Web Server to be located in the directory. #endif #ifdef IPv6 By default the HPWS22_APACHE_START variable is to 1. If you do not desire this feature, set the HPWS22_APACHE_START variable to 0. The line below shows how to turn it off. HPWS22_APACHE_START=0 The startup scripts have a direct dependency on the HPWS22_APACHE_HOME variable, and expects HP-UX Apache-based Web Server to be located in the directory. #endif #ifdef IA64_64 By default the HPWS22_APACHE_START variable is to 1. If you do not desire this feature, set the HPWS22_APACHE_START variable to 0. The line below shows how to turn it off. HPWS22_APACHE_START=0 The startup scripts have a direct dependency on the HPWS22_APACHE_HOME variable, and expects HP-UX Apache-based Web Server to be located in the directory. #endif #ifdef IA64_32 By default the HPWS22_APACHE32_START variable is to 1. If you do not desire this feature, set the HPWS22_APACHE32_START variable to 0. The line below shows how to turn it off. HPWS22_APACHE32_START=0 The startup scripts have a direct dependency on the HPWS22_APACHE32_HOME variable, and expects HP-UX Apache-based Web Server to be located in the directory. #endif HTMLNAME=BIG_FDS Enabling more file descriptors ----------------------------------------- HP-UX Apache-based Web Server is now compiled with _USE_BIG_FDS to raise the maximum allowed number of simultaneous open files, or maximum number of file descriptors, from 2048 to 60000 (depending on the system configuration) per process. This value is specified by the constant MAXFUPLIM (and the equivalents _MAXFUPLIM and FD_SETSIZE). To enable this feature requires the following changes: To enable HP-UX Apache-based Web Server for handling a large amount of file descriptors, your need to change the system-wide RLIMIT_NOFILE defaults by modifying the kernel tunables maxfiles and maxfiles_lim; see the SAM on-line kernel configuration help for more information. You might also need to reconfigure the machine with a larger value for the kernel tunable nfile. This tunable specifies the per-machine (as opposed to per-process) maximum number of simultaneous open files and the default value is much less than 60000. See the SAM online kernel configuration help for more information. HTMLNAME=JK_CONNECTOR Configuring mod_jk and mod_jk2 ----------------------------------------- To use HP-UX Apache-based Web Server with HP-UX Tomcat-based Servlet Engine Modify /opt/hpws22/apache/conf/httpd.conf: In this file enable mod_jk or mod_jk2 connector by uncomment one of the following lines: Include /opt/hpws22/apache/conf/mod_jk.conf -OR- Include /opt/hpws22/apache/conf/mod_jk2.conf Modify /opt/hpws22/apache/conf/mod_jk.conf (if necessary): You can add here additional mount points if you want HP-UX Apache-based Web Server to forward requests to HP-UX Tomcat-based Servlet Engine. Add lines similar to the following: JkMount /mywebapp ajp13 JkMount /mywebapp/* ajp13 In the case of /opt/hpws22/apache/conf/mod_jk2.conf: JkUriSet worker ajp13:localhost:8009 Start HP-UX Tomcat-based Servlet Engine $ cd /opt/hpws22/tomcat $ bin/startup.sh Start HP-UX Apache-based Web Server $ /opt/hpws22/apache/bin/apachectl start To enable logging in mod_jk If we suspect problems in communication between the web server and HP-UX Tomcat-based Servlet Engine we can turn on logging inside mod_jk. To do that edit /opt/hpws22/apache/conf/mod_jk.conf file and set JkLogFile /opt/hpws22/apache/logs/jk.log JkLogLevel debug Available logging levels are: debug, info, error, emerg. To enable logging in mod_jk2 There is no special directive to enable error logging in mod_jk2 specifically mod_jk2 error log is integrated into Apache web server's error log.

Running Multiple instances of Apache

1)Install Apache and Webmin on your machine. It is mandatory to install Webmin. Webmin contains the file, altroot.sh, that is used to change the apache install directory. Note: If Apache and Webmin are already installed, ensure that they are not running. 2)Enter the following command at the HP-UX prompt: #/opt/hpws22/util/altroot.sh --apache /opt/hpws22/apache <New_location_for_Apache> Eg: #/opt/hpws22/util/altroot.sh --apache /opt/hpws22/apache /usr/local/hpws/apache The /opt/hpws22/apache directory will be moved to the specified location after this. For more information about Altroot, visit: http://servername.com/hp_docs/utilities.user.guide 3)Open the <New_location_for_Apache>/conf/httpd.conf file. Change the Listen directive option to a value, other than the default 80, so that Apache can listen on a different port. Note: If you are installing a lower version of Apache, you must remove the current installation of Apache using the swremove command. Removing the current installation will not delete any files from the altrooted apache installation. However, it will only remove the IPD entries from the previous installation. 4)Install another instance of Apache. The default location of the installation files is /opt/hpws22 5)To run this newly installed Apache in a location other than the default location, repeat steps 1-3.

Running 11.00 depot on 11.11

Patch PHSS_33263 needs to be installed to run a 11.00 depot on a 11.11 system. #ifdef IPv6 ====================================== IPV6 INFORMATION -------------------------------------- IPv6 stands for "Internet Protocol Version 6", the "next generation" protocol designed by the IETF to replace the current version Internet Protocol Version 4 (IPv4). The new IPv6 addresses the current problem of and network configuration. IPv6 is only supported on the HP-UX Apache-based Web Server product B9415BA. Functionality Supported -------------------------------------- Since HP-UX Apache-based Web Server is dependent on other products such as Perl, it may or may not work the same as it does in its IPv4 version. A. Complete Support The following components work on IPv6 platform, and all the functionality of IPv6 is also implemented. - Apache Core - PHP - SSI - CGI (C-based and shell script) B. Partial Support Although the following components works on IPv6 platform, they may not behave correctly for networking calls related to IPv6 address, due to a lack of underlying support. - OpenSSL OpenSSL does not have support for IPv6. However, on an IPv6 machine, it could still be used in IPv4 mode. - mod_ssl Since HP-UX Apache-based Web Server implements the SSL using the OpenSSL library, mod_ssl does not support IPv6 addresses. - ab and OpenSSL /opt/hpws22/apache/bin/ab implements SSL using OpenSSL. Since OpenSSL does not have support for IPv6, ab does not either. - Stunnel Stunnel currently does not have IPv6 capabilities, i.e. it cannot listen on IPv6 addresses. Therefore, when one starts Stunnel they need to specify an IPv4 address/port for Stunnel. Hence your ldap authentication configuration should point to the IPv4 address/port that Stunnel is listening on. - SSL clients Currently, there are no SSL clients available from HP on HP-UX for IPv6. However, one could use the standard SSL clients in IPv4 mode. - CGI (Perl-based) - mod_perl CGI scripts or Perl modules written in Perl will return failure for any calls to gethostbyname() for the IPv6 addresses, as Perl does not support IPv6. Hence, perl-based CGI and mod_perl are supported only in IPv4 mode. - LDAP connectivity If your LDAP server is not IPv6 capable, then you will need to configure your ldap authentication to connect to the LDAP server using the IPv4 address. - WebDAV Currently there are no IPv6 compatible clients for WebDAV. Hence, WebDAV with IPv6 addresses is not supported for this release of HP-UX Apache-based Web Server. Supporting Components -------------------------------------- - HP-UX Webmin-based Admin Currently there is no support for IPv6 in Perl. Since HP-UX Webmin-based Admin is entirely written in Perl, it is not supported for IPv6 platform. Also, HP-UX Webmin-based admin currently does not have support for recognizing IPv6 addresses correctly. Therefore, specifying IPv6 addresses for Apache may not work. - HP-UX Tomcat-based Servlet Engine Starting with 1.4, Java has support for IPv6. However, the current version of HP-UX Tomcat-based Servlet Engine is compiled under Java 1.3, and hence is not supported for IPv6 platform. Enabling/Disabling IPv6 -------------------------------------- The installed product is enabled "out of the box". More information on IPv6 configuration can be found in the documentation that comes with the IPv6 product. Simple checks to verify IPv6 functionality: 1. Make sure that one of the network interfaces is configured for IPv6 addresses. At the command prompt type: % ifconfig lan0 You should see output similar to the following: lan0: flags=843 inet 111.222.333.444 netmask ffffff00 broadcast 111.222.333.255 lan0: flags=4800841 inet6 fe80::210:83ff:feff:da14 prefix 10 If you do not see output for IPv6 (colon separated IP address) for a particular network interface, say lan0, then you can enable IPv6 on that interface by typing the following command: % ifconfig lan0 inet6 up 2. Make sure that DNS server is properly configured for the IPv6 address. If you are using "/etc/hosts", for hostname lookup, then an entry for the IPv6 address should be present in "/etc/hosts" 3. Ensure that "/etc/nsswitch.conf" has a line corresponding to "ipnodes". An example entry is shown below: ipnodes: dns [NOTFOUND=continue] files #endif #ifdef B.11.23 ====================================== IPV6 INFORMATION -------------------------------------- IPv6 stands for "Internet Protocol Version 6", the "next generation" protocol designed by the IETF to replace the current version Internet Protocol Version 4 (IPv4). The new IPv6 addresses the current problem of and network configuration. IPv6 is only supported on the HP-UX Apache-based Web Server for HP-UX 11i (for PA-RISC) and HP-UX 11i version 2. Functionality Supported -------------------------------------- Since HP-UX Apache-based Web Server is dependent on other products such as Perl, it may or may not work the same as it does in its IPv4 version. A. Complete Support The following components work on IPv6 platform, and all the functionality of IPv6 is also implemented. - Apache Core - PHP - SSI - CGI (C-based and shell script) B. Partial Support Although the following components works on IPv6 platform, they may not behave correctly for networking calls related to IPv6 address, due to a lack of underlying support. - OpenSSL OpenSSL does not have support for IPv6. However, on an IPv6 machine, it could still be used in IPv4 mode. - mod_ssl Since HP-UX Apache-based Web Server implements the SSL using the OpenSSL library, mod_ssl does not support IPv6 addresses. - ab and OpenSSL /opt/hpws22/apache/bin/ab implements SSL using OpenSSL. Since OpenSSL does not have support for IPv6, ab does not either. - Stunnel Stunnel currently does not have IPv6 capabilities, i.e. it cannot listen on IPv6 addresses. Therefore, when one starts Stunnel they need to specify an IPv4 address/port for Stunnel. Hence your ldap authentication configuration should point to the IPv4 address/port that Stunnel is listening on. - SSL clients Currently, there are no SSL clients available from HP on HP-UX for IPv6. However, one could use the standard SSL clients in IPv4 mode. - CGI (Perl-based) - mod_perl CGI scripts or Perl modules written in Perl will return failure for any calls to gethostbyname() for the IPv6 addresses, as Perl does not support IPv6. Hence, perl-based CGI and mod_perl are supported only in IPv4 mode. - LDAP connectivity If your LDAP server is not IPv6 capable, then you will need to configure your ldap authentication to connect to the LDAP server using the IPv4 address. - WebDAV Currently there are no IPv6 compatible clients for WebDAV. Hence, WebDAV with IPv6 addresses is not supported for this release of HP-UX Apache-based Web Server. Supporting Components -------------------------------------- - HP-UX Webmin-based Admin Currently there is no support for IPv6 in Perl. Since HP-UX Webmin-based Admin is entirely written in Perl, it is not supported for IPv6 platform. Also, HP-UX Webmin-based admin currently does not have support for recognizing IPv6 addresses correctly. Therefore, specifying IPv6 addresses for Apache may not work. - HP-UX Tomcat-based Servlet Engine Starting with 1.4, Java has support for IPv6. Thus any version of HP-UX Tomcat-based Servlet Engine which is based on Tomcat base version of 4.x is supported for IPv6 platform. If HP-UX Tomcat-based Servlet Engine is installed, look at documentation provided in HTMLANCHOR=/hp_docs/tomcat/tomcat.admin.guide Tomcat Admin Guide. Enabling/Disabling IPv6 -------------------------------------- IPv6 is enabled on the system "out of the box". More information on configuring the system for IPv6 is available in the HTMLANCHOR=/hp-ux/11iV2RelNotes.pdf system release notes. Simple checks to verify IPv6 functionality: 1. Make sure that one of the network interfaces is configured for IPv6 addresses. At the command prompt type: % ifconfig lan0 You should see output similar to the following: lan0: flags=843 inet 111.222.333.444 netmask ffffff00 broadcast 111.222.333.255 lan0: flags=4800841 inet6 fe80::210:83ff:feff:da14 prefix 10 If you do not see output for IPv6 (colon separated IP address for "inet6") for a particular network interface, say lan0, then you can enable IPv6 on that interface by typing the following command: % ifconfig lan0 inet6 up 2. Make sure that DNS server is properly configured for the IPv6 address. If you are using "/etc/hosts", for hostname lookup, then an entry for the IPv6 address should be present in "/etc/hosts" 3. Ensure that "/etc/nsswitch.conf" has a line corresponding to "ipnodes". An example entry is shown below: ipnodes: dns [NOTFOUND=continue] files #endif ====================================== TROUBLESHOOTING -------------------------------------- Please refer to a component's admin guide for log file locations and other troubleshooting tips. Check the individual logs files for failures in the components. For information about HP-UX Apache-based Web Server failures, look in the log files under /opt/hpws22/apache/logs/ Note: The access_log is disabled by default. To enable it, make sure that the following line is uncommented: CustomLog logs/access_log common By default the access_log is enabled for ssl connections in ssl.conf. #ifdef PA - Starting HP-UX Apache-based Web Server with mod_jk complains of: "/usr/lib/dld.sl: Unresolved symbol : dlsym (code) from mod_jk.so" ------------------------------------------------- The version of ld is old and needs to be upgraded. Verify the version of ld: % ld -V % what /usr/lib/libdld.sl SOLUTION: Upgrade to at least B.11.32 using patch: PHSS_28869 for HP-UX 11.00 or PHSS_28871 for HP-UX 11i (11.11) or later to solve this problem. To download, go to the IT Resource Center for Americas and Asia Pacific (http://us-support.external.hp.com/) or Europe (http://europe-support.external.hp.com/). Under Maintenance/Support click on "Individual Patches". Scroll down to "retrieve a specific patch by entering the patch name" and enter the patch number in the input field. Note that on any given system, the versions of ld and libdld should be the same. #endif #ifdef PA - 'apachectl start' OR 'apachectl stop' hangs on your system ---------------------------------------------------------------- One possible reason is that HP-UX needs a linker patch. - PHSS_26560 for HP-UX 11i. SOLUTION: Check for the patch on your system, and install it if you don't have it. #endif - When logging at debug level, /opt/hpws22/apache/logs/error_log says: "End of file found: read_request_line() failed" ---------------------------------------------------------------- This is a harmless error. Either ignore it or increase your LogLevel setting. More details can be found at: http://www.apache.org/dist/httpd/Announcement2.html - /opt/hpws22/apache/logs/error_log says : "Apache.pm" failed to load. ---------------------------------------------------------------- This is usually due to Perl binaries not being in the PATH. or the PERL5LIB environment not being set correctly. #ifdef PA SOLUTION: Verify that Perl _PERL_REVISION is installed in /opt/perl/bin and that/opt/perl/bin/perl and /opt/perl/lib/_PERL_REVISION exist. Also verify that /opt/perl/bin is in the PATH. If it isn't, make sure to add it. After installing Perl, use the following command to specify where the mod_perl libraries are: export PERL5LIB=/opt/hpws22/apache/lib/perl/lib/site_perl/_PERL_REVISION/PA-RISC1.1-thread-multi #endif #ifdef IPv6 SOLUTION: Verify that Perl _PERL_REVISION is installed in /opt/perl/bin and that/opt/perl/bin/perl and /opt/perl/lib/_PERL_REVISION exist. Also verify that /opt/perl/bin is in the PATH. If it isn't, make sure to add it. After installing Perl, use the following command to specify where the mod_perl libraries are: export PERL5LIB=/opt/hpws22/apache/lib/perl/lib/site_perl/_PERL_REVISION/PA-RISC1.1-thread-multi #endif #ifdef IA64_64 SOLUTION: Verify that 64-bit Perl _PERL_REVISION is installed in /opt/perl_64/bin and that /opt/perl_64/bin/perl and /opt/perl_64/lib/_PERL_REVISION exist. Also verify that /opt/perl_64/bin is in the PATH. If it isn't, make sure to add it. After installing Perl, use the following command to specify where the mod_perl libraries are: #endif #ifdef IA64_32 SOLUTION: Verify that 32-bit Perl _PERL_REVISION is installed in /opt/perl/bin and that /opt/perl/bin/perl and /opt/perl/lib/_PERL_REVISION exist. Also verify that /opt/perl/bin is in the PATH. If it isn't, make sure to add it. After installing Perl, use the following command to specify where the mod_perl libraries are: #endif #ifdef IA64_64 export PERL5LIB=/opt/hpws22/apache/lib/perl/lib/site_perl/_PERL_REVISION/IA64.ARCHREV_0-thread-multi-LP64 #endif #ifdef IA64_32 export PERL5LIB=/opt/hpws22/apache/lib/perl/lib/site_perl/_PERL_REVISION/IA64.ARCHREV_0-thread-multi #endif The PERL5LIB environment variable is preset by apachectl (the shell that runs the Apache executable). If you experience problems, manually set this environment variable as shown above. To test whether you have the correct Perl _PERL_REVISION on your system, run the command: #ifdef PA /opt/perl/bin/perl -v | grep -i ActiveState This version of Perl has been engineered by ActiveState for HP-UX 11.0/11i environment. It can be downloaded from: http://software.hp.com/ Search for: Perl _PERL_REVISION #endif #ifdef IPv6 /opt/perl/bin/perl -v | grep -i ActiveState This version of Perl has been engineered by ActiveState for HP-UX 11.0/11i environment. It can be downloaded from: http://software.hp.com/ Search for: Perl _PERL_REVISION #endif #ifdef IA64_64 /opt/perl_64/bin/perl -v | grep -i build #endif #ifdef IA64_32 /opt/perl/bin/perl -v | grep -i build #endif #ifdef IPF and make sure that Perl build is at least 631. This version of Perl has been engineered by ActiveState for HP-UX 11i Version 1.6 (IPF) environment. It can be downloaded from: http://software.hp.com/ #endif #ifdef IA64_64 Search for: Perl _PERL_REVISION, and then select 64-bit Perl. #endif #ifdef IA64_32 Search for: Perl _PERL_REVISION, and then select 32-bit Perl. #endif - New modules don't execute. ---------------------------------------------------------------- When adding new modules make sure that permissions are set to -rwxr-xr-x. Match owner and group to existing modules. ====================================== KNOWN BUGS -------------------------------------- Make sure to review other admin guides for known bugs. - SSL Session Caching errors ---------------------------------------------------------------- Some times you may notice the following errors in the Apache error_log file: [error] scach2_lookup_session_id internal error [error] 'shmcb' code was unable to store a session in the cache. This does not affect the functionality (the connections will not be dropped). It may affect the performance of the server, but the impact is insignificant. - /opt/hpws22/apache/bin/apachectl restart does not work ---------------------------------------------------------------- When all or most of the modules are enabled, the restart may not successfully restart Apache. To resolve this problem, please explicitly stop and then start Apache. - /opt/hpws22/apache/bin/apachectl stop does not work ---------------------------------------------------------------- Sometimes after HP-UX Apache-based Web Server has been subject to a heavy load (especially when SSL is enabled), the apachectl stop may not kill all of the httpd processes. To resolve this problem, please kill the processes using the following "kill -9" command: % kill -9 `ps -ef |grep httpd |grep -v grep |awk '{print $2}'` - Apache Bench (ab) with SSL does not work ---------------------------------------------------------------- In this release, ab with SSL capability is still experimental. The SSL feature is enabled only for debugging purposes, and cannot be used for stress/load testing. Not all command line options of ab are supported when used with SSL. - Apache restart does not work with Multiple Listen directives ---------------------------------------------------------------- Restarting Apache with multiple Listen directives results in increased CPU usage. This is because Apache 2.0 does not have any way to remove listeners on a restart. Therefore, for multiple Listen directives, you must stop and start the server instead of a restart. ====================================== TUNING -------------------------------------- This tuning information is based on http://httpd.apache.org/docs-2.0/misc/perf-tuning.html#runtime, other documents and in-house testing. These notes provide tips on configuring your HP-UX Apache-based Web Server through intelligent use of directives and modules, as well as tuning your HP-UX environment. ------------------------------------- Using Directives -------------------------------------- 1) Hostname Lookups http://httpd.apache.org/docs-2.0/mod/core.html#hostnamelookups If HostNameLookups is not turned off, each client request will result in at least one lookup request to the name server. Example: HostNameLookups off ##Turning off DNS lookups 2) Logging - Avoid using debug, info and notice level. - Do a minimal amount of logging. Disable referer_log and agent_log, if you don't need to keep track of client information. 3) FollowSymLinks and SymLinksIfOwnerMatch When you do NOT have an "Options FollowSymLinks" in your URL-space, or you do have an "Options SymLinksIfOwnerMatch," HP-UX Apache-based Web Server will issue extra system calls to check up on symlinks. One extra call per filename component will be made. For example, if you had: DocumentRoot /www/htdocs Options SymLinksIfOwnerMatch If a request is made for the URI /index.html, HP-UX Apache-based Web Server will perform lstat(2) on /www, /www/htdocs, and /www/htdocs/index.html. The results of these lstats are never cached, so they will occur on every single request. If you really desire the symlinks security checking try the following instead: DocumentRoot /www/htdocs Options FollowSymLinks Options -FollowSymLinks +SymLinksIfOwnerMatch This at least avoids the extra checks for the DocumentRoot path. Note that you'll need to add similar sections if you have any Alias or RewriteRule paths outside of your document root. For highest performance, and no symlink protection, set FollowSymLinks everywhere, and never set SymLinksIfOwnerMatch. 4) AllowOverride Wherever in your URL-space you allow overrides (typically .htaccess files) HP-UX Apache-based Web Server will attempt to open .htaccess for each filename component. For highest performance use "AllowOverride None" everywhere in your filesystem. 5) Negotiation Use a complete list of options for DirectoryIndex, listing the most common choice first. Example: DirectoryIndex index.cgi index.pl index.shtml index.html 6) Tuning NumServers, StartThreads, MinSpareThreads, MaxSpareThreads, MaxThreadsPerChild, MaxRequestsPerChild HP-UX Apache-based Web Server tries to maintain a pool of spare or idle server threads, which stand ready to serve incoming requests. In this way, clients do not need to wait for new threads or processes to be created before their requests can be served. HP-UX Apache-based Web Server assesses the total number of idle threads in all processes, and forks or kills processes to keep this number within the boundaries specified by MinSpareThreads and MaxSpareThreads. Since this process is very self-regulating, it is rarely necessary to modify these directives from their default values. The maximum number of clients that may be served simultaneously is determined by multiplying the maximum number of server processes that will be created (MaxClients) by the number of threads created in each process (ThreadsPerChild). Using Modules -------------------------------------- 1) Disable unused modules Enable only the modules you need. Pre-processing and post-processing modules like mod_speling, mod_include and mod_log_config add a lot of overhead. Use http://httpd.apache.org/docs-2.0/mod/index.html to determine which modules are used with your configuration, and which you can remove. 2) mod_vhost_alias This module uses less memory than VirtualHost directive, when it is used for a huge number of virtual hosts with similar configurations. 3) mod_perl Using mod_perl for CGI scripts is considerably faster than using mod_cgi. Configuring HP-UX Environment -------------------------------------- 1) Tuning the OS Tune kernel parameters maxproc, shmem, maxfd, etc. See FAQ: "performance/sizing" for suggested kernel parameters. The FAQ is included in the bundle: http://yourserver.com/hp_docs/faq or online: http://www.hp.com/products1/unix/webservers/apache/faqs/index.html 2) Monitor the memory Make sure the web server has enough memory. 3) Renice Increase the priority of HP-UX Apache-based Web Server process. 4) TCP/IP parameters tuning On HP-UX 11.x the system listen queue parameter is called tcp_conn_request_max. The utility for listing/modifying network settings is called "ndd". The following are equivalent commands to use on HP-UX 11.x: - To check the current setting of the system listen queue: ndd -get /dev/tcp tcp_conn_request_max - To adjust the system listen queue size to 256, for example: ndd -set /dev/tcp tcp_conn_request_max 256 Example: Parameter Scope Default Value Tuned Value --------- ----- ------------- ----------- maxfiles /stand/system 2048 4096 * maxfiles_lim /stand/system 2048 4096 * tcp_time_wait_interval ndd/dev/tcp 60000 60000 tcp_conn_request_max ndd/dev/tcp 20 1024 --> 4096 tcp_ip_abort_interval ndd/dev/tcp 600000 60000 tcp_keepalive_interval ndd/dev/tcp 72000000 900000 tcp_rexmit_interval_initial ndd/dev/tc 1500 1500 tcp_rexmit_interval_max ndd/dev/tcp 60000 60000 tcp_rexmit_interval_min ndd/dev/tcp 500 500 tcp_xmit_hiwater_def ndd/dev/tcp 32768 32768 tcp_recv_hiwater_def ndd/dev/tcp 32768 32768 5) Avoid using NFS Don't use files on NFS for "LockFile" or "Scriptsock" directives. This will cause the system to hang. Examples: LockFile NON_NFS_PATH/lockfile.lock Scriptsock NON_NFS_PATH/logs/cgisock Other Configuration -------------------------------------- 1) Use a cache proxy Use cache proxy to cache the web pages. -------------------------------------- NOTE -------------------------------------- 1. Any modules built with Apache2.0 may not function as expected with Apache 2.2, and might need to be recompiled using Apache2.2 libraries. 2. We are discontinuing xmltools starting WSS 3.0 release, which was there as a part of WSS 2.0 releases. We continue to support it under WSS 2.0. 3. Before installing WSS3.0 depot please remove the WSS 3.0 beta depot if it is already installed. *************************************************************************** Legal Notices The information in this document is subject to change without notice. WARRANTY DISCLAIMER HEWLETT-PACKARD MAKES NO WARRANTY OF ANY KIND WITH REGARD TO THIS INFORMATION, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. Hewlett-Packard shall not be liable for errors contained herein or for direct, indirect, special, incidental or consequential damages in connection with the furnishing, performance or use of this material. RESTRICTED RIGHTS LEGEND Use, duplication or disclosure by the U.S. Government is subject to restrictions as set forth in subparagraph (c) (1) (ii) of the Rights in Technical Data and Computer Software clause at DFARS 252.227-7013 for DOD agencies. Rights for non-DOD U.S. Government Department and Agencies are as set forth in FAR 52.227-19 (c)(1,2). COPYRIGHT NOTICES Copyright 2002-_COPYRIGHT_END_REVISION Hewlett-Packard Development Company, L.P. This document contains information which is protected by copyright. All Rights Reserved. Reproduction, adaptation, or translation without prior written permission is prohibited, except as allowed under the copyright laws. TRADEMARK NOTICES UNIX is a registered trademark in the United States and other countries, licensed exclusively through X/Open Company Limited. #ifdef IPF Intel(R) Itanium(TM) Processor Family is a trademark of Intel Corporation in the U.S. and other countries is used under license. #endif Java and all Java-based trademarks and logos are trademarks or registered trademarks of Sun Microsystems, Inc. in the U.S. and other countries. ACKNOWLEDGEMENTS This product includes software developed by the Apache Software Foundation. This documentation is based on information from the Apache Software Foundation (http://www.apache.org).