If you are using a version of Unix not derived from System V (such as SunOS 4.1.3), you won't be able to use the inittab option.
Caution!
Leaving your SSL-enabled server's password in cleartext in the server's start script on your system is a large security risk. In essence, you are trading security for convenience. Anyone who can access the file has access to your SSL-enabled server's password, which means that your server's security could be compromised. Consider whether you can tolerate the security risks before keeping your SSL-enabled server's password in plaintext on your system.
The server's start script, key pair file, and the key password should be owned by root (or the user account who installed the server), with only the owner having read and write access to them. For more information about security, see Chapter 7, "Encryption and SSL."If you are willing to take the risk that your server's security could be compromised, follow these steps in order to have your SSL-enabled server start automatically:
#!/bin/sh
cd [ServerRoot]; ./ns-httpd -d [ServerRoot]/https-[server_identifier]/config $@
echo "[your_SSL-enabled_server_password]"|
For example, the edited third line might look like this:
cd /usr/ns-home/bin/https; echo "MBi12!mo"|./ns-httpd -d [ServerRoot]/https-[server_id]/config $@
inittab
, put the following text on one line in the /etc/inittab
file:
The -i option prevents the server from putting itself in a background process.
http:2:respawn:[ServerRoot]/[type-identifier]/start -i
Replace [ServerRoot
] with the directory where you installed the server, and replace [type-identifier
] with the server's directory.
You'll need to remove this line before you try to stop the server.
/etc/rc.local
, or your system's equivalent, place the following line in /etc/rc.local
:
[ServerRoot]/[type-identifier]/startReplace [
ServerRoot
] with the directory where you installed the server.
[ServerRoot]/[type-identifier]/start
Replace [ServerRoot
] with the directory where you installed the server.
You can use optional parameters at the end of the line:
-p XX
starts the server on a specific port number. This overrides the setting in magnus.conf
.
-i
runs the server in inittab
mode, so that if the server process is ever killed or crashed, inittab
will restart the server for you. It also prevents the server from putting itself in a background process.
NoteIf the server is already running, this command will fail. You must stop the server first, then use the start command. Also, if the server startup fails, you should kill the process before trying to restart it.
[ServerRoot]/[type-identifier]/restart
This script finds the parent process id (in the logs/pid
file), and sends the hang-up (-HUP) signal with this process id.
inittab
for restarting the server, you'll need to remove the line from /etc/inittab
before you try to stop the server. Otherwise, the server restarts automatically after it is stopped.
To stop the server manually, log in as root or use the server's user account (if that is how you started the server), and then type the following at the command line:
[ServerRoot]/[type-identifier]/stop
magnus.conf
and obj.conf
).
To view or restore a backup copy of your configuration files,
NoteNormally, you should not change the listen-queue size. The default setting is sufficient in most cases. If you manage a heavily used web site, you should make sure your system's listen-queue size is large enough to accommodate the listen-queue size setting from the Server Manager form. If you do change the listen-queue size, make sure that your system supports the new listen-queue size you've set. The listen-queue size set from the Server Manager form changes the listen-queue size requested by the server. If the server requests a listen-queue size larger than the system's maximum listen-queue size, the listen-queue size will default to the system's maximum.
Caution!Setting the listen-queue size too high can be detrimental to server performance. The listen-queue size was designed to prevent the server from becoming overloaded with connections it cannot handle. If your server is overloaded and you increase the listen queue size further, the server will only fall farther behind.
NoteBe aware of the consequences of turning off DNS on your server; host name restrictions won't work, and hostnames won't appear in your log files. Instead, you'll see IP addresses. You can also specify whether to cache the DNS entries. When the server gets a client's host name information, it can store the data, if you've enabled the DNS cache. Then if the server needs information about the client in the future, the information is cached and available for the server without querying for the information again. You can specify the size of the DNS cache and the time it takes before a cache entry becomes invalid. The DNS cache can contain 32 to 32768 entries; the default value is 1024 entries. Values for the time it takes for a cache entry to expire can range from 1 second to 1 year (specified in seconds); the default value is 1200 seconds (20 minutes).
If you don't know how to create a new user on your system, ask your system administrator or consult your system documentation.Even if you need to start the server as root, you don't want it to run as root all the time. You want it to have restricted access to your system resources and run as a nonprivileged user. The user name you enter as the Server User should already exist as a normal Unix user account. After the server starts, it runs as this user. If you want to avoid creating a new user account, you can choose the user
nobody
or an account used by another HTTP server running on the same host. On some systems, however, the user nobody
can own files but not run programs.
To change the server's user account,
http://www.netscape.com:8080
If you aren't sure the
port number you
plan to use is available, look at the
/etc/services
file on the server
machine.
Port numbers for all network-accessible services are maintained in the file /etc/services
on Unix machines.
The standard unsecure web server port number is 80; the standard secure web server port number is 443. Technically, the port number can be any port from 1 to 65535. If you aren't running as root or superuser when you install or start the server, you'll have to use a port number higher than 1024.
.nsconfig
.
Normally, your server gets its configuration from two or three files that are kept in the server root and modified using the Server Manager.
With this feature, you can give users the ability to control more about their home pages in their public information directories. You can allow them to apply access control or customize error messages without allowing them to use CGI or parsed HTML. The format and capability of these dynamic configuration files is described in the following section.
When a request is made for a resource in which dynamic configuration is enabled, the server must search for the configuration files within one or more directories of that resource. This search can be an expensive operation in terms of performance, so the server lets you configure how much flexibility you need, weighing it against the efficiency cost.
You provide a base directory to the server. The server will start its search for configuration files from the filesystem directory. Alternatively, you can provide no base directory, in which case the server will attempt to infer the base directory from the URL. That is, if the requested URL is going to be serviced with a file from the document root, it will start searching from the document root. The same applies to URL mappings, user public information directories, and CGI mappings.
You also specify the name of the configuration file to search for within the base directory.
Normally, you'll centralize all of your configuration information for the subdirectories of the base directory into the configuration file in the base directory. The server is more efficient because it doesn't waste time searching for configuration files in each of the subdirectories.
For convenience, you will sometimes want to tell the server to search the subdirectories (for example, if you selected the base directory inferred from URL translation, and selected .nsconfig
for your configuration filename). When a user requests the filesystem path /usr/ns-home/docs/icons/logo.gif, instead of searching for /usr/ns-home/docs/.nsconfig you want the server to search all of the subdirectories:
/usr/ns-home/docs/.nsconfig
/usr/ns-home/docs/gfx/.nsconfig
/usr/ns-home/docs/gfx/icons/.nsconfig
Finally enter a wildcard pattern of file types you want to disable in directories where dynamic configuration is enabled. To disable CGI programs and parsed HTML, use * (cgi|parsed-html
).
To configure per-directory access,
NoteIf you are inexperienced in Unix system administration, you might want to learn more about Unix before using this feature. You should keep the server root outside the server chroot directory. You should have the server use the document root as the chroot directory and turn off the document root feature. Log and configuration files should be stored outside your chroot directory. You will not be able to soft restart a server using a chroot directory; the server process must be started as superuser. Any configuration items related to documents will have to be made relative to the new root directory. You will not be able to use CGI programs or the exec tag to parse HTML if you use the chroot feature. You will also not be able to allow users to have public information directories unless the proper system-shared libraries, binaries, and dummy-parsed files are kept in the chroot directory. To change the root directory,
If you enter a partial pathname, the server looks for the partial pathname you give as a substring of the incoming request. If you enter nolinks, the server looks for a directory called nolinks in the incoming request; if it finds it, it checks all following directories for filesystem links.