Installing the server

his chapter tells you how to install the Netscape Enterprise Server and begin configuring the server for your needs.

Before you begin installation

Before you install the server, you should do the following:

Make sure DNS is running

When you install the Netscape Enterprise Server, you'll be asked for a hostname or an IP address (or multiple entries of the same) as input strings.

As you prepare for installation, make sure DNS is running properly. Otherwise, the server can't resolve (translate) host names and can't connect to any remote hosts.

Create an alias for the server

If your server will run on one machine among many in a network, you or your system administrator should set up a DNS CNAME record or an alias (such as www) that points to the actual server machine. Later, you can change the actual host name or IP address of the server machine without having to change all URLs that point to the server machine.

For example, you might call the server myserver.anycompany.com and then use an alias like www.anycompany.com. So the URLs to documents on your server would always use the www alias instead of myserver.

Create a user account for the server

If you don't know how to create a new user on your system, you should consult your system manual or a good Unix administrator's handbook.
You should create a Unix user account for the server. You probably want the server to have restricted access to your system resources and run under a nonprivileged system user account.

When the server starts and runs, it runs with this Unix user account (you'll specify this account during installation). Any child processes of the server are created with this account as the owner. The account needs read permissions for the configuration files and write permissions for the logs directory. For security reasons, the user account shouldn't have write permissions to the configuration files. If the security of the server is compromised, no one can write to the configuration files.

You can use the account with the name nobody, but this might not work on some systems. Some machines ship with a uid of -2 for the user nobody. A uid less than zero generates an error during installation. Check the /etc/passwd file to see if the uid for nobody exists, and make sure it is greater than zero.

Note
It's strongly recommended that you use a dedicated account for the server.

The administration server can also run with a user account that must have write permissions to the configuration files for all installed servers. However, it's much easier to run the administration server as root because then it can start and stop servers with port numbers less than 1024. You should shut down the administration server when you're done with it, unless you're using the timing utility to archive log files. For more information about shutting down the administration server, see "Shutting down the administration server" on page 33.

Choose unique port numbers

You need two port numbers: one for the administration server and one for the web server. The administration server is a separate daemon that lets you manage multiple servers from a single interface.

Port numbers for all network-accessible services are maintained in the file /etc/services. The standard web server port number is 80; the standard secure web server port number is 443, but you can install the server to any port. You should choose a random number for the administration server to make it harder for anyone to breach your server. When you configure your server, you use the administration server's port number.

Make sure the port you choose isn't in use. Look at the file /etc/services on the server machine to make sure you don't assign a port number that is used by another service. If you choose a port that is being used by another service, the installation will prompt you for another port.

Note
If you choose a server port number lower than 1024, you must be logged in as root to start the server. After the server is bound to the port, the server changes from root to the user account you specify. If you choose a port number greater than 1024, you don't have to be root to start the server.

Upgrading an existing server

If you're running a 1.1 server, the installation program takes configuration information from your 1.1 server and puts it into a new 2.0 server in a new server root directory. You should stop running the 1.1 server before upgrading. Make sure you have Netscape Navigator 2.0 or later installed on your computer before upgrading.

To upgrade your existing server,

  1. Log in as the user the administration server runs as. In most cases, this user is root. If you're not sure, check to see who owns the server files.
  2. Follow the steps in "Running ns-setup" on page 22. Following these steps will install the 2.0 server into a new server root directory.
  3. Change to the install directory in the new server root directory that contains the upgrade script and type the following (in this example the administration server runs as root): # ./upgrade

  4. Type the server root path of the existing server when prompted. The installation script reads 1.1x server ns-admin.conf and port information.
  5. For every server in your 1.1 server root directory, type the server identifier name for the new server (for example, server1; the https- will be added automatically). Some of the tasks the installation script performs include:
  6. If your existing server is an SSL-enabled server, you'll be prompted to type your server password.
If anything needs to be manually translated, the upgrade.log file in the install directory in your server root directory contains the relevant information.

After installation, you should check that the upgraded server runs correctly. Change to the server root directory, and type ./start-admin at the command prompt to start the administration server. Use the Server Selector to configure your new server. For more information about using the Server Selector, see "Using the Server Selector" on page 31.

Copy any documents from your 1.1 document directory that you still want to use to your new 2.0 document directory.

If you're upgrading a SSL-enabled server, you'll have to manually start the upgraded server because you have to specify a password when starting it. To manually start the server, see "Restarting the server manually" on page 68.

Installation instructions

Before you install the server, you should be logged in as root, unless you meet these conditions:

You should be logged in with the user account that the server will use.

Running ns-setup

To install the Netscape Enterprise Server,

  1. Put the Netscape Enterprise Server CD-ROM in the drive and change to the directory for the Unix operating system that your computer uses (for example, type cd solaris).
  2. Type cd entprise to change to the installation directory.
  3. Copy the https.tar file from the CD-ROM directory to a directory where you want the installation program to run. (The install needs about 30MB of disk space.) This should be a temporary directory and not the directory where you plan to install the server.
    Note
    If you use the Solaris operating system, don't use the /tmp directory because you might encounter problems later in the install process.

  4. Unpack the tar file by typing tar xvof https.tar. This unpacks the server files and creates a temporary directory structure under the current directory.
  5. Type cd https to change to the new directory. This directory contains a readme.txt text file that has up-to-date information about the Netscape plan to install the se\xff Enterprise Server. You should read this file before continuing.
  6. Type ./ns-setup to start the server installation. If you aren't logged in as root (superuser) or if you don't have sufficient write permissions, you'll get one or more error messages.
  7. Choose whether you accept the software license agreement.
  8. Type a server root directory. This is the directory where the server files and directory structure will be installed. Server files are extracted from the .tar file, and you will be asked if you want to configure the server. Press Enter to continue.

  9. Enter the machine name.
  10. Enter the administration server port. This is the port that the administration server will run from. The installation program randomly picks a port number as a default. Make sure you remember the port number for the administration server.
  11. Enter the administration server user.
  12. Enter the administration server authentication user name and password. (You will be asked to enter your password twice for verification.) The administration server authentication user name is only used for administration server authentication; this user name is not an operating system user. Because HTTP passwords are not encrypted when sent, you should not use an existing system user name and password.
  13. Enter the hosts that you want to have access to the administration server. Use commas to separate multiple hosts. Any host not in this list will not be allowed to use the administration server. You can also use wildcard patterns (for example, *.netscape.com).
  14. Enter the list of IP addresses that you want to have access to the administration server. Any system whose IP address is not on this list will not be allowed to use the administration server unless its corresponding domain was specified in Step 13.
You are now ready to configure your new server. You will be prompted for the name of your network navigator. The default is Netscape Navigator.

Note
You do not have to configure your server immediately after installation.

Configuring your new server

To complete the installation, you configure your server by using the administration server's Server Selector, which was started after the installation wrote the configuration files to disk, to complete an HTML configuration form.

If you don't understand a setting, you can use the default value and later change it via the Server Manager forms.
The configuration HTML form collects data that is used to generate the configuration files called magnus.conf and obj.conf. (The server uses these files to control how it works.)

The last step of ns-setup started your network navigator. If your navigator isn't running, start it. Enter the URL for your server's administration server, using the following format:

http://system_name:admin_port/

where system_name is the name you entered for your system's full name during installation and admin_port is the administration port you specified (for example, http://server1.acme.com:54321/).

To configure your web server,

  1. From the Server Selector, click Install a new Netscape Enterprise Server.
  2. Type the server name. Users will use this name when they access your server. Include your machine and domain name. If your system administrator has set up a DNS alias for your server, enter the alias here. If not, use the machine's name combined with your domain name as the server's name.
  3. Enter the IP address your server should listen to. Leave this field blank if you're not planning to have your system answer to different IP addresses. If you do want your system to answer to multiple addresses, configure your system to listen to multiple IP addresses; then install separate instances of the server, each having a different bind IP address.

  4. Enter the port number for your server. This can be any number from 1 to 65535. Keep the following in mind when choosing a port number:
  5. Enter the server identification that the administration server will use for your server. The server identification should contain no spaces or slashes. This identification will also be used as the directory name in your server root to store the server configuration files. The following are some examples:

    www.acme.com-unsecure
    www.acme.com-secure
    unsecure_test_area

  6. Enter the user name you want the server to run as. The server should only have restricted access to your system resources. You might need to start the server as superuser, but you probably don't want the server running as superuser. The server will automatically change its username after startup to the Unix user you enter here. You can often use a user named nobody in this situation. On some systems, however, nobody isn't a valid user. If nobody is not a valid user on your system, create a new Unix user for the server. If you are unfamiliar with creating Unix users, see your system administrator or your system documentation.

  7. Enter the number of processes that are created on your system when the server starts. The threads of these processes take turns answering requests. On a threaded server, keep the number of processes relatively low and the number of threads high. In general, the number of processes specified should equal the number of processors your system has.
  8. Enter the minimum and maximum number of threads that are created when the server starts. Set the number of threads to achieve a balance between system load and request response time. The number should be based on the number of requests you expect and the speed of the hardware your server runs on. A low-demand system might only need 5 or 10 threads; a high-demand system might need as many as 30 threads.
  9. Specify when you want the server to resolve IP addresses to host names. When an HTTP client connects to your server, it knows the client's IP address, but does not know its host name (for example, it doesn't know that the hostname for 198.95.251.30 is www.acme.com). For certain operations like access control, CGI, error reporting, and access logging, the server will resolve the IP address to a host name. If your server responds to many requests per day, stopping host name resolution can reduce the load on your DNS or NIS server.

  10. Enter the server's document root directory that will contain most of your server documents. If the directory you enter doesn't exist, the installation software will create the directory. By creating a document root for all of your documents, you place all of your documents in one location, and the server handles the URLs. Any request for a document automatically gets redirected to the document root you enter here. Because full file system pathnames are neither used nor displayed on any client's network navigator, your file system is safe, and users won't be able to get information about the rest of your system.

  11. Click OK. If the configuration was successful, you will see a page showing your new server's name, the port listens it to, and the primary document directory. From this page, you can configure your server further, start your new server, register your server for technical support, install another server, or return to the Server Selector. Clicking on the "Configure your server further" link will take you to the Server Manager, where you can configure your server. For more information about the Server Manager, see "Using the Server Manager" in Chapter 3.

What the installation process does

After you fill out all of the install forms, the actual installation takes place. Before that point, no file outside of the installation working directory is modified. Some temporary files are written to /tmp and removed after installation. No other files or directories are modified.

The installation process places all the files under the server root directory that you specified during installation. The following directories and files are created under the server root directory:

Troubleshooting installation

This section describes the most common installation problems and how to solve them.

I accidentally denied all access to the Server Manager forms.
Log in to the system as root or with the server's user account. In the admserv directory, edit the ns-admin.conf file. There's a line for allowed hosts or allowed addresses. Use wildcard patterns, or modify the lines to include your host and address, save the file, and then restart the administration server.

Clients can't locate the server.
First, try using the host name. If that doesn't work, use the fully qualified name (such as www.domain.dom), and make sure the server is listed in DNS. If that doesn't work, use the IP address.

The port is in use.
Most likely, you didn't shut down a server before you upgraded it. Shut down the old server, then manually start the upgraded one.

The port might also be used by another installed server. Make sure the port you've chosen isn't already being used by another server.

The server is slow and transfers take too long.
Check the number of threads. You might need to increase the number of threads the server uses.

If you log files to SYSLOG, you might encounter reduced performance. Switch to using the server's error log files instead. The server machine might need more RAM, or if there are other applications on the machine, they might be using CPU cycles, which degrades server performance.

I've forgotten the administration user name and password.
In the admserv directory in your server root directory, edit the admpw text file, which contains a line of text similar to the following:

admin:lnOVeixulqkmU

The text before the colon is the administration user name (in this case, admin); the text following the colon is the password, which is encrypted.

Delete everything after the colon and save the file. Shut down the administration server, and restart it. When prompted for the administration password, don't give one. You should be able to access the administration server now. Be sure to create a new password for the administration server. For more information on changing the administration server password, see "Configuring your administration server" in Chapter 3.