IBM HTTP Server powered by Apache for AIX, Solaris, Linux, and Windows NT Version 1.3.6.2

Last updated: 12/09/99

 

Topics covered here:

INSTALLATION INSTRUCTIONS FOR WINDOWS NT

NOTE: If you are installing on a Windows NT backup domain controller, see the ADDITIONAL STEP following this section.

  1. Uninstall any previous versions of the server by clicking Control Panel > Add/Remove Programs.
  2. If you plan to use the Key Management (IKEYMAN) utility to create server certificates for SSL, install the Java Development Kit (JDK), 1.1.6 or higher.

    The JDK ships with WebSphere Application Server on this CD. It is also available from the Java JDK Web site .
  3. Log on to the system with a valid Windows NT user ID and password. The ID must be a member of the local Administrators group.
  4. Change to the directory where the IBM HTTP Server exe file was downloaded.
  5. Double-click HTTPServer_xxx.exe and follow the installation panels.
NOTE: The default user ID for the IBM HTTP Server is "Administrator" and the password is "***".

ADDITIONAL STEP FOR INSTALLING ON A WINDOWS NT BACKUP DOMAIN CONTROLLER

During the install, when you are prompted for a user ID and password to use for the service, the install program will attempt to give that user ID the "Logon as a service" right on your Windows NT system. When installing on a BDC, the installation program is unable to perform this task and will indicate this during the installation.

To assign the "Logon as a service" right to the user ID entered during the IBM HTTP Server installation:

  1. Click Start > Programs > Administrative Tools (Common) > User Manager.
  2. Click Policies > User Rights.
  3. On the User Rights Policy dialog, select Show Advanced User Rights.
  4. Select Log on as a service. If the user ID under which you installed the IBM HTTP Server is not in the list, click Add and follow the prompts to add that user. When the user has been added, this will grant the "Logon as a service" right to the user ID so that the server will start normally as a service once this information is synchronized with the Primary Domain Controller.

IF THE IBM HTTP SERVER EXPERIENCES A LOGON FAILURE WHEN STARTED AS A SERVICE

Verify that the logon ID and password are correct by completing the following:

  1. Click Start > Programs > Administrative Tools > User Manager
  2. Double click Services
  3. Click "IBM HTTP Server"
  4. Click the "Startup" button
  5. Verify the user ID and password are correct at the bottom of the dialog
Verify that the user ID has "Logon as a service right"
  1. Click Start > Programs > Administrative Tools > User Manager
  2. Click Policies > User Rights
  3. Verify that the "Show Advanced User Rights" checkbox is checked
  4. In the drop down list labeled "Right:", find and select "Log on as a service"
  5. Verify that the user ID is displayed in the list box. If it is not, add the user ID by clicking the "Add..." button.
To authenticate the Administration Server, see Administration Server Password Protection.

INSTALLATION INSTRUCTIONS FOR AIX

  1. Backup your Web server's configuration files in the conf directories, and backup your Web site if it was created under the htdocs directory.
  2. The IBM HTTP Server version 1.3.3 was installed under /usr/lpp/HTTPServer. Version 1.3.6.2 will be installed under /usr/HTTPServer. Therefore, uninstall any previous versions of the server:
    1. Log on as root.
    2. At the command prompt, type smit &
    3. Select Software Installation and Maintenance.
    4. Select Software Maintenance and Utilities.
    5. Select Remove Installed Software.
    6. Click list under Software Name.
    7. Select the following from the list:
      • http_server.base.core
      • http_server.base.source
      • http_server.modules.ssl
    8. Click ok.
    9. Change Preview only option to no.
    10. Click ok.
  3. If you plan to use the Key Management (IKEYMAN) utility to create server certificates for SSL, install the Java Development Kit (JDK), 1.1.6 or higher. The JDK ships with WebSphere Application Server on this CD. It is also available from the Java JDK Web site .

  4. If you plan to enable LDAP, install the LDAP client toolkit.

  5. Log on as root.
  6. Extract all downloaded files to a temporary directory.
  7. CD into the temp directory.
  8. Run smit &
  9. Select "Software Installation and Maintenance".
  10. Select "Install and update software".
  11. Select "Install and update from all available software".
  12. At the "INPUT device / directory for software" prompt, enter "." (without quotes) and press return.
  13. At the "Select Packages to list", "http_server" will be highlighted, press return.
  14. Select the packages you want to install:
  15. Use the following install options:
  16. Click OK.
  17. Answer yes to the confirmation messages. The path /usr/HTTPServer is used as the base directory.
To authenticate the Administration Server, see Administration Server Password Protection.

NATIONAL LANGUAGE SUPPORT (AIX only)

IBM HTTP Server 1.3.6.2 supports 9 languages in addition to U.S English:
  1. French
  2. German
  3. Spanish
  4. Brazilian Portuguese
  5. Chinese Simplified
  6. Chinese Traditional
  7. Korean
  8. Japanese
  9. Italian
The documentation to support all languages is located in language specific subdirectories. For IBM HTTP Server the directory is /usr/HTTPServer/htdocs/<language>. For Administration Server the directory is /usr/HTTPServer/admindocs/<language>. To install these languages you must select the appropriate install images at IBM HTTP Server install time.

CHANGES TO IBM HTTP SERVER CONFIGURATION FILE (HTTPD.CONF) TO RUN IBM HTTP SERVER IN OTHER LANGUAGES

Change directive "DocumentRoot" from:

DocumentRoot /usr/HTTPServer/htdocs/en_US to: DocumentRoot /usr/HTTPServer/htdocs/<lang>

Note: <lang> is the language-specific directory (e.g. fr_FR would be DocumentRoot /usr/HTTPServer/htdocs/fr_FR)

 

CHANGES TO ADMINISTRATION SERVER CONFIGURATION FILE (ADMIN.CONF) TO RUN ADMINISTRATION SERVER IN OTHER LANGUAGES

  1. Change directive "DocumentRoot" from:
    DocumentRoot /usr/HTTPServer/admindocs/en_US

    to:
    DocumentRoot /usr/HTTPServer/admindocs/<lang>

    Note: <lang> is the language you wish to run the Administration Server (e.g. fr_FR would be DocumentRoot /usr/HTTPServer/admindocs/fr_FR).

  2. Change directive "Alias" from:
    Alias /admin /usr/HTTPServer/admindocs/en_US
    Alias /manual /usr/HTTPServer/htdocs/en_US/manual Alias /error /usr/HTTPServer/htdocs/en_US

    to:
    Alias /admin /usr/HTTPServer/admindocs/<lang>
    Alias /manual /usr/HTTPServer/htdocs/<lang>/manual
    Alias /error /usr/HTTPServer/htdocs/<lang>

    Note: <lang> is the language you wish to run the Administration Server (e.g. fr_FR would be Alias /admin /usr/HTTPServer/admindocs/fr_FR).
  3. Change directive "Include" from:
    Include conf/admin.msg.en_US

    to:
    Include "conf/admin.msg.<lang>"

    Note: <lang> is the language you wish to run the Administration Server (e.g. fr_FR would be Include conf/admin.msg.fr_FR).

INSTALLATION INSTRUCTIONS FOR SOLARIS

Your existing configuration file is preserved as httpd.conf and the configuration file for the new version is saved as httpd.default.

  1. Uninstall any previous versions of the server:
    1. Log on as root.
    2. Stop the server by changing to /opt/IBMHTTPD/bin
    3. Type ./apachectl/stop
    4. At the command prompt, type admintool &
    5. Select Browse > Software
    6. Select IBM HTTP Server, IBM HTTP SSL module and GSK
    7. Select Edit > Delete
    8. Answer "yes" to the confirmation messages.
  2. If you plan to use the Key Management (IKEYMAN) utility to create server certificates for SSL, install the Java Development Kit (JDK), 1.1.6 or higher. The JDK ships with WebSphere Application Server on this CD. It is also available from the Java JDK Web site .
  3. Log on as root.
  4. Extract all downloaded files to a temporary directory.
  5. At a command prompt, type admintool &
  6. Select Browse > Software.
  7. Select All software.
  8. Select Edit > Add.
  9. Select the options from the list you would like to install:
  10. Click Add.
  11. Answer yes to the confirmation messages. The path /opt/IBMHTTPD is used as the base directory.
To authenticate the Administration Server, see Administration Server Password Protection.

INSTALLATION INSTRUCTIONS FOR LINUX

SUPPORTED LINUX DISTRIBUTIONS

IBM DOWNLOAD SITE PACKAGE INDEX

The IBM HTTP Server 1.3.6.2 is freely available at the IBM download site.

The primary Linux packages are distributed in the following .tar files:

  1. HTTPServer.linux.glibc2x.server.tar:
  2. HTTPServer.linux.glibc2x.admin.tar:
  3. HTTPServer.linux.glibc2x.modules.tar:
  4. HTTPServer.linux.glibc2x.sslx.tar:
Be sure to use the versions appropriate to the glibc2.x installed with your Linux distribution: The optional packages to satisfy particular prerequisites are distributed in the following .tar files:
  1. HTTPServer.linux.glibc20.libstdc.tar:
  2. HTTPServer.linux.glibc21.redhat60only.libstdc.tar:

 

INSTALLING THE IBM HTTP SERVER

  1. Extract all downloaded files to a temporary directory.
  2. Uncompress HTTPServer.linux.glibc2x.server.tar (2x = Linux distribution) using: tar -xvf HTTPServer.linux.glibc2x.server.tar

    Continue to uncompress other downloaded files.
  3. If you plan to use the Key Management (IKEYMAN) utility to create server certificates for SSL, install the Java Development Kit (JDK), 1.1.6 or higher. At this time we recommend using "Green Threads" instead of "Native Threads" with IKEYMAN on Linux.

    The JDK is available from the Blackdown Website, or specifically a version from ftp://ftp.tux.org/pub/java/JDK-1.1.7/.

  4. If installing the IBM HTTP Server for the first time, run command as root: rpm -ivh IBM_HTTP_Server-1.3.6-2.i386.rpm
  5. If upgrading from the IBM HTTP Server 1.3.6, run command as root: rpm -Uvh IBM_HTTP_Server-1.3.6-2.i386.rpm

 

INSTALLING THE OPTIONAL MODULES

Run command as root: rpm -ivh IBM_XXX-1.3.6-2.i386.rpm (XXX can be the name of the above modules (SNMP, SSL, etc.))

Note: If the module has prereq's, those should be satisfied before the module is installed. Prereq's are discussed below.

 

PREREQUISITES

To authenticate the Administration Server, see Administration Server Password Protection.

TECHNICAL NOTES

Here are some technical explanations for the issues that are different between Apache and the IBM HTTP Server:

Address any questions about the IBM HTTP Server to the IBM newsgroup ibm.software.websphere.http-servers on IBM's NNTP server, news.software.ibm.com.

 

JAVA REQUIREMENT FOR RUNNING IKEYMAN ON REDHAT 6.0 AND CALDERA 2.2

JDK 1.1.7 version 3

  1. Go to http://www.blackdown.org/
  2. Select Download the JDK for Linux
  3. Select corresponding FTP Mirror Site
  4. Select the JDK-1.1.7/ folder
  5. Select i386/ folder
  6. Select glibc/ folder
  7. Select v3/ folder
  8. The correct jdk file needed is: jdk_1.1.7-v3-glibc-x86_tar.tar
Linux is a registered trademark of Linus Torvalds.

ADMINISTRATION SERVER PASSWORD PROTECTION

The Administration Server is installed with Authentication enabled for the directory containing all configuration forms. This means that after installation, the Administration Server will not service a page without a user ID and Password. This is done to protect the IBM HTTP Server Configuration file from unauthorized access immediately after successful installation of the IBM HTTP Server and the Administration Server. At installation, the password file (admin.passwd) is "empty", therefore until you supply a user ID and password in the Administration Server Password file (admin.passwd), you will not have access to the IBM HTTP Server Configuration pages through the Administration Server.

  1. For NT - htpasswd -m conf\admin.passwd <userid> (from directory - /Program Files/IBM HTTP Server)
  2. For AIX, Solaris, and Linux type the following: ./htpasswd -m ../conf/admin.passwd <userid> from the following directory structures:
  3. You will be prompted for a Password and then prompted to re-type the same password for verification.
This will be the user ID and Password that will allow access to the Administration Server Configuration GUI. This user ID should be unique for access to the Administration Server. The Administration Server directive "User" should NOT be the same user ID for access to the Administration Server.

Note to Linux users

On Caldera 2.x systems, the setupadm script fails to automatically create a new user and group for the Administration Server. The solution is to use coastool to create a group and account, then supply those names to the setupadm tool.

 

If you have any problems running this script or getting the IBM HTTP Admin Server working, please post a message about the problem on IBM's NNTP server news.software.ibm.com to the group ibm.software.websphere.http-servers

UNIX Users Only: ENABLING THE IBM ADMINISTRATION SERVER TO CONFIGURE TARGET SERVERS

Before you start the Administration Server to administer the configuration data for the IBM HTTP Server, you must perform some preliminary administrative tasks. These tasks can be performed by executing the setupadm script or following the outline below. The script will prompt you for all the necessary input.

The basic intent of the Administration Server tasks are to allow the Administration Server read/write/execute access to the necessary configuration files and one executable file. The Administration Server should obtain read/write access through a unique user ID and Group, which must be created. The User and Group directives of the Administration Server's configuration file should be changed to the unique user ID and Group. The Administration Server's configuration file's "group access permissions" should be changed to allow read/write "group access". In addition there is a utility program that should have "Group execute permissions" and "Set User ID Root permissions". This executable must run as Root in order to request restarts for the IBM HTTP Server and the Administration Server.

  1. Create a new User and Group for the Administration Server to run under.

    On AIX

    1. Go to SMIT. Select Security and Users.
    2. Select GROUPS. Select Add a Group.
    3. Enter the Group name (i.e admingrp). Click OK.
    4. Go back to Security and Users.
    5. Select USERS. Select Add a User.
    6. Enter the User name up to 8 characters (i.e adminusr). Enter Primary GROUP created above.
    7. Click OK.

    On SOLARIS

    1. Bring up the admintool.
    2. Select Browse and then select Groups.
    3. Select Edit and then Add. Enter the Group Name (i.e admingrp).
    4. Click OK.
    5. Select Browse and then select Users.
    6. Select Edit and then Add. Enter the User Name (i.e adminuser) and the Primary Group Name (i.e admingrp).
    7. Click OK.

    On LINUX

    1. From the command line execute "groupadd <groupname>"
    2. Execute "useradd -g <groupname> <userid>"

  2. Update the Group and file permissions for the configuration file of the IBM HTTP Server (httpd.conf).
    1. At a command prompt, change to the directory that contains the httpd.conf file.
    2. Type the following command:
      • chgrp <groupname> httpd.conf
      • chmod g+rw httpd.conf
  3. Update the file permissions for the configuration file of the IBM Administration Server (admin.conf).
    1. At a command prompt, change to the directory that contains the admin.conf file.
    2. Type the following command:
      • chgrp <groupname> admin.conf
      • chmod g+rw admin.conf

  4. If applicable, update the file permissions for all other configuration files of the IBM HTTP Server. Some examples are access.conf and srm.conf.
    1. At a command prompt, change to the directory that contains configuration files.
      • access.conf (if used)
      • srm.conf (if used)
    2. Type the following command:
      • chgrp <groupname> <filename>
      • chmod g+rw <filename>

  5. Update the Group and file permissions for the "admrestart" module.
    1. At a command prompt, change to the following directory:
      • On AIX: /usr/HTTPServer/bin
      • On SOLARIS: /opt/IBMHTTPD/bin
      • On LINUX: /opt/IBMHTTPServer/bin
    2. Type the following command:
      • chgrp <groupname> admrestart
      • chmod g+rx admrestart
      • chmod u+s admrestart

  6. Update the configuration file for the Administration Server (admin.conf).
    1. Change to the Administration Server "admin.conf" directory.
    2. Search for the following lines in the admin.conf file:
      • User nobody
      • Group nobody
    3. Change them to reflect the User ID and Group Name you created:
      • User your_userID
      • Group your_groupname

  7. Start the Administration Server from the IBM HTTP Server bin directory by typing "adminctl start".

  8. Using a web browser, access http://hostname.machine.com:8008 (your server url). Select "Manage Servers" to define the servers you wish to administer from the Administration Server.

  9. If IBM HTTP Server is not already started, type "apachectl start".

USING THE ADMINISTRATION SERVER WITH NETSCAPE

When editing forms in the Administration Server on Netscape, there is a browser limitation that will not allow you to input large amounts of text. Forms that currently contain large amounts of text can be viewed but not edited. There are no known limitations when using Internet Explorer.

INFORMATION FOR USERS OF CASERVLET CERTIFICATES

When using LDAP with SSL to access the Netscape Directory Server, the Netscape Directory Server will be unable to make a secure connection if the certificate is signed using CAServlet. The Netscape Directory Server will give the following errors:

TIVOLI READY DOCUMENTATION

The IBM HTTP Server 1.3.6.2 is Tivoli Ready. Refer to the platforms below for the location of the Tivoli Ready readme:
AIX /usr/HTTPServer/tivready
Solaris /opt/IBMHTTPD/tivready
Windows NT /IBM HTTP SERVER/tivready

DOUBLE BYTE CHARACTERS (DBCS) not supported in IBM HTTP Server Configuration files

You cannot edit the IBM HTTP Server and Administration Server Configuration files or specify install paths using Double Byte Characters. Only Single Byte Characters (SBCS) are supported in the IBM HTTP Server and Administration Server configuration files (httpd.conf and admin.conf respectively). This applies to all Operating System platforms.

STORING THE ENCRYPTED DATABASE PASSWORD IN A STASH FILE

If you are using a stash file to automate SSL initialization, you must ensure that the key database password in the stash file is protected. The key database password is altered in the stash file so that it cannot be recognized by a casual observer, but it is not encrypted. You should not allow unauthorized persons access to either the stash file or the key database file. As with all Web server resources, managing proper file permissions and protections is vital to the security of the system.

KNOWN PROBLEMS