Network Deployment (Distributed operating systems), v8.0 > Set up intermediary services > Implement a web server plug-in
Set up a remote web server
We can create a web server definition in the admin console when the web server and the web server plug-in for WAS are on the same machine and the application server is on a different machine. This allows you to run an application server on one platform and a web server on another platform.
With a remote web server installation, WAS can facilitate plug-in administration functions and generation and propagation of the plugin-cfg.xml file for IBM HTTP Server for WAS, but not for other web servers.
Web servers that are not IBM HTTP Server for WAS must reside on the same machine as the WAS (as a managed node) to facilitate plug-in administration functions and generation and propagation of the plugin-cfg.xml file.
We can choose a remote web server installation if you want the web server on the outside of a firewall and WAS on the inside of a firewall. We can create a remote web server on an unmanaged node. Unmanaged nodes are nodes without node agents. Because there is no WAS or node agent on the machine that the node represents, there is no way to administer a web server on that unmanaged node unless the web server is IBM HTTP Server for WAS. With IBM HTTP Server, there is an administration server that will facilitate administrative requests such as start and stop, view logs, and view and edit the //publib.boulder.ibm.com/infocenter/wasinfo/v8r0/index.jsp?topic=/ d.conf file.
The administration server is not provided with IBM HTTP Server for WAS which runs on z/OS platforms. So, administration using the admin console is not supported for IBM HTTP Server for z/OS on an unmanaged node.
The following steps will create a web server definition in the default profile. This procedure does not apply when setting up a remote web server for an i5/OS web server. For information about setting up an i5/OS web server, see the topic entitled Select a web server topology diagram and roadmap.
Procedure
- Install IBM Installation Manager.
- Install your WAS product.
- Install IBM HTTP Server or another supported web server.
- Install the web server plug-ins.
- Install the WebSphere Customization Toolbox.
- Configure the web server plug-in using the Web Server Plug-ins Configuration Tool.
- Complete the setup by creating the web server definition.
We can use the console or run the plug-in configuration script:
- Use the admin console:
- Click System Administration > Nodes > Add Node to create an unmanaged node in which to define a web server in the topology.
- Click Servers > Server Types > Web servers > New to launch the Create new web server definition tool. You will create the new web server definition using this tool. The values are as follows:
- Select appropriate node
- Enter web server properties:
- Type: The web server vendor type.
- Port: The existing web server port. The default is 80.
- Installation Path: The web server installation path. This field is required field for IBM HTTP Server only.
- WINDOWS Service Name: The Windows operating system service name of the web server. The default is IBMHTTPServer7.0.
- Use secure protocol: Use the HTTPS protocol to communicate with the web server. The default is HTTP.
- Plug-in installation location: The directory path where the plug-in is installed.
- Application mapping to the web server: Whether to create a mapping to existing applications that are currently deployed to the web server. Select ALL if you want the mapping created; select None if you do not want the mapping created.
CAUTION:
If we have enterprise applications in different security domains when you create a web server, the Key Database (KDB) files for the security configuration might not be created if we have Application mapping to the web server set to All.
To resolve this problem, create the web server with Application mapping to the web server set to None. Then map the applications to the web server. All the KDB files for the web server are then created.
- Enter the remote web server properties. The properties for the IBM HTTP Server administration server follow:
- Port: The administration server port. The default is 8008.
- User ID: The user ID that is created using the htpasswd script.
- Password: The password that corresponds to the user ID created with the htpasswd script.
- Use secure protocol: Use the HTTPS protocol to communicate with the administration server. The default is HTTP.
- Select a web server template. Select a system template or a user-defined template for the web server to create.
- Confirmation of web server creation.
- Run the plug-in configuration script.
- For AIX, HP-UX, Linux or Solaris operating system: On the remote web server, run the setupadm script. The administration server requires read and write access to configuration files and authentication files to perform web server configuration data administration. We can find the setupadm script in the <IHS_install_root>/bin directory. The administration server has to execute adminctl restart as root to perform successful restarts of IBM HTTP Server. In addition to the web server files, manually change the permissions to the targeted plug-in configuration files.
The setupadm script prompts you for the following input:
- User ID - The user ID that you use to log on to the administration server. The script creates this user ID.
- Group name - The administration server accesses the configuration files and authentication files through group file permissions. The script creates the specified group through this script.
- Directory - The directory where you can find configuration files and authentication files.
- File name - The following file groups and file permissions change:
- Single file name
- File name with wildcard
- All (default) - All of the files in the specific directory
- Process - The setupadm script changes the group and file permissions of the configuration files and authentication files.
In addition to the web server files, change the permissions to the targeted plug-in configuration files. See the topic on setting permissions manually for instructions.
- For AIX, HP-UX, Linux, Solaris, or Windows operating system: On the remote web server, run the htpasswd script. The administration server is installed with authentication enabled and a blank admin.passwd password file . The administration server will not accept a connection without a valid user ID and password. This is done to protect the IBM HTTP Server configuration file from unauthorized access.
Launch the htpasswd utility that is shipped with the administration server. This utility creates and updates the files used to store user names and password for basic authentication. Locate htpasswd in the bin directory.
- On Windows operating systems: htpasswd -cm <install_dir>\conf\admin.passwd [login name]
- On AIX, HP-UX, Linux, and Solaris platforms: ./htpasswd -cm <install_dir>/conf/admin.passwd [login name]
where <install_dir> is the IBM HTTP Server installation directory and [login name] is the user ID that you use to log into the administration server. The [login name] is the user ID that you entered in the user ID field for the remote web server properties in the admin console.
- Start IBM HTTP Server. Refer to the topic on starting and stopping the IBM HTTP Server Administration server for instructions.
What to do next
For a non-IBM HTTP Server web server on an unmanaged node, you can generate a plug-in configuration, based on WebSphere Application server repository changes. However, the following functions are not supported on an unmanaged node for a non-IBM HTTP Server web server:
- Start and stop the web server.
- View and editing the web server configuration file.
- View the web server logs.
- Propagation of the web server plugin-cfg.xml file.
We can configure non-IBM HTTP Server web servers as a local web server on a managed node. For a non-IBM HTTP Server web server on a managed node, the following functions are supported:
- Generation of the plug-in configuration, based on WAS repository changes.
- Propagation of the plugin-cfg.xml file, based on using node synchronization with the WAS node. Node synchronization is necessary in order to propagate configuration changes to the affected node or nodes.
When WAS is installed using a stand-alone profile on one machine and IBM HTTP Server is installed on a different machine as root user using the administrative server, to ensure that propagation functions correctly, the root user must manually change the permissions of the plugin-cfg.xml file to the nonroot user running IBM HTTP Server from the administrative server. The username and group needed to start the administrative server are located in the HTTPServer/config/admin.conf file.
The plugin-cfg.xml file is propagated to the application server node repository tree from the dmgr repository.
The plugin-cfg.xml file is propagated to the application server node repository tree. This is not the default plugin-cfg.xml file installation location. Changes may have to be made to non-IBM HTTP Server web server configuration files to update the location of the plugin-cfg.xml file that is read by the plug-in module. For example, Internet Information Services (IIS) has a file name called plugin-cfg.loc, which is read by the IIS plug-in modules to determine the location of the plugin-cfg.xml file. The plugin-cfg.loc file has to be updated to reflect the plugin-cfg.xml file location in the application server node repository.
Other non-IBM HTTP Server web servers have different methods to specify the location of the plugin-cfg.xml file for the plug-in module. However, in order for propagation to work, update the location to reflect the location in the application server node repository.
For a non-IBM HTTP Server Web server that is configured as a local web server on a managed node, the following functions are not supported:
- Start and stop the web server.
- View and editing the configuration file.
- View the web server logs.
Enable access to the administration server using the htpasswd utility
Set permissions manually for the administration server
Start and stop the IBM HTTP Server administration server
Related
Web server collection
Web server configuration
Web server log file
Web server plug-in properties
Web server configuration file
Web server custom properties
Remote web server management