The plugin-cfg.xml file contains configuration information that determines how the web server plug-in forwards requests.
Create two types of plugin-cfg.xml files: application-centric and topology-centric.
A topology-centric file represents everything defined in the environment. Typically, this plugin-cfg.xml file is used when we do not have web servers defined.
Consider the following rules when we want to update a topology-centric plugin-cfg.xml file:
- If plugin-cfg.xml exists within...
...the plug-in generation process ignores the updated values from the admin console panel...
Application server > Web Server Plugin Properties
...and uses the existing values within the XML file. In this case, we must manually update the XML file for those values to persist.
- If plugin-cfg.xml does not exist within...
...the plug-in generation process creates plugin-cfg.xml file. The process persists the latest values that are set on the Application Server > Web Server Plugin Properties panel within the administrative console.
Any web server plug-in properties, such as RefreshInterval, LogLevel, and the Edge Side Include (ESI) processor properties, can be updated manually only. Those values must be maintained through each iteration.
Use the administrative console to set these properties for each web server definition. Any manual changes we make to the plug-in configuration file for each web server are overridden whenever the file is regenerated.
Deprecated feature: Topology-centric, or global, plug-in configuration is deprecated. Instead, use application-centric configuration as described in Implement a web server plug-in. For any existing topology-centric configuration, we can update the global plugin-cfg.xml file using the administrative console or running the GenPluginCfg command for all of the clusters in a cell. However, we must delete...
...before updating the global plugin-cfg.xml file. If we do not delete config/cells/plugin-cfg.xml, only the new properties and their values are added to the global plugin-cfg.xml file. Any updates to existing plug-in property values are not added to the global plugin-cfg.xml file.
Because the GenPluginCfg command runs within its own JVM instead of the WebSphere Application Server JVM, the command might not be able to access other class files. If we encounter this problem when running the GenPluginCfg command, we can instead run the httpPluginManagement.py script to generate application-centric plug-in configuration. This script uses wsadmin to initiate the plug-in generation. For more information, see httpPluginManagement.py script.
We can generate plugin-cfg.xml for our Liberty server by calling the WebSphere:name=com.ibm.ws.jmx.mbeans.generatePluginConfig MBean from within the same Java SDK as our server.
Elements and attributes
The plugin-cfg.xml file includes the following elements and attributes. Unless indicated otherwise, we can specify each element and attribute only once within plugin-cfg.xml. The Config element is required.
- iSeries) OS400ConvertQueryStringToJobCCSID
- Property Name="esiEnable" Value="true/false"
- Property Name="esiMaxCacheSize" Value="integer"
- Property Name="ESIInvalidationMonitor" Value="true/false"
- Property Name="FIPSEnable" Value="true/false"
- Property Name="PluginInstallRoot"
This element, which is required, starts the HTTP plug-in configuration file.
Specifies whether the plug-in ignores DNS failures within a configuration when starting. When set to true, the plug-in ignores DNS failures within a configuration and starts successfully if at least one server in each server cluster is able to resolve the host name. Any server for which the host name cannot be resolved is marked unavailable for the life of the configuration. No attempts to resolve the host name are made during the routing of requests. If a DNS failure occurs, a log message is written to the plug-in log file, and the plug-in initialization continues rather than causing the web server not to start. The default value is false, meaning DNS failures cause the web server not to start.
Time interval, in seconds, at which the plug-in checks the configuration file to see if updates or changes have occurred. The plug-in checks the file for any modifications that have occurred since the last time the plug-in configuration was loaded.
In a development environment in which changes are frequent, a lower setting than the default setting of 60 is preferable. In production, a higher value than the default is preferable because updates to the configuration do not occur so often. If the plug-in reload fails for some reason, a message is written to the plug-in log file and the previous configuration is used until the plug-in configuration file successfully reloads. If we are not seeing the changes we made to your plug-in configuration, check the plug-in log file for indications of the problem.
Also, on Microsoft, UNIX, and Linux platforms, we can disable automatic reload by setting RefreshInterval to -1 in plugin-cfg.xml.
Specifies whether the user wants to disable the nagle algorithm for the connection between the plug-in and the application server. By default, the nagle algorithm is enabled.
The value can be true or false.
Specifies whether the user wants to disable the nagle algorithm on Microsoft Internet Information Services (IIS). By default, the nagle algorithm is enabled.
The value can be true or false.
That the port number is to be used for virtual host matching. Specify one of the following values:
- true if matching is to be done physically using the port number for which the request was received.
- false if matching is to be done logically using the port number contained in the host header.
The default value is false.
Specifies which port number the application server uses to build URIs for a sendRedirect() method. The following values can be specified:
- hostHeader if the port number from the host header of the HTTP request coming in is to be used.
- webserverPort if the port number on which the web server received the request is to be used.
The default value is hostHeader.
Maximum chunk size to use when reading the response body. For example, specify Config ResponseChunkSize="N">, where N equals the chunk size in kilobytes.
The plug-in reads the response body in 64 K chunks until all of the response data is read. This approach causes a performance problem for requests whose response body contains large amounts of data.
If the content length of the response body is unknown, a buffer size of N KBs is allocated and the body is read in N KB size chunks, until the entire body is read. If the content length is known, then a buffer size of either content length or N (whichever is less) is used to read the response body.
The default chunk size is 64 K.
Specifies whether users can include content in POST, PUT, GET, and HEAD requests when a Content-Length or Transfer-encoding header is contained in the request header. We can specify one of the following values for this attribute:
- True if content is expected and read for all requests
- False if content is only expected and read for POST and PUT requests.
The default value is True.
Specifies whether the plug-in must use chunks the response to the client when a Transfer-Encoding: Chunked response header is present in the response.
This attribute applies to the IIS, Oracle iPlanet, and Lotus Domino web servers only. The IBM HTTP Server automatically handles the chunking of the response to the client.
We can specify one of the following values for this attribute:
- true if the plug-in is to chunk the response to the client when a Transfer-Encoding: Chunked response header is present in the response.
- false if the response is not to be chunked.
The default value is false.
Specifies whether to allow forwarding of session cookies to WAS when processing ESI include requests. If the value is set to true, this custom property is enabled. If the value is set to false, the custom property is disabled. By default, the value is set to false.
Specifies whether to allow a newly created plug-in process to proactively request a partition table from WAS before it handles any HTTP requests. This custom property is used only when memory-to-memory session management is configured. If the value is set to true, this custom property is enabled. If the value is set to false, the custom property is disabled. By default, the value is set to false.
Specifies whether the query string for an HTTP request is converted to the Code Page of the IBM HTTP Server Job or EBCDIC Code Page 37 for internal processing. The default value is false, which causes the query string to be converted to EBCDIC Code Page 37.
Permits the web server plug-in to interface with the proxy servers and load balancers listed for the TrustedProxyList custom property. When true, the proxy servers and load balancers in this trusted proxy list can set values for the $WSRA and $WSRH internal headers. The $WSRA internal header is the IP address of the remote host, which is typically the browser, or an internal address that is obtained by Network Address Translation (N.A.T.). The $WSRH internal header is the host name of the remote host. This header information enables the web server plug-in to interface with that specific proxy server or load balancer.
When we use this custom property, we must also use the TrustedProxyList custom property to specify a list of trusted proxy servers and load balancers. Also, we must clear the Remove special headers check box on the Request Routing panel within the administrative console. See documentation on web server plug-in request routing properties.
Comma-delimited list of all proxy servers or load balancers that have permission to interface with this web server plug-in. We must use this property with the TrustedProxyEnable=true custom property setting. If the TrustedProxyEnable custom property is set to false, this list is ignored.
Specifies whether the web server plug-in is to compare the setup of each new SSL transport with the setup of other SSL transports that are already defined in the configuration file. When we set this property to true, and the plug-in determines that the keyring and CertLabel values specified for the new SSL transport match the values specified for an already defined SSL transport, the plug-in uses the existing SSL environment instead of creating a new SSL environment. Creating fewer SSL environments means that the plug-in requires less memory, and the plug-in initialization time decreases, thus optimizing your overall GSkit environment.
Fully qualified name of the loadable module that interfaces with an optional SSL co-processor. The fully qualified name must include the directory path and the module name.
Password for the SSL co-processor with which the module, specified for the SSLPKCSDriver custom property, is interfacing.
If we are using an IBM HTTP Server, we can use the sslstash program to create a file containing this password. In this situation, we can specify the fully qualified name of that file, instead of the actual password, as the value for this custom property.
Describes the location and level of log messages that are written by the plug-in. If a log element is not specified within the configuration file, then, in some cases, log messages are written to the web server error log.
For example, we might specify the following line of code:
<Log LogLevel="Error" Name="/opt/WebSphere/AppServer60/logs/http_plugin.log"/>
<Log LogLevel="Error" Name="/log_directory/file_name"/>
Fully qualified path to the log file to which the plug-in writes error messages. Specify exactly one attribute for each log.
If the file does not exist, then one is created. If the file exists, then it is opened in append mode, and the previous plug-in log messages remain.
For transitioning users: A date and time stamp, and the process ID are no longer appended to the name we specify for the plug-in log file beginning with version 7. Therefore, a single web server plug-in log file is created instead of multiple log files that are distinguished by date.trns
Level of detail of the log messages that the plug-in writes to the log. Specify zero or one of the following values for each log.
Log Level Value Log Level Description Trace All of the steps in the request process are logged in detail. Stats The server selected for each request and other load balancing information relating to request handling is logged. Warn All warning and error messages resulting from abnormal request processing are logged Error Only error messages resulting from abnormal request processing are logged Debug All of the critical steps performed in processing requests are logged. Detail All of the information about requests and responses are logged.
If a LogLevel value is not specified for the Log element, the default value, Error, is used.
Be careful when setting the level to Trace. Multiple messages are logged at this level, which can consume disk space quickly. Do not use a Trace setting in a normally functioning environment because it adversely affects performance.
(ZOS) Be careful when setting the level to Trace. Multiple messages are logged at this level, which can consume the file system quickly. Do not use a Trace setting in a normally functioning environment because it adversely affects performance.
Property Name="esiEnable" Value="true/false"
Enables or disables the Edge Side Include (ESI) processor. If the ESI processor is disabled, the other ESI elements in this file are ignored.
We can set Value to true or false. By default, the ESI processor is disabled with its value set to false.
Property Name="esiMaxCacheSize" Value="integer"
Specifies, in 1 KB units, the maximum size of the cache. The default maximum size of the cache is 1024 KB (1 MB). If the cache is full, the first entry deleted from the cache is the entry that is closest its expiration time.
Property Name="ESIInvalidationMonitor" Value="true/false"
Specifies whether the ESI processor receives invalidations from the application server.
We can set Value to true or false. By default, this property is set to false.
Property Name="FIPSEnable" Value="true/false"
Specifies whether the Federal Information Processing Standard (FIPS) is enabled for making SSL connections to the application server. Set to true, if FIPS is enabled on the application server.
We can set Value value to true or false. By default, this property is set to false.
Property Name="PluginInstallRoot" Value="C:\IBM\WebSphere\Plugins"
The installation path for the plug-in. This property is mandatory if using the Global Security Kit (GSKit) because WAS supports the local installation of the GSKit instead of a global installation. The attribute value is set to a fully qualified path to the plug-in installation root.
Supported names recognized by the transport are keyring, stashfile, and password. By default, this property is set to none.
Specifies a group of servers that are generally configured to service the same types of requests. Specify one or more clusters for each configuration.
In the simplest case, the cluster contains only one server definition. In the case in which more than one server is defined, the plug-in load balances across the defined servers using either a Round Robin or a Random algorithm. The default algorithm is Round Robin.
The following code is an example of a ServerCluster element.<ServerCluster Name="Servers"> <ClusterAddress Name="ClusterAddr"> <Transport Hostname="192.168.1.2" Port="9080" Protocol="HTTP"/> <Transport Hostname="192.168.1.2" Port="9443" Protocol="HTTPS"> <Property Name="Keyring" value="c:/WebSphere/AppServer/keys/keyring.kdb"/> <Property Name="Stashfile" value="c:/WebSphere/AppServer/keys/keyring.sth"/> </Transport> </ClusterAddress> <Server Name="Server1"> <Transport Hostname="192.168.1.3" Port="9080" Protocol="HTTP"/> <Transport Hostname="192.168.1.3" Port="9443" Protocol="HTTPS"> <Property Name="Keyring" value="c:/WebSphere/AppServer/keys/keyring.kdb"/> <Property Name="Stashfile" value="c:/WebSphere/AppServer/keys/keyring.sth"/> </Transport> </Server> <Server Name=Server2> <Transport Hostname="192.168.1.4" Port="9080" Protocol="HTTP"/> <Transport Hostname="192.168.1.4" Port="9443" Protocol="HTTPS"> <Property Name="Keyring" value="c:/WebSphere/AppServer/keys/keyring.kdb"/> <Property Name="Stashfile" value="c:/WebSphere/AppServer/keys/keyring.sth"/> </Transport> </Server> <Server Name="Server3"> <Transport Hostname="192.168.1.5" Port="9080" Protocol="HTTP"/> <Transport Hostname="192.168.1.5" Port="9443" Protocol="HTTPS"> <Property Name="Keyring" value="c:/WebSphere/AppServer/keys/keyring.kdb"/> <Property Name="Stashfile" value="c:/WebSphere/AppServer/keys/keyring.sth"/> </Transport> </Server> <PrimaryServers> <Server Name="Server1"/> <Server Name="Server2"/> </PrimaryServers> <BackupServers> <Server Name="Server3"/> </BackupServers> </ServerCluster>
(ZOS)<ServerCluster CloneSeparatorChange="false" LoadBalance="Round Robin" Name="Cluster1" PostSizeLimit="10000000" RemoveSpecialHeaders="true" RetryInterval="60"> <Server CloneID="BA36BEC1EB243D8B000000E4000000030926301B" ConnectTimeout="0" ExtendedHandshake="false" LoadBalanceWeight="2" MaxConnections="0" Name="SY1_ClusterMember1" WaitForContinue="false"> <Transport Hostname="BOSSXXXX.PLEX1.L2.IBM.COM" Port="9084" Protocol="http"/> <Transport Hostname="BOSSXXXX.PLEX1.L2.IBM.COM" Port="0" Protocol="https"> <Property Name="Keyring" value="safkeyring:///mzjring1/"/> <Property Name="Stashfile" value=""""/> <Property Name="certLabel" Value="selfsigned"/> </Transport> </Server> <Server CloneID="BA36BED017FDF40E000000E4000000030926301B" ConnectTimeout="0" ExtendedHandshake="false" LoadBalanceWeight="2" MaxConnections="0" Name="SY1_ClusterMember2" WaitForContinue="false"> <Transport Hostname="BOSSXXXX.PLEX1.L2.IBM.COM" Port="9085" Protocol="http"/> <Transport Hostname="BOSSXXXX.PLEX1.L2.IBM.COM" Port="0" Protocol="https"> <Property Name="Keyring" value="safkeyring:///mzjring1/"> <Property Name="Stashfile" value=""""/> <Property Name="certLabel" Value="selfsigned"/> </Transport> </Server> <PrimaryServers> <Server Name="SY1_ClusterMember1"/> <Server Name="SY1_ClusterMember2"/> </PrimaryServers> </ServerCluster>
For transitioning users: The web server plug-in for the IBM HTTP Server for z/OS , v5.3, uses an SSL interface that is different from the SSL interface that was used in versions of this plug-in prior to version 7. The SSL connections between the plug-in for the IBM HTTP Serve for z/OS, v5.3 and an application server now works the same way as the SSL connections between an IBM HTTP Server powered by Apache, and an application server. The values specified for the keyring and stashfile elements in plugin-cfg.xml are no longer ignored and are not affected by the SSL environment that is set up in the IBM HTTP Server for z/OS, Version 5.3.trns
The z/OS PTF UK35083 package includes the SSL interface change for the z/OS HTTP Server, v5.3, that corresponds to this web server plug-in change. Therefore, we must apply this PTF to the system before the new web server plug-in SSL interface can function properly.
We must also include the SSLMODE=MULTI option in the httpd.conf file for the IBM HTTP Server for z/OS, v5.3. The SSLMODE=ON option is not supported in v7.0 or higher.
If the SSLMode multi option is not specified in the httpd.conf file, or if we do not have the z/OS PTF UK35083 package applied to the system, we might receive error message IMW0584W. This message indicates that the SSL mode, which is specified for the HTTP Server, is not compatible with the SSL mode for the web server plug-in used with the IBM HTTP Server for z/OS, v5.3. In either of these situations, unpredictable results might occur.
For the web server plug-ins for both the IBM HTTP Server for z/OS, v5.3 and the IBM HTTP Server on z/OS powered by Apache:
- If we use a kdb file with a stashfile in the hierarchical file system (HFS), specify both the Property Name=keyring and the Property Name=stashfile elements, as shown in the preceding example.
The format of the values we specify for these elements is different from what we specified in earlier versions of the product.
- If we use a System Authorization Facility (SAF) keyring, instead of a kdb file, create the following two custom plug-in properties from the administrative console:
- Directory location of the SAF keyring as the value for this property. When you save this configuration change, this directory location becomes the value of the keyring property in plugin-cfg.xml.
- Specify """"(null) as the value for this property. When you save this configuration change, """"(null) becomes the value of the stashfile property in plugin-cfg.xml
See Web server plug-in configuration properties for instructions on how to create KeyringLocation and StashfileLocation from the administrative console.
Use the following example for the SAF keyring:<Transport Hostname="appserver.example.com" Port="9443" Protocol="https"> <Property name="keyring" value="safkeyring:///SAF_keyring_name"/> <Property Name="stashfile" value=""""/> </Transport>
Logical or administrative name to be used for this group of servers. Specify one attribute for each ServerCluster.
The following values can be specified for this attribute:
The Round Robin implementation has a random starting point. The first application server is picked randomly. Round Robin is then used to pick application servers from that point forward. This implementation ensures that in multiple process-based web servers, all of the processes do not start by sending the first request to the same Application Server.
The Random implementation also has a random starting point. However with this implementation all subsequent servers are also randomly selected. Therefore, the same server might get selected repeatedly while other servers remain idle.
The default load balancing type is Round Robin.
Specifies whether the plug-in ignores the number of affinity requests made to a server when selecting servers based on the Round Robin algorithm. Specify zero or one attribute for each ServerCluster. The value is true or false. If the value is set to false, the number of affinity requests made is also taken into account in the server selection process.
The default value is false, which means the number of affinity requests made are used in the Round Robin algorithm.
For transitioning users: To transitioning users: This is a change from previous versions of the product. The default value is true in previous versions of WAS.trns
Specifies an integer value for the length of time that elapses from the time that a server is marked down to the time that the plug-in tries a connection again. The default is 60 seconds. Specify zero or one attribute for each ServerCluster.
The plug-in adds special headers to the request before it is forwarded to the application server. These headers store information about the request used by the application. By default, the plug-in removes these headers from incoming requests before adding the headers it is supposed to add. Specify zero or one attribute for each ServerCluster.
The value can be true or false. Setting the attribute to false introduces a potential security exposure by not removing headers from incoming requests.
Tells the plug-in to expect the plus character (+) as the clone separator. Some pervasive devices cannot handle the colon character (:) used to separate clone IDs in conjunction with session affinity. We must change application server configurations so that an application server separates clone IDs with the plus character as well. Specify zero or one attribute for each ServerCluster.
The value can be true or false.
The maximum number of KBs (1024 byte) blocks of request content allowed for the plug-in to attempt to send the request to an application server. If a request is received that is greater than this size, the plug-in fails the request. The default value is -1 byte, which indicates that there is no limit for the post size. Specify zero or one attribute for each ServerCluster.
Specifies, in KBs, the maximum buffer size used when the content of an HTTP request is read. If the application server that initially receives a request cannot process that request, the data contained in this buffer is sent to another application server. It then attempts to have that application server process the request. We can set this option to zero if we do not want requests that have content to be buffered, and then retried.
This option improves the availability of the plug-in. When this option is set to a non-zero value, any pending packets that contain a payload are resent if the selected application server does not respond.
Typically, POST and PUT requests carry a payload, but other requests might also carry a payload. Even if a POST or PUT request does not have a payload, it is retried if the value specified for this option is not zero.
The default value is 0. Specify zero or one attribute for each ServerCluster.
Limit for the number of times the HTTP plugin retries an HTTP request that has timed out, due to ServerIOTimeout. The default value, -1, indicates that no additional limits apply to the number of retries. A 0 value indicates there are no retries. Retries are always limited by the number of available servers in the cluster.
Important: This directive does not apply to connection failures or timeouts due to the HTTP plug-in ConnectTimeout.
Specifies a WAS instance configured to handle requests routed to it, based on the routing rules of the plug-in configuration. The server corresponds to an application server running on either the local machine or a remote machine. Specify zero or one attribute for each ServerCluster.
Administrative or logical name for the server. Specify exactly one attribute for each Server.
If this unique ID is present in the HTTP cookie header of a request, or the URL if using URL rewriting, the plug-in routes the request to this particular server, provided all other routing rules are met. If a CloneID is not specified in the server, then session affinity is not enabled for this server. There can be zero or one attribute for each Server.
This attribute is used with session affinity. When this attribute is set, the plug-in checks the incoming cookie header or URL for JSESSIONID. If JSESSIONID is found, then the plug-in looks for one or more clone IDs. If clone IDs are found, and a match is made to the value specified for this attribute, then the request is sent to this server rather than load balanced across the cluster.
If we are not using session affinity, then remove these clone IDs from the configuration because there is added request processing in the plug-in when these values are set. If clone IDs are not in the plug-in, then it is assumed that session affinity is not enabled, and the request is load balanced across the cluster.bprac
Specifies whether to use the HTTP 1.1 100 Continue support before sending the request content to the application server. Possible attribute values are true or false. The default value is false; the plug-in does not wait for the 100 Continue response from the application server before sending the request content because it is a performance hit. Specify zero or one attribute for each Server.
This property is ignored for POST requests to prevent a failure from occurring if the application server closes a connection because of a keep-alive timeout.
Enable this function true when configuring the plug-in to work with certain types of proxy firewalls.
The weight associated with this server when the plug-in performs weighted Round Robin load balancing. Specify zero or one attribute for each Server. The starting value for a server can be any integer between 0 and 20. However, specify zero only for a server that is not running.
The LoadBalanceWeight value for each server is decremented for each request that is processed by that server. After the weight for a particular server in a server cluster reaches zero, only requests with session affinity are routed to that server. When all servers in the cluster reach a weight of zero, the weights for all servers in the cluster are reset, and the algorithm restarts.
When a server is not running, set the weight for that server to zero. The plug-in can then reset the weights of the servers that are still running, and maintain proper load balancing.bprac
Enables the plug-in to perform non-blocking connections with the application server. Non-blocking connections are beneficial when the plug-in is unable to contact the destination to determine if the port is available or unavailable. Specify zero or one attribute for each Server.
If a ConnectTimeout value is not specified or set to 0, the plug-in performs a blocking connect in which the plug-in sits until an operating system times out (as long as 2 minutes depending on the platform) and allows the plug-in to mark the server unavailable. A value of 0 causes the plug-in to perform a blocking connect. A value greater than 0 specifies the number of seconds we want the plug-in to wait for a successful connection. If a connection does not occur after that time interval, the plug-in marks the server unavailable and fails over to one of the other servers defined in the cluster.
The default value is 5.
Is used when a proxy firewall is between the plug-in and the application server. In such a case, the plug-in is not failing over, as expected. Specify zero or one attribute for each Server.
The plug-in marks a server as down when the connect() method fails. However, when a proxy firewall is in between the plug-in and the application server, the connect() method succeeds, even though the back-end application server is down. This causes the plug-in to not failover correctly to other application servers.
The plug-in performs some handshaking with the application server to ensure that it is started before sending the request. This scenario enables the plug-in to failover in the event the application server is down.
The value can be true or false.
Maximum number of pending connections to an application server that can be flowing through a web server process at any point in time. Specify one element for each Server.
For example, in the following scenario:
- The application server is fronted by five nodes running an IBM HTTP Server.
- Each node starts two processes.
- The MaxConnections attribute is set to 50.
In this example, the application server can potentially get up to 500 connections. ultiply the number of nodes, 5, by the number of processes, 2, and then multiply that number by the number specified for the MaxConnections attribute, 50, for a total of 500 connections.
(ZOS) This attribute is not necessary on the z/OS operating system. The z/OS controller working with Workload Manager (WLM), handles new connections dynamically.
By default, MaxConnections is set to -1. If this attribute is set to either zero or -1, there is no limit to the number of pending connections to the application servers.
Transport for reading and writing requests to a particular WAS instance. The transport provides the information that is necessary to determine the location of the application server to which the request is sent. The plug-in cannot recognize when multiple transports are defined to use the same protocol. The transport that the plug-in selects cannot be predicted. The plug-in always picks the first transport that it encounters in its processing. Specify one or more elements for each Server.
It is possible to configure the server to have one non-secure transport and one that uses SSL. In this configuration, a match of the incoming request protocol is performed to determine the appropriate transport to use to send the request to the application server.
Host name or IP address of the machine on which the WAS instance is running. There is exactly one attribute for each transport.
Port on which the WAS instance is listening. There is exactly one attribute for each transport.
Protocol to use when communicating over this transport -- either HTTP or HTTPS. There is exactly one attribute for each transport.
Specify zero, one, or more elements for each transport. When the protocol of the transport is set to HTTPS, use this element to supply the various initialization parameters, such as password, keyring and stashfile. For example, the portion of plugin-cfg.xml containing these elements might look like the following code:<Transport Hostname="192.168.1.2" Port="9443" Protocol="HTTPS"> <Property Name="keyring" value="c:/WebSphere/AppServer/keys/keyring.kdb"/> <Property Name="stashfile" value="c:/WebSphere/AppServer/keys/keyring.sth"/> <Property Name="password" value="WebAS"/>
Name of the property that is being defined. Supported names recognized by the transport are keyring, stashfile, and password.
The only name that can be specified for the WebSphere HTTP plug-in for z/OS is password. If we specify keyring and stashfile, they are ignored. Specify exactly one attribute for each Property.
Value of the property being defined. Specify exactly one attribute for each property.
Enables the plug-in to set a timeout value, in seconds, for sending requests to and reading responses from the application server.
If we set the ServerIOTimeout attribute to a positive value, this attempt to contact the server ends when the timeout occurs. However, the server is not considered unavailable and future requests are still sent to the server on which the unavailable timeout occurred.
If we set the ServerIOTimeout attribute to a negative value, the server is considered unavailable whenever a timeout occurs, and no future requests are sent to the server on which the timeout occurred.
If a value is not set for the ServerIOTimeout attribute, the plug-in, by default, uses blocked I/O to write requests to and read responses from the application server, and does not time out the TCP connection. For example, we might specify the following setting:
<Server Name="server1" ServerIOTimeout=300>
In this situation, if an application server stops responding to requests, the plug-in waits 300 seconds (5 minutes) before timing out the TCP connection. Setting the ServerIOTimeout attribute to a reasonable value enables the plug-in to timeout the connection sooner, and transfer requests to another application server when possible.
When selecting a value for this attribute, remember that sometimes it might take several minutes for an application server to process a request. Setting the value of the ServerIOTimeout attribute too low might cause the plug-in to send a false server error response to the client.
The default value is 900, which is equivalent to 15 minutes.
The ServerIOTimeout limits the amount of time the plug-in waits for each individual read or write operation to return. ServerIOTimeout does not represent a timeout for the overall request.
For additional recommendations on how to configure the ServerIOTimeout attribute, see the web server plug-in configuration technote on the IBM Support website.
Not all requests to and reading responses from the application server require the same ServerIOTimeout, ServerIOTimeoutRetry, and Extended Handshake / 100 Continue time out rules. Not every URL behaves the same way and when processed, there may be a need to time out a request quicker, or not have every server retried for a request. We can designate specific URLs that will use a modified ServerIOTimeout, ServerIOTimeoutRetry, or shortened-timeout for ExtendedHandshake or 100-Continues. Other URLs (not so modified) continue to use the values specified within the Plugin-cfg.xml file.
To designate a URL for this modified time out processing, we modify the httpd.conf file using SetEnvIf directives. Like the properties available within the Plugin-cfg.xml file, both websphere-serveriotimeout and websphere-serveriotimeoutretry can accept the same values. We can only set the WebSphere-shorten-handshake to a "1". This tells the plugin to use the ConnectTimeout value as the wait time for ExtendedHandshake or 100-Continue responses. For example,SetEnvIf Request_URI "\.jsp$" websphere-serveriotimeout=10 SetEnvIf Request_URI "\.jsp$" websphere-serveriotimeoutretry=-1 SetEnvIf Request_URI "\.jsp$" websphere-shorten-handshake=1
This attribute sets a timeout value, in seconds, for pending read and write actions between the web server plug-in and a WebSocket application. When the specified value is exceeded, resources that are held by a non-responding application server are released.
The default value is 30 seconds.
This attribute sets a timeout value, in seconds, that a connection between the web server plug-in and a WebSocket application can remain idle. When the specified value is exceeded, resources that are held by the application server are released.
The default value is 900 seconds.
A ClusterAddress is like a server element in that we can specify the same attributes and elements as for a server element. The difference is that we can define only one of them within a ServerCluster. Use a ClusterAddress when we do not want the plug-in to perform any type of load balancing because we already have some type of load balancer in between the plug-in and the application server.
If you include a ClusterAddress tag, we must include the Name attribute on that tag. The plug-in uses the Name attribute to associate the cluster address with the correct host and port. If we do not specify the Name attribute, the plug-in assigns the cluster address the name specified for the server that is using the same host and port.<ClusterAddress Name="MyClusterAddr"> <Transport Hostname="192.168.1.2" Port="9080" Protocol="HTTP"/> <Transport Hostname="192.168.1.2" Port="9443" Protocol="HTTPS"> </ClusterAddress>
If a request comes in that does not have affinity established, the plug-in routes it to the cluster address, if defined. If affinity has been established, then the plug-in routes the request directly to the clone, bypassing the cluster address entirely. If no cluster address is defined for the server cluster, then the plug-in load balances across the servers in the primary servers list.
There can be zero or one element for each ServerCluster.
List of servers to which the plug-in routes requests for this cluster. If a list of primary servers is not specified, the plug-in routes requests to servers defined for the server cluster. Specify zero or one element for each ServerCluster.
List of servers to which requests are sent if all servers specified in the primary servers list are unavailable. The plug-in does not load balance across the backup servers, but traverses the list in order until no servers remain in the list or until a request is successfully sent and a response is received from an application server. Specify zero or one element for each ServerCluster.
Specifies a group of virtual host names specified in the HTTP Host header. Use this property to group virtual host definitions together configured to handle similar types of requests.
The following example shows a VirtualHostGroup element and associated elements and attributes:<VirtualHostGroup Name="Hosts"> <VirtualHost Name="www.x.com"/> <VirtualHost Name="www.x.com:443"/> <VirtualHost Name="*:8080"/> <VirtualHost Name="www.x.com:*"/> <VirtualHost Name="*:*"/> </VirtualHostGroup>
Logical or administrative name to be used for this group of virtual hosts. Specify exactly one attribute for each VirtualHostGroup.
Name used for a virtual or real machine used to determine if incoming requests must be handled by WAS. Use this element to specify host names in the HTTP Host header which must be seen for requests that need to be handled by the application server. We can specify specific host names and ports for incoming requests or specify an asterisk (*) for either the host name, port, or both.
There can be one or more elements for each VirtualHostGroup.
That the name in the HTTP Host header that matches the name in the VirtualHost. Specify exactly one attribute for each VirtualHost.
The value is a host name or IP address and port combination, separated by a colon.
We can configure the plug-in to route requests to the application server based on the incoming HTTP Host header and port for the request. The Name attribute specifies those combinations.
Use a wildcard for this attribute. The only acceptable solutions are either an asterisk (*) for the host name, an asterisk for the port, or an asterisk for both. An asterisk for both means that any request matches this rule. If no port is specified in the definition, the default HTTP port of 80 is assumed.
Specifies a group of URIs specified on the HTTP request line. The same application server must be able to handle the URIs. The route compares the incoming URI with the URIs in the group to determine if the application server handles the request.
The following example shows a UriGroup element and associated elements and attributes:<UriGroup Name="Uris"> <Uri Name="/servlet/snoop/"> <Uri Name="/webapp/*/"> <Uri Name="*.jsp/"> </UriGroup>
Logical or administrative name for this group of URIs. Specify exactly one attribute for each UriGroup.
Virtual path to the resource that is serviced by WAS. Each URI specifies the incoming URLs that the application server needs to handle. Use a wildcard in these definitions. There can be one or more attributes for each UriGroup.
Actual string to specify in the HTTP request line to match successfully with this URI. Use a wildcard within the URI definition. We can specify rules such as *.jsp or /servlet/* to be handled by WAS. When you assemble the application, if we specify File Serving Enabled, then only a wildcard URI is generated for the web application, regardless of any explicit servlet mappings. If we specify Serve servlets by classname, then the following URI is generated:
There is exactly one attribute for each URI.
Name of the cookie that the plug-in uses when trying to determine if the inbound request has session affinity. The default value is JSESSIONID.
See the description of the CloneID attribute for additional session affinity information.
There can be zero or one attribute for each URI.
Name of the identifier that the plug-in uses when trying to determine if the inbound request has affinity specified in the URL to a particular clone. The default value is jsessionid.
See the description of the CloneID attribute for additional session affinity information.
There can be zero or one attribute for each URI.
Request routing rule by which the plug-in determines if an incoming request must be handled by WAS.
The route definition is the central element of the plug-in configuration. It specifies how the plug-in handles requests, based on certain characteristics of the request. The route definition contains the other main elements: a required ServerCluster, and either a VirtualHostGroup, UriGroup, or both.
Use the information defined in the VirtualHostGroup and the UriGroup for the route, the plug-in determines if the incoming request to the web server is sent on to the ServerCluster element defined in this route.
See the following example of this element:
<Route VirtualHostGroup="Hosts" UriGroup="Uris" ServerCluster="servers"/>
The group of virtual hosts used in route determination. The incoming host header and server port are matched to determine if this request is handled by the application server.
It is possible to omit this property from the route definition. If it is not present, then every request matches during the virtual host match portion of route determination.
There can be zero or one attribute for each Route.
The group of URIs to use for determining the route. Select zero or one group for each route. The incoming URI for the request is matched to the defined URIs in this group to determine whether this request is handled by the application server.
It is possible to omit this property from the route definition. If it is not present, then every request matches during the URI match portion of route determination.
Cluster that receives the requests that successfully matches the route. Select exactly one cluster for each route.
The cluster is used to handle this request. If both the URI and the virtual host matching is successful for this route, then the request is sent to one of the servers that is defined within this cluster.
Used to determine whether request metrics are enabled, and how to filter the requests based on the Internet Protocol (IP) and Uniform Resource Identifiers (URI) filters when request metrics are enabled.
See the following example of this element:<RequestMetrics armEnabled="false" loggingEnabled="true" rmEnabled="false" traceLevel="PERF_DEBUG">
Specifies whether the ARM 4 agent is enabled in the plug-in. When it is set to true, the ARM 4 agent is called.
For the SunOne (iPlanet) web Server the following directive must be included in the obj.conf file to enable ARM 4 support:
AddLog fn="as_term"If this directive is not included, the arm_stop procedure is never called.
Select zero or one attribute for RequestMetrics
Specifies whether request metrics logging is enabled in the plug-in. When it is set to true and the traceLevel is not set to NONE, the request response time, and other request information, is logged. When it is set to false, there is no request logging. The value of loggingEnabled depends on the value specified for the system property, com.ibm.websphere.pmi.reqmetrics.loggingEnabled. When this system property is not present, loggingEnable is set to true. Specify exactly one attribute for RequestMetrics.
Specifies whether the request metrics are enabled in the plug-in. When it is set to true, the plug-in, request metrics, inspects the filters and logs the request trace record in the plug-in log file. This action is performed if a request passes the filters. When this attribute is set to false, the rest of the request metrics attributes are ignored. Specify exactly one attribute for RequestMetrics.
Indicates how much information is logged when the rmEnabled attribute is set to true. When this attribute is set to NONE, no request logging is performed. When this attribute is not set to NONE, and loggingEnabled is set to true, the request response time, and other request information, is logged when the request is done. Specify exactly one attribute for RequestMetrics.
When rmEnabled is true, the filters control which requests are traced. Specify zero, one, or two attributes for RequestMetrics.
When enable is true, the type of filter is on and requests must pass the filter. Specify exactly one attribute for each filter.
There are two types of filters: SOURCE_IP (for example, client IP address) and URI. For the SOURCE_IP filter type, requests are filtered based on a known IP address. We can specify a mask for an IP address using the asterisk (*). If the asterisk is used, the asterisk must always be the last character of the mask, for example 127.0.0.*, 127.0.*, 127*. For performance reasons, the pattern matches character by character, until either an asterisk is found in the filter, a mismatch occurs, or the filters are found as an exact match.
For the URI filter type, requests are filtered based on the URI of the incoming HTTP request. The rules for pattern matching are the same as matching SOURCE_IP address filters.
If both URI and client IP address filters are enabled, request metrics require a match for both filter types. If neither is enabled, all requests are considered a match.
There is exactly one attribute for each filter.
Detailed filter information. Specify one or multiple attributes for each filter.
Filter value for the corresponding filter type. This value might be either a client IP address or a URI. Specify exactly one attribute for each filterValue.