Set up a remote web server
Create a web server definition in the administrative console when the web server and the web server plug-in for WebSphere Application Server are on the same machine and the application server is on a different machine. This allows us to run an application server on one platform and a web server on another platform.
With a remote web server installation, WAS can facilitate plug-in administration functions and generation and propagation of the plugin-cfg.xml file for IBM HTTP Server for WAS, but not for other web servers.
Web servers that are not IBM HTTP Server for WAS must reside on the same machine as the WAS (as a managed node) to facilitate plug-in administration functions and generation and propagation of the plugin-cfg.xml file.
We can choose a remote web server installation if we want the web server on the outside of a firewall and WAS on the inside of a firewall. Create a remote web server on an unmanaged node. Unmanaged nodes are nodes without node agents. Because there is no WAS or node agent on the machine that the node represents, there is no way to administer a web server on that unmanaged node unless the web server is IBM HTTP Server for WAS. With IBM HTTP Server, there is an administration server that will facilitate administrative requests such as start and stop, view logs, and view and edit the httpd.conf file.
Important: The administration server is not provided with IBM HTTP Server for WAS which runs on z/OS platforms. So, administration using the administrative console is not supported for IBM HTTP Server for z/OS on an unmanaged node.
The following steps will create a web server definition in the default profile. This procedure does not apply when setting up a remote web server for an i5/OS™ web server. For information about setting up an i5/OS web server, see the topic entitled Select a web server topology diagram and roadmap.
Tasks
- Install Installation Manager.
- Install the WAS product.
- Install IBM HTTP Server or another supported web server.
- Install the web server plug-ins.
- Install the WebSphere Customization Toolbox.
- Configure the web server plug-in using the Web Server Plug-ins Configuration Tool.
- (iSeries) Configure the web server plug-in.
- Complete the setup by creating the web server definition.
Use the WAS administrative console or run the plug-in configuration script:
- Use the administrative console:
- To create an unmanaged node in which to define a web server in the topology.
System Administration > Nodes > Add Node
- To launch the Create new web server definition tool...
Servers > Server Types > Web servers > New
You will create the new web server definition using this tool. The values are as follows:
- Select appropriate node
- Enter web server properties:
- Type: The web server vendor type.
- Port: The existing web server port. The default is 80.
- Installation Path: The web server installation path. This field is required field for IBM HTTP Server only.
- WINDOWS Service Name: The Windows operating system service name of the web server. The default is IBMHTTPServer7.0.
- Use secure protocol: Use the HTTPS protocol to communicate with the web server. The default is HTTP.
- Plug-in installation location: The directory path where the plug-in is installed.
- Application mapping to the web server: Whether we want to create a mapping to existing applications that are currently deployed to the web server. Select ALL if we want the mapping created; select None if we do not want the mapping created.
CAUTION:
If we have enterprise applications in different security domains when we create a web server, the Key Database (KDB) files for the security configuration might not be created if we have Application mapping to the web server set to All. To resolve this problem, create the web server with Application mapping to the web server set to None. Then map the applications to the web server. All the KDB files for the web server are then created.
- Enter the remote web server properties. The properties for the IBM HTTP Server administration server follow:
- Port: The administration server port. The default is 8008.
- User ID: The user ID created using the htpasswd script.
- Password: The password that corresponds to the user ID created with the htpasswd script.
- Use secure protocol: Use the HTTPS protocol to communicate with the administration server. The default is HTTP.
- Select a web server template. Select a system template or a user-defined template for the web server we want to create.
- Confirmation of web server creation.
- For AIX, HP-UX, Linux or Solaris operating system: On the remote web server, run the setupadm script. The administration server requires read and write access to configuration files and authentication files to perform web server configuration data administration. We can find the setupadm script in the <IHS_install_root>/bin directory. The administration server has to launchadminctl restart as root to perform successful restarts of IBM HTTP Server. In addition to the web server files, we must manually change the permissions to the targeted plug-in configuration files.
The setupadm script prompts you for the following input:
- User ID - The user ID used to log on to the administration server. The script creates this user ID.
- Group name - The administration server accesses the configuration files and authentication files through group file permissions. The script creates the specified group through this script.
- Directory - The directory where we can find configuration files and authentication files.
- File name - The following file groups and file permissions change:
- Single file name
- File name with wildcard
- All (default) - All of the files in the specific directory
- Processing - The setupadm script changes the group and file permissions of the configuration files and authentication files.
In addition to the web server files, change the permissions to the targeted plug-in configuration files.
- For AIX, HP-UX, Linux, Solaris, or Windows operating system: On the remote web server, run the htpasswd script. The administration server is installed with authentication enabled and a blank admin.passwd password file . The administration server will not accept a connection without a valid user ID and password. This is done to protect the IBM HTTP Server configuration file from unauthorized access.
Launch the htpasswd utility shipped with the administration server. This utility creates and updates the files used to store user names and password for basic authentication. Locate htpasswd in the bin directory.
- On Windows operating systems: htpasswd -cm <install_dir>\conf\admin.passwd [login name]
- On AIX, HP-UX, Linux, and Solaris platforms: ./htpasswd -cm <install_dir>/conf/admin.passwd [login name]
where <install_dir> is the IBM HTTP Server installation directory and [login name] is the user ID used to log into the administration server. The [login name] is the user ID entered in the user ID field for the remote web server properties in the administrative console.
- Start IBM HTTP Server.
What to do next
For a non-IBM HTTP Server web server on an unmanaged node, we can generate a plug-in configuration, based on WebSphere Application server repository changes. However, the following functions are not supported on an unmanaged node for a non-IBM HTTP Server web server:
- Restart the web server.
- View and editing the web server configuration file.
- View the web server logs.
- Propagation of the web server plugin-cfg.xml file.
We can configure non-IBM HTTP Server web servers as a local web server on a managed node. For a non-IBM HTTP Server web server on a managed node, the following functions are supported:
- Generation of the plug-in configuration, based on WAS repository changes.
- Propagation of the plugin-cfg.xml file, based on using node synchronization with the WAS node. Node synchronization is necessary in order to propagate configuration changes to the affected node or nodes.
When WAS is installed using a stand-alone profile on one machine and IBM HTTP Server is installed on a different machine as root user using the administrative server, to ensure that propagation functions correctly, the root user must manually change the permissions of the plugin-cfg.xml file to the nonroot user running IBM HTTP Server from the administrative server. The username and group needed to start the administrative server are located in the HTTPServer/config/admin.conf file.
The plugin-cfg.xml file is propagated to the application server node repository tree from the deployment manager repository.
Important: The plugin-cfg.xml file is propagated to the application server node repository tree. This is not the default plugin-cfg.xml file installation location. Changes may have to be made to non-IBM HTTP Server web server configuration files to update the location of the plugin-cfg.xml file that is read by the plug-in module. For example, Internet Information Services (IIS) has a file name called plugin-cfg.loc, which is read by the IIS plug-in modules to determine the location of the plugin-cfg.xml file. The plugin-cfg.loc file has to be updated to reflect the plugin-cfg.xml file location in the application server node repository.
Other non-IBM HTTP Server web servers have different methods to specify the location of the plugin-cfg.xml file for the plug-in module. However, in order for propagation to work, update the location to reflect the location in the application server node repository.
For a non-IBM HTTP Server Web server configured as a local web server on a managed node, the following functions are not supported:
- Restart the web server.
- View and editing the configuration file.
- View the web server logs.
Enable access to the administration server using the htpasswd utility Setting permissions manually for the administration server Restart the IBM HTTP Server administration server Web server collection Web server configuration Web server log file Web server plug-in properties Web server configuration file Web server custom properties Remote web server management