Creation of a remote type virtual host junction

Creation of a remote type virtual host junction

Understand how to use the available commands so that we can create a remote type virtual host junction. Some of the options include the type of junction and the host name of the target server.
We can use the server task...virtualhost commands of the pdadmin utility to configure virtual host junctions. The following examplespecifies the syntax for the pdadmin server task virtualhost create command:
pdadmin> server task instance_name-webseald-host_name virtualhost create options vhost-label

The following table described the common and required virtualhost create options:

Option Description

-t type Type of junction. One of: tcp, ssl, tcpproxy, sslproxy.
Required for all virtual host junctions.

-h host-name The DNS host name or IP address of the target back-end server.
The same host name can be used for a TCP junction and an SSL junction. The port of each virtual host differentiates one from the other so they are each considered unique.
Required by tcp, ssl, tcpproxy, and sslproxy type junctions.

-v vhost name[:port] WebSEAL selects a virtual host junction. The junction processes a request if the request's HTTP Host header matches the virtual host name and port number specified by the -v option.
The -v option also specifies the value of the Host header of the request sent to the back-end server.
The port number is required if the virtual host uses a non-standard port for the protocol. Standard port for TCP is 80; standard port for SSL is 443. If -v is not specified for the following type of junctions, then the junction is selected from the information that is contained in the -h host and -p port option or their default value:

tcp
ssl
tcpproxy
sslproxy

-g vhost-label If both HTTP and HTTPS protocols need to be supported between the client and WebSEAL, then two junctions to the same virtual host (-h) are required. One junction for each protocol (-t). By default, each junction recognizes its own unique protected object space even though the junctions point to a single object space.
The -g option causes a second junction to share the protected object space as the initial junction. We can use a single object space reference to maintain a single access control list (ACL) on each protected object.
An initial virtual host junction cannot be deleted if a second virtual host junction exists that used -g against the first. An error message is returned at such an attempt.
This option is appropriate for junction pairs only (two junctions with complementary protocols). The option does not support the association of more than two junctions.
Optional.

Virtual host label:
The virtual host label (vhost-label) is a name for the virtual host junction.

By default, virtual host junctions are mounted at the root of the WebSEAL object space.
We can refer to a junction in the pdadmin utility with this label.
The virtual host junction label must be unique within each instance of WebSEAL.
Because the label is used to represent virtual host junctions in the protected object space, the label name must not contain the forward slash character (/).

Example TCP and SSL virtual host junctions:
See Scenario 1: Remote virtual host junctions.
See Scenario 2: Virtual host junctions with interfaces.
References:
See Use pdadmin server task to create virtual host junctions for a summary of the virtualhost junction commands.
See the Web command reference topics in the IBM Knowledge Center for complete syntax information for the pdadmin utility.
Parent topic: Configuration of a virtual host junction

Option	Description
-t type	Type of junction. One of: tcp, ssl, tcpproxy, sslproxy. Required for all virtual host junctions.
-h host-name	The DNS host name or IP address of the target back-end server. The same host name can be used for a TCP junction and an SSL junction. The port of each virtual host differentiates one from the other so they are each considered unique. Required by tcp, ssl, tcpproxy, and sslproxy type junctions.
-v vhost name[:port]	WebSEAL selects a virtual host junction. The junction processes a request if the request's HTTP Host header matches the virtual host name and port number specified by the -v option. The -v option also specifies the value of the Host header of the request sent to the back-end server. The port number is required if the virtual host uses a non-standard port for the protocol. Standard port for TCP is 80; standard port for SSL is 443. If -v is not specified for the following type of junctions, then the junction is selected from the information that is contained in the -h host and -p port option or their default value: tcp ssl tcpproxy sslproxy
-g vhost-label	If both HTTP and HTTPS protocols need to be supported between the client and WebSEAL, then two junctions to the same virtual host (-h) are required. One junction for each protocol (-t). By default, each junction recognizes its own unique protected object space even though the junctions point to a single object space. The -g option causes a second junction to share the protected object space as the initial junction. We can use a single object space reference to maintain a single access control list (ACL) on each protected object. An initial virtual host junction cannot be deleted if a second virtual host junction exists that used -g against the first. An error message is returned at such an attempt. This option is appropriate for junction pairs only (two junctions with complementary protocols). The option does not support the association of more than two junctions. Optional.