|
|
User Guide for HP-UX Web Server Utilities
TABLE OF CONTENTS
Overview
Cache_util.pl
Chroot_os_cp.sh
Mkcert.sh
Legal Notices
OVERVIEW
These utilities provide functions that are unique to the HP-UX Web Server
Suite. They are located in /opt/hpws/apache/util.
CACHE_UTIL.PL
Cache utility. This interactive utility helps in the creation of a
cache.conf file for use with mod_file_cache. Performance of HP-UX
Apache-based Web Server can be improved for serving of static content by
using mod_file_cache. Frequently accessed static files can be pre-loaded
into memory and served directly in order to avoid frequent disk access.
Files to be cached by mod_file_cache are listed in
/opt/hpws/apache/conf/cache.conf file. The entries in this file are of
the form:
CacheFile /fullpath/file
cache_util.pl examines the access_log file and determines the most
frequently used resources in order to create a cache.conf file.
USAGE:
1) Run the cache_util.pl :
% cache_util.pl
Default values for input parameters are displayed within square brackets
when prompted for. Either enter a new value or hit RETURN (to accept default
value) when prompted.
2) Verify the generated file (cache.conf):
URLs found in access_log that are neither files nor directories are not
listed in cache.conf. Following are the two primary steps involved in the
verification of cache.conf.
a) This utility does not distinguish between static and dynamic content
files. Entries referring to files (such as *.jsp,*.pl,*.php) that are
used to generate dynamic content need to be removed manually from the
generated cache.conf.
b) If a frequently accessed resource is a directory, the utility generates
the following line:
# CacheFile /directoryname/index.html
The line is commented out and has a 'index.html' suffix. Often, in the
simplest cases the default file served when accessing directory is
index.html. When this is the case, the administrator can simply uncomment
these lines. But when some other file is served by default, these entries
need to be fixed on a case by case basis or left as it is since they are
harmless comments.
COMMENTS:
cache_util also displays a table of the most frequently accessed resources
(all kinds). This table does not necessarily directly correspond to the
entries in the created cache.conf file. The difference being that the
cache.conf file contains entries that refer to only files or directories
whereas the table displays all resources. It ranks resources by the number
of associated hits. Thus this tool can also be used to simply analyze which
resources are being accessed most frequently.
Creation of cache.conf file can be bypassed by answering 'N' when prompted
"Create ./cache.conf file ?".
If a cache.conf already exists, it is backed up into cache.conf.old before
being overwritten.
CHROOT_OS_CP.SH
Chroot Copy utility. This is a helper script that sets the stage for
chroot by copying typical files needed by HP-UX Apache-based Web Server,
into the chroot directory. We have selected a typical set of files that
will allow demo web pages to run. A very secure Apache may require some
of these files to be deleted. If you need additional things to be done as
part of chroot setup, you are encouraged to customize this script for your
site.
The Chroot directive sets the root of the file system within HP-UX
Apache-based Web Server. This prevents access outside of the chrooted
directory.
USAGE:
% chroot_os_cp.sh
OPTIONS:
None
ENABLING CHROOT:
1. Stop Apache. (Since Apache 2 re-reads the configuration file when
stopping or starting, the next changes to the configuration file will
cause Apache to look in the chroot path.
2. Uncomment the Chroot directive and define the chroot directory. By
default the "Chroot" directive is set to "/var/chroot" in the
httpd.conf file. You must specify an absolute path or Chroot will fail.
3. As root run the /opt/hpws/apache/util/chroot_os_cp.sh script to create
the chroot directory. If mkdir fails to create the directory do it
manually and rerun the script.
4. Start Apache. It is now running within the chrooted directory.
Add or delete files as necessary.
TROUBLESHOOTING:
1. Functionality such as perl fails
Look in $APACHE_HOME/logs/error_log for "Can't open shared library"
errors. Copy required file into chroot dirs. Use chatr to show
shared library list. For example
% chatr /opt/perl/bin/perl
Another strategy is to test the executable directly. For instance
% chroot /var/chroot $APACHE_HOME/cgi-bin/test-cgi
2. chroot_os_cp.sh script fails
Comment out offending line and rerun the script. This is a helper script
that may not work on all systems. This utility is provided as
support for those using the chroot feature with HP-UX Apache-based
Web Server.
CAVEATS:
- "apachectl restart" fails with chroot since it's outside the chroot
file system.
- suEXEC within chroot requires the user/group information to be valid
within the chroot directory as well.
- The following components are currently not supported with chroot:
+ cgid
+ DAV
+ server-status
+ server-info
+ Tomcat
+ suEXEC
+ FrontPage Server Extensions
More information on cgid, DAV, server-status and server-info can be
found in the FAQ.
MKCERT.SH
SSL Certificate Generation Utility. This script generates private
keys, certificate signing requests, and certificates for the CA,
server, and client. Before you use mod_ssl you should prepare the
SSL certificate system by running the 'mkcert.sh' command.
For different situations, the following variants are provided:
To view a certificate (displays the generated data)
% mkcert.sh --view
To generate a Client certificate (signed by own CA)
% mkcert.sh --client
To generate a custom CA certificate
% mkcert.sh --ca
To generate a custom certificate (signed by own CA)
% mkcert.sh --custom
To generate a dummy certificate (dummy self-signed MYCA cert)
% mkcert.sh --dummy
To generate a test certificate (test self-signed MYCA CA)
% mkcert.sh --test
Use type=dummy when you're a vendor package maintainer,
type=test when you're an admin but want to do tests only,
type=custom when you're an admin willing to run a real server
(The default is type=test)
Additionally add --algo=RSA (default) or --algo=DSA to select
the signature algorithm used for the generated certificate.
***************************************************************************
LEGAL NOTICES
The information in this document is subject to change without notice.
WARRANTY DISCLAIMER
HEWLETT-PACKARD MAKES NO WARRANTY OF ANY KIND WITH REGARD TO THIS
INFORMATION, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF
MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. Hewlett-Packard
shall not be liable for errors contained herein or for direct, indirect,
special, incidental or consequential damages in connection with the
furnishing, performance or use of this material.
RESTRICTED RIGHTS LEGEND
Use, duplication or disclosure by the U.S. Government is subject to
restrictions as set forth in subparagraph (c) (1) (ii) of the Rights in
Technical Data and Computer Software clause at DFARS 252.227-7013 for DOD
agencies. Rights for non-DOD U.S. Government Department and Agencies are
as set forth in FAR 52.227-19 (c)(1,2).
COPYRIGHT NOTICES
Copyright 2001-2007 Hewlett-Packard Development Company, L.P.
This document contains information which is protected by copyright.
All Rights Reserved. Reproduction, adaptation, or translation without
prior written permission is prohibited, except as allowed under the
copyright laws.
TRADEMARK NOTICES
UNIX is a registered trademark in the United States and other countries,
licensed exclusively through X/Open Company Limited.
Java and all Java-based trademarks and logos are trademarks or
registered trademarks of Sun Microsystems, Inc. in the U.S. and
other countries.
Netscape is a U.S. trademark of Netscape Communications Corporation
ACKNOWLEDGEMENTS
This product includes software developed by the Apache Software Foundation
This documentation is based on information from the Apache Software Foundation.
(http://www.apache.org).
|
