|
|
Guide for HP-UX Webmin-based Admin A.1.070.10
TABLE OF CONTENTS
Release Notes - What's New
Overview
- Modules included in HP-UX Webmin-based Admin
Setup
- Perl Requirement
- Installation
- Uninstallation
- Browser Requirement
- Javascript Event Handlers
- Starting and Stopping Webmin
- Automatic Restart at Boot-up
Configuration
- Default Configuration Values for Webmin
- Changing Administrator's Password
- Adding Modules to Webmin
- HP-UX Tomcat-based Servlet Engine Module
- Running Webmin under SSL
- Changing the Default Look and Feel Using Themes
- Enabling Internet site search from behind a firewall
Administration of Apache
- Identifying the Path to the Current Configuration Screen
- Different levels of Apache configuration
- Making changes to Apache configuration
- Restart vs Stop and Start
- Default Directive Values
- SSL Configuration
- Certificate and Key Management
- Apache Configuration File Backup & Version Management
- Mod_LDAP / Mod_Auth_LDAP Configuration
- Edit Defined Parameters
Support for HP-UX Internet Express Components
- Integration
- Administration
Legal Notices
Note: Please refer to the Webmin Software License located in
/opt/hpws/LICENSES/webmin.
RELEASE NOTES - WHAT'S NEW
HP-UX Webmin-based Admin A.1.070.10:
This release of HP-UX Webmin-based Admin is a bug fix release:
- The 'Upgrade Webmin' button on the configuration page is disabled since
HP does not support an upgrade to Webmin from www.webmin.org
This release of HP-UX Webmin-based Admin is a security/bug fix release that
addresses the following vulnerablilties:
- corruption of the SSL virtual server configuration (JAGaf41910).
This release also includes enhancements/bug fixes from A.1.070.01
- Disabled read access to module configuration for normal users
- DOS attack(Locking out other users) when logging in using space in username
- Support for 32-bit Apache (if installed)
- Enhanced look and feel (new icons, intuitive forms, Javascript event handlers)
- Backup, version management(RCS) and retrieval of Apache configuration
files. (See below)
- Direct access to
launching HP-UX Tomcat-based Servlet Engine
invoking Tomcat's Management and Admin tools
(See below)
- Consolidated log display page which now provides a single portal for
viewing all log files. (See below)
- Support for easy management of log rotation
- Intuitive server status and info configuration and viewing
- Enhanced certificate management including addition of PEM pass phrases
to keys and deploying a key/certificate pair to a Virtual Server.
(See below)
- Support for Virtual Host additions and management
- Improved parsing of Apache configuration files to accurately handle
directives within Virtual Hosts, Directory, and other containers.
- Various bug fixes
OVERVIEW
HP-UX Webmin-based Admin is a value-added version of Webmin provided by HP.
Webmin is a web-based interface for system administration for Unix.
Webmin consists of a miniserver, and a number of CGI programs
which directly update system files like /etc/inetd.conf and /etc/passwd.
The web server and all CGI programs are written in Perl version 5, and
use no external modules. This means that you only need a Perl binary to
run Webmin. For more information, see: Perl Requirement
For more information: http://www.webmin.com/
User Guide: http://www.swelltech.com/support/webminguide/index.html
"System Administration With Webmin, Apache Webserver"
Modules included in HP-UX Webmin-based Admin
HP-UX Webmin-based Admin has been customized to work with HP-UX Apache-based
Web Server by excluding many of its standard modules.
Modules included by HP-UX Webmin-based Admin:
acl
hpapache
cpan
lang
man
servers
webmin
webminlog
Note: Although User & Groups (useradmin) module is shipped, it is not supported.
SETUP
Perl Requirement
Webmin depends on Perl5 and expects it to be installed in /opt/perl/bin/perl.
It is strongly recommended that you use Perl version 5.8.8, which can
be obtained from HP Software Depot: http://software.hp.com/. Search for:
Perl 5.8.8
To find out the location of the Perl you have, type the following command:
% which perl
To determine the version of Perl, type the following command:
% </path/to/perl> -v
To determine if the version of Perl is compatible with Webmin, as root, type:
% /opt/hpws/webmin/perl-setup.sh
If you have Perl installed on your machine in a location other than
/opt/perl/bin/perl, you need to do the following steps: Before starting
Webmin, run /opt/hpws/webmin/perl-setup.sh as root to make the necessary
changes. This will ask for the full path to the Perl of your choice. It will
check to make sure that your version of Perl is compliant, and then will
update all Perl files with the verified location.
Installation
Information on installing all products of HP-UX Web Server Suite can be found in
Getting Started
The user configurable files of HP-UX Webmin-based Admin will be saved
as per the standard HP-UX newconfig methodology. More information can be
found in the newconfig section of Getting Started.
Uninstallation
Uninstallation of HP-UX Webmin-based Admin may lead to inaccessibility of HP-UX
Web Server Suite documentation by other components of the suite that may still
be installed. To resolve this condition, please refer to the "Uninstallation"
section in the following files (if existing):
/opt/hpws/apache/hpws_docs/.hp_docs/README
/opt/hpws/tomcat/hpws_docs/.hp_docs/README
/opt/hpws/xmltools/hpws_docs/.hp_docs/README
Browser Requirement
Webmin is a GUI that is only accessible through a browser. It has been tested
and works with the following browsers:
Microsoft IE 5.x, Mozilla 1.0.1, Netscape 7.x
Javascript Event Handlers
onMouseOver: used to highlight selections and show default directive values
onClick: used to simplify radio button input navigation
There are some situations when Javascript event handlers can be disabled.
In Apache, radio buttons with input boxes have been changed so they are
automatically enabled when the user types in the corresponding input box.
(Previously, you would have to click on the radio button and type in the
corresponding box.)
To disable, go to Admin Settings -> Webmin Configuration -> Webmin Themes
When the current theme is set to HP-UX Web Server Suite Theme, you can
'Configure' the theme to Disable the Javascript event handlers.
Please note that not all event handlers work for the all supported browsers.
Starting and Stopping Webmin
Webmin is not automatically started upon installation.
For more information, see Automatic Starting Webmin at Reboot
You must be root to start and stop the Webmin miniserver.
(If you have problems starting Webmin, please see the "Perl Requirement"
topic above.)
To start Webmin:
Log in as root.
$ /opt/hpws/webmin/webmin-init start
Point the browser to: http://yourserver.com:10000/
Login : admin
Password : hp.com
From here, you can click on the Servers tab and start managing the HP-UX
Apache-based Web Server
Please remember to change your password. Instructions are provided under
Configuration - Changing Administrator's Password.
To stop Webmin:
Log in as root.
$ /opt/hpws/webmin/webmin-init stop
Automatic Restart at Boot-up
If you would like to automatically restart Webmin at boot-up time, you will
have to modify the specific components configuration file:
/etc/rc.config.d/hpws_webminconf
- Set the HPWS_WEBMIN_START variable to 1. If you do not desire this feature,
set the HPWS_WEBMIN_START variable to 0. By default, it is set to 0.
The line below shows how to turn it on.
HPWS_WEBMIN_START=1
The startup scripts have a direct dependency on the HPWS_WEBMIN_HOME
variable, and expects Webmin to be located in that directory.
CONFIGURATION
Webmin has been pre-configured with the defaults listed below. If you
would like to change those defaults, run /opt/hpws/webmin/setup.sh as
root and specify the configuration that you want. In addition, if you want
to use /opt/hpws/webmin/conf/ as the preferred configuration directory,
remove /opt/hpws/webmin/conf/ and /opt/hpws/webmin/logs/ directories
before running setup.sh.
By default, the configuration directory is /opt/hpws/webmin/conf/,
and the logs directory is /opt/hpws/webmin/logs/. If you want to use
the same directories, but change the configuration, remove them
first and then run /opt/hpws/webmin/setup.sh.
Default Configuration Values for Webmin
Configuration directory: /opt/hpws/webmin/conf/
Log directory: /opt/hpws/webmin/logs/
Expected location of Perl: /opt/perl/bin/perl
Operating system type: HP-UX 11.x
Web server port: 10000
Login / password: admin / hp.com
The password is easily changed using changepass.pl. See below for details.
It is highly recommended that you change your password after installation.
Web server hostname: machine name returned using 'hostname' command
Use SSL: Dependent on your version of Perl.
Not enabled by default. This question will only be asked if your Perl
has the Perl Net::SSLeay module installed. See Running Webmin under SSL
Start Webmin at boot time: Available by a different method.
Changing Administrator's Password
To change the password of user "admin" to, say "foo":
As root, run
/opt/hpws/webmin/changepass.pl /opt/hpws/webmin/conf admin foo
If you have changed the configuration directory to something other
than the default, substitute it for /opt/hpws/webmin/conf.
Adding Modules to Webmin
You can find an extensive selection of modules to add to Webmin from:
http://webmin.thirdpartymodules.com/
This list includes third party modules, as well as the modules that are
standard, but excluded from this bundle.
NOTE: Take care that as you add new modules, you do not inadvertently
allow Webmin Administrators too much system access.
All Webmin modules are easy to add using the Webmin Interface.
1) On the Webmin Tab, select Webmin Configuration.
2) Select Webmin Modules
3) Go to the Install Module, and select the method (local file, uploaded
file, or ftp or http URL) that you want to use.
4) Specify the location in the input box.
5) Click on button "Install Module from file"
6) Upon successful installation, a message will be displayed listing the
modules installed, the installation path used, and the size of the module.
HP-UX Tomcat-based Servlet Engine Module
The HP-UX Tomcat-based Servlet Engine is accessible from the HP-UX Web Server
Suite page. If HP-UX Tomcat-based Servlet Engine is installed, options will
be available to turn it on or off, and to access the 'Tomcat Web Application
Manager' or the 'Tomcat Web Server Administration Tool'.
Running Webmin under SSL
Webmin can be configured to run using SSL if the Net::SSLeay Perl module
has been built into Perl. To check that the Perl you are using has the
required module, the following command should not return any output:
</path/to/perl> -e 'use Net::SSLeay'
To enable SSL, when Webmin is running, go to the Webmin Configuration
icon on the Webmin tab (or http://yourserver.com:10000/webmin).
Click on the icon for SSL Encryption. Click on the "Enable SSL support,
if available" and then Save. Webmin will automatically redirect the browser
so you use "https" in the URL.
** Remember to connect to Webmin using https://yourserver.com:10000/
To disable, go back to the same screen and click "Disable SSL support,
even if available."
Changing the Default Look and Feel Using Themes
To change the default Webmin theme, when Webmin is running, go to the Webmin
Configuration icon on the Webmin tab (or http://yourserver.com:10000/webmin).
Click on the icon for Webmin Themes. In the first section, from the drop-down
menu, change the "Current Theme" to the theme of your choice and click on the
"Change" button.
If the pages do not display correctly initially, refresh your browser.
Sometimes starting a new browser window will reset cached values.
Enabling Internet site search from behind a firewall
To search Internet sites from behind a firewall using the System Documentation
module (within the "Others" tab) or the Search docs feature, a HTTP Proxy
server must be specified. To perform this task, go to the "Admin Settings"
tab, and then the "Webmin Configuration" section.
An example HTTP Proxy looks like the following:
http://myproxy.yourserver.com:8088/
ADMINISTRATION OF APACHE
Identifying the Path to the Current Configuration Screen
The HP-UX Webmin-based Admin supports breadcrumb navigation trail to identify
the location of the current configuration screen with respect to other screens.
The term "breadcrumb" comes from the story of "Hansel and Gretel" -- breadcrumbs
were left by the characters to find their way back home. Breadcrumbs let you
know where you are in a web page, as well as how to retrace your steps.
The breadcrumbs are located in the top left quadrant of the page, under the
Start/Restart/Stop Apache buttons and represent the site hierarchy. "Home" is
always displayed in the breadcrumb and refers to the initial HP-UX Apache-based
Web Server configuration screen. The last item in the breadcrumb is the current
page, and is not clickable.
For example, when modifying the "Document Options" of the /opt/hpws/apache/htdocs
directory, in the context of the main Apache server, the breadcrumbs for that
screen would be displayed like this:
Home > default server > Directory /opt/hpws/apache/htdocs > Document Options
Thus, breadcrumbs show a path to making configuration changes and for easy
navigation through HP-UX Webmin-based Admin.
Different levels of Apache configuration
Administration directives for an Apache server can be specified in multiple
levels. Depending on which level one provides the configuration, the
configuration is effective to that particular level. All of Apache directives
have their scope of effectiveness, i.e., if a directive has been specified to
be effective on a certain level, it cannot be specified on a different level.
The following are the three levels of configuration for Apache.
* Global Configuration
If a configuration is specified at the global level, then the entire Apache
server is effected. Directives such as the port number on which Apache
will listen and serve requests on, is specified at this level.
* Server specific
Apart from global level, configuration can be specified at the server
level as well. Apache has support for virtual servers, and by default
it starts with a "main" server. Some of the directives are specified
at the server-specific level, such a logs.
* Location/Directory specific
Finally, in Apache, one has the flexibility to make changes at the level
of a directory as well. Thus an administrator could provide specific
behavior to certain directories, such that other directories are not
affected by it. This allows for fine grain administration.
Webmin has support for administering in the above mentioned various levels.
Making changes to Apache configuration
In Webmin, every configuration change requires you to follow these steps
in order to get a successful completion of task.
* After every change made, one needs to first "Save" the changes and
then "Restart Apache" with those changes, for it to become effective.
* When enabling/disabling SSL for Apache, one must "Stop Apache" and
then "Start Apache". Restarting is not sufficient.
* If one makes change to "Settings" of Apache, one has to stop and then
start Apache for these Settings to take effect.
Restart vs Stop and Start
When you enable the following modules, a simple restart of Apache will not
reflect the changes. You must stop and then start Apache for the changes to
be recognized.
- auth_ldap
- mod_jk
- mod_perl
- mod_php
- mod_ssl
Default Directive Values
The meaning of "Default" in Apache configuration has a special meaning.
A directive with a "Default" setting indicates that when the directive
is not specified within the configuration file, the directive will behave
as it was specified when the Apache server was built. Thus by selecting
"Default" in the Apache configuration means that the directive will
not be included in /opt/hpws/conf/httpd.conf. The defaults are displayed
when the mouse rests over the Apache directive name.
SSL Configuration
SSL configuration for Apache is supported through HP-UX Webmin-based Admin.
SSL in Apache can be enabled at any of the following levels:
- For the entire server (which has the default port of 80).
- For the virtual server (with a port of 443).
In order to enable SSL, one has to make sure that the following directives
are also configured.
SSLCipherSuite SSLCertificateFile SSLCertificateKeyFile
In addition, one also has to make sure the following directives are configured
in "Home > Global > SSL Options" section.
SSLPassPhraseDialog SSLSessionCache SSLMutex SSLRandomSeed
Certificate and Key Management
Certificates, Keys and Certificate Requests can be made using OpenSSL that
is shipped with Apache.
This can be accessed from the "Certificate Manager" icon on the main page.
From this page, choose one of the options:
- Manage an existing certificate
* View Certificate, Key, or Certificate Request
* Deploy a Certificate and Key pair to an existing Virtual Host
* Backup a Certificate, Key or Certificate Request
* Modify PEM Pass Phrase for a Key
From here, add, change, or delete a PEM Pass Phrase from a Key.
However, there is no way to retrieve a Pass Phrase if it is unknown.
- Create a new Certificate, Key, or Certificate Request as a self-signed CA
or as a server
* After creating, the item can be 'Managed' using the above options.
Note: Management of certificates should be done using Webmin over SSL.
To enable SSL, go to Admin Settings > Webmin Configuration > SSL encryption.
Apache Configuration File Backup & Version Management
Support has been added to Back-up and Retrieve Apache configuration files
from Webmin. This depends on RCS being installed. By default, Webmin looks
for /usr/bin/rcs, however it is also configurable from the Apache Settings page.
To access, from the main screen, click on the "Back-up Config Files" icon.
Initially, you will be asked for a description. Then, the initial revision
will be set. From here, a table lists all of the different versions available
for this file. Labels can be added to a particular version. Files that are
Included into the main Apache configuration file will be picked up as well.
Different versions of the configuration file can be compared.
Mod_LDAP / Mod_Auth_LDAP Configuration
Starting with HP-UX Web Server Suite v.A.1.0.05.01, ASF provided modules,
mod_ldap and mod_auth_ldap, are supported. While only partial support is
currently available for configuring these new modules, complete support
for auth_ldap is still available through HP-UX Webmin-based Admin.
The new icon/title for mod_auth_ldap module:
 |
LDAP Authentication
The icon/title for auth_ldap module:
 |
Auth_LDAP
Edit Defined Parameters
- Webmin only knows about the parameters entered in the textfield or
currently in /opt/hpws/apache/conf/httpd.conf. It does not know about
any parameters you may have started Apache with already.
- You must Save the changes to the parameters, and then Stop and Start
the Apache Web Server for changes to take effect. Simply Restarting
the Apache Web Server (clicking on "Apply Changes") only re-reads
httpd.conf, but does not take any parameter changes into account.
This is the same way that the apachectl script works.
- Format for the Paramaters should be as follows:
Parameter1 Parameter2 Parameter3
There should be whitespaces between the Parameters.
Note that the defined parameters don't need to begin with "-D"
SUPPORT FOR HP-UX INTERNET EXPRESS COMPONENTS
Integration
- HP-UX Webmin-based Admin has been customized to recognize HP-UX Internet
Express components. A section titled "HP-UX Internet Express", visible from
Webmin, groups all installed components.
- At installation time of HP-UX Webmin-based Admin, the installed HP-UX
Internet Express components will be discovered automatically and Webmin
will be configured to support administration of those components.
- During the installation time of an HP-UX Internet Express component,
if HP-UX Webmin-based Admin is already installed, then the component will
configure Webmin to recognize and support itself.
Administration
- Administrative changes made to an HP-UX Internet Express component will
result in real-time modifications to its configuration file(s).
- Specific instructions for administration of a module may be found in the
documentation provided by the HP-UX Internet Express component.
***************************************************************************
LEGAL NOTICES
The information in this document is subject to change without notice.
WARRANTY DISCLAIMER
HEWLETT-PACKARD MAKES NO WARRANTY OF ANY KIND WITH REGARD TO THIS
INFORMATION, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF
MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. Hewlett-Packard
shall not be liable for errors contained herein or for direct, indirect,
special, incidental or consequential damages in connection with the
furnishing, performance or use of this material.
RESTRICTED RIGHTS LEGEND
Use, duplication or disclosure by the U.S. Government is subject to
restrictions as set forth in subparagraph (c) (1) (ii) of the Rights in
Technical Data and Computer Software clause at DFARS 252.227-7013 for DOD
agencies. Rights for non-DOD U.S. Government Department and Agencies are
as set forth in FAR 52.227-19 (c)(1,2).
COPYRIGHT NOTICES
Copyright 2001-2007 Hewlett-Packard Development Company, L.P.
This document contains information which is protected by copyright.
All Rights Reserved. Reproduction, adaptation, or translation without
prior written permission is prohibited, except as allowed under the
copyright laws.
TRADEMARK NOTICES
UNIX is a registered trademark in the United States and other countries,
licensed exclusively through X/Open Company Limited.
Java and all Java-based trademarks and logos are trademarks or
registered trademarks of Sun Microsystems, Inc. in the U.S. and
other countries.
ACKNOWLEDGEMENTS
This product includes software developed by the Apache Software Foundation.
This documentation is based on information from the Apache Software Foundation
(http://www.apache.org).
|
