4 Getting Started with Oracle HTTP Server

4.1.1 Understanding the PID File

When Oracle HTTP Server starts up, it writes the process ID (PID) of the parent httpd process to the httpd.pid file located, by default, in the following directory:

ORACLE_INSTANCE/diagnostics/logs/OHS/component_name

The process ID can be used by the administrator when restarting and terminating the daemon. If a process stops abnormally, it is necessary to stop the httpd child processes using the kill command.

The PidFile directive in httpd.conf specifies the location of the PID file.

4.1.2 Starting Oracle HTTP Server

This section describes how to start Oracle HTTP Server using Fusion Middleware Control and opmnctl.

> $ORACLE_INSTANCE/bin/opmnctl startproc process-type=OHS

> $ORACLE_INSTANCE/bin/opmnctl startproc ias-component=component_name

> $ORACLE_INSTANCE/bin/opmnctl verbose startproc ias-component=component_name

HTTP/1.1 200 OK
Content-Length: 656
Content-Type: text/html
Response: 1 of 1 processes started.
 
<?xml version='1.0' encoding='WINDOWS-1252'?>
<response>
<opmn id="stadk58:6701" http-status="200" http-response="1 of 1 processes started.">
  <ias-instance id="inst1">
    <ias-component id="ohs1">
      <process-type id="OHS">
        <process-set id="OHS">
          <process id="699033550" pid="11366" status="Alive" index="1" log="/scratch/oracle/product/11110/test090306/instances/inst1/diagnostics/logs/OHS/ohs1/console~OHS~1.log" operation="request" result="success">
            <msg code="0" text="">
            </msg>
          </process>
        </process-set>
      </process-type>
    </ias-component>
  </ias-instance>
</opmn>
</response>

4.1.3 Stopping Oracle HTTP Server

This section describes how to stop Oracle HTTP Server using Fusion Middleware Control and opmnctl. Other services may be impacted when Oracle HTTP Server is stopped.

> $ORACLE_INSTANCE/bin/opmnctl stopproc process-type=OHS

> $ORACLE_INSTANCE/bin/opmnctl stopproc ias-component=component_name

> $ORACLE_INSTANCE/bin/opmnctl verbose stopproc ias-component=component_name

4.1.4 Restarting Oracle HTTP Server

Restarting Oracle HTTP Server causes the Apache parent process to advise its child processes to exit after their current request (or to exit immediately if they are not serving any requests). Upon restarting, the parent process re-reads its configuration files and reopens its log files. As each child process exits, the parent replaces it with a child process from the new generation of the configuration file, which begins serving new requests immediately.

The following sections describe how to restart Oracle HTTP Server using Fusion Middleware Control and opmnctl.

> $ORACLE_INSTANCE/bin/opmnctl restartproc process-type=OHS

> $ORACLE_INSTANCE/bin/opmnctl restartproc ias-component=component_name

> $ORACLE_INSTANCE/bin/opmnctl verbose restartproc ias-component=component_name

4.3.1 Using Fusion Middleware Control to Specify Server Properties

To specify the server properties using the Fusion Middleware Control:

1. Select Administration from the Oracle HTTP Server menu.

2. Select Server Configuration from the Administration menu. The Server Configuration page appears.

   
   Description of the illustration srv_prop3.gif
   
   

3. Enter the documentation root directory in the Document Root field that forms the main document tree visible from the Web site.

4. Enter the e-mail address in the Administrator's E-mail Address field that the server will includes in error messages sent to the client.

5. Enter the directory index in the Directory Index field. The is the main (index) page that will be displayed when a client first accesses the Web site.

6. Enter the user name in the Operating System User field.

   This is the user name for the server, when sending and responding to requests. The user should not have privileges that allow it to access files or run programs that are for internal-use only. For example, when a request comes from Oracle Portal, Oracle HTTP Server will respond as the user defined in this field, and should have privileges to access the content in Oracle Portal. However, the user should not have privileges to access company-confidential content.

   Oracle recommends that you set up a user specifically for running the server. Oracle also recommends that you do not set the user to root.

7. Enter the group name in the Operating System Group field. This is the group for the server, when sending and responding to requests. The user defined for Oracle HTTP Server must be a member of this group.

   Oracle recommends that you set up a group specifically for running the server. Oracle also recommends that you do not set the group as root.

8. The Modules region is used to enable or disable modules. There are three modules that you can enable or disable: mod_perl, mod_fcgi, and mod_osso.

   For instructions on configuring the mod_perl module, see "Configuring the mod_perl Module".

9. Create an alias, if necessary in the Aliases table. An alias maps to a specified directory. For example, to use a specific set of content pages for a group you can create an alias to the directory that has the content pages.

10. Review the settings. If the settings are correct, then click Apply to apply the changes. If the settings are incorrect, or you decide to not apply the changes, then click Revert to return to the original settings.

11. Restart Oracle HTTP Server as described in Section 4.1.4.

The server properties are saved, and shown on the Server Configuration page.

4.3.2 Editing the httpd.conf File to Specify Server Properties

To specify the server properties using the httpd.conf file:

1. Open the httpd.conf file using either a text editor or the Advanced Server Configuration page in Fusion Middleware Control. (See Section 4.4.5, "Modifying an Oracle HTTP Server Configuration File.")

2. In the DocumentRoot section of the file, enter the directory that stores the main content for the Web site. The following is an example of the syntax:

   DocumentRoot "${ORACLE_INSTANCE}/config/${COMPONENT_TYPE}/${COMPOENT_NAME}/htdocs"
   

3. In the ServerAdmin section of the file, enter the administrator's e-mail address. This is the e-mail address that will appear on client pages. The following is an example of the syntax:

   ServerAdmin [email protected]
   

4. In the DirectoryIndex section of the file, enter the directory index. This is the main (index) page that will be displayed when a client first accesses the Web site. The following is an example of the syntax:

   DirectoryIndex index.html index.html.var
   

5. In the User and Group section of the file, enter the user name and group. The following is an example of the syntax:

   User nobody
   Group nobody
   

   The user name is for the server, when sending and responding to requests. The user should not have privileges that allow it to access files or run programs that are for internal-use only. For example, when a request comes from Oracle Portal, Oracle HTTP Server will respond as the user defined in this field, and should have privileges to access the content in Oracle Portal. However, the user should not have privileges to access company-confidential content.

   Oracle recommends that you set up a group specifically for running the server. The user defined for Oracle HTTP Server must be a member of this group. Oracle also recommends that you do not set the group as root.

   Note:

   User and Group are relevant only when running Oracle HTTP Server as root on UNIX.

6. Create aliases, if needed. An alias maps to a specified directory. For example, to use a specific set of icons, you can create an alias to the directory that has the icons for the Web pages. The following is an example of the syntax:

   Alias /icons/ "${ORACLE_HOME}/config/${COMPONENT_TYPE}/${COMPONENT_NAME}/icons/"
   
   <Directory "${ORACLE_HOME}/content/${COMPONENT_TYPE}/${COMPONENT_NAME}/icons/">
       Options MultiViews
       Order allow, deny
       Allow from all
   </Directory>
   

7. Save the file.

8. Restart Oracle HTTP Server as described in Section 4.1.4.

4.4.1 Configuring Secure Sockets Layer

Secure Sockets Layer (SSL) is an encrypted communication protocol that is designed to securely send messages across the Internet. It resides between Oracle HTTP Server on the application layer and the TCP/IP layer, transparently handling encryption and decryption when a secure connection is made by a client.

One common use of SSL is to secure Web HTTP communication between a browser and a Web server. This case does not preclude the use of non-secured HTTP. The secure version is simply HTTP over SSL (HTTPS). The differences are that HTTPS uses the URL scheme https:// rather than http://.

By default, an SSL listen port is configured and enabled using a default wallet during installation. Wallets store your credentials, such as certificate requests, certificates, and private keys.

The default wallet that is automatically installed with Oracle HTTP Server is for testing purposes only. A real wallet must be created for your production server. The default wallet is located in the ORACLE_INSTANCE/config/OHS/component_name/keystores/default directory. You can either place the new wallet in this location, or change the SSLWallet directive in ORACLE_INSTANCE/config/OHS/component_name/ssl.conf to point to the location of your real wallet.

For the changes to take effect, you should restart the Oracle HTTP Server components as described in Section 4.1.4.

For information about configuring wallets and SSL using Fusion Middleware Control, see "Enabling SSL for Oracle HTTP Server Virtual Hosts" in the Oracle Fusion Middleware Administrator's Guide.

4.4.2 Configuring MIME Settings

Multipurpose Internet Mail Extension (MIME) settings are used by Oracle HTTP Server to interpret file types, encodings, and languages. MIME settings for Oracle HTTP Server can only be set using Fusion Middleware Control. You cannot specify the MIME settings using opmnctl commands.

The following tasks can be completed on the MIME Configuration page:

• Configuring MIME Types

• Configuring MIME Encoding

• Configuring MIME Languages

4.4.3 Configuring the mod_perl Module

The mod_perl module embeds the Perl interpreter into Oracle HTTP Server. This eliminates start-up overhead and enables you to write modules in Perl. The module is disabled, by default.

To enable the mod_perl module using Fusion Middleware Control, do the following:

1. Select Administration from the Oracle HTTP Server menu.

2. Select mod_perl Configuration from the Administration menu. The mod_perl configuration page appears.

   Note:

   If mod_perl has not been enabled, then you will be redirected to the Server Configuration page. Select mod_perl and click Apply to enable mod_perl. After the confirmation page has been displayed, restart Oracle HTTP Server, and then return to the mod_perl Configuration page.

3. Enter the switch information in the Switches field.

4. Enter the environment variables to be passed to the scripts in the Environment field.

5. Enter the required script names in the Require field.

6. Click Add Row to create a new row.

7. Configure mod_perl directives for a Location in the Perl Locations table. The Location assigns a number of rules that the server should follow when the request's URI matches the Location.

   1. Enter the base URI for the Perl scripts in the Locations field. Just as it is the widely accepted convention to use /cgi-bin for your mod_cgi scripts, it is also conventional to use /perl as the base URI of the Perl scripts that are running under mod_perl.

   2. Enter options in the Options field. The PerlOptions directive provides fine-grained configuration by providing control over which class of Perl interpreter pool to be used. Options are enabled by prepending them with a plus sign (+) and are disabled by prepending them with a minus sign (-).

   3. If you want to send headers, then click the Send Header check box. The PerlSendHeader directive is for mod_perl 1.0 backwards-compatibility. When enabled, the server sends an HTTP header to the browser on every script invocation. You should disable this option for NPH (non-parsed-headers) scripts.

   4. Enter the environment in the Environment field. The PerlSetEnv directive allows you to specify system environment variables and pass them into your mod_perl handlers.

   5. Enter the response handler in the Response Handler field. The PerlResponseHandler directive tells mod_perl which callback is going to do the job.

   6. Enter the authentication handler in the Authentication Handler field. The PerlAuthenHandler directive is used to set the handler to verify a user's identification credentials.

8. Review the settings. If the settings are correct, click Apply to apply the changes. If the settings are incorrect, or you decide to not apply the changes, click Revert to return to the original settings.

9. Restart Oracle HTTP Server as described in Section 4.1.4.

The mod_perl module configuration is saved and shown on the mod_perl Configuration page.

4.4.4 Configuring mod_wl_ohs

You can configure mod_wl_ohs either by using Fusion Middleware Control or by editing the mod_wl_ohs.conf configuration file manually.

For information about the prerequisites and procedure for configuring mod_wl_ohs to proxy requests from Oracle HTTP Server to Oracle WebLogic Server, see "Configuring the mod_wl_ohs Plug-In for Oracle HTTP Server" in Using Web Server 1.1 Plug-Ins with Oracle WebLogic server.

4.4.5 Modifying an Oracle HTTP Server Configuration File

To modify an Oracle HTTP Server configuration file using Fusion Middleware Control, do the following:

1. Select Administration from the HTTP Server menu.

2. Select Advanced Configuration from the Administration menu item. The Advanced Server Configuration page appears.

3. Select the configuration file from the list, such as the httpd.conf file.

4. Edit the file, as needed.

5. Review the settings. If the settings are correct, click Apply to apply the changes. If the settings are incorrect, or you decide to not apply the changes, click Revert to return to the original settings.

6. Restart Oracle HTTP Server as described in Section 4.1.4.

The file is saved and shown on the Advanced Server Configuration page.

4.4.6 Configuring the Oracle HTTP Server Environment to Use the apxs Script

You can use the apxs command in the $ORACLE_HOME/ohs/bin directory to build and install Apache extension modules for Oracle HTTP Server. To be able to use the apxs command, you should configure the Oracle HTTP Server environment as follows:

Set the following environment variables from command line:

• ORACLE_HOME=~/oraHome1

• ORACLE_INSTANCE=~/oraInstance1

• CONFIG_FILE_PATH=$ORACLE_INSTANCE/config/OHS/oraInstance1

• LD_LIBRARY_PATH=$ORACLE_HOME/lib:$ORACLE_HOME/ohs/lib:$LD_LIBRARY_PATH

Where ORACLE_HOME and ORACLE_INSTANCE are set to the appropriate values for the customer; for example:

export ORACLE_HOME=/scratch/jjones/PS6/Middleware/Oracle_WT1
export ORACLE_INSTANCE=$ORACLE_HOME/instances/instance1
export CONFIG_FILE_PATH=$ORACLE_INSTANCE/config/OHS/ohs1
export LD_LIBRARY_PATH=$ORACLE_HOME/lib:$ORACLE_HOME/ohs/lib:$LD_LIBRARY_PATH

You can now use the apxs from ORACLE_HOME to build, install and configure a new module; for example, to build, install and configure a new extension module called mod_experimental, from the module's source directory, you would enter the following:

$ORACLE_HOME/ohs/bin/apxs -c mod_experimental.c
$ORACLE_HOME/ohs/bin/apxs -i -a mod_experimental.c

For more information about the apxs command, see the Apache HTTP Server documentation at http://httpd.apache.org/docs/2.0/programs/apxs.html.

4.4.7 Disabling the Options Method

The Options method enables clients to determine which methods are supported by a web server. If enabled, it appears in the Allow line of HTTP response headers.

For example, if you send a request such as:

---- Request -------
OPTIONS / HTTP/1.0
Content-Length: 0
Accept: */*
Accept-Language: en-US
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Win32)
Host: host123:80

you might get the following response from the web server:

---- Response --------
HTTP/1.1 200 OK
Date: Wed, 23 Apr 2008 20:20:49 GMT
Server: Oracle-Application-Server-11g/11.1.1.0.0 Oracle-HTTP-Server
Allow: GET,HEAD,POST,OPTIONS
Content-Length: 0
Connection: close
Content-Type: text/html

Some sources consider exposing the Options method a low security risk because malicious clients could use it to determine the methods supported by a web server. However, because web servers support only a limited number of methods, disabling this method will just slow down malicious clients, not stop them. In addition, the Options method may be used by legitimate clients.

If your Oracle Fusion Middleware environment does not have clients that require the Options method, you can disable it by including the following lines in the httpd.conf file:

<IfModule mod_rewrite.c>
RewriteEngine on
RewriteCond %{REQUEST_METHOD} ^OPTIONS
RewriteRule .* – [F]
</IfModule> 

4.4.8 Updating the Configuration for OHS Instances on a Shared Filesystem

Functional or performance issues may be encountered when an OHS instance is created on a shared filesystem, including NFS (Network File System). In particular, lock files or Unix sockets used by OHS may not work or may have severe performance degradation; WLS requests routed by mod_wl_ohs may have severe performance degradation due to filesystem accesses in the default configuration.

Table 4-1 provides information about the Lock file issues and the suggested changes in the httpd.conf file specific to the operating systems.