Manually Configure an HTTP Server

Hybrid: Create an HTTP Server Using the *ADMIN server, then Manually Add Powertech Encryption for IBM i Details

  1. Use the Administration HTTP Server instance to create a basic HTTP server instance called CRYPTO in the ‘/www’ directory. Instructions on how to start the Administration Server can be found in an earlier section.
  2. Replace the contents of the configuration file ‘/www/crypto/conf/httpd.conf’ with the following:

    # HTTP Server configuration for Powertech Encryption for IBM i from HelpSystems
    # /www/crypto/conf/httpd.conf
    LoadModule ibm_ssl_module /QSYS.LIB/QHTTPSVR.LIB/QZSRVSSL.SRVPGM                                 
    ScriptAliasMatch ^/crypto(.*) /QSYS.LIB/CRYPTO.LIB/$1.PGM                                        
    Listen 192.168.1.53:8090                                                                         
    DocumentRoot /www/crypto/htdocs                                                                  
    Options +ExecCGI -FollowSymLinks -SymLinksIfOwnerMatch -Includes -Indexes -MultiViews            
    LogFormat "%h %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\"" combined                
    LogFormat "%{Cookie}n \"%r\" %t" cookie                                                          
    LogFormat "%{User-agent}i" agent                                                                 
    LogFormat "%{Referer}i -> %U" referer                                                            
    LogFormat "%h %l %u %t \"%r\" %>s %b" common                                                     
    CustomLog logs/access_log combined                                                               
    LogMaint logs/access_log 7 0                                                                     
    LogMaint logs/error_log 7 0                                                                      
    ServerName CRYPTO:8090                                                                           
    MaxKeepAliveRequests 500                                                                         
    SetEnvIf "User-Agent" "Mozilla/2" nokeepalive                                                    
    SetEnvIf "User-Agent" "Mozilla/2" nokeepalive                
    SetEnvIf "User-Agent" "JDK/1\.0" force-response-1.0          
    SetEnvIf "User-Agent" "Java/1\.0" force-response-1.0         
    SetEnvIf "User-Agent" "RealPlayer 4\.0" force-response-1.0   
    SetEnvIf "User-Agent" "MSIE 4\.0b2;" nokeepalive             
    SetEnvIf "User-Agent" "MSIE 4\.0b2;" force-response-1.0      
    SSLEngine On                                                 
    SSLAppName CRYPTO_HTTP                                       
    SSLCacheEnable                                               
    SSLClientAuth Optional                                       
    SetEnv HTTPS_PORT 9082                                       
    SetEnv QIBM_CGI_LIBRARY_LIST QTEMP;CRYPTO             
    <Directory /QSYS.LIB/CRYPTO.LIB>                             
       Order Allow,Deny                                          
       Allow From all                                            
       Require valid-user                                        
       UserID %%CLIENT%%                                         
       PasswdFile %%SYSTEM%%                                     
       AuthType Basic                                            
       AuthType Basic                             
       AuthName "Enter User ID and Password"      
    </Directory>                                  
    <Directory /www/crypto/htdocs/>               
       Order Allow,Deny                           
       Allow From all                             
       Require valid-user                         
       UserID %%CLIENT%%                          
       PasswdFile %%SYSTEM%%                      
       AuthType Basic                             
       AuthName "Enter User ID and Password"      
    </Directory>                                  

    NOTE:  
    • You may need to add libraries to the QIBM_CGI_LIBRARY_LIST if you have placed Powertech Encryption for IBM i objects in libraries other than CRYPTO.
    • If a non SSL version of the server is needed, then comment out the entries in the file that pertain to SSL.
  3. Now start the server using the following command:
STRTCPSVR SERVER(*HTTP) HTTPSVR(CRYPTO)

Copy an Existing Powertech Encryption for IBM i HTTP Server Instance

Use the following steps to copy an existing Powertech Encryption for IBM i HTTP server instance:

  1. At a command line, type “WRKLNK ‘/www’”, then press Enter.
  2. Type “5” in the option field in front of the ‘www’ directory, then press Enter.
  3. Position the cursor to HTTP server instance to be copied. Type “3” in the option field, then press F4 to prompt the Copy.
  4. In the ‘To object’ field, type ‘/www/’ followed by the name of the HTTP server instance to be created. (The full path and name will need to be in single quotes). Do NOT press Enter yet.
  5. Position to the ‘Directory subtree’ field and change the value to *ALL. This will cause all the subdirectories and files to be copied as well. Now press Enter.
    NOTE: A message may be displayed to shows some of the objects were not copied. If the are log files, then this is not a problem, as they are not needed anyway.
  6. Position to the new HTTP server instance that has been copied. Type “5” in the option field, then press Enter.
  7. Type “5” in front of the ‘conf’ directory, then press Enter.
  8. Type “9” in front of the ‘httpd.conf’ file, then press Enter. Verify that the user QTMHHTTP has *R data authority. If not, then use option “2” to change it. Press Enter to exit from option “9”.
    NOTE: If user profile QTMHHTTP does not have *R data authority, then the new server instance will not stay running when started.)
  9. Type “2” in front of the ‘httpd.conf’ file, then press Enter to bring up the configuration file in edit mode.
  10. Change “DocumentRoot” to refer to the new HTTP server instance name.
  11. Change “Listen” to use a different port than the original HTTP server instance.
  12. Change “ServerName” to refer to the new HTTP server instance name.
  13. Change “<Directory /www/xxxxxx/htdocs/>” where xxxxxx is the name of the old HTTP server instance and replace it with the new name.
  14. Press F3 twice to save and exit from the editor.
  15. At a command line, type “STRPDM”, then press Enter.
  16. Type option “3”, then press Enter.
  17. Type “QATMHINSTC” for file and “QUSRSYS” for library, then press Enter.
  18. Position to the name of the HTTP server instance to be copied. Type “3” in the option field, then press Enter.
  19. Position to the ‘New Name’ field and type the name of the new HTTP server instance, then press Enter.
  20. Position to the name of the new HTTP server instance, type “18” to edit using DFU, then press Enter.
  21. Type “1” for *RECNBR, <Field Exit>, then press Enter.
  22. Position to the name of the original HTTP server instance and change it to the new name. Press Enter, then F3, then Enter again. That completes the configuration.
  23. To start the new HTTP server instance, type the following command, replacing the yyyyyy with the new name, then press Enter:
STRTCPSVR *HTTP HTTPSVR(yyyyyy)