Manually Configure an HTTP Server
Hybrid: Create an HTTP Server Using the *ADMIN server, then Manually Add Powertech Encryption for IBM i Details
- Use the Administration HTTP Server instance to create a basic HTTP server instance called CRYPTO in the ‘/www’ directory. Instructions on how to start the Administration Server can be found in an earlier section.
- Replace the contents of the configuration file ‘/www/crypto/conf/httpd.conf’ with the following:
# HTTP Server configuration for Powertech Encryption for IBM i from HelpSystems # /www/crypto/conf/httpd.conf LoadModule ibm_ssl_module /QSYS.LIB/QHTTPSVR.LIB/QZSRVSSL.SRVPGM ScriptAliasMatch ^/crypto(.*) /QSYS.LIB/CRYPTO.LIB/$1.PGM Listen 192.168.1.53:8090 DocumentRoot /www/crypto/htdocs Options +ExecCGI -FollowSymLinks -SymLinksIfOwnerMatch -Includes -Indexes -MultiViews LogFormat "%h %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\"" combined LogFormat "%{Cookie}n \"%r\" %t" cookie LogFormat "%{User-agent}i" agent LogFormat "%{Referer}i -> %U" referer LogFormat "%h %l %u %t \"%r\" %>s %b" common CustomLog logs/access_log combined LogMaint logs/access_log 7 0 LogMaint logs/error_log 7 0 ServerName CRYPTO:8090 MaxKeepAliveRequests 500 SetEnvIf "User-Agent" "Mozilla/2" nokeepalive SetEnvIf "User-Agent" "Mozilla/2" nokeepalive SetEnvIf "User-Agent" "JDK/1\.0" force-response-1.0 SetEnvIf "User-Agent" "Java/1\.0" force-response-1.0 SetEnvIf "User-Agent" "RealPlayer 4\.0" force-response-1.0 SetEnvIf "User-Agent" "MSIE 4\.0b2;" nokeepalive SetEnvIf "User-Agent" "MSIE 4\.0b2;" force-response-1.0 SSLEngine On SSLAppName CRYPTO_HTTP SSLCacheEnable SSLClientAuth Optional SetEnv HTTPS_PORT 9082 SetEnv QIBM_CGI_LIBRARY_LIST QTEMP;CRYPTO <Directory /QSYS.LIB/CRYPTO.LIB> Order Allow,Deny Allow From all Require valid-user UserID %%CLIENT%% PasswdFile %%SYSTEM%% AuthType Basic AuthType Basic AuthName "Enter User ID and Password" </Directory> <Directory /www/crypto/htdocs/> Order Allow,Deny Allow From all Require valid-user UserID %%CLIENT%% PasswdFile %%SYSTEM%% AuthType Basic AuthName "Enter User ID and Password" </Directory>NOTE:- You may need to add libraries to the QIBM_CGI_LIBRARY_LIST if you have placed Powertech Encryption for IBM i objects in libraries other than CRYPTO.
- If a non SSL version of the server is needed, then comment out the entries in the file that pertain to SSL.
- You may need to add libraries to the QIBM_CGI_LIBRARY_LIST if you have placed Powertech Encryption for IBM i objects in libraries other than CRYPTO.
- Now start the server using the following command:
STRTCPSVR SERVER(*HTTP) HTTPSVR(CRYPTO)
Copy an Existing Powertech Encryption for IBM i HTTP Server Instance
Use the following steps to copy an existing Powertech Encryption for IBM i HTTP server instance:
- At a command line, type “WRKLNK ‘/www’”, then press Enter.
- Type “5” in the option field in front of the ‘www’ directory, then press Enter.
- Position the cursor to HTTP server instance to be copied. Type “3” in the option field, then press F4 to prompt the Copy.
- In the ‘To object’ field, type ‘/www/’ followed by the name of the HTTP server instance to be created. (The full path and name will need to be in single quotes). Do NOT press Enter yet.
- Position to the ‘Directory subtree’ field and change the value to *ALL. This will cause all the subdirectories and files to be copied as well. Now press Enter.
NOTE: A message may be displayed to shows some of the objects were not copied. If the are log files, then this is not a problem, as they are not needed anyway.
- Position to the new HTTP server instance that has been copied. Type “5” in the option field, then press Enter.
- Type “5” in front of the ‘conf’ directory, then press Enter.
- Type “9” in front of the ‘httpd.conf’ file, then press Enter. Verify that the user QTMHHTTP has *R data authority. If not, then use option “2” to change it. Press Enter to exit from option “9”.
NOTE: If user profile QTMHHTTP does not have *R data authority, then the new server instance will not stay running when started.)
- Type “2” in front of the ‘httpd.conf’ file, then press Enter to bring up the configuration file in edit mode.
- Change “DocumentRoot” to refer to the new HTTP server instance name.
- Change “Listen” to use a different port than the original HTTP server instance.
- Change “ServerName” to refer to the new HTTP server instance name.
- Change “<Directory /www/xxxxxx/htdocs/>” where xxxxxx is the name of the old HTTP server instance and replace it with the new name.
- Press F3 twice to save and exit from the editor.
- At a command line, type “STRPDM”, then press Enter.
- Type option “3”, then press Enter.
- Type “QATMHINSTC” for file and “QUSRSYS” for library, then press Enter.
- Position to the name of the HTTP server instance to be copied. Type “3” in the option field, then press Enter.
- Position to the ‘New Name’ field and type the name of the new HTTP server instance, then press Enter.
- Position to the name of the new HTTP server instance, type “18” to edit using DFU, then press Enter.
- Type “1” for *RECNBR, <Field Exit>, then press Enter.
- Position to the name of the original HTTP server instance and change it to the new name. Press Enter, then F3, then Enter again. That completes the configuration.
- To start the new HTTP server instance, type the following command, replacing the yyyyyy with the new name, then press Enter:
STRTCPSVR *HTTP HTTPSVR(yyyyyy)