PidFile
directive. This file is used by most other
apachectl
commands to identify whether IHS is already running (start),
or to identify the currently running IHS process to operate on it (stop, restart).
The file is removed when IHS is stopped via apachectl or any platform-service specific
mechanism like Windows Services or the z/OS sample jobs, but not if the operating system is
abruptly stopped or the individual IHS processes are directly killed.
If you attempt to start IHS and a PidFile
already exists, it is replaced if its contents
do not match any running process. If its contents do match a running process ID, regardless
of what that process is, it requires a manual recovery (removal of PidFile
by the admin)
to recover. The server does not try to determine what kind of process matches the process
ID, because this is not something easily/portably done from the native runtime. Wrappers around
the apachectl script, or modifications to it, could probe with ps
in environments
where stale PidFiles
are a problem.
### What is the difference between WebSphere keep-alive settings and IHS keep-alive settings?
IHS keepalive settings affect connections between IHS and the web
client. WebSphere settings affect connections between the WebSphere
plug-in (running in IHS) and WebSphere. The connections are
independent and the settings are independent.
### When does KeepAliveTimeout period start, relative to sending the response to the previous request to the client?
Does it start counting when IHS sent a response back to the client,
or does the timeout period start when client ACKed the response?
It could be at either point, depending on the situation. IHS will
start measuring the KeepAliveTimeout as soon as it successfully queues
all of the previous HTTP response to the TCP layer. The operating
system TCP layer sits between IHS and the network (client). IHS isn't
aware of if or when the host OS can deliver the data or have it acknowledged.
If you are reading this answer, you may think that browsers care about the advertised
length of the timeout specified in the Keep-Alive response header. While this is true for the
connection pooling used by Java, for chrome-based browsers connections are eligible for reuse
for 5 minutes regardless of what Keep-Alive timeout is advertised in the Keep-Alive response
header. To avoid a race with chrome-based browsers, use a KeepAliveTimeout greater than 300
seconds.
### Can IBM HTTP Server serve files larger than 2GB?
IBM HTTP Server version | Platform | Can files larger than 2GB be served? |
---|---|---|
6.0.x, 6.1.x | Windows, HP-UX/ia64, Solaris/x64, z/OS (only provided for 6.1.x) | Yes |
6.0.x, 6.1.x | AIX, Linux, HP-UX/PA-RISC, Solaris/SPARC | No |
7.0.x and later | All Platforms | yes |
ps
.
Normal processes have just more than ThreadsPerChild number of threads, while processes trying to exit
usually only have several remaining threads.
* Linux: ps -A -o pid,ppid,cmd,nlwp,args | grep httpd
* AIX: ps -A -o pid,ppid,comm,thcount,args | grep httpd
* Run the GatherHangDoc
collector in ihsdiag. The report file
generate will annotate each thread and process to tell you if it's exiting, and what the threads are busy doing.
### How can I disable the HTTP TRACE method?
Refer to this document.
### How can I downgrade the server response to HTTP/1.0 for certain requests?
```apache
filename.html
when the browser requests filename?
The mod_negotiation
MultiViews feature can automatically select a file with
appropriate extension when the browser does not provide a file
extension.
```apache
LoadModule negotiation_module modules/mod_negotiation.so
...
allow
from
directive for
which is not working.
* The configured DocumentRoot directory isn't readable by the web
server user id (e.g., nobody). If this is the cause, the
error log will have a message like the following:
```apache
[Sat Mar 12 06:36:21 2005] [error] [client 127.0.0.1] (13)Permission denied: access to /server-status/ denied
```
### My request failed with status nnn. How do I find out why?
Generally speaking, requests can fail in one of the following
functional areas:
* IBM HTTP Server core features (e.g., access was denied, file was
not found, etc.)
* WebSphere plug-in (e.g., communication error occurred trying to
contact the application server)
* WebSphere Application Server (e.g., customer application returned
a failure due to database problem)
* third-party module loaded into IBM HTTP Server failed the request
(e.g., couldn't contact LDAP server)
Finding the root cause requires finding which functional area
failed the request.
* By default, mod\_status is loaded and 'ExtednedStatus ON' is set. Confirm your configuration supports it:
```apache
LoadModule status_module modules/mod_status.so
ExtendedStatus On
```
* Add the RH variable to the information logged in access
log:
```apache
LogFormat "%h %l %u %t \"%r\" %>s %b %{RH}e" common
```
* Recreate the request and check the access log for the failing component:
```apache
127.0.0.1 - - [23/Jan/2006:08:09:51 -0500] "GET /foo.html HTTP/1.1" 404 317 (core.c/404/handler)
127.0.0.1 - - [23/Jan/2006:08:10:45 -0500] "GET /testcount.jsp HTTP/1.1" 500 644 (mod_was_ap20_http.c/500/handler)
127.0.0.1 - - [23/Jan/2006:08:11:19 -0500] "GET /cgi-bin/printenv HTTP/1.1" 404 322 (mod_cgid.c/404/handler)
```
If the module name is... | This component failed to handle the request... |
---|---|
core.c | internal web server handling of static files |
mod_was_ap20_http.c | WebSphere plug-in |
mod_cgid.c | web server support for CGI scripts |
mod_sm.c | SiteMinder |
MaxClients
directive on Unix and Linux systems?
IBM HTTP Server 2.0 and above is essentially limited by the amount
of memory. You can configure up to 20,000 threads per child process,
and configure up to 20,000 child processes, for an overall limit of
400,000,000. However, the address space of an individual child
process may be exceeded with that many threads, and system memory may
be exceeded with that many child processes.
### What are the limitations of the ThreadLimit
directive on Windows systems?
IBM HTTP Server 2.0 and above on Windows has a built-in limit of
15,000 threads, but practical limits around 2500 or 5000 on 64-bit and
32-bit operating systems, respectively.
### How can I recompile IBM HTTP Server?
A customer cannot recompile or relink IBM HTTP Server.
If instructions for a third-party module mention recompiling the
web server for integration of the third-party module, consult with the
provider of that third-party module to find out how to load it into
the web server dynamically (using the LoadModule
directive).
If the customer requires that they be able to recompile or relink
the web server, we recommend using the Apache web server, for which a
plug-in is provided by WebSphere. The Apache web server is not
supported by IBM, but the customer will be able to use it with
WebSphere Application Server using the WebSphere plug-in.
### How can I use suexec with IBM HTTP Server?
example suexec implementation
### Can IHS be run in a chroot environment?
IHS running in a chroot environment is untested and unsupported. IHS support
cannot assist with the configuration of such an environment and may require
customer to reproduce defects in a traditional environment.
## Authentication / Authorization / Access Control FAQs
### Why does the web browser present an authentication prompt twice when loading the same page?
Watch out for redirections which make the web browser think it is
contacting a different web server. Here is an example of this type of
problem, where the web browser has to authenticate over non-SSL only
to find out that it has been redirected to an SSL port. The browser
assumes that it is a different server and will prompt again.
```apache
mod_headers
module.
* Decide if you want the semantics specified by the Strict-Transport-Security
* Decide how long you'd like browsers to cache this information
* Decide how you'd like sub-domains to be treated.
* Decide if this domain will consent to be listed in a preloaded HSTS list.
* Enable the mod_headers
module in your IHS configurationf file by making sure the LoadModule
directove for mod_headers is un-commented.
* Use the Header
directive in each SSL virtual host that requires a
HTTP Strict Transport Security policy
For the example below, do not copy and paste the directive verbatim without first
understanding HTTP Strict Transport Security.
```apache
Header always set Strict-Transport-Security "max-age=31536000; includeSubDomains; preload"
```
* Configure your non-SSL virtual hosts to redirect to their SSL counterparts:
```apache
# In each HTTP virtual host and once in the httpd.conf globally:
RewriteEngine on
RewriteRule ^/(.*) https://%{HTTP_HOST}/$1 [R,L]
```
### How can I add the client IP address to a request header??
In WebSphere, applications access the client IP address using the HTTPServletRequest API
and no configuration is needed. If you still want to copy the client IP into a request
header, here is one basic recipe that replaces any incoming X-Forwarded-For
header
with the clients IP address.
```apache
SetEnvIf Remote_Addr (.*) client-ip=$1
RequestHeader set X-Forwarded-For %{client-ip}e
```
### Can IBM HTTP Server set the X-Forwarded-User header from the logged in user?
Not directly, and copying it around is difficult due to the timing and interactions of multiple modules.
```apache
Header
directive takes an environment
variable which, if unset, prevents the header from being added. You can use
this in conjunction with the SetEnvIf
directive to set headers on
basic conditions. However, only one envvar is accepted, and there is no support
for logical expressions. This makes it somewhat difficult to add headers only
if two conditions are met.
One specific way to bypass this limitation is to look for another directive
that covers one of your conditions. For example, if you don't want to cache
requests for a specific directory from a specific browser, you can use the
LocationMatch
directive in conjunction with
SetEnvIf
:
```apache
RewriteRule
and
RewriteCond
directives. Be wary of using this trick in
conjunction with virtualhosts - they do not inherit the
RewriteRule
.
```apache
RewriteEngine on
RewriteCond %{HTTP_USER_AGENT} MSIE
RewriteCond %{REQUEST_URI} ^/dont/cache/
RewriteRule ^/ - [E=nocache:1]
Header set Cache-Control "no-cache" env=nocache
```
If neither of the above two works for your situation, the most general and
most verbose way is to construct a logical "and" expression from
SetEnvIf
directives:
```apache
\# We would use SetEnv here, but it always runs after SetEnvIf; just use a catch-all SetEnvIf instead
SetEnvIf Request_URI "^/" nocache_uri=0 nocache_browser=0 nocache=1
SetEnvIf Request_URI "^/dont/cache/" nocache_uri=1
SetEnvIf User-Agent MSIE nocache_browser=1
SetEnvIf nocache_uri "0" nocache=0
SetEnvIf nocache_browser "0" nocache=0
SetEnvIf nocache "1" set_nocache
Header set Cache-Control "no-cache" env=set_nocache
```
### Can IBM HTTP Server modify Cookie or other request header fields?
mod_headers
is provided and allows some limited request header modification. It
can:
* add an additional request header field
* remove an existing request header field
* append data to an existing request header field
No other manipulation is provided.
A custom plug-in module would have to be used if a different type
of manipulation is required within IBM HTTP Server, including removing
individual cookies from a Cookie header field.
## Logging FAQs
### How accurate is %t?
* When %t is used, fractional seconds are discarded (in other words,
rounded down to the last whole second). A cache is used to avoid
constant calls to localtime_r.
* When %{format}t is used, no cache in IHS is used, and any precision
available in the systems strftime() function can be used.
### How can I log a response header field such as Set-Cookie?
This is with the LogFormat directive. The format string to use is
"%{header-name}o", or "%{Set-Cookie}o".
Simple example for this existing access log configuration:
```apache
LogFormat "%h %l %u %t \"%r\" %>s %b" common
CustomLog logs/access_log common
```
Add "%{Set-Cookie}o" to the format string on the LogFormat directive,
resulting in:
```apache
LogFormat "%h %l %u %t \"%r\" %>s %b %{Set-Cookie}o" common
CustomLog logs/access_log common
```
(There may be a number of different LogFormat directives... the one of
interest is the one whose format name (e.g., "common") is actually
referenced on your CustomLog directive.)
### Can IBM HTTP Server write to log files over 2GB?
#### Web server writing directly to log files
In 7.0 and later, IHS and rotatelogs can both write log files
greater than 2GB.
### Are there tools to analyze IBM HTTP Server access logs?
IHS doesn't include any such tools, but there are numerous
third-party solutions for log file analysis. Search for "Apache log
file analyzer" using your favorite Internet search engine.
We are aware that some IHS customers are successfully using
Webalizer, a freely-distributed application available from
http://www.mrunix.net/webalizer/.
### How can I save mod_status page at intervals?
* It can be queried via any command-line HTTP client.
* If all you want is to know how many threads are busy and in what
state, see mod_mpmstats.
### How can I rotate (switch) log files?
#### Piped log programs
Refer to the Piped
Logs section of the documentation for more information. See also
common questions about rotatelogs.
#### Renaming log files and restarting
On linux and unix, an alternate method renames log files while the web server is running and
still writing to the old files then restarts the web server to open files under the normal name again.
Refer to the Log
Rotation section of the documentation for more information.
### What are these requests for file favicon.ico
in my logs?
Requests for favicon.ico are unavoidable. Internet Explorer and
some other browsers will blindly request favicon.ico in case the web
site has that file. You may have noticed that on some web sites, there
is a cute icon in the URL box on your web browser; favicon.ico from
that web site is the cute icon. Most web sides don't have that file,
so there will be a 404 in the web site's access log and the browser
will use the default icon.
The customer is not in control of whether or not the
browser issues that request. They can have their site designer
provide a favicon.ico file or they can ignore the entries in the
access log. We do not recommend that they filter out the entries from
the access log, because if there is ever a question of what requests
are hitting the server, then the access log wouldn't be able to answer
that question.
### How can I avoid writing access log records for images?
Set a variable called image-request when the request is
for certain filenames. Then, update the CustomLog directive to
indicate that requests should not be logged when the image-request
variable is set.
```apache
SetEnvIf Request_URI \.gif$ image-request
SetEnvIf Request_URI \.jpg$ image-request
# add another SetEnvIf directive for other file extensions to be skipped
CustomLog logs/access_log common env=!image-request
```
The mod_log_config
documentation has an example showing how to put image requests in one
access log and non-image requests in another access log.
### How do I determine which vhost is selected when the request is received?
Add an indication of the selected vhost to your access log format,
and then retry the testcase.
* Add SetEnv vhostname MAIN
to the main scope of
httpd.conf.
* Add SetEnv vhostname UNIQUE-NAME
to each
VirtualHost container. Make sure UNIQUE-NAME is unique for
each virtual host.
* Add the vhostname (%{vhostname}e
) to the access log
format.
* Add the target IP address (%A
) to the access log
format.
* Add the value of the ServerName
associated with the
virtual host which served the request (%v
) to the access
log format.
Example log format with these changes made:
```apache
LogFormat "%h %l %u %t \"%r\" %>s %b %A %v %{vhostname}e" common
```
Example setting of vhostname:
```apache
SetEnv vhostname MAIN
ServerName
value which were
logged can provide further hints.
### How can I log the TCP port a request was received on?
The format %{local}p can be logged in IHS 7.0 and later.
### Please explain the %D and %T access log formats.
#### What operations do these log formats measure?
These formats show the time to serve the request, from the time
that the web server reads the first line of the request from the
client to the time the web server processes the %D or %T format string
while logging the results of the request. This logging (and resolution of %D/%T) occurs after WebSphere Application Server has
written the entire response to the WebSphere Plugin, and the entire* response
has been queued to the TCP layer by IHS (*:see Special considerations below).
%D formats the time in microseconds and %T formats the time in seconds.
Special considerations:
* The time does not cover the interval where the new connection is
queued by the system TCP layer, before the web server begins
processing the connection. Ordinarily this interval is very
brief, and the web server will start processing the connection as soon
as the 3-way TCP handshake completes. But if no available web server
thread is available at the time the 3-way TCP handshake completes, the
uncounted time where the request is not being processed could be
considerable.
* The time does not cover the SSL handshake, which occurs before the
web server reads the first line of the request.
* If there is a subsequent request sent on the same TCP connection
before the entire response has been sent (pipelining), the
time may not cover the end of the last buffer of the response.
This is an optimization which results in higher network
utilization, but the logging of a request to access log, and thus the
calculation of response time, can occur prior to the last byte of the
response being transmitted.
* Even when there is no subsequent request, the response time only
covers the interval up through when all response bytes have been
passed to the TCP layer on the web server system. There may be
significant delays before the web client has read the entire response
from the TCP layer on the client system.
### Why do I sometimes see 0 for the %D access log value on Windows?
IHS on Windows uses a system call to obtain two timestamps, one
just after the request line is read and the second when the access
log entry is made. Although the Operating System returns a value that
has microsecond granularity, the timer is only updated once every OS
timer tick, that is, 64 times per second. Thus if IHS processes a
request in less than 15 milliseconds it is possible that 0 will be
logged for the time taken to serve the request.
## URL Rewriting
### mod_rewrite: a character in my new URL is being escaped as %nn. How can I avoid that?
This answer has been moved here.
### mod_rewrite: My rules are ignored. Nothing is written to the rewrite log.
This answer has been moved
here.
## Caching Questions
### Why do I only see 304 responses when I hit the application server directly?
* Some browsers send Cache-Control: max-age=0
when you request resources via IHS because an untrusted certificate is presented.
* Some third-party modules, like Siteminder, might strip out If-Modified-Since request headers when loaded, preventing
304 responses (see 'preserveHeaders AllowCacheHeaders siteminder' on a web search).
### How can mod_cache purge a cache entry at runtime?
If a request arrives with the header max-age=0
Cache-Control header,
mod_cache will refresh the cache entry. It is not safe to call htcacheclean
with a running server.
### Can mod_expires be used with the WAS Plugin?
Yes, both ExpiresDefault
and ExpiresByType
can add
expiration data to requests served by the WAS Plugin. Generally, we expect the
generator of the content (the customer's application) to set these headers
intelligently, because IHS as a gateway is taking a wild guess as to how long
a response remains cacheable.
Note that if the application does set the Expires header, mod_expires will
not override it.
### Can RequestHeader rewrite request headers before the WAS Plugin sees them?
Yes
### Can mod_deflates INFLATE filter compress a request before the WAS Plugin forwards it?
No, because the size of the body will be transformed, and the WAS plugin will
have sent the size to WAS before mod_deflate can change it.
### How can I disable caching in Internet Explorer?
Use mod_headers with the following configuration:
```apache
Header set Pragma "no-cache"
Header set Cache-Control "no-cache"
Header set Expires "-1"
```
If you don't want every resource on your webserver to be uncacheable, you have to determine which resources the rules should apply to and add them to a more specific configuration section:
* If you want this to apply to specific types of content served locally from IBM HTTP Server, surround this with containers
such as LogFormat
directive that is in use by your CustomLog
directives:
```apache
%{Pragma}o %{Expires}o %{Cache-Control}o
````
Other alternatives include wireshark, mod_net_trace, or the Web Browser developer tools.
### How can I tell if mod_cache is working?
UPDATE: You can log a cache miss by using SetEnv CACHE_MISS 1
and adding %{CACHE_MISS}e
in your LogFormat
directive. Modules such as mod_env are skipped when a response is served from the cache,
so the CACHE_MISS environment variable can only be set when the cache is not used.
If you are logging the Request Handler you will see the request handler change from the content generator
(mod_cgid, mod_proxy_http, mod_was_ap20_http, mod_core) to an empty value. Under some circumstances this will happen on the third, not the second, request for cacheable content.
Alternatively with LogLevel debug set, the following message is issued when mod_cache has served the request:
cache: serving /foo
Finally, if the "Age" header isn't being set by the content generator
or some intermediate cache/proxy, the presence of the Age header in
the response indicates that the file is being served from the cache.
You can log the outgoing Age: header in the access log by adding
%{Age}o to your LogFormat directive.
### How does mod_cache interact with the WebSphere Plugin?
mod_cache can cache content generated by the WebSphere Plugin if it has the appropriate HTTP headers in the response,
however this cache does not interact with the Plugin ESI cache. When mod_cache is cacheing content generated
by the WebSphere Plugin you will not see evidence of the WebSphere Plugin being called for the cached request.
### What content is cacheable?
See sections 13 of RFC2616, notably the presence of the E-Tag, Last-Modified, or Expires headers
### Why do I see duplicate content added to mod_mem_cache?
IHS creates up to MaxClients / ThreadsPerChild child processes, and each maintains its own memory cache. The default httpd.conf is poorly tuned for mod_mem_cache, because it uses a low value for both ThreadsPerchild and MaxSpareServers. Using many child processes, or a variable number, will decrease the cache hit ratio.
#### Tuning suggestions for mod_mem_cache
* High ThreadsPerChild allows the cache to be duplicated across fewer child processes and increases cache hit percentage.
* MaxRequestsPerChild 0 (default) prevents graceful child termination, which throws away anything in a child processes cache.
* MaxSpareThreads = MaxClients prevents graceful child termination, which throws away anything in a child processes cache.
See IBM HTTP Server Performance Tuning for details on adjusting ThreadsPerChild.
### Why don't some static files have a Last-Modified header?
URLs configured for mod_include (Server-Side Includes) do not include a Last-Modified header,
because the ultimate response is not necessarily related to the modification of the time passing
through the INCLUDES filter.
## Java questions
### Can the bundled Java be removed from IHS?
Installs of IHS and the WAS Plug-in using IBM Installation Manager contain an
embedded/bundled IBM Java. This java is NOT used at runtime, but is used for
several other purposes:
1. To run Ikeyman and gskcmd and scripts such as versionInfo.{sh|bat}
2. For actions driven after installing/uninstalling fixpacks
While removing or replacing the bundled IBM java has no affect on the runtimes, applying maintenance in this configuration is neither tested
nor supported. An alternative to manipulating the IBM Installation Manager based installation is to use the IHS Archive Install documented
[here](https://www.ibm.com/docs/en/ibm-http-server/9.0.5?topic=server-installing-configuring-http-from-archive) which contains no bundled
IBM Java runtime.
### How does Java SDK maintenance work in IHS?
* In V7, WASSDK fixpacks must be used to update the bundled Java. Java is never updated by an IHS fixpack.
* In V8 and later, Java updates come with most IHS fixpacks, and WASSDK interim fixes can be used to upgrade
java in advance of a fixpack.
* In V9 and later, the JDK is once again separately updateable, directly with IIM maintenance from the JDK team. It does
not follow IHS/WAS schedules.
### Can the bundled Java 6 in IHS/Plug-in V8 be replaced/updated with Java 7 or 8?
* Prior to 8.5.5.11, Java 6 was the only JDK available with these installables.
* _Fixpack installs_ at 8.5.5.11 and later warn about upcoming EOL for Java 6 .
* _Full intstalls_ of 8.5.5.11 and later bundle Java 8 instead.
* 8.5.5.14 (and later) forcibly updates the embedded Java to Java 8 (even for fixpack installs).
## Misc. questions that don't fit anywhere else
### How much memory does IHS need?
This will vary based on configuration and workload, but IBM HTTP Server
uses very little memory. A configuration with SSL and 40 concurrent requests
was measured to use less than 100MB of resident memory. apache.org's webserver
uses only around 1GB of memory.
### How high can I set LimitRequestFieldSize?
Performance-wise, as high as you want; the server will only allocate as much memory while reading the header as it needs to.
However, if you can estimate the largest header you're likely to
receive, you might want to just set LimitRequestFieldSize somewhat
larger than that, rather than to some really huge value. That will
offer some protection in case a garbage request comes in that looks
like it has a really long header, keeping the server from continuing
to read and allocate memory and maybe running out.
### Why does IHS ignore LimitRequestFieldSize?
`VirtualHost`s will inherit the current value of `LimitRequestFieldSize` when reading the configuration. This means that
if `LimitRequestFieldSize` is set below a vhost configuration, the vhost will not inherit the new value.
Move the `LimitRequestFieldSize` directive to be above any vhosts config stanzas that you want to use the new value.
### Does IHS support NTLM or Kerberos?
For the Windows platform, this may also be known by other terms such as 'Integrated Windows Authentication' (IWA),
'Windows Integrated Authentication', 'Windows Authentication', or 'Windows NT Challenge/Response authentication'.
No support is provided for these authentication protocols in IBM HTTP Server. Customers requiring this functionality
should configure the corresponding technologies in the application server (e.g. SPNEGO TAI).
### How do I turn off automatic directory listings?
By default, if IHS maps a request to a directory name rather than a filename
(e.g. /var/htdocs/images) and there's not
an
index.html
file in the directory, IHS will return an
HTML page listing the files in that directory. You might wish to
disable this as a security measure.
Directory listings are generated by the
mod_autoindex
module. To disable all directory listings, you can remove
the Loadmodule line for mod_autoindex and any
occurrences of configuration directives that mod_autoindex
implements (see
the mod_autoindex
documentation).
If mod_autoindex is loaded, whether a directory listing
will be generated for a particular request is configured using
the Options
directive.
To disable directory listings for a specific directory and its subdirectories, turn off the Indexes option in that directory:
```apache
install_ihs
command creates a separate
directory for each instance without creating another copy of the
product.
#### Operational requirements
These are the minimal requirements that allow multiple web server
instances to run from the same installation directory.
##### configuration files
A different main configuration file (normally httpd.conf) is needed
for each instance. Common directives can be stored in common files
and included from the different main configuration files.
##### ports
A combination of listen port and listen IP address cannot be used
by more than one instance. This is primarily configured with the
Listen
directive, but interfaces and ports may also
show up in other directives (VirtualHost
, Redirect
...)
##### log and other special files
Anything normally stored in the
install_root/logs
directory cannot be shared
between instances. So each instance must have unique values for these
directives:
* PidFile (applicable to all configurations)
* ErrorLog (applicable to all configurations)
* CustomLog (applicable to all configurations)
* SSLCachePortFilename (applicable to all non-Windows configurations with SSL enabled)
* SSLCachePath (applicable when ALL of the conditions below are true)
* Platform is not Windows.
* SSL is enabled.
* SSLCacheDisable
directive is not configured.
* bin/apachectl
has been modified to specify a different
-d
flag, or bin/apachectl
is launched
with an explicit -d
flag.
* The directory specified by the -d
flag does not
contain the file bin/sidd
.
##### starting and stopping
* On Unix systems, you ultimately have to pass the -f parameter to apachectl to select your alternate
configuration file. It's simplest to wrap apachectl with a short shell script that always passes all arguments
but sets the customized -f parameter.
* On Windows systems, where IHS is typically started as a service, you must create one service
per instance. The configuration file (-f parameter) is specified at service creation time
and remembered when the named service is started.
Service install/create
```apache
cd \install_dir
bin\Apache.exe -f conf/this_instance.conf -k install -n IHS6-this_instance
```
Service start (pick one)
* net start IHS6-this_instance
* install_dir\bin\Apache.exe -k start -n IHS6-this_instance
* Find IHS6-this_instance in the Microsoft Windows "services" GUI.
#### Functional requirements
The functional requirements are the configuration differences which
make different web server instances behave differently, and are in
addition to the operational requirements above. You may wish to have
different plug-in configuration files for the different instances
(WebSpherePluginConfig), or serve different static files for the
different instances (DocumentRoot). Different ports or IP addresses
will be used for the different instances.
### AIX: Can xlC.rte V7 be used?
IBM HTTP Server readmes and supporting software lists typically
specify that xlC.rte 6.0 or higher must be used on AIX V5. xlC.rte V7
is upwardly compatible and can also be used. The specific V7 xlC.rte
that has been tested with IBM HTTP Server is xlC.rte 7.0.0.1.
### LoadModule order - When/why is it important?
#### LoadModule order in IBM HTTP Server 2.0 and above
The Apache 2.0 API allows modules to implement one or more hooks
to perform initialization or request processing. Here are a few of
the hooks which modules can implement:
* post-read-request (run as soon as the client request has been
read)
* validate user id from request
* determine MIME type
* generate the response
* log the transaction
Occasionally, there are requirements that one module's hook runs
before another module's hook. The Apache 2.0 module API allows
modules to indicate, for each request processing phase, whether the
module should be called first or last, or before or after another
specific module. The hook order is defined separately for each hook.
For example, a module could indicate that its transaction logger has
to run before the transaction logger of other modules, and that its
validate-user-id hook must run before that of mod_auth.
When modules don't have specific requirements, or when modules
declare when they should run relative to other modules, the LoadModule
order is not important. In fact, the LoadModule order can almost
always be ignored with IBM HTTP Server 2.0 or above.
When modules have specific requirements for the order in which they
run, but they fail to use the proper API to declare the required order
to the web server, the user may be able to
work-around problems by reversing the LoadModule order. There is no
clear rule for the specific order of the LoadModule directives for
module A and module B in order to make module A's hooks run before
those of module B's. On some platforms the LoadModule for module A
must come first; on other platforms, the LoadModule for module B must
come first. There is no guarantee that reversing the LoadModule
directives is a permanent change. If the system qsort()
implementation in libc changes with system software maintenance or
other changes are made to the configuration file, the LoadModule
directive might have to be reversed again.
### AIX: Why am I unable to unmount filesystem containing files served by IHS (affects HACMP environments)? (IHS 2.0 and above)
IHS 2.0 on AIX normally serves files using the
send_file()
API. This results in the files being stored
in
the AIX Network Buffer Cache. This leaves the files open as long as
they are in the cache, preventing the underlying filesystem from being
cleanly unmounted.
To clear files from the cache and unmount the filesystem:
* set the size of the network buffer cache to zero temporarily to
clear the cache
The old cache size can be displayed by no -o nbc_limit
.
The cache size can be set to zero by no -o nbc_limit=0
.
* unmount the filesystem
* restore the previous cache size
```apache
no -o nbc_limit=old_value
```
An important IHS configuration directive which relates to this
the EnableSendfile
directive. By setting
EnableSendfile Off
in the IHS configuration file, IHS
won't use the AIX send_file() API, and thus static files served by
IHS won't possibly be added to the network buffer cache.
In newer IHS sample configuration files
(starting with PQ85834), send_file() is disabled by default to
eliminate the possibility that customers may encounter occasional
sendfile nuances unless they choose to actually use it.
IHS itself is not aware of which objects are in the network buffer
cache and can't remove such objects. Subject to the constraints of
the network buffer cache (smallest/largest cacheable object, total
size), objects (files) are sometimes added to the cache by the AIX
kernel as a side-effect of IHS invoking the AIX send_file() API.
An infrequently used IHS module for AIX is the AFPA cache module. It
also interacts with the network buffer cache and should be disabled if
the customer does not wish to empty the network buffer cache prior to
unmounting a filesystem containing files which were cached.
### What about MPM selection and prefork vs. worker? (IHS 2.0 and above)
IBM HTTP Server 2.0 and above uses the worker MPM on Unix and
Linux systems, and it cannot be replaced. Any information about
Apache that suggests recompiling the web server for a different MPM
does not apply to IHS, as the MPM is pre-selected and IHS cannot be
recompiled by customers.
In other words, *the prefork MPM cannot be used with IBM
HTTP Server*.
IHS 9.0 and later includes both Event and Worker on Linux. They are dynamically loadable.
IHS 8.5 and later on z/OS includes the Event MPM on z/OS.
### Why can't root install GSKit on Solaris?
There are multiple causes for this symptom.
* `cannot open: pkgadd: ERROR: checkinstall script did not complete successfully`
* The IHS server root, or some parent of it, is not world-executable (searchable).
Solaris runs a packages scripts as the "noaccess" user, and needs to be able to
search all directories between the root of the filesystem and the IHS server root.
* `pkgadd: ERROR: checkinstall script did not complete successfully Installation of Cluster res "IBM HTTP Server 6.1" /priv startupparameters=""
Any direct support for the MSCS environment by IBM HTTP Server would be a new requirement.
### IM: Do I need to uninstall interim fixes before applying fixpack maintenance?
Interim fixes do not need to be uninstalled prior to applying fixpack
maintenance. The IBM Installation Manager will display a warning at the top of
the window if it will uninstall any interim fixes. The warning that is
displayed below:
![](ifix-removal-warning.png)
Example: Applying an interim fix for PI31516 on versions 8.5.5.2 - 8.5.5.5
There are two interim fixes for PI31516:
* 8.5.5.2-WS-WASIHS-MultiOS-IFPI31516: covers IHS fixpacks 8.5.5.2 and 8.5.5.3
* 8.5.5.4-WS-WASIHS-MultiOS-IFPI31516: covers IHS fixpacks 8.5.5.4
The fix for PI31516 also went into IHS fixpack 8.5.5.5.
Scenario | User Action |
---|---|
Installing the iFix on 8.5.5.2 and then upgrading to 8.5.5.3 | iFix was automatically reinstalled; no action needed |
Installing the iFix on 8.5.5.3 and then upgrading to 8.5.5.4 | iFix was uninstalled; iFix needs to be applied again |
Installing the iFix on 8.5.5.4 and then upgrading to 8.5.5.5 | iFix was uninstalled; no action needed since fix is available in 8.5.5.5 |