magnus.conf in the server-id/config directory to establish a set of global variable settings that affect the server's behavior and configuration.
Each directive in magnus.conf specifies a variable and a value, for example:
ServerID https-boots.mcom.comThe order of the directives is not important. This appendix lists the global settings that can be specified in
ServerName boots.mcom.com
Address 123.45.67.89
magnus.conf in Enterprise Server 3.x and iPlanet Web Server 4.x.
The categories are:
In iPlanet Web Server 4.x, much of the functionality of the file cache is controlled by a new configuration file callednsfc.conf. For information aboutnsfc.conf, see the tuning chapter in the iPlanet Web Server Administrator's Guide.
magnus.conf that specify information about the server. They are:
Port directive determines which TCP port the server listens to. There should be only one Port directive in magnus.conf.
Unix: If you choose a port number less than 1024, the server must be started as root.
Note: The port you choose can affect how users configure their navigators. Users must specify the port number when accessing the server if the port number is anything other than 80 (unsecured servers) or 443 (secured servers).
Portnumber
number is a whole number between 0 and 65535.
If no port is specified, the server assumes 80.
Port 80
Port 8080
Port 8000 (Unix only)
https-boots.mcom.com.
ServerName directive tells the server what to put in the host name section of any URLs it sends to the client. This affects URLs the server automatically generates; it doesn't affect the URLs for directories and files stored in the server. This name is what all clients use to access the server; they need to combine this name with the port number if the port number is anything other than 80.
This name should be the alias name if your server uses an alias. You can't have more than one ServerName directive in magnus.conf.
ServerNamehost
hostis a fully qualified domain name such asmyhost.netscape.com.
IfServerNameisn't inmagnus.conf, the server attempts to derive a host name through system calls. If they don't return a qualified domain name (for example, it getsmyhostinstead ofmyhost.netscape.com), the server won't start, and you'll get a message telling you to manually set this value.
ServerName server.netscape.com
ServerName www.server.anycompany.com
ServerName www.agency.gov
#. Do not change this directive. If you do, the Server Manager may not function properly.
#ServerRootpath
#ServerRoot d:/netscape/server4/https-boots.mcom.com
User directive specifies the user account the server runs with. By using a specific user account (other than LocalSystem), you can restrict or enable system features for the server. For example, you can use a user account that can mount files from another machine.
Unix: The User directive specifies the Unix user account for the server. If the server is started by the superuser or root user, the server binds to the Port you specify and then switches its user ID to the user account specified with the User directive. This directive is ignored if the server isn't started as root. The user account you specify should have read permission to the server's root and subdirectories. The user account should have write access to the logs directory and execute permissions to any CGI programs. The user account should not have write access to the configuration files. This ensures that in the unlikely event that someone compromises the server, they won't be able to change configuration files and gain broader access to your machine. Although you can use the nobody user, it isn't recommended.
Username
name is the 8-character (or less) login name for the user account.
If there is no User directive, the server runs with the user account it was started
with.
User http
User server
User nobody
IP, docroot pair.
magnus.conf that provide information about the object configuration file that instructs the server how to handle requests. These directives are:
LoadObjects directive specifies one or more object configuration files to use on startup, most notably obj.conf, which contains instructions that tell the server how to handle requests from clients.
Note: Although you can have more than one object configuration file, the Server Manager interface works on only one file and assumes that it is the fileobj.confin theconfigdirectory in the server root directory. If you use the Server Manger interface, don't put theobj.conffile in any other directory and don't rename it.
LoadObjectsfilename
The filename is either the full path name or a relative path name.
Unix: When the server starts executing, relative path names are resolved from the directory specified with the-dcommand lien flag. If no-dflag was given, the server looks in the current directory.
There is no default. Make sure that yourmagnus.confloads theobj.confobject, otherwise your server will not be able to process requests from clients.
LoadObjects obj.conf
Unix:
LoadObjects /var/ns-server/admin/config/local-objs.conf
RootObject directive tells the server which object loaded from an object file is the server default. The default object is expected to have all the name translation directives for the server; any server behavior that is configured in the default object affects the entire server.
If you specify an object that doesn't exist, the server doesn't report an error until a client tries to retrieve a document. The Server Manager assumes the default to be the object named default. Don't deviate from this convention if you use (or plan to use) the Server Manager.
RootObjectname
The name is the name of an object defined in one of the object files loaded
with a LoadObjects directive.
There is no default; that is, if you specify RootObject, you must specify a name with it.
RootObject default
magnus.conf related to language issues. The directives are:
on, the server parses this header and sends an appropriate language version based on which language the client can accept. You should set this value to on only if the server supports multiple languages.
When this directive is set to on, the accelerator cache is disabled since it does not use AcceptLanguage in its cache keys.
The default value is off.
en (English), fr (French), de (German) or ja (Japanese).
en (English), fr (French), de (German) or ja (Japanese).
en (English), fr (French), de (German) or ja (Japanese).
magnus.conf that affect DNS lookup. The directives are:
on or off. If DNS is enabled, enabling asynchronous DNS improves server performance.
DNS directive specifies whether the server performs DNS lookups on clients that access the server. When a client connects to your server, the server knows the client's IP address but not its host name (for example, it knows the client as 198.95.251.30, rather than its host name www.a.com). The server will resolve the client's IP address into a host name for operations like access control, CGI, error reporting, and access logging.
If your server responds to many requests per day, you might want (or need) to stop host name resolution; doing so can reduce the load on the DNS or NIS server.
DNS [on|off]
DNS host name resolution is on as a default.
DNS on
magnus.conf that affect the number and timeout of threads, processes, and connections. They are:
KeepAliveTimeout.
KernelThreads to on, you ensure that the server uses only kernel-level threads, not user-level threads.
200
MaxProcs in your magnus.conf file, the server defaults to running a single process.
There is additional discussion of this and other server configuration and performance tuning issues in the "Configuring the Server for Performance" chapter in the iPlanet Web Server Administrator's Guideon, the server checks the whether the minimum number of threads are available at a socket (as specified by RqThrottleMinPerSocket) after accepting a connection but before sending the response to the request. Use this directive when the server will be handling requests that take a long time to handle, such as those that do long database connections.
512
StrictHttpHeaders [on|off]
Strict HTTP header checking is off by default.
NSCP_POOL_STACKSIZE, NSCP_POOL_THREADMAX, and NSCP_POOL_WORKQUEUEMAX.
If you have set these values as environment variables and also in magnus.conf, the environment variable values will take precedence.
The native pool on Unix is normally not engaged, as all threads are OS-level threads. Using native pools on Unix may introduce a small performance overhead as they'll require an additional context switch; however, they can be used to localize the jvm.stickyAttach effect or for other purposes, such as resource control and management or to emulate single-threaded behavior for plug-ins (by setting maxThreads=1).
On Windows NT, the default native pool is always being used and iPlanet Web Server uses fibers (user-scheduled threads) for initial request processing. Using custom additional pools on Windows NT introduces no additional overhead.
The directives are:
128
1
magnus.conf that affect requests for CGI programs. The directives are:
CGIExpirationTimeout should not be set too low - 5 minutes would be a good value for most interactive CGIs; but if you have CGIs that are expected to take longer without misbehaving, then you should set it to the maximum duration you expect a CGI program to run normally.
Note that on Windows NT platforms init-cgi time-out does not work, so you must use CGIExpirationTimeout.
CGIWaitPid is set to on, the action for the SIGCHLD signal is the system default action for the signal. If a NSAPI plugin fork/execs a child process, it should call waitpid with its child process pid when CGIWaitPid is enabled to avoid leaving "defunct" processes when its child process terminates. When CGIWaitPid is enabled, the SHTML engine waits explicitly on its exec cmd child processes. Note that this directive has no effect on CGI.
magnus.conf that affect error logging and the collection of server statistics. They are:
on or off. If the value is off, SNMP statistic collection will not work.
ErrorLog directive specifies the directory where the server logs its errors. If errors are reported to a file, then the file and directory in which the log is kept must be writable by whatever user account the server runs as.
Unix: You can also use the syslog facility.
ErrorLoglogfile
The logfile can be either a full path or file name.
On Unix systems, it can be the keyword SYSLOG (it must be in all capital
letters).
There is no default error log.
Windows NT:
ErrorLog C:\Netscape\ns-home\Logs\Errors
Unix:
ErrorLog /var/ns-server/logs/errors
ErrorLog SYSLOG
on, the server logs all server messages including those that are not logged by default (such as WAI initialization messages).
PidLog specifies a file in which to record the process ID (pid) of the base server process. Some of the server support programs assume that this log is in the server root, in logs/pid.
To shut down your server, kill the base server process listed in the pid log file by using a -TERM signal. To tell your server to reread its configuration files and reopen its log files, use kill with the -HUP signal.
If the PidLog file isn't writable by the user account that the server uses, the server does not log its process ID anywhere. The server won't start if it can't log the process ID.
PidLogfile
The file is the full path name and file name where the process ID is stored.
There is no default.
PidLog /var/ns-server/logs/pid
PidLog /tmp/ns-server.pid
ACLFile directive specifies an ACL (Access Control List) definition file--a text file that normally resides in the httpacl directory. Multiple ACLFile directives can appear in the magnus.conf file. The server reads all the ACL definitions in all the specified ACL definition files when it starts up. Each ACL file must have a unique name.
Usually the value of ACLFile is generated.https-servername.acl, and it resides in the httpacl directory of the server installation directory.
ACLFilename
The name is the name of an ACL definition file.
ACLFile d:/netscape/server4/httpacl/generated.https-
boots.mcom.com.acl
magnus.conf that affect server access and security issues for iPlanet Web Server. They are:
Chroot directive lets the Unix system administrator place the server under a constraint such that it has access only to files in a given directory, termed the "Chroot directory". This is useful if the server's security is ever compromised. For example, if an intruder somehow obtains shell access on the server machine, the intruder could only affect a very limited set of files on the server machine.
The server must be started as the superuser to use the Chroot directive. CGI programs must be linked statically, and any binaries (perl or /bin/sh) must be copied to the Chroot directory.
The user public information directory feature isn't available unless a copy of /etc/passwd is kept in the Chroot directory and all of the users home directories are exactly mirrored within the Chroot directory.
A server using Chroot can't be restarted with the -HUP signal.
Logs and server configuration files should be kept outside the Chroot directory.
All paths inmagnus.confmust be absolute; paths inobj.confmust be relative to the Chroot directory.
Chrootdirectory
The directory is the full path name to the directory used as the server's root directory.
There is no default. You must specify a directory.
Chroot /d/ns-httpd
Chroot /www
Ciphers directive specifies the ciphers enabled for your server.
Ciphers +rc4 +rc4export -rc2 -rc2export +idea +des +desede3
A + means the cipher is active, and a - means the cipher is inactive.
Valid ciphers arerc4,rc4export,rc2,rc2export,idea,des,desede3. Any cipher withexportas port of its name is not stronger than 40 bits.
Security directive tells the server whether encryption (Secure Sockets Layer version 2 or version 3 or both) is enabled or disabled.
If Security is set to on, and both SSL2 and SSL3 are enabled, then the server tries SSL3 encryption first. If that fails, the server tries SSL2 encryption.
Security [on|off]
By default, security is off.
Security off
ServerCert directive specifies where the certificate file is located.
ServerCertcertfile
The certfile is the server's certificate file, specified as a relative path from the server root or as an absolute path.
ServerKey directive tells the server where the key file is located.
The keyfile is the server's key file, specified as a relative path from the server root or as an absolute path.ServerKeykeyfile
If the number is 0, the default value, which is 10000, is used.SSLCacheEntriesnumber
SSLClientAuth directive causes SSL3 client authentication on all requests.
SSL3ClientAuth on|off
on directs that SSL3 client authentication be performed on every request,
independent of ACL-based access control.
SSLSessionTimeout directive controls SSL2 session caching.
SSLSessionTimeoutseconds
The seconds value is the number of seconds until a cached SSL2 session
becomes invalid. The default value is 100. If the SSLSessionTimeout directive
is specified, the value of seconds is silently constrained to be between 5 and
100 seconds.
SSL2 directive tells the server whether Secure Sockets Layer, version 2 encryption is enabled or disabled. The Security directive dominates the SSL2 directive; if SSL2 encryption is enabled but the Security directive is set to off, then it is as though SSL2 were disabled.
SSL2 [on|off]
By default, security is off.
SSL2 off
SSL3 directive tells the server whether Secure Sockets Layer, version 3 security is enabled or disabled. The Security directive dominates the SSL3 directive; if SSL3 security is enabled but the Security directive is set to off, then it is as though SSL3 were disabled.
SSL3 [on|off]
By default, security is off.
SSL3 off
SSL3Ciphers directive specifies the SSL3 ciphers enabled for your server.
SSL3Ciphers +rc4 +rc4export -rc2 -rc2export +idea +des +desede3
A + means the cipher is active, and a - means the cipher is inactive.
Valid ciphers arersa_rc4_128_md5,rsa3des_sha,rsa_des_sha,rsa_rc4_40_md5,rsa_rc2_40_md5, andrsa_null_md5. Any cipher with40as part of its name is 40 bits.
SSL3SessionTimeout directive controls SSL3 session caching.
SSL3SessionTimeoutseconds
The seconds value is the number of seconds until a cached SSL3 session
becomes invalid. The default value is 86400 (24 hours). If the
SSL3SessionTimeout directive is specified, the value of seconds is silently
constrained to be between 5 and 86400 seconds.
UseOutputStreamSize directive determines the default output stream buffer size for the net_read and netbuf_grab NSAPI functions.
UseOutputStreamSizesize
The size value is the number of bytes. The default value is 8192.
flushTimer value for an application, further buffering is disabled. This is necessary for status monitoring CGI applications that run continuously and generate periodic status update reports.
flushTimermilliseconds
The milliseconds value is the maximum number of milliseconds between write operations in which buffering is enabled. The default value is 3000 (3 seconds).
ChunkedRequestBufferSize directive determines the default buffer size for "un-chunking" request data.
ChunkedRequestBufferSizesize
The size value is the number of bytes. The default value is 8192.
ChunkedRequestTimeout directive determines the default timeout for "un-chunking" request data.
ChunkedRequestTimeoutseconds
The seconds value is the number of seconds. The default value is 60 (1 minute).
magnus.conf.
System_fopenWA() and System_fopenRW() to open files in different modes. Valid values for this directive are standard UNIX umask values.
For more information on these functions, see system_fopenWA and system_fopenRW in Chapter 5, "NSAPI Function Reference."
Last Updated: 03/01/00 09:22:21
© Copyright © 2000 Sun Microsystems, Inc. Some preexisting portions Copyright © 2000 Netscape Communications Corp. All rights reserved.