|4.1VMS Server Account|
|4.2VMS Scripting Account|
|4.3Account Support Files|
|4.5.1WASD Name Table|
The HTTP server account should be a standard account, preferably in a group of its own (definitely at least a non-system, non-user group), with sufficient quotas to handle the expected traffic.
Symptoms of insufficient process quotas include:
A general rule is more is better, after all, it will only use as much as it needs! To assist with setting a reasonable BYTLM quota the WATCH report (see WATCH Facility of WASD Features and Facilities) provides some feedback on server BYTLM usage.
Later versions of TCP/IP Services for OpenVMS seem to have large default values for socket send and receive buffers. MultiNet and TCPware are reported to improve transfer of large responses by increasing low default values for send buffer size. The WASD global configuration directives [SocketSizeRcvBuf] and [SocketSizeSndBuf] allow default values to be adjusted. WATCH can be used to report network connection buffer values.
The following provides a guide to the account.
The following provides a guide to the account.
Two server executables can be built by the package.
As the HTTP$SERVER account should be completely unprivileged, and the HTTPd image requires ALTPRI, CMKRNL, DETACH, NETMBX, TMPMBX, PRMGBL, PRMMBX, PSWAPM, SECURITY, SHMEM (VAX only), SYSGBL, SYSLCK, SYSNAM, SYSPRV and WORLD privileges (see the WASD_ROOT:[SRC.HTTPD]READMORE.TXT) document for a description of how and why the server uses these privileges).
It is installed using a command similar to the following:
Putting all this together the HTTP server startup procedure becomes something similar to the supplied example. It should be called from SYSTARTUP_VMS.COM or the site's equivalent.
This procedure will support simple and quite complex sites. It works closely with STARTUP_SERVER.COM (see below). It is designed to accept parameters from the command-line or as pre-assigned symbols. Operating this way requires no modifications to the procedure itself. Startup characteristics are essentially determined by DCL symbol values. Some symbols are booleans, switching functionality off and on, others require string values. When relevant startup values are not assigned a reasonable default will be applied. See the following examples.
Startup characteristics can be determined by supplying symbol assignment values as command-line parameters when calling the procedure.
Startup characteristics can also be determined by assigning the symbol values before calling the procedure itself.
On VAX platforms prior to VMS V6.2 the startup uses a system batch queue. By default SYS$BATCH is used. An alternate queue can be specified.
Check the procedure itself for detail on symbol names and functionality. See WASD_ROOT:[EXAMPLE]STARTUP.COM
This file is automatically executed by the STARTUP.COM procedure immediately before the server is actually started. It is provided to supply all the local site's additional startup requirements. For example, a STARTUP.COM defined logical name could be modified here before the server proper is actually started. See WASD_ROOT:[EXAMPLE]STARTUP_LOCAL.COM
This procedure serves two purposes.
It is recommended to pass server startup command-line parameters using the WASD_SERVER_STARTUP logical name that this procedure checks for and uses if present. If this is defined the contents are applied to the server image when executed. It can be explicitly defined before WASD startup.
The value can also be passed to the main startup procedure in a symbol. The startup procedure then defines a system logical name with that value (note that any quotes used must be escaped).
It can also be manually redefined at any time and the server restarted to apply different startup parameters to the running server.
Various accounting, cache and other shared data used by the server is provided by shared global memory. These requires one permananet global section (SYSGEN parameter GBLSECTIONS) and a number of permanent global pages (SYSGEN parameter GBLPAGES) per item. The number of items varies depending on configuration.
|Accounting||Accumulates various data provided to the Server Administration Statistics report and the HTTPMON utility||required|
|Activity||Provides data to the Server Administration Activity Report graph||required|
|Authentication||When multiple WASD Instances are configured provides a shared authentication cache||optional|
|Proxy Verification||When multiple WASD Instances are configured provides an shared proxy verification cache||optional|
|SSL Session Cache||When SSL is used and multiple WASD Instances are configured provides a shared SSL session cache||optional|
If there are insufficient global sections or pages the server will fail to start for all requirements except the activity statistics, this will just be disabled. Server process log startup messages advise on current usage.
As permanent, system-accessible global sections are deployed it may be necessary to explicitly delete them after ad hoc server experimentation, etc. (4.6 Server Startup). The startup qualifier /GBLSEC=NOPERM disables the creation of permanent global sections eliminating this requirement.
WASD uses an independent logical name table (see 4.5.1 WASD Name Table below). Versions prior to 10 used the SYSTEM table and a substantially different naming schema.
The following logical names are used in the operation of the package. These are usually created by STARTUP.COM during server startup.
|Logical Name||Table||Description||Pre-v10 Equivalent|
|CGI-BIN||WASD||(Hyphen) System logical defining a search list with the architecture-specific executable directory first, local script directory second, then the common script directory, as a concealed device.||same|
|CGI_BIN||WASD||Directory containing architecture-neutral script files.||same|
|CGI_EXE||WASD||Directory containing architecture-specific script executables.||same|
|HT_EXE||WASD||Pre-v10.0 backward compatibility for WASD_EXE.||same|
|HT_LOGS||WASD||Pre-v10.0 backward compatibility for WASD_LOG.||same|
|HT_ROOT||SYSTEM||Pre-v10.0 backward compatibility for WASD_ROOT.||same|
|HT_SCRATCH||WASD||Pre-v10.0 backward compatibility for WASD_SCRATCH.||same|
|WASD_AXP||WASD||Directory containing Alpha executable images (WASD_ROOT:[AXP]).||HT_AXP **|
|WASD_AUTH||WASD||Directory containing authentication/authorization databases (files, (WASD_ROOT:[LOCAL])).||none|
|WASD_CGI_AXP||WASD||Directory containing Alpha script executables (WASD_ROOT:[AXP-BIN]).||CGI_AXP|
|WASD_CGI_IA64||WASD||Directory containing Itanium script executables (WASD_ROOT:[IA64-BIN]).||CGI_IA64|
|WASD_CGI_VAX||WASD||Directory containing VAX script executables (WASD_ROOT:[VAX-BIN]).||CGI_VAX|
|WASD_CONFIG||WASD||Location of the configuration files. Can be defined as a search list.||none|
|WASD_CONFIG_AUTH||WASD||Location of the authentication/authorization configuration file.||HTTPD$AUTH|
|WASD_CONFIG_GLOBAL||WASD||Location of the configuration file.||HTTPD$CONFIG|
|WASD_CONFIG_MAP||WASD||Location of the mapping rule file.||HTTPD$MAP|
|WASD_CONFIG_MSG||WASD||Location of the message file.||HTTPD$MSG|
|WASD_CONFIG_SERVICE||WASD||Location of the optional service (virtual host) configuration file.||HTTPD$SERVICE|
|WASD_DECNET_CGI_OBJECT||SYSTEM||Locates the supporting DCL procedure. DECnet objects are system-global.||none|
|WASD_DECNET_OSU_OBJECT||SYSTEM||Locates the supporting DCL procedure. DECnet objects are system-global.||none|
|WASD_EXE||WASD||Directory containing the executable images.||HT_EXE **|
|WASD_FILE_DEV[n]||SYSTEM||Locates the DCL procedure that will integrate the specified environment's logical name table into the processes' LNM$FILE_DEV (see above).||none|
|WASD_GMT||WASD||Offset from GMT (e.g. "+10:30", "-01:15") For systems supporting DTSS (e.g. DECnet-Plus) this logical may be left undefined, with server time being calculated using the SYS$TIMEZONE_DIFFERENTIAL logical.||HTTPD$GMT|
|WASD_IA64||WASD||Directory containing Itanium executable images.||HT_IA64|
|WASD_LOG||WASD||If logging is enabled and no log file name specified on the command line, this logical must be defined to locate the file. When a logging period is in use this logical need only contain the directory used to store the logs.||HT_LOG|
|WASD_LOGS||WASD||Optional definition, for convenient log file specification.||HT_LOGS **|
|WASD_ROOT||SYSTEM||Location of WASD Web Services directory tree, as a concealed device.||HT_ROOT **|
|WASD_SCRATCH||WASD||Location of an optional directory that scripts can use for temporary storage. Must be read+write+delete accessible to the server account. The WASD_CONFIG_GLOBAL [DclCleanupScratchMinutesMax] directive controls whether automatic cleanup scans of this area delete any files that are older than [DclCleanupScratchMinutesOld].||HT_SCRATCH **|
|WASD_SITELOG||WASD||Location of the optional plain-text site log file.||HTTPD$SITELOG|
|WASD_SSL_CAFILE||WASD||When using the SSL executable this logical locates the optional Certificate Authority list file.||HTTPD$SSL_CAFILE|
|WASD_SSL_CERT||WASD||When using the SSL executable this logical locates the default certificate.||HTTPD$SSL_CERT|
|WASD_SERVER_LOGS||WASD||Location of the server process logs.||HT_SERVER_LOGS **|
|WASD_STARTUP_SERVER||WASD||Used to pass parameters to the server image startup command line.||HTTPD_STARTUP_SERVER|
|WASD_VAX||WASD||Directory containing VAX executable images.||HT_VAX **|
|**provided for backward compatibility|
In an effort to localise WASD-related logical names and avoid polluting the SYSTEM logical name table WASD version 10 creates it's own world-readable, system-writable name table, and adds it to LNM$SYSTEM_DIRECTORY.
WASD logical names are then defined in that table leaving the SYSTEM table with just a few essential names.
As can be seen the number of LNM$SYSTEM_TABLE names is small, five in this example (though it can vary). Logical name WASD_FILE_DEV locates a procedure to insert the WASD_TABLE into a process' LNM$FILE_DEV to make the table names available. Until that is done they are not visible without an explicit /TABLE=WASD_TABLE. The server automatically uses the procedure for itself and scripting processes. Site admins can simply
The WASD_ROOT logical provides a convenient, global logical location for the primary (default) WASD environment. HT_ROOT is used to provide pre-v10 backward-compatibility with existing sites. (If yours does not need the name you can deassign it during server startup.)
The WASD_DECNET_CGI_OBJECT and WASD_DECNET_OSU_OBJECT names provide global locations for the two DECnet scripting environments. These logicals are defined when a site uses the [STARTUP]STARTUP_DECNET.COM procedure. It is necessary to provide a global location for these with multiple WASD environments because DECnet objects are global entities. The one object must provide an infrastructure for potentially multiple WASD environments.
Other SYSTEM logical names, WASD_TABLE+n name tables, and WASD_FILE_DEVn logical names are used for non-primary WASD environments (see Instances and Environments of WASD Features and Facilities).
The server code accepts both the v10 or later and pre-v10 schemas. If it cannot find a v10 logical name it attempts to use a pre-v10 logical name. This has been provided in an effort to make the transition as seamless as possible for existing sites. In addition the revised startup procedures configure and use WASD_TABLE but can be directed to use the SYSTEM table by STARTUP.COM being provided a WASD_TABLE=0 parameter (see 4.6 Server Startup).
When starting up the server several characteristics of the server may be specified using qualifiers on the command line. If not specified appropriate defaults are employed. For recommended methods of passing parameters to the executable at server startup see ‘STARTUP_SERVER.COM’ in 4.3 Account Support Files. For clarity some esoteric and legacy qualifiers and parameters are not listed in this table.
|/ALL[=integer]||Has two roles. When starting a server up assigns that server to a specific, non-default WASD environment (see /ENVIRONMENT) When using the server control /DO= using /ALL specifies to do the action to all servers in that particular environment.|
|/AUTHORIZATION=..||Control authentication and authorisation
See Authentication Policy of WASD Features and Facilities.
|/CGI_PREFIX=||The prefix to the CGI symbol names created
for a script (defaults to "WWW_").
See WASD Web Services - Scripting
|/CLUSTER||Apply control /DO= to all instances in a cluster (default is to current node instance(s) only).|
|/DETACH=||This qualifier allows a DCL procedure to be specified as input to a directly detached process (in conjunction with /USER).|
|/DO=||Command to be performed by the executing server.|
|/ENVIRONMENT=||Integer indicating in which environment this server is executing|
|/GBLSEC=DELETE||Allows a monitor-associated permanent global section to be explicitly deleted. When a server starts it creates system-accessible, permanent global sections in which to store accounting and request data. As this is permanent it would be possible for a site, perhaps experimenting with servers over a range of ports, to consume significant amounts of global pages and sections. This qualifier allows such sections to be deleted.|
|/GBLSEC=NOPERM||Disables the creation of permanent global sections. They are automatically deleted when the server image exits.|
|/[NO]LOG[=name]||Either disables logging (overrides configuration directive), or enables logging and optionally specifies the log file name (also see section 4.5 Logical Names, logging is disabled by default). If the file specification is "SYS$OUTPUT" the server issues log entries to <stdout>, allowing user-defined log formats to be easily checked and refined.|
|/NETWORK||Run the server and any scripting processes as NETWORK mode rather than the default detached OTHER mode.|
|/NOTE=string||Annotate the server process log with the specified string. Intended to assist auditing server events such as restarts, maaping reloads and the like.|
|/OUTPUT=filename||Server image <stdout> is redirected to the specified file name. Useful when employing the /SYSPLUS report generator.|
|/PERSONA[=..]||Enables and controls detached process scripting.
See Introduction of WASD Scripting Environment.
|/PRIORITY=||Server process priority (default is 4).|
|/[NO]PROFILE||Allows SYSUAF-authenticated username security profiles to be used for file access.|
|/PROMISCUOUS[=password]||Server will accept any authentication username/password pair (used for testing, demonstrations, etc.)|
|/PROXY=string||Allows proxy maintainance activities to be executed from the command line (e.g. from batch jobs, etc.).|
|/SCRIPT=AS=username||Specifies the username of the default scripting account.|
|/SERVICE=||Comma-separated, list of server services (overrides the [Service] configuration parameter).|
|/SOFTWARE=||An arbitrary string that can be used to override the server software identification (i.e. "HTTPd-WASD/10.4.0 OpenVMS/AXP SSL").|
|/[NO]SSL[=..]||Controls Secure Sockets Layer protocol behaviour.
See Transport Layer Security of WASD Features and Facilities.
|/SYSPLUS||Displays CLI equivalent System Report PLUS data. Available
for circumstances where the server is unresponsive but an interactive session
is available. Requires a 132 character width terminal session.
See System Report PLUS of WASD Features and Facilities.
|/[NO]SYSUAF[=..]||Controls VMS (SYSUAF) authentication/authorisation
See SYSUAF-Authenticated Users of WASD Features and Facilities.
|/USER=username||For VMS 6.2 and later this qualifier allows the /DETACH qualifier to directly create a detached process executing as the specified username.|
|/VALBLK[=16|64]||For server to (try) to use either pre-VMS V8.2 16 byte lock value block or the VMS V8.2 and later 64 byte lock value block.|
|/VERSION||Displays the executable's version string and the copyright notice.|
|/[NO]WATCH[=..]||Controls the use of the WATCH reporting facility.
See WATCH Facility of WASD Features and Facilities.