Oracle® Database Installation Guide 10g Release 2 (10.2) for hp OpenVMS Part Number B25414-02 |
|
|
View PDF |
This appendix lists the procedure and steps to install and configure Apache Server for OpenVMS. The following topics are included:
After you configure Oracle HTTP Server for OpenVMS, perform the following tasks to ensure a successful startup:
Each of these tasks is explained in the following sections. Once you have completed these, you can test the installation by starting Oracle HTTP Server.
After the installation, when you have a normal system workload running on your machine, run SYS$UPDATE:AUTOGEN.COM (AUTOGEN)
to evaluate the system parameters and make adjustments based on the hardware configuration and system workload. On Oracle HTTP Server, AUTOGEN
will probably increase the page file size and the number of swap file pages.
If the disk quota is too low, then Oracle HTTP Server will not start. Either raise the disk quota for the Oracle Database account or grant the account the EXQUOTA
privilege, which enables it to bypass disk quota restrictions. Use the following commands:
$ SHOW QUOTA/USER=[server-uic]/DISK=device_name $ SET PROCESS/PRIVILEGES=EXQUOTA node-name::ORACLE
When Oracle HTTP Server for OpenVMS is started, the following login files are run:
SYS$MANAGER:SYLOGIN.COM
LOGIN.COM
(login for the Oracle Database account)
Check these files to ensure that any SET TERMINAL/INQUIRE
statements are processed only in the INTERACTIVE
mode. For example:
$ IF F$MODE() .EQS "INTERACTIVE" THEN $ SET TERMINAL/INQUIRE
If you do not check for this, then the HTML that is sent to clients may not be well-formed and may be sent in an intermittent fashion. This problem may also appear when running CGI scripts.
You must manually start Oracle HTTP Server to verify the installation and configuration of the server. Enter the following command:
$ APACHECTL START
Perform the following tasks to test the installation:
You can test the installation using a Web browser. Replace host.domain
in the following URL with the corresponding information about Oracle HTTP Server that you installed:
HTTP://host.domain:port
If this is a new installation, then the browser should display the standard introductory screen with the following bold text at the top:
"Welcome to Oracle HTTP Server."
The Apache logo is displayed at the bottom.
If you do not receive a response from Oracle HTTP Server, check the following:
In the SYS$MANAGER:SYLOGIN.COM
file, ensure that there is no SET TERMINAL/INQUIRE
statement for network processes.
Look for the following files:
APACHE$ROOT:[000000]APACHE$SERVER.LOG APACHE$ROOT:[LOGS]ERROR_LOG
The default port for Oracle HTTP Server is port 7777. If this port is already in use by another application, or if you would like to use a different port, then modify the HTPPD.CONF file, located in the ORA_ROOT:[APACHE.APACHE.SPECIFIC.host.CONF]
directory, to specify a different port number
The following subsections describes the process of running the Oracle HTTP server:
To start Oracle HTTP Server, enter the following command:
$ APACHECTL STARTUP
To stop Oracle HTTP Server, enter the following command:
$ APACHECTL STOP
The server log file for APACHE$WWW
is written to:
APACHE$SPECIFIC:[000000]APACHE$SERVER.LOG
You should have prior experience in tuning the performance of the OpenVMS operating system. For information about OpenVMS performance, refer to OpenVMS system documentation
Recommendations for improving performance on Oracle HTTP Server are provided in this appendix and the Release Notes.
Table H-1 shows sample values for the Oracle Database account from a working and exercised Oracle HTTP Server with a light to moderate load. These values are presented as an example of a system performing well within its context.
If you should experience performance difficulties, refer to this table for guidelines about making adjustments. Remember that no one set of values will be appropriate for all situations.
Table H-1 Sample Values for the oracle account
Parameter | Default | Sample value for Oracle HTTP Server |
---|---|---|
Total number of asynchronous system trap (AST) operations and scheduled wake-up requests the user can have queued at one time |
250 |
610 Or |
Number of outstanding buffered I/O operations permitted for a user process |
150 |
300 You may also need to increase the |
Amount of buffer space a user process can use |
64000 |
200000 Increase this value for a heavy load. |
|
256 |
256
|
Number of outstanding direct I/O operations permitted for a user process |
150 |
300 You may also need to increase the |
Specifies the lock queue limit |
2000 |
2000 |
Number of files a user process can have open at one time This includes the number of network logical links that can be active at the same time. |
100 |
300 Increase this value for a heavy load. You may also need to increase the |
Byte quota for the job-wide logical name table |
4096 |
8192 |
Number of pages the user process can use in the system page file |
50000 |
250000 If you increase |
Number of subprocesses a user process can create |
8 |
20 You should increase this value for a heavy load. |
Number of entries a user process can have in the timer queue or the number of temporary common event flag clusters a user process can have. |
10 |
610 Or |
After you install the server and run it, look in the log file for errors of the "cannot open" type. Errors of this type often indicate that you need to modify system parameters.Try the following:
Set FILLM
to limit the number of files that a user process can have open.
Set the SYSGEN
parameter, CHANNELCNT
, to 1024 (unless it is already set to a higher value).
Note:
Whenever you change system parameters, you must restart the system to enable the new settings.A large number of.LOG
and.PID
files can amass over time in the APACHE$ROOT:[0000000]
and APACHE$ROOT:[LOGS]
directories. Purging these files can become a burden on application or system managers. System managers should manually use explicit SET DIRECTORY/VERSION
commands on these two directories.
The installation procedure creates a file named HTTPD.CONF
and places it in APACHE$ROOT:[CONF]
. The HTTPD.CONF
file stores information that Oracle HTTP Server uses to set up the server environment. The HTTPD.CONF
file has been tailored to use OpenVMS syntax, but its overall functionality is essentially identical to httpd.conf on the UNIX platform.
The HTTPD.CONF
file contains an explanation for each line that it can process. You can refer to these explanations when customizing the file for your environment. You can also refer to any generally available Apache documentation on HTTPD.CONF
.
Note the following about HTTPD.CONF
on OpenVMS:
MOD_OSUSCRIPT
has been added to enable CGI scripts that were originally written for the OSU server.
UNIX-style path names are recognized by OpenVMS. You can use either UNIX-style or OpenVMS-style path names in the configuration file. However, you cannot mix the two styles within a specification.
In an OpenVMS Cluster, you can specify either clusterwide or system-specific files.
Perform the following steps to configure Apache to run while using an account other than the Oracle Database account:
Modify the HTTPD.CONF
file to include the following line:
User username
Modify APACHEUSER.COM
to set the logical APACHE_USERNAME
to the required user name. Ensure that the user name is exactly the same as the entry in the HTTPD.CONF
file.
Restart the Apache Server if it is already running.
The Oracle HTTP Server provides the modules and directives that are provided by the HP Secure Web Server for OpenVMS (based on Apache), Version 1.3-1. Please refer to the HP documentation for that product for more information. All supported modules and directives function as documented by the Apache Software Foundation at:
Information about running Oracle HTTP Server that is specific to running the server on OpenVMS is provided in the following sections.
See Also:
For more information about on the Apache server, refer to the Apache Software Foundation Web site atThe following modules are not included in this version of Oracle HTTP Server:
MOD_OSNINT
MOD_OSSLl
MOD_PERL
MOD_PHP
MOD_PROXY
For information about directives that are not supported, refer to the HP documentation for the product HP Secure Web Server for OpenVMS (based on Apache), Version 1.3-1.
AgentLog
AllowCONNECT
Anonymous
Anonymous_Authoritative
Anonymous_LogEmail
Anonymous_MustGiveEmail
Anonymous_NoUserID
Anonymous_VerifyEmail
AuthDBAuthoritative
AuthDBGroupFile
AuthDBMAuthoritative
AuthDBMGroupFile
AuthDBUserFile
AuthDBMUserFile
AuthDigestFile
CacheDefaultExpire
CacheDirLength
CachedirLevels
CacheForceCompletion
CacheGcInterval
CacheLastModifiedFactor
CacheMaxExpire
CacheRoot
CacheSize
CheckSpelling
CookieExpires
CookieTracking
Example
ExpiresActive
ExpiresByType
ExpiresDefault
Header
Metadir
MetaFiles
MetaSuffix
MimeMagicFile
MMapFile
NoCache
ProxyBlock
ProxyDomain
ProxyPass
ProxyPassReverse
ProxyReceiveBufferSize
ProxyRemote
ProxyRequests
ProxyVia
RefererIgnore
RefererLog
RewriteBase
RewriteCond
RewriteEngine
RewriteLock
RewriteLog
RewriteLogLevel
RewriteMap
RewriteOptions
RewriteRule
ScriptInterpreterSource
VirtualDocumentRoot
VirtualDocumentRootIP
VirtualScriptAlias
VirtualScriptAliasIP
This section describes the HTTPD
command-line options supported on Oracle HTTP Server.
Then you can use the following format to enter a command-line option:
$ HTTPD -option
where -option
is one of the following command line options:
"-v
"
Displays the HTTPD version and its build date.
"-V
"
Displays the HTTPD base version, its build date, and a list of compile settings that influence the performance of the server.
-h
:
Displays a list of the HTTPD options.
"-l"
:
Displays a list of all modules compiled into the server.
-"L"
:
Displays a list of directives with expected arguments and instances where the directive is valid.
The following example shows how to enter the "L"
option to list the available configuration directives:
$ HTTPD "-L"
The term, virtual host, refers to the practice of maintaining a single server to serve pages for multiple virtual hosts. Both IP-based and name-based virtual host support are available on Oracle HTTP Server for OpenVMS.
Note:
The security profile of the running server is the same on all virtual hosts.For more information about virtual hosts, refer to the Apache Software Foundation documentation at
Dynamic shared object support provides a method to format code so that it will load into the address space of an executable program at run time. For more information about dynamic shared object support, refer to the Apache Software Foundation documentation at
Oracle HTTP Server for OpenVMS supports the ability to use file handlers explicitly. For more information about file handlers, refer to the Apache Software Foundation documentation at
The MOD_NEGOTIATION
module provides content negotiation. This module enables you to specify language variants of HTML files. To specify language variants, use an underscore instead of a period before the language extension.
For example:
On UNIX, filename.html.fr
is the French variant of filename.html
.
On OpenVMS, FILENAME.HTML_FR
is the French variant of FILENAME.HTML
.
For more information about content negotiation, refer to the Apache Software Foundation documentation at
All file formats are supported. However, the Web browser status bar will not show page loading progress for Variable or VFC format files larger than 8 KB.
Page loading progress relies on an accurate byte count, which is not readily available for files in Variable or VFC format. For files in these formats, Oracle HTTP Server must count the bytes as the files load. The counting process can slow performance, so it has been turned off in this situation.
In general, users running Oracle HTTP Server for OpenVMS can specify either UNIX-style file names or OpenVMS-style file names. Oracle HTTP Server usually displays UNIX-style file names.
The On-Disk Structure Level 5 (ODS-5) volume structure, shipped with OpenVMS version 8.2, supports long file names, enables the use of a wider range of characters within file names, and preserves case within file names. However, the DEC C RTL that is shipped with OpenVMS Alpha version 7.2-1 does not provide full support for extended file names on ODS-5 devices. This lack of full support imposes certain restrictions on users running Oracle HTTP Server for OpenVMS.
Because mixed UNIX-style and OpenVMS-style extended file names are not yet supported by the DEC C RTL, you may be required to use UNIX-style syntax when interacting with Oracle HTTP Server. An example would be appending additional directories or a file name to a root.
The following examples illustrate mixed UNIX-style and OpenVMS-style file names that are not supported in OpenVMS version 8.2:
doc/foo.bar.bar ./tmp/foo.bar.b^_ar ~foo^.bar
You can, however, modify the last example so that it works as an OpenVMS extended file name that has a tilde (~) as the first character. Precede the leading tilde (~) with the Extended File Specifications escape character (^) as shown in the following example:
^~foo^.bar
For more information about using the tilde (~) in OpenVMS extended file names, refer to the OpenVMS Guide to Extended File Specifications at the following Web site:
When performing an FTP operation, ensure that the access control list (ACL) for the target directory on Oracle HTTP Server has FTP access enabled as follows:
When transferring new files:
$ SET SECURITY/ACL=(IDENTIFIER=yourFTPname,ACCESS=READ+WRITE) [directory]
When replacing existing files:
$ SET SECURITY/ACL=(IDENTIFIER=yourFTPname,ACCESS=READ+WRITE) [directory]*.*
Oracle HTTP Server for OpenVMS creates the following logical names, which are listed with their descriptions in table Table H-2.
Table H-2 Oracle HTTP Server Logical Names and Their Descriptions
Logical Name | Description |
---|---|
|
Concealed logical name that defines clusterwide files in |
|
System executive mode logical name pointing to installed, shareable images. Not intended to be modified by the user. |
|
System executive mode logical name pointing to installed, shareable images. Not intended to be modified by the user. |
|
Used by CGI programs for |
|
System executive mode logical name defined during startup and used to control access to the services provided by the Not intended to be modified by the user. |
|
System executive mode logical name defined during startup and used to control access to the services provided by the image. Not intended to be modified by the user. |
|
System executive mode logical name pointing to installed, shareable images. Not intended to be modified by the user. |
|
System executive mode logical name defined during startup that points to the top-level directory. ( |
|
Concealed logical name that defines system-specific files in |
|
System logical name that controls how CGI environment logicals are defined in the running CGI process. There are three different options. Note that only one option is available at a time. 0: Default. Environment logicals are defined as local symbols and are truncated at 970 (limitable with DEC C). 1: Environment logicals are defined as local symbols unless they are greater than 970 characters. If the environment value is greater than 970 characters, then it is defined as a multi-item logical. 2: Environment logicals are defined as logicals. If the environment value is greater than 512 characters, then it is defined as a multi-item logical. |
|
If defined, this system logical name enables |
|
If defined, this system logical name provides information for troubleshooting DCL command procedure CGIs by forcing a |
|
If defined, this system logical name provides information for troubleshooting the CGI environment by dumping all the symbols and logicals (job/process) for a given CGI. Use with |
|
If defined, this system logical name prefixes all CGI environment logical symbols with |
|
If defined, this system logical name causes CGI environment symbols to be defined globally. They are defined locally by default. |
|
If defined, this system logical name forces CGI images to run within a DCL process. The default is to run CGI images directly. (Note: Direct running of CGI images in not currently supported.) |
|
If defined to be true ( |
|
If defined to be true ( |
An OpenVMS Cluster is a group of OpenVMS systems that work together as one virtual system. Oracle HTTP Server runs in an OpenVMS Cluster so that you can take advantage of the resource sharing that increases the availability of services and data.Bear the following points in mind:
Oracle HTTP Server is supported on OpenVMS Version 8.2-1 or later.
Oracle HTTP Server runs in an Alpha Itanium, or in a mixed architecture cluster, separate Apache installations are required for Alpha and Itanium.
To define clusterwide versus individual configuration files, APACHE$ROOT
uses the following concealed logical names:
APACHE$COMMON
defines clusterwide files
APACHE$SPECIFIC
defines system-specific files
When reading a file, the server first looks for a system-specific version of the file in APACHE$SPECIFIC:[
directory
]
. If it does not find one, then it looks for a clusterwide file in APACHE$COMMON:[
directory
]
.
To avoid confusion, always use the appropriate concealed logical name to specify the file that you want to edit. For example, to edit a clusterwide version of HTTPD.CONF
, refer to:
$ EDIT APACHE$COMMON:[CONF]HTTPD.CONF
If you refer to:
$ EDIT APACHE$ROOT:[CONF]HTTPD.CONF
then the server would open the clusterwide file but save it as a system-specific version. The latest version of HTTPD.CONF
would then be visible only to the individual node on which it was saved.
Within HTTPD.CONF
itself, you should make this distinction whenever you refer to a path or to a file location. This improves performance and ensures that the server will return a complete directory listing. For example, you should specify APACHE$COMMON
or APACHE$SPECIFIC
(instead of APACHE$ROOT
) with directory
directives.
The following extract, from the HTTPD.CONF
file, refers to APACHE$COMMON
, because the content for the default Web page is in the clusterwide directories.
DocumentRoot "/apache$common/htdocs" ... <Directory "/apache$common/htdocs"> Options Indexes FollowSymLinks Multiviews AllowOverride None Order allow,deny Allow from all </Directory>
If there was content for one specific node in a cluster, then the APACHE$SPECIFIC
logical name would be used.
Common gateway interface (CGI) programs run within the DCL shell on Oracle HTTP Server for OpenVMS. This section discusses the following CGI topics:
By default, an environment logical symbol takes the form that is designated by the name of the environment logical. You can determine how environment logicals are set when the server runs a CGI program. You can define the APACHE$PREFIX_DCL_CGI_SYMOBLS_WWW
logical name to prefix all environment logical symbols with WWW_
. By default, no prefix is used.
The APACHE$CGI_MODE
logical name controls how CGI environment logicals are defined in the running CGI program as follows:
APACHE$CGI_MODE option
where option
can have one of the following values at a time:
0: Default. Environment logicals are defined as local symbols and are truncated at 970 (limitable with DEC C).
1: Environment logicals are defined as local symbols unless they are greater than 970 characters. If the environment value is greater than 970 characters, it is defined as a multi-item logical.
2: Environment logicals are defined as logicals. If the environment value is greater than 512 characters, it is defined as a multi-item logical.
APACHE$DCL_ENV
is a foreign symbol that lets you define CGI environment logical, as follows:
APACHE$DCL_ENV [-c] [-d] [-e env-file]
where:
-c
: Default. Indicates create environment logicals.
-d
: Indicates delete environment logicals.
-e env-file
: Specifies an alternate environment file.
The environment file does not need to be specified by the caller because the parent derives it (it can be easily determined by default).
The following example deletes the environment and then re-creates it:
Example: diff_mode_cgi.com $ APACHE$DCL_ENV -d $ Define APACHE$PREFIX_DCL_CGI_SYMBOLS_WWW 1 $ APACHE$DCL_ENV -c
CGI scripts that reference input to Oracle HTTP Server must refer to APACHE$INPUT
.
On OpenVMS, CGI images run within a DCL process. You cannot run CGI images directly.
Use the following logical names to debug CGI scripts:
Logical Name | Description |
---|---|
APACHE$DEBUG_DCL_CGI | If defined, this system logical name enables APACHE$VERIFY_DCL_CGI and APACHE$SHOW_CGI_SYMBOL. |
APACHE$VERIFY_DCL_CGI | If defined, this system logical name provides information for troubleshooting DCL command procedure CGIs by forcing a SET VERIFY before running any DCL CGI. Enabled by APACHE$DEBUG_DCL_CGI. |
APACHE$SHOW_CGI_SYMBOL | If defined, this system logical name provides information for troubleshooting the CGI environment by dumping all of the symbols and logicals (job/process) for a given CGI. Enabled by APACHE$DEBUG_DCL_CGI. |
To display a graphics file with a CGI command procedure, use the APACHE$DCL_BIN
foreign symbol in the following format:
APACHE$DCL_BIN [-s bin-size] bin-file
where:
-s
bin-size
: Specifies the actual or approximate file size in bytes. The value of bin-size
is automatically determined if the image file is larger than 32768 KB (default value). If the image file is smaller than 32768 KB, then you can provide an approximate (or actual) size. This boosts performance.
bin-file
: Specifies the file to be displayed.
For example:
$ SAY := WRITE SYS$OUTPUT $ SAY "Content-type: image/gif" $ SAY "" $ APACHE$DCL_BIN APACHE$ROOT:[ICONS]APACHE_PB.GIF $ EXIT
Oracle HTTP Server for OpenVMS is a nonprivileged, user-mode, socket-based network application. TMPMBX
and NETMBX
are the only privilege requirements. The server runs under its own unique UIC and user account (APACHE$WWW
).
Oracle HTTP Server runs as a single job that consists of:
One master process (APACHE$WWW
)
Several subprocesses
Subprocesses are created to service incoming HTTP requests and to run CGI scripts.
Because the server runs as a single job, the OpenVMS security profile for each process is identical and no enhanced mechanism is required for these processes to communicate with one another. Resource utilization is controlled by a single user account (oracle
) where pooled quotas are defined.
Oracle HTTP Server performs three operations that require additional privileges:
Binding to a port below 1024 (privileged ports)
By default, the server binds to port 8080 (HTTP).
Fetching path information for other users
The server provides a replacement for the getpwnam
C RTL routine to enable the server to fetch default path information for other users (required by MOD_UTIL
and MOD_USERDIR
).
Changing the carriage-control attribute on socket (BG) devices
The server also enables or disables (or both) the carriage-control attribute on BG (socket) devices for certain stream operations.
Two protected, shareable images are installed at startup to enable the server to perform the following functions:
APACHE$PRIVILEGED.EXE
(exec-mode services)
APACHE$FIXBG.EXE
(kernel-mode services)
The APACHE$PRIVILEGED.EXE
image provides exec-mode services for binding to privileged sockets and fetching user default path information. Access to these services is limited to processes running under the oracle
username and is controlled by the APACHE$PLV_ENABLE_APACHE$WWW
logical name. This logical name is defined as:
"APACHE$PLV_ENABLE_APACHE$WWW" = "3,80,1023"
The "3,80,1023"
string represents three parameters where:
The first parameter (3
) is a bit-mask that enables or disables the two services:
Binding to privileged ports
Fetching user default path information
The second and third parameters indicate the minimum and maximum port that are allowed to be bound.
When a call to either service is made, the service code does the following:
Temporarily enables the SYSPRV
, OPER
, SYSNAM
, and NETMBX
privileges
Performs the function
Restores the process original privileges
The APACHE$FIXBG.EXE_ALPHA
image provides a kernel-mode service for manipulating the carriage-control attribute for BG devices that are owned by the calling process. No special access control exists on this service. This function can also be performed using a setsocketopt
C RTL run-time call, but it is not supported by all TCP/IP stack vendors, which is the reason this service exists. This service does not enable privileges, but runs in kernel mode.
Oracle HTTP Server runs under the oracle
username and UIC and is started as a detached, network process. During startup, protected images are installed and logical names are placed in the system logical name table. Shutdown is accomplished by sending a KILL
signal to the master process and its subprocess.
In order to startup the Oracle HTTP Server, the following privileges are required:
SYSPRV
SYSNAM
IMPERSONATE
BYPASS
CMKRNL
ALTPRI
WORLD
The privileges ALTPRI
and BYPASS
are not essential privileges for installing and running an Oracle database. These privileges can either be added to the oracle account, or a separate account can be created to maintain and run the Oracle HTTP Server.
If you have already configured Oracle HTTP Server using the oracle account and want to run under a different account, then the file ORA_ROOT:[APACHE.APACHE.SPECIFIC.node.CONF]HTTPD.CONF
must be modified to change the USER
parameter before attempting to start it up.
All the server files reside under the root directories that the APACHE$ROOT
logical name points to. During installation, file protection is set to (S:RWED
, O:RWED
, G
, W
). During configuration, all files are set to be owned by the oracle
user.
Server extensions, such as CGI scripts, run within the context of Oracle HTTP Server process or its subprocesses. These extensions have complete control over the server environment. You can configure the server to enable processing of arbitrary user scripts, but standard practice is to limit such activity to scripts that are written by completely trusted users. Oracle HTTP Server includes directives that enable a Web administrator to control script execution and client access. The use of these directives is described in numerous books and is not duplicated here.
Oracle HTTP Server for OpenVMS does not currently support the suEXEC method of running scripts under the username that owns the script. Many sites use this feature to allow execution of arbitrary, user-written scripts without the fear of compromising the server environment.
This section provides open source license acknowledgments and license references.
This product includes software developed by the Apache Software Foundation. You can visit the Web site of this organization at
You can view the license at the following Web site
http://www.apache.org/licenses/LICENSE-2.0
This product also includes software that is developed by Hewlett-Packard.