× The internal search function is temporarily non-functional. The current search engine is no longer viable and we are researching alternatives.
As a stop gap measure, we are using Google's custom search engine service.
If you know of an easy to use, open source, search engine ... please contact support@midrange.com.


  1.  Home
  2. WEB400
  3. December 2004

RE: Apache Migration from HTTP Server Instance

CGI enablement isn't really iSeries specific. The two big things that are would 
be SSL (most Apache books and examples assume you'll use OpenSSL) and the 
options available for access control. I can't think of anything I've come 
across yet that I couldn't do with the iSeries port that can be done with the 
one from apache.org. Note that IBM added Map and MapMatch directives. There's 
no reason to use these. Those were added strictly so the Migration Wizard could 
produce "workable" configurations.

Here's the Apache version of your configuration (except for the logging):

ScriptAlias /xxx/ /qsys.lib/xxxweb.lib/
Alias /xxx/yyy /zzz
<Directory /qsys.lib/xxxweb.lib>
   order allow,deny
   allow from all
</Directory>
<Directory /zzz>
   order allow,deny
   allow from all
</Directory>

Alternately, you can do this:

Alias /xxx/ /qsys.lib/xxxweb.lib/
Alias /xxx/yyy /zzz
<Directory /qsys.lib/xxxweb.lib>
   order allow,deny
   allow from all
   Options +ExecCGI
</Directory>
<Directory /zzz>
   order allow,deny
   allow from all
</Directory>

I prefer using ScriptAlias' instead of Options +ExecCGI since it's easier for 
me to see what's going on in large configuration files. Technically, I don't 
think one's better than the other but just make sure you're consistent.

I didn't include the *.pgm part. That can be done with ScriptAliasMatch but I 
didn't feel like looking up and testing the regular expression to do it. If I'm 
remembering how what you have works correctly, you have to specify .pgm anyway 
to execute a CGI and since you can't execute anything that isn't a program to 
begin with, all it does is add processing overhead.

I also don't log to a database file (it's way to slow on a busy site) and, once 
again, I didn't feel like looking it up but the GUI works pretty well for 
configuring that.

Additionally, if you wanted to use Net.Data, adding the following will enable 
it:

ScriptAlias /db2www/ /qsys.lib/xxxweb.lib/db2www.pgm/

The Original config would be something along the lines of this:

Map  /db2www/* /cgibin/db2www.pgm/*

The final very common thing is access control. Under the Original server, you'd 
have something like this (this uses a validation list):

Protection  MYPROT  {             
      PasswdFile   MYLIB/MYVLDL
      ACLOverride  Off              
      PostMask     All              
      GetMask      All              
      AuthType     Basic            
      ServerID     My_Realm       
      UserID       %%SERVER%%       
}

Protect  /xxx/yyy  MYPROT

Under Apache, you'd have this:

<Location /xxx/yyy>
   PasswdFile MYLIB/MYVLDL
   UserID %%SERVER%%
   AuthType Basic
   AuthName "My Realm"
   Require valid-user
</Location>

If you have a bunch of password protected directories, repeating the protection 
directive all over the place is a pain (especially if you need to change them) 
so what you can do is put everything between the Location start and end tags in 
a file and include it. That would make it look like this:

In file myprot.inc (this goes in the conf directory):

PasswdFile MYLIB/MYVLDL
UserID %%SERVER%%
AuthType Basic
AuthName "My Realm"
Require valid-user

In httpd.conf:

<Location /cgibin/updlogin.pgm>
   Include conf/myprot.inc
</Location>

Also, you should note that you can do access control within the Directory 
container (BTW, Location is also a container) but I don't like doing it that 
way since it isn't granular enough.

Finally, here's an example of what turned me off on the Migration Wizard:

One of my HTTP servers was responsible for four websites. The Original 
configuration was about 250 lines long. The wizard produced an httpd.conf that 
was close to 1mb in size (later releases of the wizard were able to whittle it 
down to about 600k). While the server would start after about 5 minutes, it 
didn't work at all (wouldn't even serve a welcome page). I ended up buying the 
Professional Apache 2.0 book and took the time to read through the basics of 
configuring the server and within a day, I was able to produce a working 
configuration that was (I think) about 8k and a few less than 1k include files 
for document protection. That server started up within 15 seconds and worked 
perfectly. I've since added three more virtual sites to it and it's grown to 
about 12k but still starts very quickly.

Matt

-----Original Message-----
From: Jim Franz [mailto:franz400@xxxxxxxxxxxx]
Sent: Wednesday, December 01, 2004 11:09 PM
To: Web Enabling the AS400 / iSeries
Subject: Re: [WEB400] Apache Migration from HTTP Server Instance


Is there a resource that is iSeries specific for rpg cgi and Apache.
Several early rpg/cgi books had the classic config, but i have yet
to find an Apache example. I did get the 800 page Prof Apache 2.0-
but am lost in the infinite variations on how to get something done.
In the classic server, this is all it took to run a dynamic web site
w/logging
 Exec  /xxx/*.pgm /QSYS.LIB/XXXWEB.LIB/*.pgm
 Pass  /xxx/yyy/*   /zzz/*
   Enable POST
    AccessLog                WWWACCESS 9999999
    ErrorLog                 WWWERROR 9999999
    LogFormat                DDS
    LogTime                  LocalTime
 jim

----- Original Message ----- 
From: "Haas, Matt" <Matt.Haas@xxxxxxxxxxx>
To: "Web Enabling the AS400 / iSeries" <web400@xxxxxxxxxxxx>
Sent: Wednesday, December 01, 2004 6:42 PM
Subject: RE: [WEB400] Apache Migration from HTTP Server Instance


> Do this:
> - Never ever, ever, ever, ever, ever use the migration wizard. The
configurations it creates flat out stink (they make the server slow and are
buggy as you've found out).
> - Delete this configuration
> - Use the "New Server" wizard to create a fresh configuration.
> - Read up on configuring the HTTP server at
http://httpd.apache.org/docs-2.0/ (much better than the IBM docs for getting
started and anything that isn't iSeries specific). The book "Professional
Apache 2.0" is also a great resource.
>
> Matt
>
> -----Original Message-----
> From: edolon@xxxxxxxxxx [mailto:edolon@xxxxxxxxxx]
> Sent: Tuesday, November 30, 2004 8:48 PM
> To: web400@xxxxxxxxxxxx
> Cc: lloyd_watkinson@xxxxxxxxxxxxxx
> Subject: [WEB400] Apache Migration from HTTP Server Instance
>
>
> I am getting frustrated with migrating our original HTTP instances into
> APACHE.  I am already using Server UserID with a very HIGH authorisation
> but the Errorlog still say something like this.........
>
> The browser says
> HTTP403: You are not authorized to view this page.You might not have
> permission to view this directory or page using the credentials you
> supplied.
>
> And inspecting the log it says
>
> [Tue Nov 30 15:41:43 2004] [error] [client 10.44.211.108]
> (3101) A non-recoverable I/O error occurred.: ZSRV_MSG0019: Permissions
> on file /qsys.lib/testcgi.lib/ERCMMAIN.pgm deny server access
>
> Below are the original & migrated configurations.
>
> Any HELP is appreciated
>
>
>
> Configuration: ERPGSVR2
>
> ===================================================
> # * * * * * * * * * * * * * * * * * * * * * * * * * * *
> #               IBM HTTP Server for AS/400
> # * * * * * * * * * * * * * * * * * * * * * * * * * * *
> #
> HostName 10.44.3.43
> UserID PGUSER
> Port 1025
> enable get
> enable post
> enable head
> Map /claims/erpgdir/* /erpgdir/*
> MAP /claims/cgibin/*    /qsys.lib/testcgi.lib/*.pgm
> MAP /claims/cgibin6/*    /qsys.lib/junitg.lib/*.pgm
> Map /claims/cgibin/* /QSYS.LIB/SUNCGI.LIB/*.PGM
> exec /qsys.lib/testcgi.lib/*
> Exec /QSYS.LIB/SUNCGI.LIB/*
> Exec /QSYS.LIB/JUNITG.LIB/*
> Exec /cgidevpgm/* /QSYS.LIB/SUNCGI.LIB/*
> Pass /QSYS.LIB/SUNCGI.LIB/*
> AccessLog /HTTPLOGS/httpqualogs 2000
> LogFormat Common
> CgiErrorLog /cgierrlogs/cgiquaerrlogs 2000
> ErrorLog /errorlogs/quaerrorlogs 2000 *DFT *DFT
> pass /erpgdir/*
> CacheExpiryCheck ON
> CacheNoConnect Off
> CacheTimeMargin 0
> CacheLastModifiedFactor 0.14
> CacheLocalMaxBytes 2 M
> CacheLocalMaxFiles 200
> LiveLocalCache On
> BindSpecific Off
> DNS-Lookup Off
> RuleCaseSense Off
> Imbeds Off SSIOnly
> LogTime localtime
> AccessLogArchive None
> AccessLogExpire 0
> AccessLogSizeLimit 0
> ErrorLogArchive None
> ErrorLogExpire 0
> ErrorLogSizeLimit 0
> MaxActiveThreads 100
> ===================================================
>
>
>
> Migrated and modified apache config
>   1    ServerUserID LIBRARIAN
>   2    <Location />
>   3        <LimitExcept GET HEAD OPTIONS POST TRACE>
>   4             Order Allow,Deny
>   5             Deny From all
>   6        </LimitExcept>
>   7    </Location>
>   8    LogFormat "%h %l %u %t \"%r\" %>s %b" common
>   9    CustomLog /HTTPLOGS/httpqualogs common env=!LogExclusion
>   10    Options +ExecCGI -SymLinksIfOwnerMatch -Includes -IncludesNoExec
> -MultiViews
>   11    DefaultType www/unknown
>   12    ServerName 10.44.3.43
>   13    Listen *:1025
>   14    LogLength 2048000
>   15    ErrorLog /qsys.lib/qusrsys.lib/HTTPERRJUN.file
>   16    MaxKeepAliveRequests 5
>   17    TimeOut 120
>   18    KeepAliveTimeout 4
>   19    ThreadsPerChild 100
>   20    DocumentRoot /
>   21    DirectoryIndex welcome.html index.html
>   22    CGIConvMode %%MIXED/MIXED%%
>   23    ScriptLog /cgierrlogs/cgiquaerrlogs
>   24    ScriptLogLength 2048000
>   25    IndexOptions -DescriptionWidth -FancyIndexing -FoldersFirst
> -IconHeight -IconsAreLinks -IconWidth -IgnoreCase -IgnoreClient -NameWidth
> -NameMinWidth -ScanHTMLTitles -SelectiveDirAccess -ShowSmallFileBytes
> -ShowOwner -SuppressColumnSorting -SuppressDescription
> -SuppressHTMLPreamble -SuppressIcon -SuppressLastModified -SuppressRules
> -SuppressSize -TrackModified -VersionSort
>   26    HeaderName README
>   27    <Directory /erpgdir/*>
>   28         Allow From all
>   29    </Directory>
>   30    <Directory /QSYS.LIB/JUNITG.LIB/>
>   31         Options +ExecCGI
>   32         Allow From all
>   33    </Directory>
>   34    <Directory /QSYS.LIB/SUNCGI.LIB/>
>   35         Options +ExecCGI
>   36         Allow From all
>   37    </Directory>
>   38    <Directory /qsys.lib/testcgi.lib/>
>   39         Options +ExecCGI
>   40         Allow From all
>   41    </Directory>
>   42    <Directory />
>   43         Order Allow,Deny
>   44         allow from all
>   45         UserID LIBRARIAN
>   46    </Directory>
>   47    AliasMatch /claims/erpgdir/(.*) /erpgdir/$1
>   48    AliasMatch /claims/cgibin/(.*) /qsys.lib/testcgi.lib/$1.pgm
>   49    AliasMatch /claims/cgibin6/(.*) /qsys.lib/junitg.lib/$1.pgm
>   50    AliasMatch /claims/cgibin/(.*) /QSYS.LIB/SUNCGI.LIB/$1.PGM
>   51    AliasMatch /qsys\.lib/testcgi\.lib/(.*) /qsys.lib/testcgi.lib/$1
>   52    AliasMatch /QSYS\.LIB/SUNCGI\.LIB/(.*) /QSYS.LIB/SUNCGI.LIB/$1
>   53    AliasMatch /QSYS\.LIB/JUNITG\.LIB/(.*) /QSYS.LIB/JUNITG.LIB/$1
>   54    AliasMatch /cgidevpgm/(.*) /QSYS.LIB/SUNCGI.LIB/$1
>   55    ScriptAlias /QSYS\.LIB/SUNCGI\.LIB/(.*) /QSYS.LIB/SUNCGI.LIB/$1
>   56    AliasMatch /erpgdir/(.*) /erpgdir/$1
>
>
>
>
>
>
> **********************************************************************
> CAUTION - This message is intended for the addressee named above. It
> may contain privileged or confidential information. If you are not the
> intended recipient of this message you must not use, copy, distribute
> or disclose it to anyone.
> **********************************************************************
>
> _______________________________________________
> This is the Web Enabling the AS400 / iSeries (WEB400) mailing list
> To post a message email: WEB400@xxxxxxxxxxxx
> To subscribe, unsubscribe, or change list options,
> visit: http://lists.midrange.com/mailman/listinfo/web400
> or email: WEB400-request@xxxxxxxxxxxx
> Before posting, please take a moment to review the archives
> at http://archive.midrange.com/web400.
>
>
> _______________________________________________
> This is the Web Enabling the AS400 / iSeries (WEB400) mailing list
> To post a message email: WEB400@xxxxxxxxxxxx
> To subscribe, unsubscribe, or change list options,
> visit: http://lists.midrange.com/mailman/listinfo/web400
> or email: WEB400-request@xxxxxxxxxxxx
> Before posting, please take a moment to review the archives
> at http://archive.midrange.com/web400.
>
>


_______________________________________________
This is the Web Enabling the AS400 / iSeries (WEB400) mailing list
To post a message email: WEB400@xxxxxxxxxxxx
To subscribe, unsubscribe, or change list options,
visit: http://lists.midrange.com/mailman/listinfo/web400
or email: WEB400-request@xxxxxxxxxxxx
Before posting, please take a moment to review the archives
at http://archive.midrange.com/web400.

As an Amazon Associate we earn from qualifying purchases.

This thread ...
Follow On AppleNews
Return to Archive home page | Return to MIDRANGE.COM home page

This mailing list archive is Copyright 1997-2024 by midrange.com and David Gibbs as a compilation work. Use of the archive is restricted to research of a business or technical nature. Any other uses are prohibited. Full details are available on our policy page. If you have questions about this, please contact [javascript protected email address].

Operating expenses for this site are earned using the Amazon Associate program and Google Adsense.