Hitachi

JP1 Version 13 JP1/Automatic Job Management System 3 Configuration Guide


3.4.5 Details on the settings in the HTTP server definition file (httpsd.conf)

This subsection describes the details on the format of settings and the items to be set in the HTTP server definition file (httpsd.conf).

Organization of this subsection

(1) File storage folder

The following shows the folder storing the httpsd.conf file.

JP1/AJS3-Web-Console-installation-folder\uCPSB\httpsd\conf

(2) File-editing procedure

The following describes the procedure for editing the httpsd.conf file. If you are operating in a cluster environment, follow the edit procedure to set the same definitions for the secondary node as those set for the primary node.

  1. Stop the JP1/AJS3 HTTP Server service.

  2. Back up the httpsd.conf file, and store the backup file in any folder.

  3. Open the httpsd.conf file by using a text editor.

  4. Modify the definitions to be changed.

  5. Save the httpsd.conf file by using UTF-8 encoding.

  6. Start the JP1/AJS3 HTTP Server service.

(3) When the setting takes effect

When the JP1/AJS3 HTTP Server service starts

(4) Format

The following shows the format of settings in the httpsd.conf file:

(omitted)
  
ServerRoot "JP1/AJS3-Web-Console-installation-folder/uCPSB/httpsd"
  
ServerName host-name-of-Web-Console-server
DocumentRoot "JP1/AJS3-Web-Console-installation-folder/uCPSB/httpsd/htdocs"
  
(omitted)
  
ProxyPass /ajs/ http://localhost:port-number-to-be-used-for-the-communication-between-HTTP-and-J2EE-servers/ajs/ timeout=3600 connectiontimeout=30
ProxyPassReverse /ajs/ http://localhost:port-number-to-be-used-for-the-communication-between-HTTP-and-J2EE-servers/ajs/
  
(omitted)
  
Listen port-number-for-the-reception-of-connection-requests-from-web-browser
#Listen [::]:port-number-for-the-reception-of-connection-requests-from-web-browser
  
#Listen port-number-for-the-reception-of-connection-requests-from-web-browser-during-SSL-communication
#Listen [::]:port-number-for-the-reception-of-connection-requests-from-web-browser-during-SSL-communication
#<VirtualHost *:port-number-for-the-reception-of-connection-requests-from-web-browser-during-SSL-communication>
#  ServerName host-name-of-Web-Console-server
#  SSLEngine On
#  SSLCertificateFile "JP1/AJS3-Web-Console-installation-folder/uCPSB/httpsd/conf/ssl/server/name-of-server-certification-file"
#  SSLCertificateKeyFile "JP1/AJS3-Web-Console-installation-folder/uCPSB/httpsd/conf/ssl/server/name-of-private-key-file"
#  SSLProtocol version-of-TLS-used-for-SSL-communication
#  SSLCipherSuite TLSv1.3 list-of-cipher-types-available-with-TLSv1.3
#  SSLCipherSuite list-of-cipher-types-available-with-TLSv1.2
#  AllowEncodedSlashes On
#</VirtualHost>
  
Include "JP1/AJS3-Web-Console-installation-folder/uCPSB/CC/web/redirector/mod_jk.conf"
  
Include "JP1/AJS3-Web-Console-installation-folder/uCPSB/CC/web/redirector/mod_jk.conf"

Note that lines beginning with a hash mark (#) are comment lines.

(5) Setting items

The following describes the items to be set.

(a) JP1/AJS3 - Web Console installation folder

The installation folder for JP1/AJS3 - Web Console is set automatically.

You do not need to change this setting at setup.

(b) Host name of Web Console server

The host name of a Web Console server is set automatically.

If you have changed the host name of the Web Console server, change this setting manually.

(c) Port number to be used for communication between HTTP and J2EE servers

Specify the port number of the port to be used for the communication between the HTTP and J2EE servers on the Web Console server. The default is 22254.

When you want to change the port number from the default, change the port number so that it is appropriate to the environment. Make sure that the value set for the ProxyPass and ProxyPassReverse entries is the same as the value set for the webserver.connector.nio_http.port entry in the user properties file for J2EE server (usrconf.properties). For details, see 3.4.6 Details on the settings in the user properties file for J2EE server (usrconf.properties).

(d) Port number for the reception of connection requests from a web browser

When not using SSL communication, specify the port number of the port at which the Web Console server receives connection requests from the web browser. The default is 22252.

If you have changed the port number for the reception of connection requests from the web browser, change the port number setting.

(e) Port number for the reception of connection requests from a web browser during SSL communication

When using SSL encryption for communication between the Web Console server and a web browser, specify the port number of the port at which the Web Console server receives connection requests from the web browser. The default is 22253.

To enable SSL communication, delete the hash mark (#) at the beginning of the definition line. If you have changed the port number for the reception of SSL communication from the web browser from the default setting, change the port number setting.

For details, see 21.4 Setting up the communication using SSL.

(f) Name of server certification file

When using SSL encryption for communication between the Web Console server and web browser, specify the name of the server certification file obtained from the CA. The default is httpsd.pem.

To enable SSL communication, delete the hash mark (#) at the beginning of the definition line, and then change the default setting to the name of the server certification file.

For details, see 21.4 Setting up the communication using SSL.

(g) Name of private key file

When using SSL encryption for communication between the Web Console server and web browser, specify the name of the private key file. The default is httpsdkey.pem.

To enable SSL communication, delete the hash mark (#) at the beginning of the definition line, and then change the default setting to the name of the private key file.

For details, see 21.4 Setting up the communication using SSL.

(h) Version of TLS used for SSL communication

Specify +TLSv1.2 or +TLSv1.3 as the version of the TLS protocol used for SSL communication. Only the specified version of the TLS protocol is enabled for SSL communication. You can also specify multiple versions in a space-separated list format.

Example:

In the following examples, Δ indicates a halfwidth space.

  • To enable only TLSv1.2, specify the following:

    SSLProtocolΔ+TLSv1.2

  • To enable only TLSv1.3, specify the following:

    SSLProtocolΔ+TLSv1.3

  • To enable TLSv1.2 and TLSv1.3, specify the following:

    SSLProtocolΔ+TLSv1.2Δ+TLSv1.3

The default is +TLSv1.2.

To enable SSL communication, delete the hash mark (#) at the beginning of the definition line, and then edit the entry according to the TLS protocol versions to be used.

(i) List of cipher types available with TLSv1.3

Specify a list of cipher types available with TLSv1.3 in the following format: SSLCipherSuite TLSv1.3 cipher-type-1:cipher-type-2:cipher-type-3...

You can specify the following values:

  • TLS_AES_128_GCM_SHA256

  • TLS_AES_256_GCM_SHA384

By default, all specifiable values are specified.

To enable SSL communication, always delete the hash mark (#) at the beginning of the definition line even if you do not use TLSv1.3. If you use TLSv1.3, edit the entry according to the cipher types to be used.

(j) List of cipher types available with TLSv1.2

Specify a list of cipher types available with TLSv1.2 in the following format: SSLCipherSuite cipher-type-1:cipher-type-2:cipher-type-3...

You can specify the following values:

  • AES128-GCM-SHA256

  • AES256-GCM-SHA384

  • ECDHE-RSA-AES128-SHA256

  • ECDHE-RSA-AES256-SHA384

  • ECDHE-RSA-AES128-GCM-SHA256

  • ECDHE-RSA-AES256-GCM-SHA384

  • ECDHE-ECDSA-AES128-SHA256

  • ECDHE-ECDSA-AES256-SHA384

  • ECDHE-ECDSA-AES128-GCM-SHA256

  • ECDHE-ECDSA-AES256-GCM-SHA384

By default, all specifiable values are specified.

To enable SSL communication, always delete the hash mark (#) at the beginning of the definition line even if you do not use TLSv1.2. If you use TLSv1.2, edit the entry according to the cipher types to be used.

(6) Note

If a setting is invalid, the JP1/AJS3 HTTP Server service cannot start.