iTP Secure WebServer System Administrator's Guide (iTPWebSvr 5.1+)
Configuring the iTP Secure WebServer
iTP Secure WebServer System Administratorβs Guideβ522659-001
7-7
The Secure Transport Configuration File
(httpd.stl.config)
The Secure Transport Configuration File (httpd.stl.config)
Example 7-2 shows how to configure the iTP Secure WebServer for SSL or PCT. This
sample file, httpd.stl.config, is supplied with the iTP Secure WebServer. For more
information about SSL configuration, see Section 4, Configuring for Secure Transport
.
Configuring Global Session Key Caching
Global session key caching is introduced to improve caching performance. The current
architecture has multiple instances of webserver processes running as a Pathway
serverclass. Each instance maintains its own cache of SSL session keys. However, due
to round-robin load balancing of the iTP WebServer environment, SSL session key
cache hits are rare. This enhancement provides increased overall SSL performance by
allowing a cache of SSL session keys to be shared amongst all instances of the httpd
serverclass, thereby maximizing the cache hits and minimizing the CPU and network
resources required for establishing SSL connections to the Himalaya platform.
If global session key caching is desired, the SK_GlobalCache directive (i.e the
GlobalCache variable), must be set to ON to enable the configuration of the server. If
individual httpd server process session key caching is desired, which is the default, set
the variable to OFF, or omit it.
The value of MAXSERVERS must always be set to 1. This is a single process
serverclass. The value of MAXLINKS and LINKDEPTH must both always be set to
the value of the httpd serverβs MAXSERVERS value. For example:
Server $root/bin/httpd { Server $root/bin/gcache {
... Maxservers 1
Maxservers 50 ---> Maxlinks 50
... Linkdepth 50
} ...
}
The configuration directives SK_CacheSize and SK_CacheExpiration, which are set by
defining the variables CacheSize and CacheExpiration, are optional. The default value
for SK_CacheSize is 1000, and for SK_CacheExpiration is 86400 (24 hours).
Use the new directive SK_GlobalCacheTimeout, to alter the default Pathsend timeout
value of 1/2 second (50/100 second). This timeout determines how long the httpd server
will wait for a response from the global cache server before a timeout error occurs.
To enable tracing you must define the env variable TRACEFILE. All communication
from and to the httpd server is logged. This option should be set only if problems arise.
The following example of the httpd.stl.config file shows global caching enabled.
Note. You cannot use httpd.stl.config and httpd.websafe.config in the same
WebServer environment.
Note. If individual httpd server process session key caching is used, each process will create
it's own cache with SK_CacheSize entries. However, if global session key caching is used, that
single process server will create a single cache also with SK_CacheSize entries. Take this into
consideration when determining the value for SK_CacheSize.