Contact Us Contact Us

HP-UX Apache-based Web Server v.4.09, powered by Apache Tomcat Webmin for 11i v3

  Software Depot
Electronic download
Frequently asked questions
HP Inc. Software Depot
Product details and specifications
Select
Overview
 

HP-UX Apache-based Web Server, HP-UX Tomcat-based Servlet Engine, HP-UX Webmin-based Admin

Components in HP-UX Web Server Suite


Obsolescence plan for HP-UX Web Server Suite v.3.x and v.4.x:

Support for Apache-based Web Server Suite v.3.x and v.4.x powered by Apache Tomcat Webmin has ended on 31st October 2017. It is recommended to migrate to the newer "HP-UX Apache-based Web Server Suite v.5.x powered by Apache Tomcat Webmin" available for download.

Obsolescence plan for HP-UX Tomcat-based Servlet Engine v.6.0.x:

Support for all versions of HP-UX Tomcat-based Servlet Engine v.6.0.x has ended on 31st December 2016. It is recommended to migrate to the newer HP-UX Tomcat-based Servlet Engine v.7.0.x.y version available for download. See Migration Guide for information about migrating from Tomcat 6.0.x to Tomcat 7.0.x.

Obsolescence plan for HP-UX PHP 5.4.x:

Support for all versions of HP-UX PHP 5.4.x has ended on 31st August 2016. It is recommended to migrate to the newer HP-UX PHP 5.6.x available for download.

NOTE:

POODLE vulnerability

To prevent POODLE vulnerability, SSL3 protocol has to be disabled in Apache, Tomcat, and PHP.

  • Apache:

    Disable SSLv3 by adding below line in conf/extra/httpd-ssl.conf file.

    SSLProtocol all -SSLv2 -SSLv3

    Apache-based Web Server of version 2.2.15.22 or later for 11i v3 has this configuration by default.

    For other versions, above configuration has to be made explicitly by users.

  • Tomcat:

    Disable SSLv3 by adding below line in conf/server.xml for SSL connector.

    sslEnabledProtocols="TLS"

    For example:

    <Connector port="8443" protocol="HTTP/1.1" SSLEnabled="true"
    maxThreads="150" scheme="https" secure="true"
    clientAuth="false" sslEnabledProtocols="TLS" />

    Tomcat of version 6.0.39.3 or later for 11i v3 has this configuration by default.

    For other versions, above configuration has to be made explicitly by users.

  • PHP:

    If SSLv2 and SSLv3 are used in PHP scripts , make change to use TLS instead

    Refer http://php.net/manual/en/transports.inet.phpand http://php.net/manual/en/function.curl-setopt.php

    HP-UX Tomcat 5.5.x bundled with Apache-based Web Server v.3.x on HP-UX 11i v3 ends support starting March 2013

    Starting from April 2013, HP-UX Tomcat 5.5.x bundled with Apache-based Web Server v.3.x will no longer be supported by HPE on HP-UX 11i v3 and it will be replaced by newer HP-UX Tomcat 6.x version, which is based on ASF Tomcat 6.x version. Tomcat 6.x version is targeted to be the default version in HP-UX 11i v3 1303 Fusion release instead of Tomcat 5.5.x version.

    It is recommended to migrate to the newer HP-UX Tomcat-based Servlet Engine v.6.0.45.x version available to download from HPE. Migration guide from Tomcat 5.5.x to Tomcat 6.0.x is available at: http://tomcat.apache.org/migration-6.html.

    Please note that Tomcat 5.5.x will continue to be supported on HP-UX 11i v1 and HP-UX 11i v2 till their respective support timeliness or until further notice.

    HP-UX PHP 5.2.x bundled with Apache-based Web Server v.2.2.15.18 or earlier on HP-UX 11i v3 ends support starting April 2014. PHP 5.4.x will be the version supported on HP-UX 11i v3 going forward

    Starting April 2014, 11.31 HP-UX Apache-based Web Server bundles ( v.2.2.15.19 and above) will contain PHP 5.4.11.x which is based on PHP 5.4.x version.

    Independent versions PHP 5.4.11.01 and PHP 5.4.11.02 will not be updated and any fixes will be made in PHP 5.4.11.x that is part of Apache bundle. These versions were released to support two versions PHP 5.2.17 and 5.4.11 for 11.31 and allow users to migrate from 5.2.17 to 5.4.11. Now that the migration period (from PHP 5.2 to PHP 5.4) is complete, standalone releases of PHP 5.4.11.x will be discontinued.

    It is recommended to migrate to the newer HP-UX PHP 5.4.11.x version available as part of Apache bundle(( v.2.2.15.19 and above).
    Migration guides are available for PHP 5.2.x to PHP 5.4.x migration at http://php.net/manual/en/migration53.phpand http://php.net/manual/en/migration54.php

    PHP 5.2.x will continue to be supported on HP-UX 11i v1 and HP-UX 11i v2 till their respective support timeliness or until further notice.

    Note: HPE supports HP-UX Apache 2.0.64.x on 11i v1 OS and HP-UX Apache 2.2.15.x on 11i v2 and 11i v3 OS, which is available to download from Software Depot Home Page - Software Depot Home
    All fixes will be provided only on top of latest available HP-UX versions (2.0.64.04 for 11i v1 and 2.2.15.16 for 11i v2 and 11i v3).


    What is HP-UX web server suite?

    HP-UX Web Server Suite is a collection of key software products necessary to deploy, manage, and implement mission critical web servers. The suite is comprised of:

    • HP-UX Apache-based Web Server 
    • HP-UX Webmin-based Admin 
    • HP-UX Tomcat-based Servlet Engine 

    For more information and to download the other components in HP-UX Web Server Suite.

    What is HP-UX Apache-based web server?

    According to Netcraft (http://www.netcraft.com/survey), the Apache Web Server dominates over 60% of today's web server market as the most popular and frequently deployed web server for publishing and serving static and dynamic web pages.

    Engineered through state-of-the-art processes for the highest quality and tailored to run smoothly on HP-UX 11i for PA-RISC and Itanium® processor family-based systems, HPE refers HP-UX Apache-based Web Server as a total solution for web server deployment. The Open Source Apache Web Server 2.2 software developed by the Apache Software Foundation (Apache HTTP Server Project described at http://httpd.apache.org/) serves as the base for HP-UX Apache-based Web Server.

    Apache 2.2 is a major release and the start of a new stable branch and represents the best available version of Apache HTTP Server line from ASF with new features include Smart Filtering, Improved Caching, AJP Proxy, Proxy Load Balancing, Graceful Shutdown support, Large File Support,  the Event MPM, and re-factored Authentication/Authorization.. In addition to the base HTTP server, HPE has combined numerous popular modules from other Open Source projects as well as provided HPE value-added features just for HP-UX platform.

    Note: HP-UX Apache-based Web Server for IPv6 will not start without HP-UX 11i IPv6 product installed.

    What is HP-UX Tomcat-based Servlet engine?

    Tomcat is the Servlet container that is used in the official Reference Implementation for the Java Servlet and Java Server Pages (JSP) technologies. 

    This release of Tomcat 6.0.x (11i v3) implements the Servlet 2.5 and JSP 2.1 specifications.  And the release of Tomcat 5.5.36 (11i v2) implements the Servlet 2.4 and JSP 2.0 specifications.  HP-UX Tomcat-based Servlet Engine comes with documentation including an Admin and a migration guide. It seamlessly integrates into HP-UX Apache-based Web Server.

    What is HP-UX Webmin-based Admin?

    HP-UX Webmin-based Admin is an enterprise-ready GUI management tool that provides an intuitive graphical user interface to easily administer components in HP-UX Web Server Suite. HP-UX Webmin-based Admin is a customized version of the Open Source Webmin software and is fully integrated with HP-UX Web Server Suite. It has the HPE look-and-feel, provides easy access to suite documentation and help pages, and supports HP-UX Apache-based Web Server modules including mod_ssl and auth_ldap.

    HP-UX Webmin-based Admin supports many services and actions required to maintain HP-UX Apache-based Web Server. It is universally accessible via any web browser and can use SSL encryption. Configuration with Webmin does not preclude configuration via other tools, or via the command line. Webmin is an excellent tool for both novice and experienced system administrators. As a tool for novices, it can provide a means of getting involved in system administration with minimal knowledge of the managed component and can be an effective teaching tool. 

    What is new in this version?

    The following enhancements were made in this release:

    Please note the new product version numbering that now corresponds to open source versions. For example, HP-UX Apache-based Web Server v.2.2.15.16 is based on ASF Apache 2.2.15

    • HP-UX Web Server Suite: v.4.08

      • HP-UX Apache-based Web Server 2.2.29.03:
      • OpenSSL 1.0.1 and OpenSSL 1.0.2 are supported on IPF systems.
      • OpenSSL 1.0.2 is supported on PA-RISC systems.
    • HP-UX Web Server Suite: v.4.06

      • HP-UX Apache-based Web Server v.2.2.29.02:

      HP-UX Apache-based Web Server 2.2.29.02 is based on ASF Apache 2.2.29.

      Other enhancements and defect fixes:

      Security fixes:

      1. CVE-2015-4000: Allows to configure custom DHE or ECDHE parameters via the SSLCertificateFile directive.
      2. CVE-2015-3183

      Defect fixes:

      1. mod_cgid and mod_cgi works as excepted when enabled with suexec.
      2. TLS 1.2 works as excepted for 32-bit Apache on IPF server.
      3. On IPF server, issue with restarting Apache on chroot environment is resolved.
    • HP-UX Web Server Suite: v.4.05

      • HP-UX Apache-based Web Server v.2.2.29.01:

      HP-UX Apache-based Web Server 2.2.29.01 is based on ASF Apache 2.2.29.

      Other enhancements:

      The Following directive is enabled for the SSL module, which can be used to disable session tickets.
      Session tickets are enabled by default.

      • SSLNoTickets on|off
      • Default: SSLNoTickets off
      • mkcert.sh script generates SHA-256 based certificates.
      • 32-bit httpd can support more than 1GB address space.

      Note: Features/fixes that were available in HP-UX Apache web server 2.2.15.x are made available in 2.2.29.x also, whichever are not available in 2.2.29.


      • HP-UX PHP 5.4.40.01:

      HP-UX PHP 5.4.40.01 is based on PHP 5.4.40


      • HP-UX Tomcat-based Servlet Engine 6.0.43.01 (HP-UX 11i v3):

      Tomcat version 6.0.43.01 is based on ASF Tomcat 6.0.43.


      • HP-UX Webmin-based Admin (1.070.13):

      Known Issues in HP-UX Webmin-based Admin1.070.13

      1. webmin page with https may not be accessible , with some browsers like Microsoft Internet Explorer.
      2. "HP-UX Web Server Suite" -> "HP-UX Apache-based Web Server" -> "Certificate Manager" of Webmin cannot create a certificate with SHA-2 hash algorithm.

      Workarounds

      Step 1. Re-generate certificate file “/opt/hpws22/webmin/conf/miniserv.pem” by using one of the following approaches

      1. Use openssl

      # openssl req -x509 -newkey rsa:2048 \
      -days 3650 -nodes -subj \
      "/C=US/ST=MyServer Statel/L=MyServer Town/O=MyServer, Ltd/OU=MyUnit Name/CN=www.myserver.dom" \
      -keyout /opt/hpws22/webmin/conf/miniserv.pem \
      -out /opt/hpws22/webmin/conf/miniserv.pem

      2. Use /opt/hpws22/apache/util/mkcert.sh of Apache web server 2.2.29.x

      Step 2. Configure “ssl” as 1 in the configuration file /opt/hpws22/webmin/conf/miniserv.conf:

      ssl=1

      Step 3. Restart the webmin service

      /opt/hpws22/webmin/webmin-init {restart,start}

    • Dependencies

      • mod_auth_kerb module depends on D.1.6.2 Kerberos client or higher version
      • mod_perl depends on Perl D.5.8.8.D version
  • Why use HP-UX Apache-based web server, HP-UX Tomcat-based Servlet engine and HP-UX Webmin-based Admin?

    From displaying information on simple, static web pages to serving as a secured e-Commerce store handling many simultaneous clients, today's web site must support a wide variety of technologies. To meet these needs, HPE offers HP-UX Apache-based Web Server, HP-UX Tomcat-based Servlet Engine and HP-UX Webmin-based Admin as components in HP-UX Web Server Suite.

      • investment protection by leveraging the Open Source community and industry effort in continuous, leading-edge development of the most popular web server. HPE has bundled many valuable technologies with the core Apache web server to provide a highly optimized web server solution. HPE customers receive direct cost savings because HP-UX Web Server Suite is absolutely free and is pre-bundled with HP-UX Operating Environment.
      • rich and flexible features with breadth when compared to other commercial web servers, new functionality is easily added with Perl, C and C++ server modules. Server-side Java technologies are implemented through Tomcat Servlet and JSP. Delivery of dynamic data is quick and easy using the PHP scripting language and its built-in database connectivity. WebDAV provides efficient remote web publishing and content management.
      • security you can trust for secure transactions with full strength 128-bit/168-bit encryption and the most popular Open Source security modules, mod_ssl and OpenSSL. HP-UX Apache-based Web Server also supports Digital Badge/certificate and authentication, secure HTTP client authentication using LDAP, reverse web proxying, and file system security (Chroot) to provide additional layers of protection from intruders. HP-UX Apache-based Web Server offers high-speed data encryption so HPE customers don't have to sacrifice performance for good security.
      • simple, easy, and out-of-the-box is what HPE customers can expect. HP-UX Web Server Suite allows customers to install in simple steps and manage using easy-to-use, web-based administration. HP-UX Web Server Suite is available as a free web download or pre-bundled with HP-UX.

    HP-UX Apache-based web server product specifications

    Apache Web Server 2.2.29 from ASF, built with worker Multi-Processing Module (MPM)
    Modules statically included: core, http_core, mod_so, worker
    Other standard modules dynamically included: mod_alias, mod_asis, mod_auth_basic, mod_auth_digest, mod_auth_kerb, mod_auth_xradius, mod_authn_alias, mod_authn_anon, mod_authn_dbd, mod_authn_dbm, mod_authn_default,
    mod_authn_file, mod_authnz_ldap, mod_authz_dbm, mod_authz_default, mod_authz_groupfile, mod_authz_host, mod_authz_owner, mod_authz_user, mod_autoindex, mod_cache, mod_case_filter, mod_case_filter_in, mod_cern_meta, mod_cgi, mod_cgid, mod_charset_lite, mod_dav, mod_dav_fs, mod_dav_lock, mod_dbd, mod_deflate, mod_dir, mod_disk_cache, mod_dumpio, mod_echo, mod_env, mod_example, mod_expires, mod_ext_filter, mod_file_cache, mod_filter, mod_headers, mod_ident, mod_imagemap, mod_include, mod_info, mod_actions, mod_jk,mod_jk2,mod_ldap, mod_log_config, mod_log_forensic, mod_logio, mod_mem_cache, mod_mime, mod_mime_magic, mod_negotiation, mod_perl, mod_proxy, mod_proxy_ajp, mod_proxy_balancer, mod_proxy_connect, mod_proxy_ftp, mod_unique_id, mod_proxy_http, mod_rewrite, mod_setenvif, mod_speling, mod_ssl, mod_status, mod_substitute, mod_suexec, mod_userdir, mod_usertrack, mod_version, mod_vhost_alias, libphp5.

      • mod_authnz_ldap allows an LDAP directory to be used to store the database for HTTP Basic authentication.
      • mod_ldap this module adds an LDAP connection pool and an LDAP shared memory cache.
      • mod_deflate provides a filter to compress content from your server before sending it to the client. It can also decompress a gzip-compressed request body.
      • mod_suexec allows CGI and SSI programs to run under user IDs different from the user ID of the web server.
      • IPv6 capability is incorporated into this product. Since HP-UX Web Server Suite is dependent on other products such as Java and Perl, this version of the web server may or may not work the same as in the IPv4 product. Read the "system requirements" and "IPv6 Functionality Supported" below, as well as the documentation provided in the bundle. This product can be used in either IPv4 or IPv6 mode and includes the same feature set as the IPv4 HP-UX Apache-based Web Server product. Make sure to select the correct "software specification" on the Registration page to download the IPv6 product.
      • The enhanced Apache Application Programmable Interface (API/APR) increases portability of customized and third-party modules by isolating platform-specific implementations.
      • Worker MPM (Multi-Processing Module) offers better scalability and robustness in load balancing than Apache 1.3.
      • WebDAV (Web-based Distributed Authoring and Versioning) permits users to create, move, copy, and delete files and directories remotely for easier web publishing and content management.

    HPE-added features:

      • Modules dynamically included: mod_perl, mod_php5.
      • Introduced new module called mod_auth_xradius to authenticate RADIUS server.
      • OpenSSL A.01.00.x is an Open Source toolkit that implements the SSL/TLS security protocols.
      • Added new directives “CGIScriptTimeoutEnabled” , “CGIScriptTimeout”  and “ScriptMultipleDaemons” to improve the performance of mod_cgid.
      • HP-UX Bastille is a security hardening/lockdown tool which can be used to enhance the security of HP-UX operating system. HP-UX Apache-based Web Server fully supports Bastille functionality.
      • Chroot enables a named directory to become the root directory to protect the root file system.
      • mod_jk 1.2.5 and mod_jk2 are Servlet connectors to Tomcat that replace mod_jserv Servlet connector found in previous versions of HP-UX Apache-based Web Server. mod_jk and mod_jk2 work with the ajpv13 protocol.
      • mod_perl 1.99_10 makes it possible to write Apache modules entirely in Perl. In addition, the persistent interpreter embedded in the server avoids the overhead of starting an external interpreter for each Perl CGI request. mod_perl is configured for Perl 5.8.8.
      • PHP 5.4.40 is an HTML embedded, server-side, cross-platform, scripting language with support for database access. It also supports Oracle 8.1.6 database connectivity using PHP extensions.
      • Support for loading customized Apache modules implemented in C++.
      • Automatic Restart of Apache/Tomcat/Webmin on reboot. More information on customization configuration of this feature can be found in the Admin Guide.
      • apr_shm is a 2-layer abstraction library which simplifies the usage of shared memory between forked processes on Unix platforms. apr_shm supports session caching using either hash tables or circular buffers. apr_shm replaces Shmem support that was in previous versions of HPE Apache-based Web Server 2.x and MM support that was in HPE Apache-based Web Server 1.3.x.
      • Utilities:
        • alternate root utility moves the components of HP-UX Web Server Suite to another directory after it is installed in its default location.
        • cache utility helps create a caching file for improved Apache performance.
        • chroot utility copies commonly used Apache files into the chroot directory.
        • mkcert utility generates private keys, certificate signing requests, and certificates for the Certificate Authority (CA), server, and client.
        • ports utility reads and displays the ports for all the components currently configured in the bundle.
        • test certmig utility tests importing and exporting certificates from a Netscape Certificate Database.
      • Example modules for developers (mod_example, mod_echo).
      • HPE integration, testing and optimization for smooth deployment in HP-UX environment.
      • Documentation created specifically for HP-UX Web Server Suite including FAQs, user, administration and migration guides.

    HP-UX Tomcat-based Servlet engine product specifications:

      • Tomcat 6.0.x is a Servlet container which is compliant with Java Servlet 2.5 and Java Server Pages 2.1 specifications.
      • Tomcat 5.5.36 is a Servlet container which is compliant with Java Servlet 2.4 and Java Server Pages 2.0 specifications.

    HP-UX Webmin-based Admin product specifications:

      • Webmin 1.070 is a web-based administration and configuration tool from Webmin.
      • It has been extensively enhanced to be more tightly integrated with HP-UX Web Server Suite. Many changes have been made, including new HPE look-and-feel, easy access to documentation, support for more Apache modules (auth_ldap, mod_ssl), added "help" for Apache directives.

    System requirements:

    This package can be installed on HP-UX 11i v3  for PA-RISC and Itanium® processor family-based systems. Make sure to select the correct "software specification" on the Registration page. In addition, the following are package requirements.

    HP-UX Apache-based Web Server:

    HP-UX Apache-based Web Server installs into /opt/hpws22/apache and uses 150 MB of disk space.

    Apache binaries (PA-RISC) require ID and Lebda version B.11.32 or higher.
    To determine the version on your machine, type
    ld -V and what /usr/lib/libdld.sl at the command line.


    Under Maintenance/ Support click on "Individual Patches". Scroll down to "retrieve a specific patch by entering the patch name" and enter the patch number in the input field. Note that on any given system, the versions of ID and libdld should be the same.

    IPv6 Support - See "IPv6 Functionality Supported" below for for more information.

        • HP-UX 11i v2 (IPF): IPv6 is supported
        • mod_perl requires Perl v.5.8.8. 
        • For IPF, a 64-bit version of Perl 5.8.8 is required.

    PHP Extensions have the following requirements
    Except OCI extension all other extension are linked to archive libraries.

        • Oracle (oci8.sl) - Oracle client side libraries version 10g or later.

    Building DSOs using apxs (Apache Extension Tool) uses Perl and expects it to be installed at /opt/perl/bin/perl
    Either download and install Perl as described for mod_perl, or change the path in the apxs script to the Perl location installed on your machine.

    HP-UX Tomcat-based Servlet Engine:

    HP-UX Tomcat-based Servlet Engine installs into /opt/hpws22/tomcat and uses 20 MB of disk space.

    Tomcat requires HPE JRE version 1.6 or higher is recommended. If your web application uses JSPs (Java Server Pages) then you will also need the JDK (Java Development Kit) so you can compile the JSPs.

    HP-UX Webmin-based Admin:

    HP-UX Webmin-based Admin installs into /opt/hpws22/webmin and uses 20 MB of disk space.

    Webmin requires  Perl 5 or higher and expects it to be installed at /opt/perl/bin/perl.

    IPv6 support: not supported. See below for for more information.

    IPv6 Functionality Supported:

    HP-UX Apache-based Web Server, HP-UX Tomcat-based Servlet Engine and HP-UX Webmin-based Admin may or may not work the same as in the corresponding IPv4 products.

    HP-UX Tomcat-based Servlet Engine:

      • Starting with 1.4, Java has support for IPv6.

    HP-UX Webmin-based Admin:

      • Currently there is no support for IPv6 in Perl. Since HP-UX Webmin-based Admin is entirely written in Perl, it is not supported for IPv6 platform.

    Also, HP-UX Webmin-based Admin currently does not have support for recognizing IPv6 addresses correctly. Therefore, specifying IPv6 addresses for Apache may not work.

    HP-UX Apache-based Web Server:

      • Complete Support
        The following components work on IPv6 platform, and all the functionality of IPv6 is also implemented.
        • Apache Core
        • SSL
        • PHP
        • SSI
        • CGI (C-based and shell script)
      • Partial Support
        Although the following components work on the IPv6 platform, they may not behave correctly for networking calls related to IPv6 address, due to lack of underlying support.
        • OpenSSL
          OpenSSL does not have support for IPv6. However, on an IPv6 machine, it could still be used in IPv4 mode.
        • mod_ssl
          Since HP-UX Apache-based Web Server implements the SSL using the OpenSSL library, mod_ssl does not support IPv6 addresses.
        • ab and OpenSSL
          /opt/hpws22/apache/bin/ab implements SSL using OpenSSL. Since OpenSSL does not have support for IPv6, ab does not either.
        • SSL clients
          Currently, there are no SSL clients available from HPE on HP-UX for IPv6. However, one could use the standard SSL clients in IPv4 mode.
        • CGI (Perl-based)
        • mod_perl CGI scripts or Perl modules written in Perl will return failure for any calls to gethostbyname() for the IPv6 addresses, as Perl does not support IPv6. Hence, CGI and mod_perl are supported only in IPv4 mode.
        • LDAP connectivity
          If your LDAP server is not IPv6 capable, then you will need to configure your auth_ldap to connect to the LDAP server using the IPv4 address.
        • WebDAV
          Currently there are no IPv6 compatible clients for WebDAV. Hence, WebDAV with IPv6 addresses is not supported for this release of HP-UX Apache-based Web Server.

          Technical support

          HP-UX Web Server Suite is supported by the HPE Worldwide Response Centers for customers with an HP-UX support contract.

          Software Depot Pages content updates note

          Content on this page is updated for the latest web release (WEB1707).

           

     
    Additional product information
    Product #: HPUXWSATW409
    Version: 4.09
    Software specification: HP-UX 11.31(HPUXWS22ATW-B409-11-31-64.depot)
    HP-UX 11.31(HPUXWS22ATW-B409-11-31-32.depot)
    Installation
    Select