HP-UX
Apache-based Web Server, HP-UX Tomcat-based Servlet Engine, HP-UX Webmin-based
Admin
Obsolescence plan for HP-UX Web Server Suite v.3.x and v.4.x:
Support for Apache-based Web Server Suite v.3.x and v.4.x powered by Apache Tomcat Webmin has ended on 31st October 2017. It is recommended to migrate to the newer "HP-UX Apache-based Web Server Suite v.5.x powered by Apache Tomcat Webmin" available for download.
|
Obsolescence plan for HP-UX Tomcat-based Servlet Engine v.6.0.x:
Support for all versions of HP-UX Tomcat-based Servlet Engine v.6.0.x has ended on 31st December 2016. It is recommended to migrate to the newer HP-UX Tomcat-based Servlet Engine v.7.0.x.y version available for download.
See Migration Guide for information about migrating from Tomcat 6.0.x to Tomcat 7.0.x.
|
Obsolescence plan for HP-UX PHP 5.4.x:
Support for all versions of HP-UX PHP 5.4.x has ended on 31st August 2016. It is recommended to migrate to the newer HP-UX PHP 5.6.x available for download.
|
NOTE:
POODLE
vulnerability
To prevent POODLE vulnerability, SSL3
protocol has to be disabled in Apache, Tomcat, and PHP.
Apache:
Disable SSLv3 by adding below line in
conf/extra/httpd-ssl.conf file.
SSLProtocol all -SSLv2 -SSLv3
Apache-based Web Server of version
2.2.15.22 or later for 11i v3 has this configuration by default.
For other versions, above configuration has
to be made explicitly by users.
Tomcat:
Disable SSLv3 by adding below line in
conf/server.xml for SSL connector.
sslEnabledProtocols="TLS"
For example:
<Connector port="8443"
protocol="HTTP/1.1" SSLEnabled="true"
maxThreads="150" scheme="https"
secure="true"
clientAuth="false" sslEnabledProtocols="TLS"
/>
Tomcat of version 6.0.39.3 or later for 11i
v3 has this configuration by default.
For other versions, above configuration has
to be made explicitly by users.
PHP:
If SSLv2 and SSLv3 are used in PHP scripts
, make change to use TLS instead
Refer http://php.net/manual/en/transports.inet.phpand
http://php.net/manual/en/function.curl-setopt.php
HP-UX Tomcat 5.5.x bundled with
Apache-based Web Server v.3.x on HP-UX 11i v3 ends support starting March
2013
Starting from April 2013, HP-UX Tomcat 5.5.x
bundled with Apache-based Web Server v.3.x will no longer be supported by HPE on
HP-UX 11i v3 and it will be replaced by newer HP-UX Tomcat 6.x version, which is
based on ASF Tomcat 6.x version. Tomcat 6.x version is targeted to be the
default version in HP-UX 11i v3 1303 Fusion release instead of Tomcat 5.5.x
version.
It is recommended to migrate to the newer
HP-UX Tomcat-based Servlet Engine v.6.0.45.x version available to download from
HPE. Migration guide from Tomcat 5.5.x to Tomcat 6.0.x is available at: http://tomcat.apache.org/migration-6.html.
Please note that Tomcat 5.5.x will continue
to be supported on HP-UX 11i v1 and HP-UX 11i v2 till their respective support
timeliness or until further notice.
HP-UX PHP 5.2.x bundled with Apache-based Web Server
v.2.2.15.18 or earlier on HP-UX 11i v3 ends support starting April 2014. PHP
5.4.x will be the version supported on HP-UX 11i v3 going forward
Starting April 2014, 11.31 HP-UX Apache-based Web Server bundles
( v.2.2.15.19 and above) will contain PHP 5.4.11.x which is based on PHP 5.4.x
version.
Independent versions PHP
5.4.11.01 and PHP
5.4.11.02 will not be updated and any fixes will be made in PHP 5.4.11.x
that is part of Apache bundle. These versions were released to support two
versions PHP 5.2.17 and 5.4.11 for 11.31 and allow users to migrate from 5.2.17
to 5.4.11. Now that the migration period (from PHP 5.2 to PHP 5.4) is complete,
standalone releases of PHP 5.4.11.x will be discontinued.
It is recommended to migrate to the newer HP-UX PHP 5.4.11.x
version available as part of Apache bundle(( v.2.2.15.19 and above).
Migration guides are available for PHP 5.2.x to PHP 5.4.x migration at http://php.net/manual/en/migration53.phpand
http://php.net/manual/en/migration54.php
PHP 5.2.x will continue to be supported on HP-UX 11i v1 and
HP-UX 11i v2 till their respective support timeliness or until further notice.
Note: HPE supports
HP-UX Apache 2.0.64.x on 11i v1 OS and HP-UX Apache 2.2.15.x on 11i v2 and 11i
v3 OS, which is available to download from Software Depot Home Page - Software Depot Home
All fixes will be provided only on top of latest available HP-UX versions
(2.0.64.04 for 11i v1 and 2.2.15.16 for 11i v2 and 11i v3).
What is HP-UX web server
suite?
HP-UX Web Server Suite is a collection of key
software products necessary to deploy, manage, and implement mission critical
web servers. The suite is comprised of:
- HP-UX Apache-based Web Server
- HP-UX Webmin-based Admin
- HP-UX Tomcat-based Servlet Engine
For more information and to download the
other components in HP-UX
Web Server Suite.
What is HP-UX Apache-based web
server?
According to Netcraft (http://www.netcraft.com/survey), the
Apache Web Server dominates over 60% of today's web server market as the most
popular and frequently deployed web server for publishing and serving static and
dynamic web pages.
Engineered through state-of-the-art processes
for the highest quality and tailored to run smoothly on HP-UX 11i for PA-RISC
and Itanium® processor family-based systems, HPE refers HP-UX Apache-based Web
Server as a total solution for web server deployment. The Open Source Apache Web
Server 2.2 software developed by the Apache Software Foundation (Apache HTTP
Server Project described at http://httpd.apache.org/) serves as the base
for HP-UX Apache-based Web Server.
Apache 2.2 is a major release and the
start of a new stable branch and represents the best available version of Apache
HTTP Server line from ASF with new features include Smart Filtering, Improved
Caching, AJP Proxy, Proxy Load Balancing, Graceful Shutdown support, Large File
Support, the Event MPM, and re-factored Authentication/Authorization.. In
addition to the base HTTP server, HPE has combined numerous popular modules from
other Open Source projects as well as provided HPE value-added features just for
HP-UX platform.
Note: HP-UX
Apache-based Web Server for IPv6 will not start without HP-UX
11i IPv6 product installed.
What is HP-UX Tomcat-based Servlet
engine?
Tomcat is the Servlet container that is used
in the official Reference Implementation for the Java Servlet and Java Server
Pages (JSP) technologies.
This release of Tomcat 6.0.x (11i v3)
implements the Servlet 2.5 and JSP 2.1 specifications. And the release of Tomcat 5.5.36 (11i
v2) implements the Servlet 2.4 and JSP 2.0 specifications. HP-UX
Tomcat-based Servlet Engine comes with documentation including an Admin and a
migration guide. It seamlessly integrates into HP-UX Apache-based Web
Server.
What is HP-UX Webmin-based
Admin?
HP-UX Webmin-based Admin is an
enterprise-ready GUI management tool that provides an intuitive graphical user
interface to easily administer components in HP-UX Web Server Suite. HP-UX
Webmin-based Admin is a customized version of the Open Source Webmin software
and is fully integrated with HP-UX Web Server Suite. It has the HPE
look-and-feel, provides easy access to suite documentation and help pages, and
supports HP-UX Apache-based Web Server modules including mod_ssl and
auth_ldap.
HP-UX Webmin-based Admin supports many
services and actions required to maintain HP-UX Apache-based Web Server. It is
universally accessible via any web browser and can use SSL encryption.
Configuration with Webmin does not preclude configuration via other tools, or
via the command line. Webmin is an excellent tool for both novice and
experienced system administrators. As a tool for novices, it can provide a means
of getting involved in system administration with minimal knowledge of the
managed component and can be an effective teaching tool.
What is new in
this version?
The following enhancements were made in this
release:
Please note the new product version numbering
that now corresponds to open source versions. For example, HP-UX Apache-based
Web Server v.2.2.15.16 is based on ASF Apache 2.2.15
- HP-UX Web Server
Suite: v.4.09
- HP-UX Apache-based Web Server 2.2.29.04:
Security fixes:
- CVE-2015-3183
- CVE-2016-5387
- CVE-2016-8743
- CVE-2016-2183
- CVE-2017-3167
- CVE-2017-3169
- CVE-2017-7668
- CVE-2017-7679
- CVE-2017-9788
- HP-UX Tomcat-based Servlet Engine 7.0.68.01 (HP-UX 11i v3)):
Tomcat version 7.0.68.01 is based on ASF Tomcat 7.0.68.
- HP-UX Web Server
Suite: v.4.08
- HP-UX Apache-based Web Server 2.2.29.03:
- OpenSSL 1.0.1 and OpenSSL 1.0.2 are supported on IPF systems.
- OpenSSL 1.0.2 is supported on PA-RISC systems.
- HP-UX Web Server
Suite:
v.4.05
- HP-UX Apache-based Web Server
v.2.2.29.01:
HP-UX Apache-based
Web Server 2.2.29.01 is based on ASF Apache 2.2.29.
Other enhancements:
The Following directive is enabled for the SSL module, which can be used
to disable session tickets.
Session tickets are enabled by default.
- SSLNoTickets on|off
- Default: SSLNoTickets off
- mkcert.sh script generates SHA-256 based certificates.
- 32-bit httpd can support more than 1GB address space.
Note: Features/fixes that were available in HP-UX Apache
web server 2.2.15.x are made available in 2.2.29.x also, whichever are not
available in 2.2.29.
HP-UX PHP 5.4.40.01 is based on PHP 5.4.40
- HP-UX Tomcat-based Servlet Engine 6.0.43.01 (HP-UX 11i v3):
Tomcat version
6.0.43.01 is based on ASF Tomcat 6.0.43.
- HP-UX Webmin-based Admin (1.070.13):
Known Issues in HP-UX Webmin-based Admin1.070.13
1. webmin page with https may not be accessible , with some browsers like Microsoft Internet Explorer.
2. "HP-UX Web Server Suite" -> "HP-UX Apache-based Web Server" -> "Certificate Manager" of Webmin cannot create a certificate with SHA-2 hash algorithm.
Workarounds
Step 1. Re-generate certificate file “/opt/hpws22/webmin/conf/miniserv.pem” by using one of the following approaches
1. Use openssl
# openssl req -x509 -newkey rsa:2048 \
-days 3650 -nodes -subj \
"/C=US/ST=MyServer Statel/L=MyServer Town/O=MyServer, Ltd/OU=MyUnit Name/CN=www.myserver.dom" \
-keyout /opt/hpws22/webmin/conf/miniserv.pem \
-out /opt/hpws22/webmin/conf/miniserv.pem
2. Use /opt/hpws22/apache/util/mkcert.sh of Apache web server 2.2.29.x
Step 2. Configure “ssl” as 1 in the configuration file /opt/hpws22/webmin/conf/miniserv.conf:
ssl=1
Step 3. Restart the webmin service
/opt/hpws22/webmin/webmin-init {restart,start}
- Dependencies
- mod_auth_kerb module depends on
D.1.6.2 Kerberos client or higher version
- mod_perl depends on Perl
D.5.8.8.D version
Why use
HP-UX Apache-based web server, HP-UX Tomcat-based Servlet engine and HP-UX
Webmin-based Admin?
From displaying
information on simple, static web pages to serving as a secured e-Commerce store
handling many simultaneous clients, today's web site must support a wide variety
of technologies. To meet these needs, HPE offers HP-UX Apache-based Web Server,
HP-UX Tomcat-based Servlet Engine and HP-UX Webmin-based Admin as components in
HP-UX Web Server Suite.
- investment
protection
by leveraging the Open Source community and industry effort in continuous,
leading-edge development of the most popular web server. HPE has bundled many
valuable technologies with the core Apache web server to provide a highly
optimized web server solution. HPE customers receive direct cost savings
because HP-UX Web Server Suite is absolutely free and is pre-bundled with
HP-UX Operating Environment.
- rich and flexible features with
breadth when
compared to other commercial web servers, new functionality is easily added
with Perl, C and C++ server modules. Server-side Java technologies are
implemented through Tomcat Servlet and JSP. Delivery of dynamic data is
quick and easy using the PHP scripting language and its built-in database
connectivity. WebDAV provides efficient remote web publishing and content
management.
- security you can
trust for
secure transactions with full strength 128-bit/168-bit encryption and the
most popular Open Source security modules, mod_ssl and OpenSSL. HP-UX
Apache-based Web Server also supports Digital Badge/certificate and
authentication, secure HTTP client authentication using LDAP, reverse web
proxying, and file system security (Chroot) to provide additional layers of
protection from intruders. HP-UX Apache-based Web Server offers high-speed
data encryption so HPE customers don't have to sacrifice performance for good
security.
- simple, easy, and
out-of-the-box is what HPE customers can expect.
HP-UX Web Server Suite allows customers to install in simple steps and
manage using easy-to-use, web-based administration. HP-UX Web Server Suite
is available as a free web download or pre-bundled with HP-UX.
HP-UX Apache-based web server product
specifications
Apache Web Server 2.2.29 from ASF, built with worker
Multi-Processing Module (MPM)
Modules statically included:
core, http_core, mod_so, worker
Other standard modules
dynamically included: mod_alias, mod_asis, mod_auth_basic,
mod_auth_digest, mod_auth_kerb, mod_auth_xradius, mod_authn_alias,
mod_authn_anon, mod_authn_dbd, mod_authn_dbm,
mod_authn_default, mod_authn_file,
mod_authnz_ldap, mod_authz_dbm, mod_authz_default, mod_authz_groupfile,
mod_authz_host, mod_authz_owner, mod_authz_user, mod_autoindex, mod_cache, mod_case_filter, mod_case_filter_in, mod_cern_meta,
mod_cgi, mod_cgid, mod_charset_lite, mod_dav,
mod_dav_fs, mod_dav_lock, mod_dbd, mod_deflate, mod_dir, mod_disk_cache,
mod_dumpio, mod_echo, mod_env, mod_example,
mod_expires, mod_ext_filter, mod_file_cache, mod_filter, mod_headers, mod_ident,
mod_imagemap, mod_include, mod_info, mod_actions, mod_jk,mod_jk2,mod_ldap, mod_log_config, mod_log_forensic, mod_logio, mod_mem_cache, mod_mime, mod_mime_magic, mod_negotiation, mod_perl, mod_proxy, mod_proxy_ajp, mod_proxy_balancer, mod_proxy_connect, mod_proxy_ftp,
mod_unique_id, mod_proxy_http, mod_rewrite, mod_setenvif, mod_speling, mod_ssl, mod_status, mod_substitute, mod_suexec, mod_userdir, mod_usertrack, mod_version, mod_vhost_alias, libphp5.
- mod_authnz_ldap allows an LDAP directory to be
used to store the database for HTTP Basic authentication.
- mod_ldap this module adds an LDAP
connection pool and an LDAP shared memory cache.
- mod_deflate provides a filter to compress
content from your server before sending it to the client. It can also
decompress a gzip-compressed request body.
- mod_suexec allows CGI and SSI programs to
run under user IDs different from the user ID of the web
server.
- IPv6 capability is incorporated into
this product. Since HP-UX Web Server Suite is dependent on other products
such as Java and Perl, this version of the web server may or may not work
the same as in the IPv4 product. Read the "system requirements" and "IPv6
Functionality Supported" below, as well as the documentation provided in the
bundle. This product can be used in either IPv4 or IPv6 mode and includes
the same feature set as the IPv4 HP-UX Apache-based Web Server product. Make
sure to select the correct "software specification" on the Registration page
to download the IPv6 product.
- The enhanced Apache
Application Programmable Interface (API/APR) increases
portability of customized and third-party modules by isolating
platform-specific implementations.
- Worker MPM (Multi-Processing Module) offers
better scalability and robustness in load balancing than Apache
1.3.
- WebDAV (Web-based Distributed Authoring
and Versioning) permits users to create, move, copy, and delete files and
directories remotely for easier web publishing and content
management.
HPE-added
features:
- Modules dynamically
included:
mod_perl, mod_php5.
- Introduced new module called
mod_auth_xradius to
authenticate RADIUS server.
- OpenSSL A.01.00.x is an Open Source
toolkit that implements the SSL/TLS security protocols.
- Added new directives
“CGIScriptTimeoutEnabled” , “CGIScriptTimeout” and “ScriptMultipleDaemons” to
improve the performance of mod_cgid.
- HP-UX
Bastille is
a security hardening/lockdown tool which can be used to enhance the security
of HP-UX operating system. HP-UX Apache-based Web Server fully supports
Bastille functionality.
- Chroot enables a named directory to
become the root directory to protect the root file system.
- mod_jk 1.2.5 and mod_jk2 are Servlet
connectors to Tomcat that replace mod_jserv Servlet connector found in
previous versions of HP-UX Apache-based Web Server. mod_jk and mod_jk2 work
with the ajpv13 protocol.
- mod_perl 1.99_10 makes it possible to
write Apache modules entirely in Perl. In addition, the persistent
interpreter embedded in the server avoids the overhead of starting an
external interpreter for each Perl CGI request. mod_perl is configured for
Perl 5.8.8.
- PHP 5.4.40 is an HTML embedded,
server-side, cross-platform, scripting language with support for database
access. It also supports Oracle 8.1.6 database connectivity using PHP
extensions.
- Support for loading customized
Apache modules implemented in C++.
- Automatic Restart of
Apache/Tomcat/Webmin on reboot. More information on
customization configuration of this feature can be found in the Admin
Guide.
- apr_shm is a 2-layer abstraction library
which simplifies the usage of shared memory between forked processes on Unix
platforms. apr_shm supports session caching using either hash tables or
circular buffers. apr_shm replaces Shmem support that was in previous
versions of HPE Apache-based Web Server 2.x and MM support that was in HPE
Apache-based Web Server 1.3.x.
- Utilities:
- alternate root
utility
moves the components of HP-UX Web Server Suite to another directory after
it is installed in its default location.
- cache
utility
helps create a caching file for improved Apache performance.
- chroot
utility
copies commonly used Apache files into the chroot directory.
- mkcert
utility
generates private keys, certificate signing requests, and certificates for
the Certificate Authority (CA), server, and client.
- ports
utility
reads and displays the ports for all the components currently configured
in the bundle.
- test certmig
utility
tests importing and exporting certificates from a Netscape Certificate
Database.
- Example
modules for
developers (mod_example, mod_echo).
- HPE integration, testing and
optimization for smooth deployment in HP-UX environment.
- Documentation created specifically for HP-UX
Web Server Suite including FAQs, user, administration and migration
guides.
HP-UX Tomcat-based Servlet engine
product specifications:
- Tomcat 6.0.x is a Servlet container
which is compliant with Java Servlet 2.5 and Java Server Pages 2.1
specifications.
- Tomcat 5.5.36 is a Servlet container
which is compliant with Java Servlet 2.4 and Java Server Pages 2.0
specifications.
HP-UX Webmin-based Admin product
specifications:
- Webmin 1.070 is a web-based
administration and configuration tool from Webmin.
- It
has been extensively enhanced to be more tightly integrated with HP-UX Web
Server Suite. Many changes have been made, including new HPE look-and-feel,
easy access to documentation, support for more Apache modules (auth_ldap,
mod_ssl), added "help" for Apache directives.
System
requirements:
This package can
be installed on HP-UX 11i v3 for PA-RISC and Itanium® processor
family-based systems. Make sure to select the correct "software specification"
on the Registration page. In addition, the following are package
requirements.
HP-UX
Apache-based Web Server:
HP-UX Apache-based Web
Server installs into /opt/hpws22/apache and uses 150 MB of disk
space.
Apache binaries (PA-RISC)
require ID and Lebda version B.11.32 or higher.
To determine the version on
your machine, type ld -V
and what /usr/lib/libdld.sl
at the command line.
Under
Maintenance/ Support click on "Individual Patches". Scroll down to "retrieve a
specific patch by entering the patch name" and enter the patch number in the
input field. Note that on any given system, the versions of ID and libdld should
be the same.
IPv6 Support -
See "IPv6 Functionality Supported" below for for more information.
- HP-UX 11i v2 (IPF): IPv6 is
supported
- mod_perl requires Perl
v.5.8.8.
- For IPF, a 64-bit version of Perl 5.8.8 is required.
PHP Extensions
have the following requirements
Except OCI extension all other extension are
linked to archive libraries.
- Oracle (oci8.sl) - Oracle client side libraries version 10g
or later.
Building DSOs using apxs
(Apache Extension Tool) uses Perl and expects it to be installed at /opt/perl/bin/perl
Either download and install Perl
as described for mod_perl, or change the path in the apxs script to the Perl
location installed on your machine.
HP-UX
Tomcat-based Servlet Engine:
HP-UX Tomcat-based
Servlet Engine installs into /opt/hpws22/tomcat and uses 20 MB of disk
space.
Tomcat requires
HPE JRE version 1.6 or higher is recommended. If your web application uses JSPs
(Java Server Pages) then you will also need the JDK (Java Development Kit) so
you can compile the JSPs.
HP-UX
Webmin-based Admin:
HP-UX Webmin-based Admin
installs into /opt/hpws22/webmin and uses 20 MB of disk
space.
Webmin requires
Perl 5 or higher and expects it to be installed at /opt/perl/bin/perl.
IPv6 support: not
supported. See below for for more information.
IPv6 Functionality
Supported:
HP-UX Apache-based
Web Server, HP-UX Tomcat-based Servlet Engine and HP-UX Webmin-based Admin may
or may not work the same as in the corresponding IPv4 products.
HP-UX
Tomcat-based Servlet Engine:
- Starting with 1.4, Java has
support for IPv6.
HP-UX
Webmin-based Admin:
- Currently there is no support for IPv6 in Perl. Since HP-UX
Webmin-based Admin is entirely written in Perl, it is not supported for IPv6
platform.
Also, HP-UX
Webmin-based Admin currently does not have support for recognizing IPv6
addresses correctly. Therefore, specifying IPv6 addresses for Apache may not
work.
HP-UX
Apache-based Web Server:
- Complete
Support
The following components work on
IPv6 platform, and all the functionality of IPv6 is also implemented.
- Apache Core
- SSL
- PHP
- SSI
- CGI (C-based and shell script)
- Partial
Support
Although the following components
work on the IPv6 platform, they may not behave correctly for networking
calls related to IPv6 address, due to lack of underlying support.