Virtual hosts
The tag Engine is mainly an aggregation of host tags used to configure virtual hosts. The terms 'virtual host' or 'name-based virtual host' describe the fact that several hosts share one and the same IP-based host. The decision which virtual host will be used, is taken by the HTTP header field 'Host' of the request. See also http://www.ietf.org/rfc/rfc2616.txt.
The tag Engine (see table below) may contain one or several host definitions. One of them must be the default. That is the one that will be accessed if no match can be found.
Name | Type, Usage Constraints, Defaults | Description |
---|---|---|
defaultHost | string required, advanced, supports variable replacement default: DNS name of the machine | This attribute specifies the virtual host used if no other virtual host matches. |
generalResourceDir | string basic feature, optional, supports variable replacement | You can use the attribute generalResourceDir to configure a directory. If this directory contains a file with the name navajo_style_sheet.css, the system will use it as style sheet. A file with the name Nevis_f2.gif is used as a GIF file. These two resources are referenced in every HTML response generated by the server. If the system cannot find one of these resources in the configured directory, it it will use the compiled resource. |
useStyleSheet | string basic feature, optional default: false | Set this attribute to "true" to restore original behavior. The following nevisProxy components reference the style sheet: DeflateFilter, StatusServlet, LoginRendererServlet if the built-in login page will be rendered. |
Web applications
Inside the tag Engine, one or several Host tags are used to configure the virtual host:
Name | Engine, type, usage constraints, defaults | Description |
---|---|---|
name | string required, basic connectivity, supports variable replacement default: DNS name of the machine | The attribute name specifies the name of the host as seen from the client. It therefore needs to match the one in the server certificate and DNS. |
One or several web applications may be declared with the tag Context inside a Host tag:
Name | Context , engine, usage constraints, defaults | Description |
---|---|---|
unsecureConnection | enum: deny, redirect, allow, optional, basic feature, default: allow | The attribute 'unsecureConnection' configures the policy if a request is sent using an insecure connection: deny: The access is denied and a respective response is sent to the client; redirect: If at least one secure Connector is configured, a redirect is sent to the client. If no secure Connector is configured, access is deniedallow: the request is processed |
unsecureConnectionRedirect | enum: deny, redirect, allow, optional, basic feature, supports variable replacement, default: allow | The attribute 'unsecureConnectionRedirect ' allows configuration of a secure or additional URL. |
trailingSlashRedirect | boolean, optional, advanced, default: true | The attribute 'trailingSlashRedirect' offers support for legacy URL namespaces: nevisProxy generates redirects to the same resource with a '/' appended, in case a servlet mapping only matches, when the trailing '/' is present. This behavior is necessary for browser clients to correctly handle relative URLs. |
entryURI | string, optional, supports variable replacement, must start with '/' | With the attribute 'entryURI' the entry point to that web application is specified in the following way: If the request is '/' and there is no matching Context or Servlet found, a redirect with the configured value is sent to the browser. |
filePreload | boolean optional, advanced default: false | The attribute 'filePreload' specifies if the files is preloaded at start-up. If set to 'true', any modification of the files during runtime does not have any effect. Due to memory consumption, it is not recommended to preload if there are many or large files. |
docBase | string, required, advanced, supports variable replacement, default: <spool_dir> /work | The attribute docBase defines the path to the directory from where the web application is deployed. It also specifies the path to the web application's WEB-INF directory, which is located inside the <docBase> directory.For security reasons, never put a file containing secret information (like a secret key or some Lua code) into the directory configured as <docBase> in the navajo.xml file. This is because the DefaultFilter can easily access such a file. An exception is the WEB-INF directory inside the <docBase> directory. The WEB-INF directory is protected against the DefaultFilter and cannot be accessed.Proceed as follows if you change this attribute in an existing instance:1. First, stop the nevisProxy. 1. Then copy the existing files to the new location.You need to do this manually because nevisAdmin does not support this use case. 2. Finally, restart the proxy. Do not restart it earlier, otherwise the necessary files will not be found. |
allowedMethods | string array, required, advanced, supports variable replacement, default: GET,POST | The attribute allowedMethods configures the allowed HTTP methods. The following aliases are allowed besides real method names: ALL-HTTP ALL-HTTP is a shortcut for all HTTP methods: GET, POST, HEAD, DELETE, TRACE, CONNECT, OPTIONS, PUT, PATCH ALL-WEBDAV ALL-WEBDAV is a shortcut for all webdav methods: MERGE, UNCHECKOUT, MKACTIVITY, PROPPATCH, LOCK, CHECKOUT, SEARCH, COPY, MKCOL, MKWORKSPACE, PROPFIND, UPDATE, REBIND, BASELINE-CONTROL, UNBIND, CHECKIN, VERSION-CONTROL, UNLOCK, LABEL,MOVE, ACL, BIND, REPORT Methods can also be removed by configuring -<method> . With the attribute allowedMethods, you configure the HTTP methods allowed by the frontend, to connect to nevisProxy. This in contrast to the AllowedMethods parameter of the HttpConnectorServlet, with which you configure the HTTP methods allowed by nevisProxy, to connect to the backend. As the AllowedMethods parameter of the HttpConnectorServlet is mapped to the request, you may also have to adapt it if you modify the allowedMethods attribute described here. For a description of the AllowedMethods parameter, see the chapter HttpConnectorServlet. |
caseSensitiveMapping | boolean, default: true | Makes the mapping of URIs case sensitive. |
rejectIfMaxThreads | boolean, default: false | If set to true , the last available worker thread will send an error response with status code 503 , i.e. the request is rejected. The page to be sent can be configured with the normal error-code page in the web.xml . In most setups, it is not recommended to configure this parameter, as it may block requests too early. |
additionalStatusCodes | integer array, supports variable replacement, default: empty | Allow non-standard HTTP status codes. The configuration of additional status codes is required, for example, when using WebDav (HTTP status code 207 is used by WebDav). |
path | string optional, advanced, supports variable replacement default: empty string | Deprecated The path parameter is deprecated. The attribute 'path' configures the top-level URL namespace of the corresponding web application. The term 'context path' is often used for this attribute. An empty context path means '/', i.e., the web application is invoked for every request. If the context is not empty, it must start with '/', and must not end with '/'. |
docBase | string required, advanced, supports variable replacement default: <spool_dir> /work | The attribute docBase defines the path to the directory from where the web application is deployed. It also specifies the path to the web application's WEB-INF directory, which is located inside the <docBase> directory. For security reasons, never put a file containing secret information (like a secret key or some Lua code) into the directory configured as <docBase> in the navajo.xml file. This is because the DefaultFilter can easily access such a file. An exception is the WEB-INF directory inside the <docBase> directory. The WEB-INF directory is protected against the DefaultFilter and cannot be accessed. Proceed as follows if you change this attribute in an existing instance:1. First, stop the nevisProxy. 1. Then copy the existing files to the new location. You need to do this manually because nevisAdmin does not support this use case. 2. Finally, restart the proxy. Do not restart it earlier, otherwise the necessary files will not be found. |
allowedMethods | string array required, advanced, supports variable replacement default: GET,POST | The attribute allowedMethods configures the allowed HTTP methods. The following aliases are allowed besides real method names: ALL-HTTP: ALL-HTTP is a shortcut for all HTTP methods: GET, POST, HEAD, DELETE, TRACE, CONNECT, OPTIONS, PUT, PATCH; ALL-WEBDAV: ALL-WEBDAV is a shortcut for all webdav methods: MERGE, UNCHECKOUT, MKACTIVITY, PROPPATCH, LOCK, CHECKOUT, SEARCH, COPY, MKCOL, MKWORKSPACE, PROPFIND, UPDATE, REBIND, BASELINE-CONTROL, UNBIND, CHECKIN, VERSION-CONTROL, UNLOCK, LABEL,MOVE, ACL, BIND, REPORT Methods can also be removed by configuring -<method> . With the attribute allowedMethods, you configure the HTTP methods allowed by the frontend, to connect to nevisProxy. This in contrast to the AllowedMethods parameter of the HttpConnectorServlet, with which you configure the HTTP methods allowed by nevisProxy, to connect to the backend. As the AllowedMethods parameter of the HttpConnectorServlet is mapped to the request, you may also have to adapt it if you modify the allowedMethods attribute described here. For a description of the AllowedMethods parameter, see the chapter HttpConnectorServlet. |
caseSensitiveMapping | boolean default: true | Makes the mapping of URIs case sensitive. |
rejectIfMaxThreads | boolean default: false | If the attribute 'rejectIfMaxThreads' is set to 'true', the last available worker thread will send an error response with status code 503, i.e. the request is rejected. Note: The page to be sent can be configured with the normal error-code page in the web.xml. |
additionalStatusCodes | integer array supports variable replacement default: empty | Allow non-standard HTTP status codes. The configuration of additional status codes is required, for example, when using WebDav (HTTP status code 207 is used by WebDav). |