CSP Gateway Configuration Guide - InterSystems Documentation

More documents

Recommendations

Info

Introduction to the CSP Gateway To have CSP serve static files for a particular CSP application, place the static files in the CSP application’s file system in the correct location relative to the CSP files that make up the application (not in the web server’s own documents file system). (Note that if you are serving files containing Unicode text, CSP uses the BOM to determine the correct encoding to use. The BOM must be present in Unicode text files.) Consult the sections in this book for your platform. Note: To run Zen-based applications, you must enable the Serve Files option and properly configure your web server. See the section Static Files in Using CSP for more information. 1.7 Enable Sticky Sessions on Hardware Load Balancer on High Availability Solutions For High Availability solutions running over CSP, InterSystems recommends that you use a hardware load balancer for load balancing and failover. InterSystems requires that you enable sticky session support in the load balancer; this guarantees that -- once a session has been established between a given instance of the gateway and a given application server -- all subsequent requests from that user run on the same pair. This configuration assures that the session ID and server-side session context are always in sync; otherwise, it is possible that a session is created on one server but the next request from that user runs on a different system where the session is not present, which results in runtime errors (especially with hyperevents, which require the session key to decrypt the request). See your load balancer documentation for directions on how to enable sticky session support. Note: It is possible to configure a system to work without sticky sessions but this requires that the CSP session global be mapped across all systems in the enterprise and can result in significant lock contention so it is not recommended. For more information on high availability and CSP, see the section “CSP Gateway Considerations” in the Caché High Availability Guide. 1.8 Conventions Used in this Document Where possible, the sample web server configurations described in this document are based on the current default installation for both Caché and the CSP Gateway’s hosting web server. The default paths to the Web Server and Gateway components are used in the configuration blocks. Change paths to these resources to suit your own installation where necessary. Lines terminated with a back-slash (\) are continued to the next line. For example, enter the following line, as shown in this document: Init fn=load-modules shlib=CSPn3.dll \ funcs=csp_term As: Init fn=load-modules shlib=CSPn3.dll funcs=csp_term The default installation directory for Caché is documented in the Default Caché Installation Directory section of the Caché Installation Guide. This guide refers to the default using the variable install-dir and in many examples uses C:\cache-install-dir\ as the installation directory. 6 CSP Gateway Configuration Guide
Conventions Used in this Document 1.8.1 Gateway components and physical installation paths Later sections in this guide describe how the Gateway components should be configured with all supported web servers. The installation paths for components should be regarded as examples rather than taken literally. Also, the InterSystems installers will create and maintain separate Gateway installations for the internal (private) web server and any third-party web server that might be present on the same host. In this context ‘third-party web server’ refers to a web server that is not part of the software installed by InterSystems. The precise installation location of Gateway components is not particularly critical provided: • The physical installation paths match those given in the hosting web server configuration where appropriate. • The security settings, in relation to required access for individual components, are adjusted appropriately. This is particularly important for Gateway components that are accessed directly by the web server since web servers are usually locked down to the extent that the files they are able to access (and executables that can be run) are carefully controlled. It should be borne in mind that security considerations will also be important for any Gateway configuration (and log) files that are accessed by Gateway binaries that are themselves bound to the web server core executable. • The security policy of the hosting web server is respected. Some web servers – notably those shipped with Secure Linux (SELinux) and OpenVMS (HPSWS) – are configured such that it is not possible for them to access files that lie outside their own file system. This restriction will clearly have an impact on where certain web-server-facing Gateway components can be installed. There are four types of Gateway component to consider. 1. Binaries to be loaded by the web server (API based extensions). This includes Windows DLLs, UNIX Shared Objects and OpenVMS Shareable Images: CSPms[Sys].dll CSPn3[Sys].(dll|so|exe) CSPa*[Sys].(dll|so) mod_csp*.(so|exe) The physical location where these are installed should match the corresponding configuration directives in the hosting web server configuration. This includes directives indicating which third-party modules should be loaded. The web server requires permission to read and load these modules. Modules named CSP* require permission to read and write to the Gateway configuration and log files (CSP.ini, CSP.log). These are usually created in the same location as the Gateway binaries. When considering access control for these modules, bear in mind that it is the web server worker processes that need to be able to access the modules together with any dependent configuration and log files. For example, in the case of Apache, the server is usually started with superuser permissions but the worker processes that actually serve web requests run with a much lower level of authority (as indicated by the User and Group directives in the Apache configuration file). It is the User and Group specified for the worker processes that should be granted permission to load the Gateway modules and (where appropriate) the ability to read and write to the configuration and log files (CSP.ini and CSP.log). 2. Executables to be called by the web server (CGI modules). [nph-]CSPcgi[Sys][.exe] The physical location where these are installed should match the corresponding configuration directives in the hosting web server configuration. This will include directives indicating which web requests should be processed by these CGI modules. The worker processes of the hosting web server require execute permission for these modules. There are no further dependencies. CSP Gateway Configuration Guide 7
Page 1 and 2: CSP Gateway Configuration Guide Ver
Page 3 and 4: Table of Contents About this Book .
Page 5 and 6: 5.4 Operating the Network Service D
Page 7: About this Book This book describes
Page 10 and 11: Introduction to the CSP Gateway The
Page 14 and 15: Introduction to the CSP Gateway 3.
Page 16 and 17: Introduction to the CSP Gateway 1.1
Page 18 and 19: CSP Gateway Operation and Configura
Page 62 and 63:
CSP Gateway Operation and Configura
Page 64 and 65:
Web Servers for Microsoft Windows 4
Page 66 and 67:
Page 68 and 69:
Web Servers for Microsoft Windows R
Page 70 and 71:
Web Servers for Microsoft Windows I
Page 72 and 73:
Page 74 and 75:
Page 76 and 77:
Web Servers for Microsoft Windows
Page 78 and 79:
Web Servers for Microsoft Windows B
Page 80 and 81:
Web Servers for UNIX®, Linux, and
Page 82 and 83:
Page 84 and 85:
Page 86 and 87:
Page 89 and 90:
5 Web Servers for HP OpenVMS If you
Page 91 and 92:
Recommended Option: OpenVMS and Apa
Page 93 and 94:
Locked-down Apache Environments for
Page 95:
Operating the Network Service Daemo
Page 98 and 99:
Atypical Configurations for Microso
Page 100 and 101:
Page 102 and 103:
Page 104 and 105:
Page 106 and 107:
Page 108 and 109:
Page 110 and 111:
Page 112 and 113:
Page 114 and 115:
Page 116 and 117:
Page 118 and 119:
Page 120 and 121:
Page 122 and 123:
Page 124 and 125:
Page 126 and 127:
Page 128 and 129:
Atypical Configurations for UNIX®,
Page 130 and 131:
Page 132 and 133:
Page 134 and 135:
Page 136 and 137:
Page 138 and 139:
Page 140 and 141:
Page 142 and 143:
Page 144 and 145:
Page 146 and 147:
Page 149 and 150:
C Atypical Configurations for HP Op
Page 151 and 152:
D Apache Considerations UNIX®, Lin
Page 153 and 154:
Apache Process Management and Capac
Page 155 and 156:
State-Aware Sessions (Preserve mode
Page 157 and 158:
E Building Apache for IBM AIX Note:
Page 159 and 160:
Building Apache for IBM AIX # Rule
Page 161 and 162:
Building Apache for IBM AIX @echo "
Page 163 and 164:
Page 165 and 166:
Page 167:
Building Apache for IBM AIX Having
Page 171 and 172:
G IIS Technical Notes For those int
Page 173 and 174:
Bitness — 32-bit Apps on 64-bit S
show all

CSP Gateway Configuration Guide - InterSystems Documentation

Create successful ePaper yourself

Delete template?

Save as template?