Use theAccept directive to configure the iTP Secure WebServer (server-namein the example) to accept HTTP connections on one or more specified transports and ports.
TheAcceptdirective takes the following arguments: -transport transport-name
The transport name (transport-name) is a TCP/IP process name in OSS format (that is, preceded by /G/).
One transport-nameis required. -address server-addr
Use the -addressargument to configure the server to accept connections on a specified address (server-addr). The address you specify can be either a numeric IP address or a valid name or alias registered with the Domain Name Service (DNS). If no -addressargument is specified, the iTP Secure WebServer accepts connections on all IP addresses currently valid for the iTP Secure WebServer machine.
NOTE: If -addressoption is not specified and hostname is not configured for the particular transport process then, iTP Secure WebServer throws"Invalid hostname"error.
The following examples configure the httpd process to receive messages on any IPv4 address associated with the process $ZTC0, to use a specified IPv4 or IPv6 address with the process $ZTC1, and to use the IP address bound to the DNS name www.goblet.comwith the process $ZTC2:
-transport /G/ZTC0
-transport /G/ZTC1 -address 120.1.2.13
-transport /G/ZTC1 -address fe80::ffff:abcd:1 -transport /G/ZTC2 -address www.goblet.com
If server-addris not an IP address associated with the TCP/IP process name in the TCP/IP configuration, an error is reported during httpd process startup. The error message reports that the server cannot bind to the combination of TCP/IP process name, IP address, and port (as specified in the-portargument). If server-addris specified in DNS format, an attempt is made to bind to each IP address to which the DNS name maps. Bindings that fail because the address is not available are ignored. All successful binds are kept. If no binds are successful, an error is reported and the httpd process does not start.
For the DNS format to be used, the address-resolved file,
$SYSTEM.ZTCPIP.RESCONFfor IPv4 addresses and$SYSTEM.ZTCPIP.IPNODES for IPv6 addresses, must be set up and contain the correct IP addresses for the name servers, which are entities defined by DNS.
-name server-name
Use the -nameargument to specify the name used to refer to the server. The iTP Secure WebServer uses this name whenever it needs to generate a URL that refer to itself, such as for redirects.
The name you specify must be a valid name or alias registered with the DNS. For more information about setting up an alias, consult your system or network manager. If no-nameargument is specified, the iTP Secure WebServer uses the server address (server-addr) if -address is specified. Otherwise, the iTP Secure WebServer uses the host name of the machine on which it is running.
-port port-num
Use the -portargument to configure the server to check for connections on a specified port (port-num).
The standard port number for HTTP connections is 80. If you choose another port, check the$SYSTEM.ZTCPIP.SERVICESfile to check that this port has not already been allocated to another service.
If you choose any port number less than 1024, you need to be root (super.super) to start the iTP Secure WebServer. If no-portargument is specified, 80 is used. You can specify any number ofAccept directives in the iTP Secure WebServer configuration file. Omit theAcceptdirective if you plan to use only secure transport.
SCF TCP/IP Configuration
To associate multiple IP addresses with a single TCP/IP process, use the SCF ALTER SUBNET command with theADDALIASparameter, as shown in the example:
SCF> ALTER SUBNET $ZTC0.#SN1, ADDALIAS 120.1.1.12, & SCF> SUBNETMASK %hFFFF0000
This command adds the IP address 120.1.1.12 to the subnet $ZTC0.#SN1. TheSUBNETMASK parameter is required. Each IP address must be added with a separateALTER SUBNETcommand. You can use theDELETEALIASparameter to delete IP addresses that have been added to a subnet using theADDALIASparameter. as shown:
SCF> ALTER SUBNET $ZTC0.#SN1, DELETEALIAS 120.1.1.12
Each IP address must be deleted with a separate ALTER SUBNET command.
Default
There is no default. Specify at least oneAcceptorAcceptSecureTransportdirective.
Examples
To accept HTTP connections on any IPv4 address associated with the process$ZTC0, using default port 80:
Accept -transport /G/ZTC0
To accept HTTP connections on any IPv4 address associated with the process$ZTC0, using port 8080:
Accept -transport /G/ZTC0 -port 8080
To accept HTTP connections on any IPv6 address associated with the process$ZTC0, using default port 80:
Accept -transport /G/ZTC0 -address ::
To accept HTTP connections on any IPv6 address associated with the process$ZTC0, using port 8080:
Accept -transport /G/ZTC0 -address :: -port 8080
To accept HTTP connections on a specific IPv4 address associated with the process$ZTC1, using default port 80:
Accept -transport /G/ZTC1 -address 120.1.2.13
To accept HTTP connections on a specific IPv6 format address associated with the process$ZTC1, using default port 80:
Accept -transport /G/ZTC1 -address fe80::ffff:abcd:1
To accept HTTP connections on the IP address bound to the DNS namewww.goblet.comwith the$ZTC2 process, using default port 80:
Accept -transport /G/ZTC2 -address www.goblet.com
To accept HTTP connections on any IPv4 address associated with the process$ZTC0, To accept HTTP connections on any IPv6 address associated with the process$ZTC0, a specified IPv4 or IPv6 address with the process $ZTC1, and the IP addresses bound to the DNS name
www.goblet.comwith the process$ZTC2, using default port 80, you need threeAccept directives:
Accept -transport /G/ZTC0
Accept -transport /G/ZTC0 -address ::
Accept -transport /G/ZTC1 -address 120.1.2.13
Accept -transport /G/ZTC1 -address fe80::ffff:abcd:1 Accept -transport /G/ZTC2 -address www.goblet.com
AcceptSecureTransport
Syntax
AcceptSecureTransport -transport transport-name -cert cert-name [-address server-addr] [-ciphers list-of-ciphers]
[-name server-name][-port port-num]
[-nossl][-notls][-notls1.0][-notls1.1][-notls1.2][-requestauth/- requireauth][-dh_paramsFilepath filePath][-keyExchange keyexchange- method][-hashAlgorithm list-of-hashalgorithm]
Description
Use the AcceptSecureTransportdirective to configure the server to accept SSL or TLS connections on a specified transport (transport-name) or port (port-num).
TheAcceptSecureTransportdirective takes these arguments: -transport transport-name
The transport name (transport-name) is a TCP/IP process name in OSS format (that is, preceded
by /G/).
One transport-nameis required.