Configuration of the Web Dispatcher Server Port

Parameter: icm/server_port_<xx>

Business Case:

You want to set up the Web dispatcher server port and need information about the configuration options for profile parameter icm/server_port_<xx>. This parameter specifies the Web dispatcher server port or service (PORT) to use for a protocol (PROT). Further properties of the service can also be defined, such as:

TIMEOUT and PROCTIMEOUT options
EXTBIND: Use external binding program
HOST: Do not bind the port to all host names
SSLCONFIG: SSL configuration
VCLIENT: Provide a X.509 certificate
ACLFILE: Use access control lists

Example

Below are four examples of the possible configuration:

Example A: PROT=HTTP, PORT=8080, TIMEOUT=15

Opens port 8080 for HTTP requests and closes the network connection after 15 seconds if there is no activity.
Example B: PROT=HTTP, PORT=80, TIMEOUT=45, EXTBIND=1, HOST=prd.sap.de

Opens port 80 for HTTP requests and closes the network connection after 45 seconds if there is no activity. Since port 80 under UNIX can only be bound by the user root, the external binding program is activated. The port is bound only to the host name prd.sap.de.
Example C: PROT=HTTPS, PORT=443, TIMEOUT=15, PROCTIMEOUT=45, VCLIENT=0

Opens port 443 for HTTPS requests and closes the network connection after 15 seconds if there is no activity. The timeout for processing in the back end is 45 seconds, and the server asks the client not to send a certificate.
Example D: PROT=HTTPS, PORT=8444, SSLCONFIG=ssl_config_0

Opens port 8444 for HTTPS requests and sets the SSL configuration as it is set in parameter ssl_config_0.

Configuration

Prerequisite:

icm/server_port_<xx> is a generic profile parameter.

Generic profile parameters are used to specify several items, such as ports on which a software component is to receive requests.

The <xx> index is a number without a leading 0. You do not need to use the indexes in ascending order; that is, you can, for example, configure only icm/server_port_2.

The character string has the following syntax:

PROT= <Protocol name> , PORT= <port or service name> [, TIMEOUT= <timeout> , PROCTIMEOUT= <proctimeout> , EXTBIND=1, HOST= <host name> , SSLCONFIG=ssl_config_ <xx> , VCLIENT= <SSL client verification> , ACLFILE= <ACL file> ]

PORT: Specifies the port

With option PORT you can specify the port by its number or service name. Precisely one service can be bound on any one port.

TIMEOUT and PROCTIMEOUT options

You can configure two different types of timeouts:

TIMEOUT = Keepalive timeout for the network connection

The keep-alive timeout specifies how long the network connection remains open once the request has been successfully processed. This means that the TCP/IP connection may not have to be set up again for further requests that may arrive. Note that if you configure the timeout in parameter icm/server_port_<xx>, you override the specifications made in parameter icm/keep_alive_timeout.
PROCTIMEOUT= Processing timeout for communicating with the back end (work process)

The processing timeout specifies the timeout between sending an HTTP request and receiving an HTTP response.

EXTBIND: Use external binding program

To bind port numbers smaller than 1024 on UNIX, use option EXTBIND=1. The external binding program runs under the root user, and is authorized to bind these ports.

HOST: Do not bind port to all host names

With optional parameter HOST=<host name or IP address>, you can specify that the port is to be bound only to the specified ports, and not to all host names (default setting). In this way the host with only one open port can be reached under different URLs.

SSLCONFIG: SSL Configuration

If you have used parameter icm/ssl_config_<xx> to define the SSL configuration, you have to set option SSLCONFIG to value ssl_config_<xx>.

Make sure that you set <xx> in accordance with parameter icm/ssl_config_<xx> setzen see example D.

VCLIENT: Must provide a X.509 certificate

With optional parameter VCLIENT you can specify whether the client should have an X.509 certificate when you use SSL. There are three verification levels:

0: No certification is required and the server does not ask for one.
1: The server asks the client to transfer a certificate. If the client does not send a certificate, authentication is carried out by another method, (for example, HTTP BASIC authentication, see RFC 2617) (see default values).
2: The client must transfer a valid certificate to the server, otherwise access is denied. Note that this server-specific value overrides the value set with parameter icm/HTTPS/verify_client.

ACLFILE: Use access control lists

Option ACLFILE specifies the file that is used as the access control list (ACL). If the profile parameter is set, the file must exist and its syntax be correct.