November 2016: Supratim Sanyal's Computing Blog | Wandering Digital Wastelands as a Geek

Saturday, November 19, 2016

DECNET: Connecting Two Digital DEC OpenVMS Servers on Different Internet Hosts to HECNET via a Single Bridge (Multi-Host DECNET Bridge Configuration for HECNET)

DECnet forever! My SIMH OpenVMS VAXen - QCOCAL (1.550) VAX Server 3900 Series in Washington DC and CLOUDY (1.551) VAX 11/780 in Kitchener, Ontario, Canada talk to the HECnet primary router MIM (1.13) - a real PDP-11 in Uppsala, Sweden running RSX-11M-PLUS and, through it, to numerous VAXen and PDPs across the world.

My first SIMH VAX Server 3900 series has been up now for almost a year. I call it "QCOCAL", in memory of a real VAX I used during my stint with Digital Equipment Corporation. The new QCOCAL lives inside a Centos 7 virtual machine on my DELL PowerEdge 2950 in the basement of our house in the Washington, DC metro area. It is connected to HECnet - the global hobbyist DECnet, using the DECnet bridge program written by Johnny Billquist.

Having recently procured a couple of Virtual Private Servers, I installed a second SIMH VAX-11/780 on one of them, calling the VAX "CLOUDY" (because it lives inside a cloud VPS). The VPS is hosted in a data-center in Kitchener, Ontario, Canada.

A view of just internet connectivity of the servers and the simulated VAXen looks like Diagram 1. The NICs of the Linux host servers are bridged and then tun/tap taps are used to connect the SIMH Vaxen. This is because the SIMH simulator grabs the entire configured NIC and we cannot really let it have the host's NIC all for itself (more information see "CHAPTER 3: Creating a TUN/TAP Pseudo Network Device and Bridging to the Host Network Interface").

Diagram 1 - internet connection schematic of two VAX servers to HECnet

To facilitate DECnet protocol communication, the DECnet Bridge program grabs DECnet packets from the ethernet taps (i.e. tap0, tap1), encapsulates them in UDP packets and sends them over the internet connections to be converted back into DECnet packets on the other side. Conceptually, it looks like diagram 2.

Diagram 2: DECnet Bridge connecting VAX Servers over Internet to HECnet

Here is the network configuration of the SIMH host sanyalnet-openvms-vax.freeddns.org which is also LAN accessible as dormarth.sanyalnet.lan (CentOS 6) for QCOCAL:

[root@dormarth ~]# hostname
dormarth.sanyalnet.lan
[root@dormarth ~]# ip address show
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
inet6 ::1/128 scope host
valid_lft forever preferred_lft forever
2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UNKNOWN qlen 1000
link/ether 08:00:27:a1:81:b6 brd ff:ff:ff:ff:ff:ff
inet6 fe80::a00:27ff:fea1:81b6/64 scope link
valid_lft forever preferred_lft forever
3: tap0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UNKNOWN qlen 500
link/ether 5e:e0:9a:25:cc:41 brd ff:ff:ff:ff:ff:ff
inet6 fe80::5ce0:9aff:fe25:cc41/64 scope link
valid_lft forever preferred_lft forever
4: br0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UNKNOWN
link/ether 08:00:27:a1:81:b6 brd ff:ff:ff:ff:ff:ff
inet 10.42.2.2/24 brd 10.42.2.255 scope global br0
inet6 fe80::a00:27ff:fea1:81b6/64 scope link
valid_lft forever preferred_lft forever
[root@dormarth ~]# netstat -rn
Kernel IP routing table
Destination Gateway Genmask Flags MSS Window irtt Iface
10.42.2.0 0.0.0.0 255.255.255.0 U 0 0 0 br0
0.0.0.0 10.42.2.1 0.0.0.0 UG 0 0 0 br0

and QCOCAL (OpenVMS 7.3) itself :

$ SHOW NETWORK /FULL

The following network services are available at this time:

Product: DECnet Manufacturer: Digital Equipment Corporation
Node: QCOCAL Address(es): 1.550
Network Type: DNA V Interface(s): net 0

Node 0
at 2016-11-19-23:45:48.385+00:00Iinf

Identifiers

Name = LOCAL:.QCOCAL
Address =
{
(
[ DNA_CMIP-MICE ] ,
[ DNA_SessionControlV3 , number = 19 ] ,
[ DNA_OSItransportV1 , 'DEC0'H ] ,
[ DNA_OSInetwork , 49::00-01:AA-00-04-00-26-06:21 (LOCAL:.QCOCAL) ]
) ,
(
[ DNA_CMIP-MICE ] ,
[ DNA_SessionControlV2 , number = 19 ] ,
[ DNA_OSItransportV1 , 'DEC0'H ] ,
[ DNA_IP , 0.0.0.0 ]
) ,
(
[ DNA_CMIP-MICE ] ,
[ DNA_SessionControlV3 , number = 19 ] ,
[ DNA_NSP ] ,
[ DNA_OSInetwork , 49::00-01:AA-00-04-00-26-06:20 (LOCAL:.QCOCAL) ]
)
}

Status

UID = 06E08000-DF79-11D4-8001-AA0004000104
State = On
Functions Enabled =
{
Address Watcher ,
CMIP Listener
}
ID = AA-00-27-FD-99-EC

Characteristics

Version = T5.0.3
Implementation =
{
[
Name = OpenVMS VAX ,
Version = "V7.3 "
] ,
[
Name = Compaq DECnet-Plus for OpenVMS ,
Version = "V7.3 30-DEC-2000 00:04:42.43"
]
}
Script Location = <Default value>
Maximum Listeners = 0
Listener Template = <Default value>
Secondary Names =
{
}

Counters

Creation Time = 2016-05-14-17:20:11.690+00:00Iinf
Renames = 8
Changes of ID = 108
IDROM Check Failures = 0
Changes of Address = 0

Node 0 Session Control Port *
at 2016-11-19-23:45:49.115+00:00Iinf

command failed due to:
no such object instance

Node 0 Session Control
at 2016-11-19-23:45:50.025+00:00Iinf

Counters

Creation Time = 2016-11-19-09:42:57.390+00:00Iinf
Access Control Violations = 0
Backtranslation Deletions = 0
Deleted Maintained Objects = 0
Dangling Links = 0
Verification Failures = 0

Product: TCP/IP Manufacturer: Compaq Computer Corporation
Node: sanyalnet-vax.sanyalnet.lan Address(es): 10.42.2.5
Network Type: TCP/IP Interface(s):

Compaq TCP/IP Services for OpenVMS VAX Version V5.1
on a VAXserver 3900 Series running OpenVMS V7.3


Port Remote
Device_socket Type Local Remote Service Host

bg3 DGRAM 520 0 *
bg10 STREAM 21 0 FTP *
bg14 DGRAM 123 0 NTP *
bg15 DGRAM 123 0 NTP *
bg16 DGRAM 123 0 NTP *
bg25 STREAM 25 0 SMTP *
bg29 STREAM 23 0 TELNET *
bg54 DGRAM 750 0 *
bg55 DGRAM 88 0 *
bg57 STREAM 749 0 *
bg58 DGRAM 464 0 *
bg65 STREAM 3333 0 NOTES *
bg69 STREAM 80 0 *
bg2196 DGRAM 49883 0 *
bg2200 DGRAM 49885 0 *
bg4031 STREAM 23 53896 TELNET 10.100.0.1
bg5686 STREAM 23 46942 TELNET 123.120.100.141

Communication Parameters

Local host: sanyalnet-vax Domain: sanyalnet.lan

Maximum Current Peak
Proxies 20


Remote Terminal
Large buffers: 0
UCBs: 0
Virtual term: disabled

Similarly, here is the Linux network configuration of the CentOS 7 server that hosts CLOUDY:

[root@sanyalnet-cloud-vps2 openvms]# ip address show
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
valid_lft forever preferred_lft forever
2: ens33: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast master br0 state UP qlen 1000
link/ether 00:50:56:a4:55:80 brd ff:ff:ff:ff:ff:ff
3: tap0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast master br0 state UP qlen 500
link/ether 62:cb:23:2b:ad:77 brd ff:ff:ff:ff:ff:ff
4: tap1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast master br0 state UP qlen 500
link/ether be:61:88:db:42:78 brd ff:ff:ff:ff:ff:ff
5: tap2: <NO-CARRIER,BROADCAST,MULTICAST,UP> mtu 1500 qdisc pfifo_fast master br0 state DOWN qlen 500
link/ether c2:4b:67:23:11:5d brd ff:ff:ff:ff:ff:ff
6: br0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP
link/ether 00:50:56:a4:55:80 brd ff:ff:ff:ff:ff:ff
inet 64.137.228.122/24 brd 64.137.228.255 scope global br0
valid_lft forever preferred_lft forever
[root@sanyalnet-cloud-vps2 openvms]# netstat -rn
Kernel IP routing table
Destination Gateway Genmask Flags MSS Window irtt Iface
0.0.0.0 64.137.228.1 0.0.0.0 UG 0 0 0 br0
64.137.228.0 0.0.0.0 255.255.255.0 U 0 0 0 br0

And the network configuration on CLOUDY itself:

$ SHOW NETWORK/FULL

The following network services are available at this time:

Product: DECnet Manufacturer: Digital Equipment Corporation
Node: CLOUDY Address(es): 1.551
Network Type: DNA V Interface(s): net 0

Node 0
at 2016-11-20-00:04:46.390+00:00Iinf

Identifiers

Name = LOCAL:.CLOUDY
Address =
{
(
[ DNA_CMIP-MICE ] ,
[ DNA_SessionControlV3 , number = 19 ] ,
[ DNA_OSItransportV1 , 'DEC0'H ] ,
[ DNA_OSInetwork , 49::00-01:AA-00-04-00-27-06:21 (LOCAL:.CLOUDY) ]
) ,
(
[ DNA_CMIP-MICE ] ,
[ DNA_SessionControlV2 , number = 19 ] ,
[ DNA_OSItransportV1 , 'DEC0'H ] ,
[ DNA_IP , 0.0.0.0 ]
) ,
(
[ DNA_CMIP-MICE ] ,
[ DNA_SessionControlV3 , number = 19 ] ,
[ DNA_NSP ] ,
[ DNA_OSInetwork , 49::00-01:AA-00-04-00-27-06:20 (LOCAL:.CLOUDY) ]
)
}

Status

UID = 06E08000-DF79-11D4-8001-AA0004002706
State = On
Functions Enabled =
{
Address Watcher ,
CMIP Listener
}
ID = 08-00-2B-80-15-C8

Characteristics

Version = T5.0.3
Implementation =
{
[
Name = OpenVMS VAX ,
Version = "V7.3 "
] ,
[
Name = Compaq DECnet-Plus for OpenVMS ,
Version = "V7.3 30-DEC-2000 00:04:42.43"
]
}
Script Location = <Default value>
Maximum Listeners = 0
Listener Template = <Default value>
Secondary Names =
{
}

Counters

Creation Time = 2016-11-17-05:26:45.540+00:00Iinf
Renames = 6
Changes of ID = 23
IDROM Check Failures = 0
Changes of Address = 0

Node 0 Session Control Port SCL$PORT$12010012
at 2016-11-20-00:04:47.870+00:00Iinf

Identifiers

Name = SCL$PORT$12010012

Status

Client = Session Control Application 42
Local End User Address = number = 42
Transport Port = NSP Port NSP$PORT_00010013
Direction = Incoming
Remote End User Address = UIC = [0,0]SANYAL
Node Name Sent = <Default value>
Version Sent = V2
Outgoing Network Priority = 0
Incoming Network Priority = 0
Process Identifier = "00000113"

Counters

Creation Time = 2016-11-20-00:04:07.930+00:00Iinf

Node 0 Session Control
at 2016-11-20-00:04:48.910+00:00Iinf

Counters

Creation Time = 2016-11-19-01:40:49.410+00:00Iinf
Access Control Violations = 0
Backtranslation Deletions = 0
Deleted Maintained Objects = 0
Dangling Links = 0
Verification Failures = 0

Product: TCP/IP Manufacturer: Compaq Computer Corporation
Node: sanyalnet-cloudy-vax.gama-digital.com Address(es): 64.137.228.85
Network Type: TCP/IP Interface(s):

Compaq TCP/IP Services for OpenVMS VAX Version V5.1
on a VAX-11/780 running OpenVMS V7.3


Port Remote
Device_socket Type Local Remote Service Host

bg7 STREAM 21 0 FTP *
bg11 DGRAM 123 0 NTP *
bg12 DGRAM 123 0 NTP *
bg13 DGRAM 123 0 NTP *
bg16 STREAM 25 0 SMTP *
bg18 STREAM 23 0 TELNET *

Communication Parameters

Local host: sanyalnet-cloudy-vax Domain: gama-digital.com

Maximum Current Peak
Proxies 20


Remote Terminal
Large buffers: 0
UCBs: 0
Virtual term: disabled

BRINGING IT ALL TOGETHER: DECnet BRIDGE SETUP

Diagram 3: HECnet multi-host bridge configuration:
Connecting two OpenVMS Servers over DECnet and over a single bridge to HECnet

DECnet end-node QCOCAL (1:550) is hosted on sanyalnet-openvms-vax.freeddns.org which runs the DECnet bridge process in multi-host configuration, listening on port 4711 and bridging in

HECnet itself via psilo.update.uu.se on port 4711, and
sanyalnet-cloud-vps2.freeddns.org on port 4712 which runs it's own bridge to DECnet end-node CLOUDY (1.551).

The bridge process is launched with the command line "bridge -p 4711" specifying the listening port, and here is the bridge.conf configuration file:

CLOUDY (1.551) is hosted on sanyalnet-cloud-vps2.freeddns.org which runs the DECnet bridge process listening on port 4712 and bridging to sanyalnet-openvms-vax.freeddns.org on port 4711 which in turn bridges in the HECnet network as well as QCOCAL. The DECnet bridge here is launched using the command line "bridge -p 4712" and the bridge.conf is simple:

DECnet forever!

Monday, November 14, 2016

OpenVMS Log Files Remote Logging to Unix/Linux SYSLOG Facility RSYSLOG

OpenVMS 7.3 on VAX logs on a remote Linux RSYSLOG syslog server

I gather all the logs I can from my many hobbyist servers and systems in a central place on one of my Virtual Private Servers running a rsyslog logger daemon on CentOS 7.

I wanted to add my QCOCAL hobbyist OpenVMS 7.3 VAX system logs to this central syslog server on my VPS.

Fortunately, all the work has already been done by Doug O'Neal from Homewood Academic Computing at Johns Hopkins University, whose SYSLOGD.C program pretty much worked out of the box.

The only tweak I made to Doug's SYSLOGD.C is to support a second OpenVMS Logical "SYSLOGD_PORT" to specify the UDP port number of my remote RSYSLOG Linux server, since I am not running it on the standard port (514). This is in addition to the "SYSLOGD_SERVER" Logical already supported by Doug's code.

Both Logicals need to be defined in the SYSTEM Logical Table LNM$SYSTEM_TABLE. Something like the following three lines in the OpenVMS startup file (SYS$MANAGER:SYSTARTUP_VMS.COM for my OpenVMS 7.3 VAX installation) suffice to start the VMS SYSLOG client at boot time;

$ define/system syslogd_server "64.137.248.212" ! IP address sanyalnet-cloud-vps.freeddns.org
$ define/system syslogd_port "65514" ! UDP Port that remote syslogd is listening on

$ run/detached/process_name=syslogd/input=nl:/output=nl:/error=nl: DUA0:[TOOLS.SYSLOGD]SYSLOGD.EXE

Below is the SYSLOGD.C source code originally by Doug with the minor modifications by me. All credit to Doug O'Neal. This code compiles fine on my installation of Compaq C V6.4-005 on OpenVMS VAX V7.3 and I suspect it will on other versions, including OpenVMS ALPHA per Doug's comments at the top of the code. To build a binary,

$ CC SYSLOGD
$ LINK SYSLOGD

Some warning and informationals are generated by the compiler and linker, but nothing to stop SYSLOGD.EXE from being generated and used.

You can also download the source and OpenVMS VAX V7.3 binary executable from my FAL area on QCOCAL over HECNET or over the internet from QCOCAL served by WASD.

Making it secure

The OpenVMS SYSLOGD facility sends log content to the remote RSYSLOG server with no encryption, in cleartext over UDP. This is totally insecure - any rookie hacker could sniff the packets and learn a lot about what is going on with our OpenVMS server.

We need to make the transmission of the logs to the remote server secure.

Fortunately, I have recently setup a secure tunnel for logging to my remote central log server from my other hobbyist servers, as described in this post. This makes it really easy to secure OpenVMS log transmissions to the central server.

First, I identified a syslog server on the local LAN that is already configured as a secure tunnel (stunnel) client to my central log server. I decided to use the same Linux host (10.42.2.2) that is running the SIMH OpenVMS VAX for this purpose. It is directly and quickly accessible from the SIMH VAX (10.42.2.5) because the SIMH VAX network link is just a tun/tap bridge on the same server.

I opened up /etc/rsyslog.conf on this SIMH host Linux server, and uncommented the following lines to allow rsyslog to accept logger connections over network.

# Provides UDP syslog reception
$ModLoad imudp
$UDPServerRun 514

# Provides TCP syslog reception
$ModLoad imtcp
$InputTCPServerRun 514

The TCP syslog reception port did not really need to be opened up for this rsyslog daemon to accept log entries over UDP from SYSLOGD.EXE on OpenVMS VAX, but may come in useful for later projects.

A restart of the rsyslog daemon on the Linux host is required after editing /etc/rsyslog.conf:

# service rsyslog restart

Then I logged into the OpenVMS VAX server and modified the OpenVMS SYSLOGD startup commands to point to the Linux SIMH host instead of the remote syslog server:

$ define/system syslogd_server "10.42.2.2" ! IP address of the host this SIMH VAX is running on

$ define/system syslogd_port "514" ! UDP Port of the host rsyslog server

SYSLOG then needs to be restarted on OpenVMS VAX:

$ show system

$ stop/id=<id of SYSLOGD>

$ run/detached/process_name=syslogd2vps/input=nl:/output=nl:/error=nl: DUA0:[TOOLS.SYSLOGD]SYSLOGD.EXE

Going back to the Linux host, an examination of the logs now reveals the VAX Server is sending logs here:

OpenVMS VAX SYSLOGD,EXE logging to rsyslog logger daemon running on it's own SIMH VAX linus host

And here is the fun part. Since this rsyslog daemon is already configured to use stunnel to send logs securely to the remote server, the logs from OpenVMS VAX are also forwarded to the remote syslogd daemon over the same secure tunnel.

Sure enough, checking my remote VPS central syslog server log, I see the OpenVMS VAX logs dutifully forwarded by the local SIMH host Linux box.

syslog entries on central rsyslog linux server from OpenVMS VAX forwarded by SIMH VAX Linux host over stunnel secure tunnel

Friday, November 11, 2016

Yet another OpenVMS DCL Command Procedure to Crawl and Report HECNET the Hobbyist DECNET in HTML served by WASD - OpenVMS VAX 7.3

"What is HECnet?

HECnet is a DECnet that connects different people who play around with different machines that have the DECnet protocol suite. The network should not be regarded as a serious networking setup, nor should it be expected to work 24/7. It's a hobby project between people who think it's fun to create a DECnet network.

HECnet is basically a DECnet phase IV network. Currently, the main router is a PDP-11 running RSX-11M-PLUS. The machine is located in Uppsala, Sweden.

The connectivity between nodes can be anything that works. The current connectivity is with an ethernet bridge between sites, DECnet over IP using Multinet on VMS or RSX, and DECnet over IP on Cisco. Other solutions that have been used are a virtual serial async. connection talking DDCMP. Other possibilities are GRE and DECnet over IP." - read more at http://www.update.uu.se/~bqt/hecnet.html

DECNET Architecture Network Stack

A DCL command procedure to copy over the latest list of HECNET nodes. Execute this using
$ @HECNET-NODENAMES-UPDATE.COM

The DCL script HECNET-SCAN.COM to crawl HECNET and generate the HTML pages. You can run this by itself for testing, or invoke this periodically (once a day or once a week) from a scheduled batch queue job.

The scheduled Batch Queue job for scheduled runs of the above command script. To enable, use the DCL command procedure HECNET-SCAN-BATCH.COM:
$ @HECNET-SCAN-BATCH.COM

Sunday, November 6, 2016

Install WASD OpenVMS Web Server | A Simple Minimal HTTP Server Configuration on Digital DEC OpenVMS VAX 7.3

WASD 11.0.2 Web Server on DEC Digital VAX 3900 OpenVMS VAX 7.3

This is what I did to bring up a minimal WASD web server on my VAX running OpenVMS 7.3. I did manage to have my website run from a separate user account than WASD and even link to my FAL$SERVER directory for HTTP access in addition to DECNET access to my FAL server.

Preparation

First, follow this post to install CPQ-VAXVMS-SSL-V0101-B-1.PCSI-DCX_VAXEXE and VMSPORTS-VAXVMS-ZLIB-V0102-8-1.ZIP. You should go ahead and follow the entire post to install CURL for OpenVMS VAX 7.3 anyway, CURL is a pretty useful tool to have on your VAX. The SSL version this obtained will remain unused by WASD but the installer will proceed. The installer will use ZLIB.

Then head to the WASD VMS Web Services Download Page and download the latest version for WASD for OpenVMS VAX 7.3. I downloaded the latest version at the time of writing: WASD1102.ZIP. You can also grab it from QCOCAL over HECNET or now by internet, thanks to WASD, from here.

Create a new directory WASD_ROOT on a device with at least 630,000 blocks free. I created DUA2:[WASD_ROOT], and this post is written to reflect that. Adjust according to your needs.

Unzip the downloaded installation ZIP file into the new directory and run the install command file using @INSTALL. Follow the prompts and answer questions taking cues from a log the installation procedure I captured and saved here to build and install the initial working configuration of WASD.

When the install.com procedure completes, start up WASD using @DUA2:[WASD_ROOT.STARTUP]STARTUP.COM and point a web-browser on another computer on your subnet to your VAX. You should see the default WASD web-site with no further configuration needed for the out-of-the-box installation. Use CTRL-Y to exit as instructed.

Set up a different http server root

Create another new directory to hold your web-site and a top-level web server document root under that. I first created DUA2:[WEBROOT] and then a [.HTML] directory under it. Set global read and execute permissions on this directory using

$ SET FILE/PROT=(W:RE) DUA2:[000000]WEBROOT.DIR
$ SET FILE/PROT=(W:RE) DUA2:[000000.WEBROOT.HTML]

Add a simple test HTML file under DUA2:[WEBROOT.HTML]INDEX.HTML - this will be returned to your browser after configuration is complete. The following INDEX.HTML will do fine as your initial test page:

<html><head><title>WASD OpenVMS/VAX</title></head><body><p>TEST</p><p><a href="/falserver/">FAL AREA ON THIS VAX »</a></p></body></html>

Copy over the EXAMPLE configuration files to DUA2:[WASD_ROOT.LOCAL]:

$ COPY DUA2:[WASD_ROOT.EXAMPLE]*.CONF DUA2:[WASD_ROOT.LOCAL]

Then change to the .LOCAL directory.

Setup Local Configuration of WASD

In the .LOCAL directory, edit WASD_CONFIG_MAP.CONF and delete all lines. Add the following few lines only.

Edit WASD_CONFIG_GLOBAL.CONF and replace with the following contents. This is intended to bolster security by turning off scripting support, narrowing allowed default HTML files to index.html, enable reverse DNS lookup, add missing MIME types for directory displays etc. (DIFF with the .EXAMPLE version of WASD_CONFIG_GLOBAL.CONF to see the differences).

Edit WASD_CONFIG_SERVICE.CONF and enable only HTTP port 80 on the WAN address for our minimal installation.

No other configuration files need to be manipulated for our minimal WASD web server configuration.

Configure Logicals and Startup at Boot

Define the following two logicals manually for now:

$ DEFINE /SYSTEM /EXEC /TRANSLATION=CONCEALED WEB_ROOT DUA2:[WEBROOT.HTML.]
$ define /system/exec /TRANSLATION=CONCEALED falserver dua2:[fal$server.]

Also add them to system boot-time startup definitions. Edit your SYS$MANAGER:SYSTARTUP_VMS.COM and add the following where you define your site-specific startup scripts:

$! Start up the web server
$ DEFINE /SYSTEM /EXEC /TRANSLATION=CONCEALED WEB_ROOT DUA2:[WEBROOT.HTML.]
$ define /system/exec /TRANSLATION=CONCEALED falserver dua2:[fal$server.]
$ @DUA2:[WASD_ROOT.STARTUP]STARTUP.COM
$!

Note: Since you already installed the SSL and ZLIB applications at the beginning, you should already have the following startup commands executing before starting the WASD web server:

$ @sys$startup:ssl$startup.com

$ @sys$startup:gnv$zlib_startup.com

Also, my FAL directory is at DUA2:[FAL$SERVER] and that is what the falserver logical above reflects. Obviously you need to adjust for your FAL Server location.

Important: Do not miss the dot before the closing square brackets in the logicals. As a quick test, commands like DIR WEB_ROOT:[000000] and DIR FALSERVER:[000000] need to resolve to the directories correctly. Examples of what I get:

DUA2:[WASD_ROOT.LOCAL] DIR WEB_ROOT:[000000]

Directory WEB_ROOT:[000000]

DIGITAL.PNG;1 FAVICON.ICO;1 HTML.TAR;1 INDEX.HTML;22

STYLES.DIR;1

Total of 5 files.

DUA2:[WASD_ROOT.LOCAL] DIR FALSERVER:[000000]

Directory FALSERVER:[000000]

INFO.TXT;1 INTRUSIONS.TXT;11 INTRUSIONS.TXT;10 INTRUSIONS.TXT;9

KRB.DIR;1 NET$SERVER.LOG;48 NODENAMES.DAT;172 NODENAMES.DAT;171

SOFTWARE-DOWNLOADS.DIR;1

Total of 9 files.

Stop WASD and restart it:

$ @DUA2:[WASD_ROOT.STARTUP]SHUTDOWN.COM

$ @DUA2:[WASD_ROOT.STARTUP]STARTUP.COM

Again point a web-browser (remember to Shift+Reload on your browser to force a fresh non-cached request) on another computer on your subnet to your VAX. You should now see tiny test html page. Clicking on the FAL AREA link should show the files in your FAL$SERVER directory.

Troubleshooting

The only stumble I had was with file and directory permissions. If you get "ERROR 403 - The requested action is not permitted." or "ERROR 404 - The requested resource could not be found." errors, remember WASD needs to be able to reach and read the HTML files for your website in a different account, as well as FAL area files, and make sure they at least have READ privileges for the World:

$ SET FILE/PROT=(W:R) DUA2:[WEBROOT...]*.*
$ SET FILE/PROT=(W:R) DUA2:[FAL$SERVER...]*.*

WASD writes its httpd Access Log to the .LOG directory wasd_root:[log]. Example:

DUA2:[WASD_ROOT.LOCAL] dir wasd_root:[log]

Directory WASD_ROOT:[LOG]

.WWW_HIDDEN;1 LOCALHOST_80_20161031_ACCESS.LOG;1 README.HTML;1
SANYALNET-VAX-SANYAL_80_20161031_ACCESS.LOG;1

Total of 4 files.

The WASD install script created two accounts - one to run the WASD server process, and a "nobody" account to run scripts from. In addition, I created the WEBROOT account as the root html directory. I modified the account expiration and password lifetimes so that their passwords do not expire. I also made the WEBROOT account captive with no NETMBX privilege - the only purpose of this account is to be a holding place for HTML files served by WASD web-server. Here are the account characteristics I see:

DUA2:[WASD_ROOT.LOG] cd sys$system
SYS$SYSROOT:[SYSEXE] mc authorize
UAF> show http$server /full

Username: HTTP$SERVER Owner: WASD Server
Account: UIC: [77,1] ([HTTP$SERVER])
CLI: DCL Tables: DCLTABLES
Default: DUA2:[HTTP$SERVER]
LGICMD: LOGIN.COM
Flags: DisNewMail DisMail
Primary days: Mon Tue Wed Thu Fri
Secondary days: Sat Sun
Primary 000000000011111111112222 Secondary 000000000011111111112222
Day Hours 012345678901234567890123 Day Hours 012345678901234567890123
Network: ##### Full access ###### ##### Full access ######
Batch: ##### Full access ###### ##### Full access ######
Local: ----- No access ------ ----- No access ------
Dialup: ----- No access ------ ----- No access ------
Remote: ----- No access ------ ----- No access ------
Expiration: (none) Pwdminimum: 6 Login Fails: 0
Pwdlifetime: 90 00:00 Pwdchange: (pre-expired)
Last Login: (none) (interactive), 6-NOV-2016 09:18 (non-interactive)
Maxjobs: 0 Fillm: 300 Bytlm: 5000000
Maxacctjobs: 0 Shrfillm: 0 Pbytlm: 0
Maxdetach: 0 BIOlm: 2000 JTquota: 4000
Prclm: 100 DIOlm: 1000 WSdef: 1000
Prio: 4 ASTlm: 2000 WSquo: 4000
Queprio: 0 TQElm: 100 WSextent: 20000
CPU: (none) Enqlm: 500 Pgflquo: 500000
Authorized Privileges:
NETMBX TMPMBX
Default Privileges:
NETMBX TMPMBX
Identifier Value Attributes
WASD_HTTP_SERVER %X80010003
UAF>
UAF> show http$nobody /full

Username: HTTP$NOBODY Owner: WASD Scripting
Account: UIC: [76,1] ([HTTP$NOBODY])
CLI: DCL Tables: DCLTABLES
Default: DUA2:[HTTP$NOBODY]
LGICMD: LOGIN.COM
Flags: DisNewMail DisMail
Primary days: Mon Tue Wed Thu Fri
Secondary days: Sat Sun
Primary 000000000011111111112222 Secondary 000000000011111111112222
Day Hours 012345678901234567890123 Day Hours 012345678901234567890123
Network: ##### Full access ###### ##### Full access ######
Batch: ----- No access ------ ----- No access ------
Local: ----- No access ------ ----- No access ------
Dialup: ----- No access ------ ----- No access ------
Remote: ----- No access ------ ----- No access ------
Expiration: (none) Pwdminimum: 6 Login Fails: 0
Pwdlifetime: 90 00:00 Pwdchange: (pre-expired)
Last Login: (none) (interactive), 5-NOV-2016 01:33 (non-interactive)
Maxjobs: 0 Fillm: 300 Bytlm: 500000
Maxacctjobs: 0 Shrfillm: 0 Pbytlm: 0
Maxdetach: 0 BIOlm: 2000 JTquota: 4000
Prclm: 100 DIOlm: 1000 WSdef: 1000
Prio: 4 ASTlm: 2000 WSquo: 4000
Queprio: 0 TQElm: 100 WSextent: 20000
CPU: (none) Enqlm: 500 Pgflquo: 500000
Authorized Privileges:
NETMBX TMPMBX
Default Privileges:
NETMBX TMPMBX
Identifier Value Attributes
WASD_HTTP_NOBODY %X80010004
UAF>
UAF>
UAF> show webroot /full

Username: WEBROOT Owner: WEB ROOT HTML FILES
Account: WEBROOT UIC: [200,236] ([WEBROOT])
CLI: DCL Tables: DCLTABLES
Default: DUA2:[WEBROOT]
LGICMD: LOGIN
Flags: Captive
Primary days: Mon Tue Wed Thu Fri
Secondary days: Sat Sun
No access restrictions
Expiration: (none) Pwdminimum: 6 Login Fails: 0
Pwdlifetime: (none) Pwdchange: (pre-expired)
Last Login: 5-NOV-2016 01:51 (interactive), (none) (non-interactive)
Maxjobs: 0 Fillm: 300 Bytlm: 32768
Maxacctjobs: 0 Shrfillm: 0 Pbytlm: 0
Maxdetach: 0 BIOlm: 40 JTquota: 4096
Prclm: 2 DIOlm: 40 WSdef: 256
Prio: 4 ASTlm: 40 WSquo: 512
Queprio: 0 TQElm: 40 WSextent: 1024
CPU: (none) Enqlm: 200 Pgflquo: 32768
Authorized Privileges:
Default Privileges:
UAF>
UAF> exit
%UAF-I-NOMODS, no modifications made to system authorization file
%UAF-I-NAFNOMODS, no modifications made to network proxy database
%UAF-I-RDBNOMODS, no modifications made to rights database
SYS$SYSROOT:[SYSEXE]

There are some fabulous folks at the comp.os.vms newsgroup that are always ready to help. For example, this post came in extremely useful for me when I was struggling with HTTP 403 errors.

Supratim Sanyal's Computing Blog | Wandering Digital Wastelands as a Geek

Search