WASD 11.0.2 Web Server on DEC Digital VAX 3900 OpenVMS VAX 7.3
This is what I did to bring up a minimal WASD web server on my VAX running OpenVMS 7.3. I did manage to have my website run from a separate user account than WASD and even link to my FAL$SERVER directory for HTTP access in addition to DECNET access to my FAL server.
Preparation
 |
| WASD 11.0.2 Web Server on DEC Digital VAX 3900 OpenVMS VAX 7.3 |
This is what I did to bring up a minimal WASD web server on my VAX running OpenVMS 7.3. I did manage to have my website run from a separate user account than WASD and even link to my FAL$SERVER directory for HTTP access in addition to DECNET access to my FAL server.
First, follow this post to install CPQ-VAXVMS-SSL-V0101-B-1.PCSI-DCX_VAXEXE and VMSPORTS-VAXVMS-ZLIB-V0102-8-1.ZIP. You should go ahead and follow the entire post to install CURL for OpenVMS VAX 7.3 anyway, CURL is a pretty useful tool to have on your VAX. The SSL version this obtained will remain unused by WASD but the installer will proceed. The installer will use ZLIB.
Then head to the WASD VMS Web Services Download Page and download the latest version for WASD for OpenVMS VAX 7.3. I downloaded the latest version at the time of writing: WASD1102.ZIP. You can also grab it from QCOCAL over HECNET or now by internet, thanks to WASD, from here.
Create a new directory WASD_ROOT on a device with at least 630,000 blocks free. I created DUA2:[WASD_ROOT], and this post is written to reflect that. Adjust according to your needs.
Unzip the downloaded installation ZIP file into the new directory and run the install command file using @INSTALL. Follow the prompts and answer questions taking cues from a log the installation procedure I captured and saved here to build and install the initial working configuration of WASD.
When the install.com procedure completes, start up WASD using @DUA2:[WASD_ROOT.STARTUP]STARTUP.COM and point a web-browser on another computer on your subnet to your VAX. You should see the default WASD web-site with no further configuration needed for the out-of-the-box installation. Use CTRL-Y to exit as instructed.
Set up a different http server root
Create another new directory to hold your web-site and a top-level web server document root under that. I first created DUA2:[WEBROOT] and then a [.HTML] directory under it. Set global read and execute permissions on this directory using
$ SET FILE/PROT=(W:RE) DUA2:[000000]WEBROOT.DIR
$ SET FILE/PROT=(W:RE) DUA2:[000000.WEBROOT.HTML]
Add a simple test HTML file under DUA2:[WEBROOT.HTML]INDEX.HTML - this will be returned to your browser after configuration is complete. The following INDEX.HTML will do fine as your initial test page:
<html><head><title>WASD OpenVMS/VAX</title></head><body><p>TEST</p><p><a href="/falserver/">FAL AREA ON THIS VAX »</a></p></body></html>
Copy over the EXAMPLE configuration files to DUA2:[WASD_ROOT.LOCAL]:
$ COPY DUA2:[WASD_ROOT.EXAMPLE]*.CONF DUA2:[WASD_ROOT.LOCAL]
Then change to the .LOCAL directory.
Setup Local Configuration of WASD
In the .LOCAL directory, edit WASD_CONFIG_MAP.CONF and delete all lines. Add the following few lines only.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # ------------------------------ | |
| # [WASD_ROOT.LOCAL]wasd_config_map.conf | |
| # ------------------------------ | |
| # INSTALL AND CONFIGURE A BASIC WASD WEB SERVER | |
| # ON OPENVMS VAX 7.3 | |
| # | |
| # FULL INSTALLATION AND CONFIGURATION PROCEDURE: | |
| # http://supratim-sanyal.blogspot.com/2016/11/install-wasd-openvms-web-server-simple.html | |
| # | |
| # SUPRATIM SANYAL | |
| # SUPRATIM AT RISEUP DOT NET | |
| # ------------------------------ | |
| fail /wasd_root/* | |
| pass /falserver/* /falserver/* dir=access dir=wildcard | |
| map /httpd-internal-icons/* /httpd/-/* | |
| pass /*/-/* /wasd_root/runtime/*/* cache=perm | |
| pass /wasd_root/runtime/* /wasd_root/runtime/* | |
| pass /* /web_root/* |
Edit WASD_CONFIG_GLOBAL.CONF and replace with the following contents. This is intended to bolster security by turning off scripting support, narrowing allowed default HTML files to index.html, enable reverse DNS lookup, add missing MIME types for directory displays etc. (DIFF with the .EXAMPLE version of WASD_CONFIG_GLOBAL.CONF to see the differences).
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # ------------------------------ | |
| # [WASD_ROOT.LOCAL]wasd_config_global.conf | |
| # ------------------------------ | |
| # INSTALL AND CONFIGURE A BASIC WASD WEB SERVER | |
| # ON OPENVMS VAX 7.3 | |
| # | |
| # FULL INSTALLATION AND CONFIGURATION PROCEDURE: | |
| # http://supratim-sanyal.blogspot.com/2016/11/install-wasd-openvms-web-server-minimal.html | |
| # | |
| # SUPRATIM SANYAL | |
| # SUPRATIM AT RISEUP DOT NET | |
| # ------------------------------ | |
| # Configuration: klaatu.private:80 | |
| # HTTPd-WASD/11.0.0 OpenVMS/AXP SSL | |
| # Last Modified: Monday, Nov 14, 2016 | |
| # SYSTEM.'QCOCAL'@sanyalnet-openvms-vax.freeddns.org | |
| # -SERVICE- | |
| [Service] | |
| [ServiceNotFoundURL] | |
| # -GENERAL- | |
| [InstanceMax] 0 | |
| [InstancePassive] disabled | |
| [ConnectMax] 100 | |
| [ProcessMax] 100 | |
| [ServiceListenBacklog] 5 | |
| [RequestHistory] 100 | |
| [ActivityDays] 28 | |
| [CharsetDefault] ISO-8859-1 | |
| [CharsetConvert] | |
| [Monitor] enabled | |
| [RegEx] enabled | |
| [EntityTag] enabled | |
| [PipelineRequests] enabled | |
| [HttpTrace] disabled | |
| [WwwImplied] enabled | |
| [GzipAccept] 9 | |
| [GzipFlushSeconds] 5,3 | |
| [GzipResponse] 9 | |
| [Port] 80 | |
| [StreamLF] 250 | |
| [SearchScript] | |
| [SearchScriptExclude] | |
| [PutMaxKbytes] 5000 | |
| [PutBinaryRFM] | |
| [PutVersionLimit] 3 | |
| [MapUserNameCacheEntries] 32 | |
| [PersonaCacheEntries] 32 | |
| # -DNS- | |
| [DNSLookupClient] enabled | |
| [DNSLookupLifeTime] 24:00:00 | |
| [DNSLookupRetry] 4 | |
| # -LOGGING- | |
| [Logging] enabled | |
| [LogFormat] combined | |
| [LogNaming] host | |
| [LogPeriod] monday | |
| [LogPerInstance] disabled | |
| [LogPerService] enabled | |
| [LogPerServiceHostOnly] disabled | |
| [LogWriteFail503] disabled | |
| [LogFile] WASD_LOGS: | |
| [LogFileExtend] 0 | |
| [LogExcludeHosts] | |
| # -OPCOM- | |
| [OpcomTarget] OPER12 | |
| [OpcomAdmin] enabled | |
| [OpcomAuthorization] enabled | |
| [OpcomControl] enabled | |
| [OpcomHTTPd] enabled | |
| [OpcomProxyMaint] enabled | |
| # -CACHE- | |
| [Cache] enabled | |
| [CacheEntriesMax] 200 | |
| [CacheTotalKBytesMax] 5000 | |
| [CacheFileKBytesMax] 64 | |
| [CacheGuardPeriod] 00:00:10 | |
| [CacheValidatePeriod] 00:00:10 | |
| [CacheFrequentHits] 3 | |
| [CacheFrequentPeriod] 00:02:00 | |
| # -TIMEOUTS- | |
| [TimeoutInput] 00:00:30 | |
| [TimeoutOutput] 02:30:00 | |
| [TimeoutNoProgress] 00:02:00 | |
| [TimeoutPersistent] 00:01:00 | |
| # -BUFFER SIZES- | |
| [BufferSizeDclCommand] 8192 | |
| [BufferSizeDclOutput] 4492 | |
| [BufferSizeDclCgiPlusIn] 6142 | |
| [BufferSizeDclCgiHeader] 3172 | |
| [BufferSizeNetRead] 2048 | |
| [BufferSizeNetWrite] 7492 | |
| [BufferSizeNetFile] 7500 | |
| [BufferSizeNetMTU] 1500 | |
| [SocketSizeSndBuf] 0 | |
| [SocketSizeRcvBuf] 0 | |
| # -HTTP/2- | |
| [Http2Protocol] enabled | |
| [Http2StreamsMax] 0 | |
| [Http2FrameSizeMax] 0 | |
| [Http2HeaderListMax] 0 | |
| [Http2HeaderTableMax] 0 | |
| [Http2InitWindowSize] 0 | |
| [HTTP2PingSeconds] 00:00:00 | |
| # -SECURE SOCKET- | |
| [SecureSocket] disabled | |
| [SSLversion] TLSvall,-SSLv3 | |
| [SSLoptions] +OP_CIPHER_SERVER_PREFERENCE | |
| [SSLcipherList] EECDH+AESGCM:EDH+AESGCM:AES256+EECDH:AES256+EDH:-DSS: | |
| [SSLcert] | |
| [SSLkey] | |
| [SSLverifyPeer] disabled | |
| [SSLverifyPeerDepth] 0 | |
| [SSLverifyPeerCAFile] | |
| [SSLstrictTransSec] 0 | |
| [SSLsessionCacheMax] 0 | |
| [SSLinstanceCacheMax] 0 | |
| [SSLinstanceCacheSize] 0 | |
| # -INDEX PAGES- | |
| [Welcome] | |
| INDEX.HTML | |
| # -HOST ACCESS- | |
| [Accept] | |
| [Reject] | |
| # -REPORTS- | |
| [ServerAdmin] | |
| [ServerSignature] enabled | |
| [ServerReportBodyTag] <body link="#0000cc" vlink="#0000cc"> | |
| [ServerAdminBodyTag] <body link="#0000cc" vlink="#0000cc"> | |
| [ReportBasicOnly] enabled | |
| [ReportMetaInfo] disabled | |
| [ErrorReportPath] | |
| [ErrorRecommend] disabled | |
| # -AUTHORIZATION- | |
| [AuthCacheEntriesMax] 0 | |
| [AuthCacheEntrySize] 0 | |
| [AuthCacheMinutes] 10 | |
| [AuthRevalidateUserMinutes] 0 | |
| [AuthFailureLimit] 20 | |
| [AuthFailurePeriod] 00:00:00 | |
| [AuthFailureTimeout] 00:00:00 | |
| [AuthTokenEntriesMax] 0 | |
| [AuthBasic] enabled | |
| [AuthDigest] disabled | |
| [AuthDigestGetLife] 0 | |
| [AuthDigestPutLife] 0 | |
| [AuthSYSUAFlogonType] | |
| [AuthSYSUAFacceptExpPwd] disabled | |
| [AuthSYSUAFpwdExpURL] /httpd/-/change/vms/ | |
| # -PROXY SERVING- | |
| [ProxyServing] disabled | |
| [ProxyCache] enabled | |
| [ProxyUnknownRequestFields] enabled | |
| [ProxyForwarded] disabled | |
| [ProxyXForwardedFor] disabled | |
| [ProxyReportLog] enabled | |
| [ProxyReportCacheLog] disabled | |
| [ProxyVerifyRecordMax] 20 | |
| [ProxyHostLookupRetryCount] 0 | |
| [ProxyConnectTimeoutSeconds] 00:00:00 | |
| [ProxyConnectPersistMax] 100 | |
| [ProxyConnectPersistSeconds] 00:00:30 | |
| [ProxyCacheFileKBytesMax] 0 | |
| [ProxyCacheNegativeSeconds] 00:05:00 | |
| [ProxyCacheNoReloadSeconds] 00:00:30 | |
| [ProxyCacheReloadList] 1,2,4,8,12,24,48,96,168 | |
| [ProxyCacheRoutineHourOfDay] 0 | |
| [ProxyCachePurgeList] 168,48,24,8,0 | |
| [ProxyCacheDeviceDirOrg] 64x64 | |
| [ProxyCacheDeviceCheckMinutes] 15 | |
| [ProxyCacheDeviceMaxPercent] 90 | |
| [ProxyCacheDevicePurgePercent] 1 | |
| # -SCRIPTING- | |
| [Scripting] disabled | |
| [DclDetachProcess] disabled | |
| [DclDetachProcessPriority] | |
| [CgiStrictOutput] enabled | |
| [DclSpawnAuthPriv] disabled | |
| [DclGatewayBg] enabled | |
| [DclSoftLimit] 20 | |
| [DclHardLimit] 25 | |
| [DclBitBucketTimeout] 00:00:15 | |
| [DclZombieLifeTime] 00:05:00 | |
| [DclCgiPlusLifeTime] 00:10:00 | |
| [DECnetReuseLifeTime] 00:05:00 | |
| [DECnetConnectListMax] 50 | |
| [DclCleanupScratchMinutesMax] 10 | |
| [DclCleanupScratchMinutesOld] 10 | |
| [DclScriptRunTime] | |
| .PL__ @cgi-bin:[000000]PERL.com | |
| .PL perl | |
| .DLL $CGI-BIN:[000000]CGISAPI.EXE | |
| .CLASS @CGI-BIN:[000000]JAVA.COM | |
| [DclScriptProctor] | |
| # -SSI- | |
| [SSI] disabled | |
| [SSIexec] enabled | |
| [SSIaccesses] enabled | |
| [SSISizeMax] 0 | |
| # -WebDAV- | |
| [WebDAV] disabled | |
| [WebDAVlocking] enabled | |
| [WebDAVlockTimeoutDefault] 00:00:00 | |
| [WebDAVlockTimeoutMax] 00:00:00 | |
| [WebDAVlockCollectionDepth] 1 | |
| [WebDAVquota] enabled | |
| # -DIRECTORY- | |
| [DirAccess] enabled | |
| [DirLayout] I__L__R__S:b__D | |
| [DirBodyTag] <body> | |
| [DirDescriptionLines] 30 | |
| [DirMetaInfo] disabled | |
| [DirOwner] disabled | |
| [DirPreExpired] disabled | |
| [DirWildcard] enabled | |
| [DirNoImpliedWildcard] enabled | |
| [DirNoPrivIgnore] enabled | |
| [DirReadme] top | |
| [DirReadmeFile] | |
| README.HTML | |
| README.HTM | |
| README.TXT | |
| README. | |
| # -ICONS- | |
| [AddIcon] | |
| /httpd/-/text.gif [TXT] text/plain | |
| /httpd/-/text.gif [CSS] text/css | |
| /httpd/-/text.gif [XML] text/xml | |
| /httpd/-/doc.gif [HTM] text/html | |
| /httpd/-/doc.gif [HTM] text/x-menu | |
| /httpd/-/image.gif [IMG] image/gif | |
| /httpd/-/image.gif [IMG] image/bitmap | |
| /httpd/-/image.gif [IMG] image/x-xbitmap | |
| /httpd/-/image.gif [IMG] image/jpeg | |
| /httpd/-/movie.gif [MOV] image/mpeg | |
| /httpd/-/image.gif [IMG] image/png | |
| /httpd/-/sound.gif [AUD] application/audio | |
| /httpd/-/sound.gif [AUD] audio/x-wav | |
| /httpd/-/sound.gif [AUD] audio/mpeg | |
| /httpd/-/x-script.gif [htm] application/x-script | |
| /httpd/-/text.gif [txt] text/x-ismap | |
| /httpd/-/x-shtml.gif [htm] text/x-shtml | |
| /httpd/-/binary.gif [BIN] application/octet-stream | |
| /httpd/-/binary.gif [BIN] application/x-vms512 | |
| /httpd/-/binary.gif [BIN] application/x-compressed | |
| /httpd/-/gzip.gif [ZIP] application/x-gzip | |
| /httpd/-/compressed.gif [ZIP] application/x-compress | |
| /httpd/-/uu.gif [UUE] application/x-uuencoded | |
| /httpd/-/wp.gif [WPC] application/x-wp | |
| /httpd/-/pdf.gif [PDF] application/pdf | |
| /httpd/-/postscript.gif [PS_] application/postscript | |
| /httpd/-/binary.gif [BIN] application/x-ns-proxy-autoconfig | |
| /httpd/-/binary.gif [BIN] application/x-x509-ca-cert | |
| /httpd/-/binary.gif [SWF] application/x-shockwave-flash | |
| /httpd/-/blank.gif _____ x-internal/blank | |
| /httpd/-/file.gif [FIL] x-internal/default-icon | |
| /httpd/-/directory.gif [DIR] x-internal/directory | |
| /httpd/-/back.gif [<--] x-internal/parent | |
| /httpd/-/unknown.gif [???] x-internal/unknown | |
| [AddBlankIcon] | |
| [AddDefaultIcon] | |
| [AddDirIcon] | |
| [AddParentIcon] | |
| [AddUnknownIcon] | |
| # -CONTENT TYPES- | |
| [AddType] | |
| .HTML "text/html; charset=ISO-8859-1" HyperText Markup Language | |
| .HTM text/html HyperText Markup Language | |
| .MENU text/x-menu hypertext menu | |
| .MNU text/x-menu hypertext menu | |
| .TXT "text/plain; charset=ISO-8859-1" plain text | |
| .GIF image/gif GIF image | |
| .BMP image/bitmap Bitmap image | |
| .XBM image/x-xbitmap X-bitmap | |
| .DIR x-internal/directory binary | |
| .SHTML text/x-shtml HyperText Markup Language (pre-processed) | |
| .SHT text/x-shtml HyperText Markup Language (pre-processed) | |
| .ISMAP text/x-ismap Clickable-image mapping | |
| .ISM text/x-ismap Clickable-image mapping | |
| . text/plain plain text | |
| .ACF text/plain DCE Attribute Configuration File | |
| .ADA text/plain Ada source | |
| .ANNOUNCE text/plain plain text | |
| .ASC text/plain plain text | |
| .ASCII text/plain plain text | |
| .AVI video/x-msvideo AVI video | |
| .B32 text/plain BLISS-32 source | |
| .BAS text/plain BASIC source | |
| .BCK application/octet-stream backup saveset | |
| .BKB application/x-script /HyperReader Bookreader book | |
| .BKS application/x-script /HyperShelf Bookreader shelf | |
| .C text/plain C source | |
| .CLD text/plain VMS Command Line Definition | |
| .CFG text/plain configuration file | |
| .CGI text/plain Perl source | |
| .CLASS application/octet-stream Java class | |
| .CMS text/plain Code Management System rules | |
| .COB text/plain COBOL source | |
| .COM text/plain DCL procedure | |
| .CONF text/plain configuration file | |
| .CNF text/plain configuration | |
| .CPP text/plain C++ source | |
| .CRT application/x-x509-ca-cert DER certifcate (MSIE) | |
| .CSS text/css W3C Cascading Style Sheet | |
| .DAT application/octet-stream data file | |
| .DBF application/x-script /dbiv dBASEIV database | |
| .DBT application/octet-stream dBASEIV database memos | |
| .DCL text/plain DCL procedure | |
| .DIS text/plain distribution list | |
| .DLL application/octet-stream ISAPI extension DLL | |
| .DOC application/octet-stream DECwrite document | |
| .DECW$BOOK application/x-script /HyperReader Bookreader book | |
| .DECW$BOOKSHELF application/x-script /HyperShelf Bookreader shelf | |
| .DVI application/octet-stream TeX Device Independent | |
| .EPS text/plain Encapsulated PostScript | |
| .EXE application/octet-stream executable | |
| .FDL text/plain VMS File Definition Language | |
| .FIRST text/plain plain text | |
| .1ST text/plain plain text | |
| .FOR text/plain Fortran source | |
| .H text/plain C header | |
| .HLP text/plain VMS help source | |
| .HDR text/plain LSE template | |
| .HLB application/x-script /Conan VMS help library | |
| .HTMLX text/x-shtml OSU SSI HTML | |
| .ICO image/x-icon MSWin icon | |
| .IMAGEMAP application/x-script /htbin/mapimage OSU Image map | |
| .IDL text/plain DCE Interface Definition Language | |
| .IMG application/octet-stream DDIF image | |
| .JAVA text/plain Java source | |
| .JAR application/octet-stream Java JAR | |
| .JPG image/jpeg JPEG image | |
| .JPEG image/jpeg JPEG image | |
| .JS text/JavaScript JavaScript source | |
| .LIS text/plain plain text listing | |
| .LIST text/plain plain text listing | |
| .LUA text/plain Lua script | |
| .LOG text/plain plain text log | |
| .MAP text/plain map file | |
| .MAR text/plain MACRO-32 source | |
| .MAN text/plain U**x man page | |
| .MLB application/octet-stream VMS MACRO library | |
| .MMS text/plain Module Management System rules | |
| .MP3 audio/mpeg MPEG audio | |
| .MPG image/mpeg MPEG movie | |
| .MPEG image/mpeg MPEG movie | |
| .MSG text/plain VMS message source | |
| .OBJ application/octet-stream VMS object module | |
| .ODL application/x-script /HyperShelf BNU shelf | |
| .OLB application/octet-stream VMS object library | |
| .OPT text/plain VMS linker options | |
| .PAC application/x-ns-proxy-autoconfig proxy autoconfig | |
| .PAS text/plain Pascal source | |
| .PCSI application/octet-stream product installer | |
| .PCSI-DCX_VAXEXE executable product installer | |
| .PDF application/pdf Adobe Portable Document Format | |
| .PEM application/x-x509-ca-cert Privacy Enhanced Mail certificate | |
| .PNG image/png Portable Network Graphic | |
| .POD text/plain Perl documentation | |
| .PL text/plain Perl source | |
| .PERL text/plain Perl source | |
| .PHP text/plain PHP source | |
| .PHTML text/plain PHP source | |
| .PHPS text/plain PHP source | |
| .PM text/plain Perl package | |
| .PRO text/plain IDL source | |
| .PROPERTIES text/plain Java properties | |
| .PS application/postscript PostScript | |
| .PY text/plain Python source | |
| .READ* text/plain plain text | |
| .RELEASE_NOTES text/plain VMS software release notes | |
| .SAV application/octet-stream backup saveset | |
| .SDML text/plain Standard Digital Markup Language - VAX Document source | |
| .STY text/plain TeX Style | |
| .SWF application/x-shockwave-flash Adobe ShockWave Flash | |
| .TEX text/plain TeX source | |
| .TEXT text/plain plain text | |
| .TPU text/plain Text Processing Utility source - VMS TPU | |
| .TLB application/x-script /Conan VMS text library | |
| .UIL text/plain User Interface Language - X Window System | |
| .UID application/octet-stream User Interface Definition - X Window System | |
| .UU application/x-uuencoded UU-encoded | |
| .UUE application/x-uuencoded UU-encoded | |
| .VMS text/plain plain text | |
| .WAV audio/x-wav WAV audio | |
| .WBMP image/vnd.wap.wbmp WAP bitmap | |
| .WML text/vnd.wap.wml WAP ML | |
| .WMLS text/vnd.wap.wmlscript WAP MLScript | |
| .WP application/x-script /hwp WordPerfect document | |
| .WPD application/x-script /hwp WordPerfect document | |
| .WP5 application/x-script /hwp WordPerfect document | |
| .WWW_* text/plain directory access control file | |
| .XHTML application/xhtml+xml XHTML+XML document | |
| .XML text/xml XML | |
| .ZIP application/x-gzip ZIP-compressed | |
| .Z application/x-compressed compressed | |
| .HTL text/plain plain text | |
| * x-internal/unknown | |
| [AddMimeTypesFile] | |
| # End! |
Edit WASD_CONFIG_SERVICE.CONF and enable only HTTP port 80 on the WAN address for our minimal installation.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # ------------------------------ | |
| # [WASD_ROOT.LOCAL]wasd_config_service.conf | |
| # ------------------------------ | |
| # INSTALL AND CONFIGURE A BASIC WASD WEB SERVER | |
| # ON OPENVMS VAX 7.3 | |
| # | |
| # FULL INSTALLATION AND CONFIGURATION PROCEDURE: | |
| # http://supratim-sanyal.blogspot.com/2016/11/install-wasd-openvms-web-server-simple.html | |
| # | |
| # SUPRATIM SANYAL | |
| # SUPRATIM AT RISEUP DOT NET | |
| # ------------------------------ | |
| [[http://*:80]] | |
| #[[https://*:443]] | |
| #[[http://localhost:80]] |
No other configuration files need to be manipulated for our minimal WASD web server configuration.
Configure Logicals and Startup at Boot
Define the following two logicals manually for now:$ DEFINE /SYSTEM /EXEC /TRANSLATION=CONCEALED WEB_ROOT DUA2:[WEBROOT.HTML.]
$ define /system/exec /TRANSLATION=CONCEALED falserver dua2:[fal$server.]
Also add them to system boot-time startup definitions. Edit your SYS$MANAGER:SYSTARTUP_VMS.COM and add the following where you define your site-specific startup scripts:
$! Start up the web server
$ DEFINE /SYSTEM /EXEC /TRANSLATION=CONCEALED WEB_ROOT DUA2:[WEBROOT.HTML.]
$ define /system/exec /TRANSLATION=CONCEALED falserver dua2:[fal$server.]
$ @DUA2:[WASD_ROOT.STARTUP]STARTUP.COM
$!
Note: Since you already installed the SSL and ZLIB applications at the beginning, you should already have the following startup commands executing before starting the WASD web server:
$ @sys$startup:ssl$startup.com
$ @sys$startup:gnv$zlib_startup.com
Also, my FAL directory is at DUA2:[FAL$SERVER] and that is what the falserver logical above reflects. Obviously you need to adjust for your FAL Server location.
Important: Do not miss the dot before the closing square brackets in the logicals. As a quick test, commands like DIR WEB_ROOT:[000000] and DIR FALSERVER:[000000] need to resolve to the directories correctly. Examples of what I get:
DUA2:[WASD_ROOT.LOCAL] DIR WEB_ROOT:[000000]
Directory WEB_ROOT:[000000]
DIGITAL.PNG;1 FAVICON.ICO;1 HTML.TAR;1 INDEX.HTML;22
STYLES.DIR;1
Total of 5 files.
DUA2:[WASD_ROOT.LOCAL] DIR FALSERVER:[000000]
Directory FALSERVER:[000000]
INFO.TXT;1 INTRUSIONS.TXT;11 INTRUSIONS.TXT;10 INTRUSIONS.TXT;9
KRB.DIR;1 NET$SERVER.LOG;48 NODENAMES.DAT;172 NODENAMES.DAT;171
SOFTWARE-DOWNLOADS.DIR;1
Total of 9 files.
Stop WASD and restart it:
$ @DUA2:[WASD_ROOT.STARTUP]SHUTDOWN.COM
$ @DUA2:[WASD_ROOT.STARTUP]STARTUP.COM
Again point a web-browser (remember to Shift+Reload on your browser to force a fresh non-cached request) on another computer on your subnet to your VAX. You should now see tiny test html page. Clicking on the FAL AREA link should show the files in your FAL$SERVER directory.
The only stumble I had was with file and directory permissions. If you get "ERROR 403 - The requested action is not permitted." or "ERROR 404 - The requested resource could not be found." errors, remember WASD needs to be able to reach and read the HTML files for your website in a different account, as well as FAL area files, and make sure they at least have READ privileges for the World:
$ SET FILE/PROT=(W:R) DUA2:[WEBROOT...]*.*
$ SET FILE/PROT=(W:R) DUA2:[FAL$SERVER...]*.*
WASD writes its httpd Access Log to the .LOG directory wasd_root:[log]. Example:
DUA2:[WASD_ROOT.LOCAL] dir wasd_root:[log]
Directory WASD_ROOT:[LOG]
.WWW_HIDDEN;1 LOCALHOST_80_20161031_ACCESS.LOG;1 README.HTML;1
SANYALNET-VAX-SANYAL_80_20161031_ACCESS.LOG;1
Total of 4 files.
The WASD install script created two accounts - one to run the WASD server process, and a "nobody" account to run scripts from. In addition, I created the WEBROOT account as the root html directory. I modified the account expiration and password lifetimes so that their passwords do not expire. I also made the WEBROOT account captive with no NETMBX privilege - the only purpose of this account is to be a holding place for HTML files served by WASD web-server. Here are the account characteristics I see:
DUA2:[WASD_ROOT.LOG] cd sys$system
SYS$SYSROOT:[SYSEXE] mc authorize
UAF> show http$server /full
Username: HTTP$SERVER Owner: WASD Server
Account: UIC: [77,1] ([HTTP$SERVER])
CLI: DCL Tables: DCLTABLES
Default: DUA2:[HTTP$SERVER]
LGICMD: LOGIN.COM
Flags: DisNewMail DisMail
Primary days: Mon Tue Wed Thu Fri
Secondary days: Sat Sun
Primary 000000000011111111112222 Secondary 000000000011111111112222
Day Hours 012345678901234567890123 Day Hours 012345678901234567890123
Network: ##### Full access ###### ##### Full access ######
Batch: ##### Full access ###### ##### Full access ######
Local: ----- No access ------ ----- No access ------
Dialup: ----- No access ------ ----- No access ------
Remote: ----- No access ------ ----- No access ------
Expiration: (none) Pwdminimum: 6 Login Fails: 0
Pwdlifetime: 90 00:00 Pwdchange: (pre-expired)
Last Login: (none) (interactive), 6-NOV-2016 09:18 (non-interactive)
Maxjobs: 0 Fillm: 300 Bytlm: 5000000
Maxacctjobs: 0 Shrfillm: 0 Pbytlm: 0
Maxdetach: 0 BIOlm: 2000 JTquota: 4000
Prclm: 100 DIOlm: 1000 WSdef: 1000
Prio: 4 ASTlm: 2000 WSquo: 4000
Queprio: 0 TQElm: 100 WSextent: 20000
CPU: (none) Enqlm: 500 Pgflquo: 500000
Authorized Privileges:
NETMBX TMPMBX
Default Privileges:
NETMBX TMPMBX
Identifier Value Attributes
WASD_HTTP_SERVER %X80010003
UAF>
UAF> show http$nobody /full
Username: HTTP$NOBODY Owner: WASD Scripting
Account: UIC: [76,1] ([HTTP$NOBODY])
CLI: DCL Tables: DCLTABLES
Default: DUA2:[HTTP$NOBODY]
LGICMD: LOGIN.COM
Flags: DisNewMail DisMail
Primary days: Mon Tue Wed Thu Fri
Secondary days: Sat Sun
Primary 000000000011111111112222 Secondary 000000000011111111112222
Day Hours 012345678901234567890123 Day Hours 012345678901234567890123
Network: ##### Full access ###### ##### Full access ######
Batch: ----- No access ------ ----- No access ------
Local: ----- No access ------ ----- No access ------
Dialup: ----- No access ------ ----- No access ------
Remote: ----- No access ------ ----- No access ------
Expiration: (none) Pwdminimum: 6 Login Fails: 0
Pwdlifetime: 90 00:00 Pwdchange: (pre-expired)
Last Login: (none) (interactive), 5-NOV-2016 01:33 (non-interactive)
Maxjobs: 0 Fillm: 300 Bytlm: 500000
Maxacctjobs: 0 Shrfillm: 0 Pbytlm: 0
Maxdetach: 0 BIOlm: 2000 JTquota: 4000
Prclm: 100 DIOlm: 1000 WSdef: 1000
Prio: 4 ASTlm: 2000 WSquo: 4000
Queprio: 0 TQElm: 100 WSextent: 20000
CPU: (none) Enqlm: 500 Pgflquo: 500000
Authorized Privileges:
NETMBX TMPMBX
Default Privileges:
NETMBX TMPMBX
Identifier Value Attributes
WASD_HTTP_NOBODY %X80010004
UAF>
UAF>
UAF> show webroot /full
Username: WEBROOT Owner: WEB ROOT HTML FILES
Account: WEBROOT UIC: [200,236] ([WEBROOT])
CLI: DCL Tables: DCLTABLES
Default: DUA2:[WEBROOT]
LGICMD: LOGIN
Flags: Captive
Primary days: Mon Tue Wed Thu Fri
Secondary days: Sat Sun
No access restrictions
Expiration: (none) Pwdminimum: 6 Login Fails: 0
Pwdlifetime: (none) Pwdchange: (pre-expired)
Last Login: 5-NOV-2016 01:51 (interactive), (none) (non-interactive)
Maxjobs: 0 Fillm: 300 Bytlm: 32768
Maxacctjobs: 0 Shrfillm: 0 Pbytlm: 0
Maxdetach: 0 BIOlm: 40 JTquota: 4096
Prclm: 2 DIOlm: 40 WSdef: 256
Prio: 4 ASTlm: 40 WSquo: 512
Queprio: 0 TQElm: 40 WSextent: 1024
CPU: (none) Enqlm: 200 Pgflquo: 32768
Authorized Privileges:
Default Privileges:
UAF>
UAF> exit
%UAF-I-NOMODS, no modifications made to system authorization file
%UAF-I-NAFNOMODS, no modifications made to network proxy database
%UAF-I-RDBNOMODS, no modifications made to rights database
SYS$SYSROOT:[SYSEXE]
There are some fabulous folks at the comp.os.vms newsgroup that are always ready to help. For example, this post came in extremely useful for me when I was struggling with HTTP 403 errors.
Troubleshooting
The only stumble I had was with file and directory permissions. If you get "ERROR 403 - The requested action is not permitted." or "ERROR 404 - The requested resource could not be found." errors, remember WASD needs to be able to reach and read the HTML files for your website in a different account, as well as FAL area files, and make sure they at least have READ privileges for the World:
$ SET FILE/PROT=(W:R) DUA2:[WEBROOT...]*.*
$ SET FILE/PROT=(W:R) DUA2:[FAL$SERVER...]*.*
WASD writes its httpd Access Log to the .LOG directory wasd_root:[log]. Example:
DUA2:[WASD_ROOT.LOCAL] dir wasd_root:[log]
Directory WASD_ROOT:[LOG]
.WWW_HIDDEN;1 LOCALHOST_80_20161031_ACCESS.LOG;1 README.HTML;1
SANYALNET-VAX-SANYAL_80_20161031_ACCESS.LOG;1
Total of 4 files.
DUA2:[WASD_ROOT.LOG] cd sys$system
SYS$SYSROOT:[SYSEXE] mc authorize
UAF> show http$server /full
Username: HTTP$SERVER Owner: WASD Server
Account: UIC: [77,1] ([HTTP$SERVER])
CLI: DCL Tables: DCLTABLES
Default: DUA2:[HTTP$SERVER]
LGICMD: LOGIN.COM
Flags: DisNewMail DisMail
Primary days: Mon Tue Wed Thu Fri
Secondary days: Sat Sun
Primary 000000000011111111112222 Secondary 000000000011111111112222
Day Hours 012345678901234567890123 Day Hours 012345678901234567890123
Network: ##### Full access ###### ##### Full access ######
Batch: ##### Full access ###### ##### Full access ######
Local: ----- No access ------ ----- No access ------
Dialup: ----- No access ------ ----- No access ------
Remote: ----- No access ------ ----- No access ------
Expiration: (none) Pwdminimum: 6 Login Fails: 0
Pwdlifetime: 90 00:00 Pwdchange: (pre-expired)
Last Login: (none) (interactive), 6-NOV-2016 09:18 (non-interactive)
Maxjobs: 0 Fillm: 300 Bytlm: 5000000
Maxacctjobs: 0 Shrfillm: 0 Pbytlm: 0
Maxdetach: 0 BIOlm: 2000 JTquota: 4000
Prclm: 100 DIOlm: 1000 WSdef: 1000
Prio: 4 ASTlm: 2000 WSquo: 4000
Queprio: 0 TQElm: 100 WSextent: 20000
CPU: (none) Enqlm: 500 Pgflquo: 500000
Authorized Privileges:
NETMBX TMPMBX
Default Privileges:
NETMBX TMPMBX
Identifier Value Attributes
WASD_HTTP_SERVER %X80010003
UAF>
UAF> show http$nobody /full
Username: HTTP$NOBODY Owner: WASD Scripting
Account: UIC: [76,1] ([HTTP$NOBODY])
CLI: DCL Tables: DCLTABLES
Default: DUA2:[HTTP$NOBODY]
LGICMD: LOGIN.COM
Flags: DisNewMail DisMail
Primary days: Mon Tue Wed Thu Fri
Secondary days: Sat Sun
Primary 000000000011111111112222 Secondary 000000000011111111112222
Day Hours 012345678901234567890123 Day Hours 012345678901234567890123
Network: ##### Full access ###### ##### Full access ######
Batch: ----- No access ------ ----- No access ------
Local: ----- No access ------ ----- No access ------
Dialup: ----- No access ------ ----- No access ------
Remote: ----- No access ------ ----- No access ------
Expiration: (none) Pwdminimum: 6 Login Fails: 0
Pwdlifetime: 90 00:00 Pwdchange: (pre-expired)
Last Login: (none) (interactive), 5-NOV-2016 01:33 (non-interactive)
Maxjobs: 0 Fillm: 300 Bytlm: 500000
Maxacctjobs: 0 Shrfillm: 0 Pbytlm: 0
Maxdetach: 0 BIOlm: 2000 JTquota: 4000
Prclm: 100 DIOlm: 1000 WSdef: 1000
Prio: 4 ASTlm: 2000 WSquo: 4000
Queprio: 0 TQElm: 100 WSextent: 20000
CPU: (none) Enqlm: 500 Pgflquo: 500000
Authorized Privileges:
NETMBX TMPMBX
Default Privileges:
NETMBX TMPMBX
Identifier Value Attributes
WASD_HTTP_NOBODY %X80010004
UAF>
UAF>
UAF> show webroot /full
Username: WEBROOT Owner: WEB ROOT HTML FILES
Account: WEBROOT UIC: [200,236] ([WEBROOT])
CLI: DCL Tables: DCLTABLES
Default: DUA2:[WEBROOT]
LGICMD: LOGIN
Flags: Captive
Primary days: Mon Tue Wed Thu Fri
Secondary days: Sat Sun
No access restrictions
Expiration: (none) Pwdminimum: 6 Login Fails: 0
Pwdlifetime: (none) Pwdchange: (pre-expired)
Last Login: 5-NOV-2016 01:51 (interactive), (none) (non-interactive)
Maxjobs: 0 Fillm: 300 Bytlm: 32768
Maxacctjobs: 0 Shrfillm: 0 Pbytlm: 0
Maxdetach: 0 BIOlm: 40 JTquota: 4096
Prclm: 2 DIOlm: 40 WSdef: 256
Prio: 4 ASTlm: 40 WSquo: 512
Queprio: 0 TQElm: 40 WSextent: 1024
CPU: (none) Enqlm: 200 Pgflquo: 32768
Authorized Privileges:
Default Privileges:
UAF>
UAF> exit
%UAF-I-NOMODS, no modifications made to system authorization file
%UAF-I-NAFNOMODS, no modifications made to network proxy database
%UAF-I-RDBNOMODS, no modifications made to rights database
SYS$SYSROOT:[SYSEXE]
There are some fabulous folks at the comp.os.vms newsgroup that are always ready to help. For example, this post came in extremely useful for me when I was struggling with HTTP 403 errors.
No comments:
Post a Comment
"SEO" link builders: move on, your spam link will not get posted.
Note: Only a member of this blog may post a comment.