Virtual hosts
The tag Engine is mainly an aggregation of host tags used to configure virtual hosts. The terms 'virtual host' or 'name-based virtual host' describe the fact that several hosts share one and the same IP-based host. The decision which virtual host will be used, is taken by the HTTP header field 'Host' of the request. See also http://www.ietf.org/rfc/rfc2616.txt.
The tag Engine (see table below) may contain one or several host definitions. One of them must be the default. That is the one that will be accessed if no match can be found.
| Name | Type, Usage Constraints, Defaults | Description |
|---|---|---|
| defaultHost | string required, advanced, supports variable replacement default: DNS name of the machine | This attribute specifies the virtual host used if no other virtual host matches. |
Web applications
Inside the tag Engine, one or several Host tags are used to configure the virtual host:
| Name | Engine, type, usage constraints, defaults | Description |
|---|---|---|
| name | string required, basic connectivity, supports variable replacement default: DNS name of the machine | The attribute name specifies the name of the host as seen from the client. It therefore needs to match the one in the server certificate and DNS. |
One or several web applications may be declared with the tag Context inside a Host tag:
| Name | Context , engine, usage constraints, defaults | Description |
|---|---|---|
| unsecureConnection | enum: deny, redirect, allow, optional, basic feature, default: allow | The attribute 'unsecureConnection' configures the policy if a request is sent using an insecure connection: deny: The access is denied and a respective response is sent to the client; redirect: If at least one secure Connector is configured, a redirect is sent to the client. If no secure Connector is configured, access is deniedallow: the request is processed |
| unsecureConnectionRedirect | enum: deny, redirect, allow, optional, basic feature, supports variable replacement, default: allow | The attribute 'unsecureConnectionRedirect ' allows configuration of a secure or additional URL. |
| trailingSlashRedirect | boolean, optional, advanced, default: true | The attribute 'trailingSlashRedirect' offers support for legacy URL namespaces: nevisProxy generates redirects to the same resource with a '/' appended, in case a servlet mapping only matches, when the trailing '/' is present. This behavior is necessary for browser clients to correctly handle relative URLs. |
| entryURI | string, optional, supports variable replacement, must start with '/' | With the attribute 'entryURI' the entry point to that web application is specified in the following way: If the request is '/' and there is no matching Context or Servlet found, a redirect with the configured value is sent to the browser. |
| filePreload | boolean, optional, advanced default: false | The attribute 'filePreload' specifies if the files is preloaded at start-up. If set to 'true', any modification of the files during runtime does not have any effect. Due to memory consumption, it is not recommended to preload if there are many or large files. |
| docBase | string, required, advanced, supports variable replacement, default: <spool_dir>/work | The attribute docBase defines the path to the directory from where the web application is deployed. It also specifies the path to the web application's WEB-INF directory, which is located inside the <docBase> directory.For security reasons, never put a file containing secret information (like a secret key or some Lua code) into the directory configured as <docBase> in the navajo.xml file. This is because the DefaultServlet can easily access such a file. An exception is the WEB-INF directory inside the <docBase> directory. The WEB-INF directory is protected against the DefaultServlet and cannot be accessed.Proceed as follows if you change this attribute in an existing instance:1. First, stop the nevisProxy. 1. Then copy the existing files to the new location.You need to do this manually because nevisAdmin does not support this use case. 2. Finally, restart the proxy. Do not restart it earlier, otherwise the necessary files will not be found. |
| allowedMethods | string array, required, advanced, supports variable replacement, default: GET,POST | The attribute allowedMethods configures the HTTP methods allowed from the frontend to nevisProxy. In addition to standard method names, you can use the aliases ALL-HTTP (a shortcut for GET, POST, HEAD, DELETE, TRACE, CONNECT, OPTIONS, PUT, and PATCH) and ALL-WEBDAV (a shortcut for MERGE, UNCHECKOUT, MKACTIVITY, PROPPATCH, LOCK, CHECKOUT, SEARCH, COPY, MKCOL, MKWORKSPACE, PROPFIND, UPDATE, REBIND, BASELINE-CONTROL, UNBIND, CHECKIN, VERSION-CONTROL, UNLOCK, LABEL, MOVE, ACL, BIND, and REPORT). Methods can also be removed by configuring -<method>. This attribute differs from the AllowedMethods parameter of the HttpConnectorServlet, which configures the methods allowed from nevisProxy to the backend. Because these parameters are mapped to the request, modifying the frontend allowedMethods may require corresponding changes in the HttpConnectorServlet. |
| caseSensitiveMapping | boolean, default: true | Makes the mapping of URIs case sensitive. |
| rejectIfMaxThreads | boolean, default: false | If set to true, the last available worker thread will send an error response with status code 503, i.e. the request is rejected. The page to be sent can be configured with the normal error-code page in the web.xml. In most setups, it is not recommended to configure this parameter, as it may block requests too early. |
| additionalStatusCodes | integer array, supports variable replacement, default: empty | Allow non-standard HTTP status codes. The configuration of additional status codes is required, for example, when using WebDav (HTTP status code 207 is used by WebDav). |
| docBase | string, required, advanced, supports variable replacement, default: <spool_dir>/work | The attribute docBase defines the path to the directory from where the web application is deployed. It also specifies the path to the web application's WEB-INF directory, which is located inside the <docBase> directory. For security reasons, never put a file containing secret information (like a secret key or some Lua code) into the directory configured as <docBase> in the navajo.xml file. This is because the DefaultServlet can easily access such a file. An exception is the WEB-INF directory inside the <docBase> directory. The WEB-INF directory is protected against the DefaultServlet and cannot be accessed. Proceed as follows if you change this attribute in an existing instance: First, stop the nevisProxy. Then copy the existing files to the new location. You need to do this manually because nevisAdmin does not support this use case. Finally, restart the proxy. Do not restart it earlier, otherwise the necessary files will not be found. |