docs/administration-guide/src/main/jbake/content/http_https.adoc - glassfish - Git at Google

 type=page
 status=published
 title=Administering Internet Connectivity
 next=concurrent.html
 prev=connectors.html
 ~~~~~~
 Administering Internet Connectivity
 ===================================

 [[GSADG00017]][[ablsw]]


 [[administering-internet-connectivity]]
 13 Administering Internet Connectivity
 --------------------------------------

 This chapter provides procedures for performing internet connectivity
 tasks in the GlassFish Server Open Source Edition 5.0 environment by
 using the `asadmin` command-line utility.

 The following topics are addressed here:

 * link:#giusf[About Internet Connectivity]
 * link:#ggnfu[Administering HTTP Network Listeners]
 * link:#ggncs[Administering Virtual Servers]

 Instructions for accomplishing the tasks in this chapter by using the
 Administration Console are contained in the Administration Console
 online help.

 [[giusf]][[GSADG00587]][[about-internet-connectivity]]

 About Internet Connectivity
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~

 The HTTP service provides functionality for deploying web applications
 and for making deployed web applications accessible by Internet clients,
 either in a single application server instance or in a cluster of
 multiple server instances. HTTP services are provided by two kinds of
 related objects: listeners and virtual servers.

 For more information about clusters, see the link:../ha-administration-guide/toc.html#GSHAG[GlassFish
 Server Open Source Edition High Availability Administration Guide].

 The following topics are addressed here:

 * link:#giuri[About HTTP Network Listeners]
 * link:#giupz[About Virtual Servers]

 [[giuri]][[GSADG00766]][[about-http-network-listeners]]

 About HTTP Network Listeners
 ^^^^^^^^^^^^^^^^^^^^^^^^^^^^

 An HTTP listener, also known as a network listener, is a listen socket
 that has an Internet Protocol (IP) address, a port number, a server
 name, and a default virtual server. Each virtual server provides
 connections between the server and clients through one or more
 listeners. Each listener must have a unique combination of port number
 and IP address. For example, an HTTP listener can listen for a host on
 all configured IP addresses on a given port by specifying the IP address
 0.0.0.0. Alternatively, the listener can specify a unique IP address for
 each listener while using the same port.

 Because an HTTP listener is a combination of IP address and port number,
 you can have multiple HTTP listeners with the same IP address and
 different port numbers, or with different IP addresses and the same port
 number (if your host was configured to respond to these addresses).
 However, if an HTTP listener uses the 0.0.0.0 IP address, which listens
 on all IP addresses on a port, you cannot create HTTP listeners for
 additional IP addresses that listen on the same port for a specific IP
 address. For example, if an HTTP listener uses 0.0.0.0:8080 (all IP
 addresses on port 8080), another HTTP listener cannot use 1.2.3.4:8080.
 The host running the GlassFish Server typically has access to only one
 IP address. HTTP listeners typically use the 0.0.0.0 IP address and
 different port numbers, with each port number serving a different
 purpose. However, if the host does have access to more than one IP
 address, each address can serve a different purpose.

 To access a web application deployed on GlassFish Server, use the URL
 `http://localhost:8080/` (or `https://localhost:8081/` for a secure
 application), along with the context root specified for the web
 application.

 To access the Administration Console, use the URL
 `https://localhost:4848/` or `http://localhost:4848/asadmin/` (console
 default context root).

 [[giupz]][[GSADG00767]][[about-virtual-servers]]

 About Virtual Servers
 ^^^^^^^^^^^^^^^^^^^^^

 A virtual server, sometimes called a virtual host, is an object that
 allows the same physical server to host multiple Internet domain names.
 All virtual servers hosted on the same physical server share the IP
 address of that physical server. A virtual server associates a domain
 name for a server (such as `www.aaa.com`) with the particular server on
 which GlassFish Server is running. Each virtual server must be
 registered with the DNS server for your network.


 [NOTE]
 =======================================================================

 Do not confuse an Internet domain with the administrative domain of
 GlassFish Server.

 =======================================================================


 For example, assume that you want to host the following domains on your
 physical server: `www.aaa.com`, `www.bbb.com`, and `www.ccc.com`. Assume
 that these domains are respectively associated with web modules `web1`,
 `web2`, and `web3`. This means that the following URLs are handled by
 your physical server:

 [source,oac_no_warn]
 ----
 http://www.aaa.com:8080/web1
 http://www.bbb.com:8080/web2
 http://www.ccc.com:8080/web3
 ----

 The first URL is mapped to virtual server `www.aaa.com`, the second URL
 is mapped to virtual server `www.bbb.com`, and the third is mapped to
 virtual server `www.ccc.com`. For this mapping to work, `www.aaa.com`,
 `www.bbb.com`, and `www.ccc.com` must all resolve to your physical
 server's IP address and each virtual server must be registered with the
 DNS server for your network. In addition, on a UNIX system, add these
 domains to your `/etc/hosts` file (if the setting for `hosts` in your
 `/etc/nsswitch.conf` file includes `files`).

 [[ggnfu]][[GSADG00588]][[administering-http-network-listeners]]

 Administering HTTP Network Listeners
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

 By default, when GlassFish Server starts, the following HTTP listeners
 are started automatically:

 * HTTP listeners associated with the virtual server named `server`:

 ** The listener named `http-listener-1` does not have security enabled.

 ** The listener named `http-listener-2` has security enabled
 * An HTTP listener named `admin-listener`, associated with the virtual
 server named `__asadmin`. For this listener, security is not enabled.

 The following table describes the GlassFish Server default ports for the
 listeners that use ports.

 [[GSADG990]][[sthref72]][[ggnpj]]


 Table 13-1 Default Ports for Listeners

 [width="100%",cols="18%,13%,69%",options="header",]
 |=======================================================================
 |Listener |Default Port |Description
 |Administrative server |4848 |A domain's administrative server is
 accessed by the Administration Console and the `asadmin` utility. For
 the Administration Console, specify the port number in the URL of the
 browser. When running an `asadmin` subcommand remotely, specify the port
 number by using the `--port` option.

 |HTTP |8080 |The web server listens for HTTP requests on a port. To
 access deployed web applications and services, clients connect to this
 port.

 |HTTPS |8181 |Web applications configured for secure communications
 listen on a separate port.

 | | |

 | | |

 | | |
 |=======================================================================


 The following topics are addressed here:

 * link:#ggnfh[To Create an Internet Connection]
 * link:#gjkuy[Administering HTTP Protocols]
 * link:#gjkzi[Administering HTTP Configurations]
 * link:#gjkym[Administering HTTP Transports]
 * link:#gjkwt[Administering HTTP Network Listeners]

 [[ggnfh]][[GSADG00456]][[to-create-an-internet-connection]]

 To Create an Internet Connection
 ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^

 Use the subcommands in this procedure to create an internet connection
 with the full range of listener options. A network listener is created
 behind the scenes. For the shortcut version of this process , see
 link:#gjimx[To Create an HTTP Network Listener].

 1.  Ensure that the server is running. +
 Remote subcommands require a running server.
 2.  Create an HTTP or HTTPS protocol by using the
 link:../reference-manual/create-protocol.html#GSRFM00051[`create-protocol`] subcommand with the
 `--securityenabled` option. +
 To use the built-in `http-listener-1` HTTP protocol, or
 `http-listener-2` HTTPS protocol, skip this step.
 3.  Create an HTTP configuration by using the
 link:../reference-manual/create-http.html#GSRFM00025[`create-http`] subcommand. +
 To use a built-in protocol, skip this step.
 4.  Create a transport by using the link:../reference-manual/create-transport.html#GSRFM00061[`create-transport`]
 subcommand. +
 To use the built-in `tcp` transport, skip this step.
 5.  Create a thread pool by using the
 link:../reference-manual/create-threadpool.html#GSRFM00060[`create-threadpool`] subcommand. +
 To avoid using a thread pool, or to use the built-in `http-thread-pool`
 thread pool, skip this step. +
 For additional thread pool information, see
 link:threadpools.html#abluc[Administering Thread Pools].
 6.  Create an HTTP listener by using the
 link:../reference-manual/create-network-listener.html#GSRFM00046[`create-network-listener`] subcommand. +
 Specify a protocol and transport, optionally a thread pool.
 7.  To apply your changes, restart GlassFish Server. +
 See link:domains.html#ginqj[To Restart a Domain].

 [[GSADG991]]

 See Also

 You can also view the full syntax and options of the subcommand by
 typing a command such as `asadmin help create-http-listener` at the
 command line.

 [[gjkuy]][[GSADG00768]][[administering-http-protocols]]

 Administering HTTP Protocols
 ^^^^^^^^^^^^^^^^^^^^^^^^^^^^

 Each HTTP listener has an HTTP protocol, which is created either by
 using the `create-protocol` subcommand or by using the built-in
 protocols that are applied when you follow the instructions in
 link:#gjimx[To Create an HTTP Network Listener].

 The following topics are addressed here:

 * link:#gjhot[To Create a Protocol]
 * link:#gjhna[To List Protocols]
 * link:#gjhnx[To Delete a Protocol]

 [[gjhot]][[GSADG00457]][[to-create-a-protocol]]

 To Create a Protocol
 ++++++++++++++++++++

 Use the `create-protocol` subcommand in remote mode to create a
 protocol.

 1.  Ensure that the server is running. +
 Remote subcommands require a running server.
 2.  Create a protocol by using the link:../reference-manual/create-protocol.html#GSRFM00051[`create-protocol`] +
 Information about options and properties for the subcommand are included
 in this help page.

 [[GSADG00245]][[gjhos]]


 Example 13-1 Creating an HTTP Protocol

 This example creates a protocol named `http-1` with security enabled.

 [source,oac_no_warn]
 ----
 asadmin> create-protocol --securityenabled=true http-1
 Command create-protocol executed successfully.
 ----

 [[GSADG992]]

 See Also

 You can also view the full syntax and options of the subcommand by
 typing `asadmin help create-protocol` at the command line.

 [[gjhna]][[GSADG00458]][[to-list-protocols]]

 To List Protocols
 +++++++++++++++++

 Use the `list-protocols` subcommand in remote mode to list the existing
 HTTP protocols.

 1.  Ensure that the server is running. +
 Remote subcommands require a running server.
 2.  List the existing protocols by using the
 link:../reference-manual/list-protocols.html#GSRFM00195[`list-protocols`] subcommand.

 [[GSADG00246]][[gjhqg]]


 Example 13-2 Listing the Protocols

 This example lists the existing protocols.

 [source,oac_no_warn]
 ----
 asadmin> list-protocols
 admin-listener
 http-1
 http-listener-1
 http-listener-2
 Command list-protocols executed successfully.
 ----

 [[GSADG993]]

 See Also

 You can also view the full syntax and options of the subcommand by
 typing `asadmin help list-protocols` at the command line.

 [[gjhnx]][[GSADG00459]][[to-delete-a-protocol]]

 To Delete a Protocol
 ++++++++++++++++++++

 Use the `delete-protocol` subcommand in remote mode to remove a
 protocol.

 1.  Ensure that the server is running. +
 Remote subcommands require a running server.
 2.  Delete a protocol by using the link:../reference-manual/delete-protocol.html#GSRFM00103[`delete-protocol`]
 subcommand

 [[GSADG00247]][[gjhop]]


 Example 13-3 Deleting a Protocol

 This example deletes the protocol named `http-1`.

 [source,oac_no_warn]
 ----
 asadmin> delete-protocol http-1
 Command delete-protocol executed successfully.
 ----

 [[GSADG994]]

 See Also

 You can also view the full syntax and options of the subcommand by
 typing `asadmin help delete-protocol` at the command line.

 [[gjkzi]][[GSADG00769]][[administering-http-configurations]]

 Administering HTTP Configurations
 ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^

 Each HTTP listener has an HTTP configuration, which is created either by
 using the `create-http` subcommand or by using the built-in
 configurations that are applied when you follow the instructions in
 link:#gjimx[To Create an HTTP Network Listener].

 The following topics are addressed here:

 * link:#gjhqc[To Create an HTTP Configuration]
 * link:#gjhqa[To Delete an HTTP Configuration]

 [[gjhqc]][[GSADG00460]][[to-create-an-http-configuration]]

 To Create an HTTP Configuration
 +++++++++++++++++++++++++++++++

 Use the `create-http` subcommand in remote mode to create a set of HTTP
 parameters for a protocol. This set of parameters configures one or more
 network listeners,

 1.  Ensure that the server is running. +
 Remote subcommands require a running server.
 2.  Create an HTTP configuration by using the
 link:../reference-manual/create-http.html#GSRFM00025[`create-http`] subcommand. +
 Information about options and properties for the subcommand are included
 in this help page.

 [[GSADG00248]][[gjhnz]]


 Example 13-4 Creating an HTTP Configuration

 This example creates an HTTP parameter set for the protocol named
 `http-1`.

 [source,oac_no_warn]
 ----
 asadmin> create-http --timeout-seconds 60 --default-virtual-server server http-1
 Command create-http executed successfully.
 ----

 [[GSADG995]]

 See Also

 You can also view the full syntax and options of the subcommand by
 typing `asadmin help create-http` at the command line.

 [[gjhqa]][[GSADG00461]][[to-delete-an-http-configuration]]

 To Delete an HTTP Configuration
 +++++++++++++++++++++++++++++++

 Use the `delete-http` subcommand in remote mode to remove HTTP
 parameters from a protocol.

 1.  Ensure that the server is running. +
 Remote subcommands require a running server.
 2.  Delete the HTTP parameters from a protocol by using the
 link:../reference-manual/delete-http.html#GSRFM00077[`delete-http`] subcommand.

 [[GSADG00249]][[gjhov]]


 Example 13-5 Deleting an HTTP Configuration

 This example deletes the HTTP parameter set from a protocol named
 `http-1`.

 [source,oac_no_warn]
 ----
 asadmin> delete-http http-1
 Command delete-http executed successfully.
 ----

 [[GSADG996]]

 See Also

 You can also view the full syntax and options of the subcommand by
 typing `asadmin help delete-http` at the command line.

 [[gjkym]][[GSADG00770]][[administering-http-transports]]

 Administering HTTP Transports
 ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^

 Each HTTP listener has an HTTP transport, which is created either by
 using the `create-transport` subcommand or by using the built-in
 transports that are applied when you follow the instructions in
 link:#gjimx[To Create an HTTP Network Listener].

 The following topics are addressed here:

 * link:#gjhps[To Create a Transport]
 * link:#gjhmx[To List Transports]
 * link:#gjhqp[To Delete a Transport]

 [[gjhps]][[GSADG00462]][[to-create-a-transport]]

 To Create a Transport
 +++++++++++++++++++++

 Use the `create-transport` subcommand in remote mode to create a
 transport for a network listener,

 1.  Ensure that the server is running. +
 Remote subcommands require a running server.
 2.  Create a transport by using the link:../reference-manual/create-transport.html#GSRFM00061[`create-transport`]
 subcommand. +
 Information about options and properties for the subcommand are included
 in this help page.

 [[GSADG00250]][[gjhpx]]


 Example 13-6 Creating a Transport

 This example creates a transport named `http1-trans` that uses a
 non-default number of acceptor threads.

 [source,oac_no_warn]
 ----
 asadmin> create-transport --acceptorthreads 100 http1-trans
 Command create-transport executed successfully.
 ----

 [[GSADG997]]

 See Also

 You can also view the full syntax and options of the subcommand by
 typing `asadmin help create-transport` at the command line.

 [[gjhmx]][[GSADG00463]][[to-list-transports]]

 To List Transports
 ++++++++++++++++++

 Use the `list-transports` subcommand in remote mode to list the existing
 HTTP transports.

 1.  Ensure that the server is running. +
 Remote subcommands require a running server.
 2.  List the existing transports by using the
 link:../reference-manual/list-transports.html#GSRFM00206[`list-transports`] subcommand.

 [[GSADG00251]][[gjhqj]]


 Example 13-7 Listing HTTP Transports

 This example lists the existing transports.

 [source,oac_no_warn]
 ----
 asadmin> list-transports
 http1-trans
 tcp
 Command list-transports executed successfully.
 ----

 [[GSADG998]]

 See Also

 You can also view the full syntax and options of the subcommand by
 typing `asadmin help list-transports` at the command line.

 [[gjhqp]][[GSADG00464]][[to-delete-a-transport]]

 To Delete a Transport
 +++++++++++++++++++++

 Use the `delete-transport` subcommand in remote mode to remove a
 transport.

 1.  Ensure that the server is running. +
 Remote subcommands require a running server.
 2.  Delete a transport by using the link:../reference-manual/delete-transport.html#GSRFM00112[`delete-transport`]
 subcommand.

 [[GSADG00252]][[gjhoh]]


 Example 13-8 Deleting a Transport

 This example deletes he transport named `http1-trans`.

 [source,oac_no_warn]
 ----
 asadmin> delete-transport http1-trans
 Command delete-transport executed successfully.
 ----

 [[GSADG999]]

 See Also

 You can also view the full syntax and options of the subcommand by
 typing `asadmin help delete-transport` at the command line.

 [[gjkwt]][[GSADG00771]][[administering-http-network-listeners-1]]

 Administering HTTP Network Listeners
 ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^

 The following topics are addressed here:

 * link:#gjimx[To Create an HTTP Network Listener]
 * link:#ggnbv[To List HTTP Network Listeners]
 * link:#giwls[To Update an HTTP Network Listener]
 * link:#ggndu[To Delete an HTTP Network Listener]
 * link:#ggnbj[To Configure an HTTP Listener for SSL]
 * link:#CHDEDCEA[To Configure Optional Client Authentication for SSL]
 * link:#CHDHEFHG[To Configure a Custom SSL Implementation]
 * link:#ggncl[To Delete SSL From an HTTP Listener]
 * link:#gixjb[To Assign a Default Virtual Server to an HTTP Listener]

 [[gjimx]][[GSADG00465]][[to-create-an-http-network-listener]]

 To Create an HTTP Network Listener
 ++++++++++++++++++++++++++++++++++

 Use the `create-http-listener` subcommand or the
 `create-network-listener` subcommand in remote mode to create a
 listener. These subcommands provide backward compatibility and also
 provide a shortcut for creating network listeners that use the HTTP
 protocol. Behind the scenes, a network listener is created as well as
 its associated protocol, transport, and HTTP configuration. This method
 is a convenient shortcut, but it gives access to only a limited number
 of options. If you want to specify the full range of listener options,
 follow the instructions in link:#ggnfh[To Create an Internet
 Connection].

 1.  Ensure that the server is running. +
 Remote subcommands require a running server.
 2.  Create an HTTP network listener by using the
 link:../reference-manual/create-network-listener.html#GSRFM00046[`create-network-listener`] subcommand or the
 link:../reference-manual/create-http-listener.html#GSRFM00030[`create-http-listener`] subcommand.
 3.  If needed, restart the server. +
 If you edit the special HTTP network listener named `admin-listener`,
 you must restart the server for changes to take effect. See
 link:domains.html#ginqj[To Restart a Domain].

 [[GSADG00253]][[ggpjk]]


 Example 13-9 Creating an HTTP Listener

 This example creates an HTTP listener named `sampleListener` that uses a
 non-default number of acceptor threads. Security is not enabled at
 runtime.

 [source,oac_no_warn]
 ----
 asadmin> create-http-listener --listeneraddress 0.0.0.0
 --listenerport 7272 --defaultvs server --servername host1.sun.com
 --acceptorthreads 100 --securityenabled=false
 --enabled=false sampleListener
 Command create-http-listener executed successfully.
 ----

 [[GSADG00254]][[gjimj]]


 Example 13-10 Creating a Network Listener

 This example a network listener named `sampleListener` that is not
 enabled at runtime:

 [source,oac_no_warn]
 ----
 asadmin> create-network-listener --listenerport 7272 protocol http-1
 --enabled=false sampleListener
 Command create-network-listener executed successfully.
 ----

 [[GSADG1000]]

 See Also

 You can also view the full syntax and options of the subcommand by
 typing `asadmin help create-http-listener` or
 `asadmin help create-network-listener` at the command line.

 [[ggnbv]][[GSADG00466]][[to-list-http-network-listeners]]

 To List HTTP Network Listeners
 ++++++++++++++++++++++++++++++

 Use the `list-http-listeners` subcommand or the `list-network-listeners`
 subcommand in remote mode to list the existing HTTP listeners.

 1.  Ensure that the server is running. +
 Remote subcommands require a running server.
 2.  List HTTP listeners by using the
 link:../reference-manual/list-http-listeners.html#GSRFM00168[`list-http-listeners`] or
 link:../reference-manual/list-network-listeners.html#GSRFM00186[`list-network-listeners`] subcommand.

 [[GSADG00255]][[ggpgw]]


 Example 13-11 Listing HTTP Listeners

 This example lists the HTTP listeners. The same output is given if you
 use the `list-network-listeners` subcommand.

 [source,oac_no_warn]
 ----
 asadmin> list-http-listeners
 admin-listener
 http-listener-2
 http-listener-1
 Command list-http-listeners executed successfully.
 ----

 [[GSADG1001]]

 See Also

 You can also view the full syntax and options of the subcommand by
 typing `asadmin help list-http-listeners` or
 `asadmin help list-network-listeners` at the command line.

 [[giwls]][[GSADG00467]][[to-update-an-http-network-listener]]

 To Update an HTTP Network Listener
 ++++++++++++++++++++++++++++++++++

 1.  List HTTP listeners by using the
 link:../reference-manual/list-http-listeners.html#GSRFM00168[`list-http-listeners`] or
 link:../reference-manual/list-network-listeners.html#GSRFM00186[`list-network-listeners`] subcommand.
 2.  Modify the values for the specified listener by using the
 link:../reference-manual/set.html#GSRFM00226[`set`] subcommand. +
 The listener is identified by its dotted name.

 [[GSADG00256]][[giwiw]]


 Example 13-12 Updating an HTTP Network Listener

 This example changes `security-enabled` to `false` on `http-listener-2`.

 [source,oac_no_warn]
 ----
 asadmin> set server.network-config.protocols.protocol.http-listener-2.security-enabled=false
 Command set executed successfully.
 ----

 [[ggndu]][[GSADG00468]][[to-delete-an-http-network-listener]]

 To Delete an HTTP Network Listener
 ++++++++++++++++++++++++++++++++++

 Use the `delete-http-listener` subcommand or the
 `delete-network-listener` subcommand in remote mode to delete an
 existing HTTP listener. This disables secure communications for the
 listener.

 1.  Ensure that the server is running. +
 Remote subcommands require a running server.
 2.  List HTTP listeners by using the
 link:../reference-manual/list-http-listeners.html#GSRFM00168[`list-http-listeners`] subcommand.
 3.  Delete an HTTP listener by using the
 link:../reference-manual/delete-http-listener.html#GSRFM00082[`delete-http-listener`] or
 link:../reference-manual/delete-network-listener.html#GSRFM00098[`delete-network-listener`] subcommand.
 4.  To apply your changes, restart GlassFish Server. +
 See link:domains.html#ginqj[To Restart a Domain].

 [[GSADG00257]][[ggpjr]]


 Example 13-13 Deleting an HTTP Listener

 This example deletes the HTTP listener named `sampleListener`:

 [source,oac_no_warn]
 ----
 asadmin> delete-http-listener sampleListener
 Command delete-http-listener executed successfully.
 ----

 [[GSADG1002]]

 See Also

 You can also view the full syntax and options of the subcommand by
 typing `asadmin help delete-http-listener` or
 `asadmin help delete-network-listener` at the command line.

 [[ggnbj]][[GSADG00469]][[to-configure-an-http-listener-for-ssl]]

 To Configure an HTTP Listener for SSL
 +++++++++++++++++++++++++++++++++++++

 Use the `create-ssl` subcommand in remote mode to create and configure
 an SSL element in the specified listener. This enables secure
 communication for the listener.

 1.  Ensure that the server is running. +
 Remote subcommands require a running server.
 2.  Configure an HTTP listener by using the
 link:../reference-manual/create-ssl.html#GSRFM00058[`create-ssl`] subcommand.
 3.  To apply your changes, restart GlassFish Server. +
 See link:domains.html#ginqj[To Restart a Domain].

 [[GSADG00258]][[ggphv]]


 Example 13-14 Configuring an HTTP Listener for SSL

 This example enables the HTTP listener named `http-listener-1` for SSL:

 [source,oac_no_warn]
 ----
 asadmin> create-ssl --type http-listener --certname sampleCert http-listener-1
 Command create-ssl executed successfully.
 ----

 [[GSADG1003]]

 See Also

 You can also view the full syntax and options of the subcommand by
 typing `asadmin help create-ssl` at the command line.

 [[CHDEDCEA]][[GSADG1106]][[to-configure-optional-client-authentication-for-ssl]]

 To Configure Optional Client Authentication for SSL
 +++++++++++++++++++++++++++++++++++++++++++++++++++

 In GlassFish Server, you can configure the SSL protocol of an HTTP
 listener such that it requests a certificate before permitting a client
 connection, but does not refuse a connection if the client does not
 provide one. To enable this feature, set the `client-auth` property of
 the SSL protocol to the value `want`. For example:

 [source,oac_no_warn]
 ----
 asadmin> set configs.config.config-name.network-config.protocols.\
 protocol.listener-name.ssl.client-auth=want
 ----

 [[CHDHEFHG]][[GSADG1107]][[to-configure-a-custom-ssl-implementation]]

 To Configure a Custom SSL Implementation
 ++++++++++++++++++++++++++++++++++++++++

 In GlassFish Server, you can configure the SSL protocol an HTTP listener
 such that it uses a custom implementation of SSL. To enable this
 feature, set the `classname` property of the SSL protocol to the name of
 a class that implements the `com.sun.grizzly.util.net.SSLImplementation`
 interface. For example:

 [source,oac_no_warn]
 ----
 asadmin> set configs.config.config-name.network-config.protocols.\
 protocol.listener-name.ssl.classname=SSLImplementation-class-name
 ----

 By default, GlassFish Server uses the implementation
 `com.sun.enterprise.security.ssl.GlassfishSSLImpl` for the SSL protocol.

 [[ggncl]][[GSADG00470]][[to-delete-ssl-from-an-http-listener]]

 To Delete SSL From an HTTP Listener
 +++++++++++++++++++++++++++++++++++

 Use the `delete-ssl` subcommand in remote mode to delete the SSL element
 in the specified listener. This disables secure communications for the
 listener.

 1.  Ensure that the server is running. +
 Remote subcommands require a running server.
 2.  Delete SSL from an HTTP listener by using the
 link:../reference-manual/delete-ssl.html#GSRFM00109[`delete-ssl`] subcommand.
 3.  To apply your changes, restart GlassFish Server. +
 See link:domains.html#ginqj[To Restart a Domain].

 [[GSADG00259]][[ggpln]]


 Example 13-15 Deleting SSL From an HTTP Listener

 This example disables SSL for the HTTP listener named `http-listener-1`:

 [source,oac_no_warn]
 ----
 asadmin> delete-ssl --type http-listener http-listener-1
 Command delete-http-listener executed successfully.
 ----

 [[GSADG1004]]

 See Also

 You can also view the full syntax and options of the subcommand by
 typing `asadmin help delete-ssl` at the command line.

 [[gixjb]][[GSADG00471]][[to-assign-a-default-virtual-server-to-an-http-listener]]

 To Assign a Default Virtual Server to an HTTP Listener
 ++++++++++++++++++++++++++++++++++++++++++++++++++++++

 1.  In the Administration Console, open the HTTP Service component under
 the relevant configuration.
 2.  Open the HTTP Listeners component under the HTTP Service component.
 3.  Select or create a new HTTP listener.
 4.  Select from the Default Virtual Server drop-down list. +
 For more information, see link:#beaga[To Assign a Default Web Module to
 a Virtual Server].

 [[GSADG1005]]

 See Also

 For details, click the Help button in the Administration Console from
 the HTTP Listeners page.

 [[ggncs]][[GSADG00589]][[administering-virtual-servers]]

 Administering Virtual Servers
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

 A virtual server is a virtual web server that serves content targeted
 for a specific URL. Multiple virtual servers can serve content using the
 same or different host names, port numbers, or IP addresses. The HTTP
 service directs incoming web requests to different virtual servers based
 on the URL.

 When you first install GlassFish Server, a default virtual server is
 created. You can assign a default virtual server to each new HTTP
 listener you create.

 Web applications and Java EE applications containing web components (web
 modules) can be assigned to virtual servers during deployment. A web
 module can be assigned to more than one virtual server, and a virtual
 server can have more than one web module assigned to it. If you deploy a
 web application and don't specify any assigned virtual servers, the web
 application is assigned to all currently defined virtual servers. If you
 then create additional virtual servers and want to assign existing web
 applications to them, you must redeploy the web applications. For more
 information about deployment, see the link:../application-deployment-guide/toc.html#GSDPG[GlassFish Server Open
 Source Edition Application Deployment Guide].

 You can define virtual server properties using the `asadmin set`
 command. For example:

 [source,oac_no_warn]
 ----
 asadmin> set server-config.http-service.virtual-server.MyVS.property.sso-enabled="true"
 ----

 Some virtual server properties can be set for a specific web
 application. For details, see "link:../application-deployment-guide/dd-elements.html#GSDPG00161[glassfish-web-app]" in
 GlassFish Server Open Source Edition Application Deployment Guide.

 The following topics are addressed here:

 * link:#ggnfr[To Create a Virtual Server]
 * link:#ggndw[To List Virtual Servers]
 * link:#giwkp[To Update a Virtual Server]
 * link:#ggnen[To Delete a Virtual Server]
 * link:#beaga[To Assign a Default Web Module to a Virtual Server]
 * link:#gixku[To Assign a Virtual Server to an Application or Module]
 * link:#glavy[To Set `JSESSIONIDSSO` Cookie Attributes]

 [[ggnfr]][[GSADG00472]][[to-create-a-virtual-server]]

 To Create a Virtual Server
 ^^^^^^^^^^^^^^^^^^^^^^^^^^

 By default, when GlassFish Server starts, the following virtual servers
 are started automatically:

 * A virtual server named `server`, which hosts all user-defined web
 modules. +
 For development, testing, and deployment of web services in a
 non-production environment, `server` is often the only virtual server
 required.
 * A virtual server named `__asadmin`, which hosts all
 administration-related web modules (specifically, the Administration
 Console). This server is restricted, which means that you cannot deploy
 web modules to this virtual server.

 In a production environment, additional virtual servers provide hosting
 facilities for users and customers so that each appears to have its own
 web server, even though there is only one physical server.

 Use the `create-virtual-server` subcommand in remote mode to create the
 named virtual server.

 [[GSADG1006]]

 Before You Begin

 A virtual server must specify an existing HTTP listener. Because the
 virtual server cannot specify an HTTP listener that is already being
 used by another virtual server, create at least one HTTP listener before
 creating a new virtual server.

 1.  Ensure that the server is running. +
 Remote subcommands require a running server.
 2.  Create a virtual server by using the
 link:../reference-manual/create-virtual-server.html#GSRFM00062[`create-virtual-server`] subcommand. +
 Information about properties for this subcommand is included in this
 help page.
 3.  To apply your changes, restart GlassFish Server. +
 See link:domains.html#ginqj[To Restart a Domain].

 [[GSADG00260]][[ggpha]]


 Example 13-16 Creating a Virtual Server

 This example creates a virtual server named `sampleServer` on
 `localhost`.

 [source,oac_no_warn]
 ----
 asadmin> create-virtual-server sampleServer
 Command create-virtual-server executed successfully.
 ----

 [[GSADG1007]]

 See Also

 You can also view the full syntax and options of the subcommand by
 typing `asadmin help create-virutal-server` at the command line.

 [[ggndw]][[GSADG00473]][[to-list-virtual-servers]]

 To List Virtual Servers
 ^^^^^^^^^^^^^^^^^^^^^^^

 Use the `list-virtual-servers` subcommand in remote mode to list the
 existing virtual servers.

 1.  Ensure that the server is running. +
 Remote subcommands require a running server.
 2.  List virtual servers by using the
 link:../reference-manual/list-virtual-servers.html#GSRFM00207[`list-virtual-servers`] subcommand.

 [[GSADG00261]][[ggpgr]]


 Example 13-17 Listing Virtual Servers

 This example lists the virtual servers for `localhost`.

 [source,oac_no_warn]
 ----
 asadmin> list-virtual-servers
 sampleListener
 admin-listener
 http-listener-2
 http-listener-1
 Command list-http-listeners executed successfully.
 ----

 [[GSADG1008]]

 See Also

 You can also view the full syntax and options of the subcommand by
 typing `asadmin help list-virutal-servers` at the command line.

 [[giwkp]][[GSADG00474]][[to-update-a-virtual-server]]

 To Update a Virtual Server
 ^^^^^^^^^^^^^^^^^^^^^^^^^^

 1.  List virtual servers by using the
 link:../reference-manual/list-virtual-servers.html#GSRFM00207[`list-virtual-servers`] subcommand.
 2.  Modify the values for the specified virtual server by using the
 link:../reference-manual/set.html#GSRFM00226[`set`] subcommand. +
 The virtual server is identified by its dotted name.

 [[ggnen]][[GSADG00475]][[to-delete-a-virtual-server]]

 To Delete a Virtual Server
 ^^^^^^^^^^^^^^^^^^^^^^^^^^

 Use the `delete-virtual-server` subcommand in remote mode to delete an
 existing virtual server.

 1.  Ensure that the server is running. +
 Remote subcommands require a running server.
 2.  List virtual servers by using the
 link:../reference-manual/list-virtual-servers.html#GSRFM00207[`list-virtual-servers`] subcommand.
 3.  If necessary, notify users that the virtual server is being deleted.
 4.  Delete a virtual server by using the
 link:../reference-manual/delete-virtual-server.html#GSRFM00113[`delete-virtual-server`] subcommand.
 5.  To apply your changes, restart GlassFish Server. +
 See link:domains.html#ginqj[To Restart a Domain].

 [[GSADG00262]][[ggpmd]]


 Example 13-18 Deleting a Virtual Server

 This example deletes the virtual server named `sampleServer` from
 `localhost`.

 [source,oac_no_warn]
 ----
 asadmin> delete-virtual-server sampleServer
 Command delete-virtual-server executed successfully.
 ----

 [[GSADG1009]]

 See Also

 You can also view the full syntax and options of the subcommand by
 typing `asadmin help delete-virutal-server` at the command line.

 [[beaga]][[GSADG00772]][[to-assign-a-default-web-module-to-a-virtual-server]]

 To Assign a Default Web Module to a Virtual Server
 ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^

 A default web module can be assigned to the default virtual server and
 to each new virtual server. To access the default web module for a
 virtual server, point the browser to the URL for the virtual server, but
 do not supply a context root. For example:

 [source,oac_no_warn]
 ----
 http://myvserver:3184/
 ----

 A virtual server with no default web module assigned serves HTML or
 JavaServer Pages ( JSP) content from its document root, which is usually
 domain-dir`/docroot`. To access this HTML or JSP content, point your
 browser to the URL for the virtual server, do not supply a context root,
 but specify the target file.

 For example:

 [source,oac_no_warn]
 ----
 http://myvserver:3184/hellothere.jsp
 ----

 [[gixku]][[GSADG00476]][[to-assign-a-virtual-server-to-an-application-or-module]]

 To Assign a Virtual Server to an Application or Module
 ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^

 You can assign a virtual server to a deployed application or web module.

 [[GSADG1010]]

 Before You Begin

 The application or module must already be deployed. For more
 information, see the link:../application-deployment-guide/toc.html#GSDPG[GlassFish Server Open Source Edition
 Application Deployment Guide].

 1.  In the Administration Console, open the HTTP Service component under
 the relevant configuration.
 2.  Open the Virtual Servers component under the HTTP Service component.
 3.  Select the virtual server to which you want to assign a default web
 module.
 4.  Select the application or web module from the Default Web Module
 drop-down list. +
 For more information, see link:#beaga[To Assign a Default Web Module to
 a Virtual Server].

 [[glavy]][[GSADG00477]][[to-set-jsessionidsso-cookie-attributes]]

 To Set `JSESSIONIDSSO` Cookie Attributes
 ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^

 Use the `sso-cookie-http-only` and `sso-cookie-secure` virtual server
 attributes to set the `HttpOnly` and `Secure` attributes of any
 `JSESSIONIDSSO` cookies associated with web applications deployed to the
 virtual server.

 Use the link:../reference-manual/set.html#GSRFM00226[`set`] subcommand to set the value of the
 `sso-cookie-http-only` and `sso-cookie-secure` virtual server
 attributes.

 The values supported for these attributes are as follows:

 `sso-cookie-http-only`::
   A boolean value that specifies whether the `HttpOnly` attribute is
   included in `JSESSIONIDSSO` cookies. When set to `true`, which is the
   default, the `HttpOnly` attribute is included. When set to `false`,
   the `HttpOnly` attribute is not included.
 `sso-cookie-secure`::
   A string value that specifies whether the `Secure` attribute is
   included in `JSESSIONIDSSO` cookies. Allowed values are as follows: +
   * `true` — The `Secure` attribute is included.
   * `false` — The `Secure` attribute is not included.
   * `dynamic` — The `Secure` attribute setting is inherited from the
   first session participating in SSO. This is the default value.