NetWare 6.5 and GroupWise 6.5 WebAccess
Novell Cool Solutions: Feature
By Tay Kratzer
Digg This -
Posted: 13 May 2004
- Make sure to be using the GroupWise 6.5 Support Pack 1 (or better), installation code.
- If you are installing the WebAccess Application on a NetWare server in a DMZ, read the next section regarding this.
Configuring the WebAccess Application Within a DMZ
When you install the GroupWise WebAccess Application, you are prompted for the path to a WebAccess Agent directory as shown in Figure 1.
Figure 1: Prompt for the path to WebAccess Agent
This may be a problem for you, here's why. A lot of customers have their WebAccess Application in the DMZ. Within the DMZ there may not be client access to the server running the WebAccess Agent (GWINTER). The WebAccess Installation Wizard prompts you for the path to the WebAccess Agent simply because it wants to have access to one file in order to proceed smoothly. The installation software is after a file called COMMGR.CFG. The COMMGR.CFG file contains an important symmetric encryption key that the WebAccess Application, and the WebAccess Agent use in order to encrypt data sent to one another. The COMMGR.CFG file can be found in the WebAccess Agent's gateway directory. For example, <DOMAIN>\wpgate\<WebAccess Directory>.
To simply satisfy the "Configure WebAccess Application" installation wizard screen shown in Figure 1, copy the COMMGR.CFG file from the location where the WebAccess Agent is, to a location on the NetWare server where you are installing the WebAccess Application. Also, make the structure of the directory so that it mimics the typical structure of a domain with a gateway off of it (you are trying to trick the installation software). For example, make a directory on the sys: volume that mimics a true domain and gateway folder structure. For example SYS:DOMAIN\WPGATE\WEBACC. Then simply place the COMMGR.CFG file from the server running the WebAccess Agent, to the mimicked path (SYS:DOMAIN\WPGATE\WEBACC) on the server that is going to run the WebAccess Application. You don't have to copy any other files over than the COMMGR.CFG file.
When prompted for the path to the WebAccess Agent as shown in Figure 1, just put in the mimicked domain and gateway path.
- During the WebAccess Application Installation, when prompted for the path to "Apache Web Server for NetWare", indicate the path to the "Apache2" directory off of the sys: volume of the NetWare server as shown in Figure 2. By default the install indicates the "Apache" directory, but you want to use the "Apache2" directory on NetWare 6.5.
Figure 2: Indicate the path to the Apache2 directory
- Run the GroupWise 6.5 WebAccess installation, in my experience the installation goes smoothly. If the Windows machine, from which you are running the installation, is not on the same segment as the NetWare server housing WebAccess, the first 70% of the installation goes slowly because it copies a bunch of very small files.
Warning: In this section we make modifications to Apache's HTTPD.CONF file, make sure to back this file up before modifying it.
- The GroupWise 6.5 WebAccess Application installation to a NetWare 6.5 server no longer creates a customized GWAPACHE.NCF startup file, and the GWAPACHE.CONF configuration file as it does on NetWare 6.0. Instead you simply load the APACHE2.NLM. The WebAccess Application install modifies the existing SYS:\APACHE2\CONF\HTTPD.CONF file, if there is one, and makes a reference to the "GWAPACHE2.CONF" configuration file.
[ ] ACTION - If this is an upgrade from a NetWare 6.0/GroupWise 6.5 WebAccess installation, then make sure to update the AUTOEXEC.NCF file so there is no longer reference to SYS:\APACHE\GWWEBUP.NCF or any other reference to load the APACHE 1.x code.
[ ] ACTION - Make sure that in the AUTOEXEC.NCF file there is a reference to load the Apache 2.x code. For example: SYS:\APACHE2\APACHE2.NLM
- Apache 2.x on NetWare 6.5 now has SSL/TLS functions compiled right into the APACHE2.NLM. Because of this, when you reference an SSL certificate that Apache web server is supposed to use, no longer make reference to mod_tls. For example on Apache 1.x (NetWare 6.0x) to enable an SSL certificate, the syntax would look as follows:
[ NetWare 6.0 -- Apache 1.x -- Apache web server *.CONF file]
LoadModule tls_module modules/mod_tls.nlm <IfModule mod_tls.c> SecureListen 18.104.22.168:443 "WWW_VERISIGN" </IfModule>For NetWare 6.5, you no longer make mention to mod_tls.nlm. Rather, add the following line, I just put this line at the bottom of the SYS:\APACHE2\CONF\HTTD.CONF
[ NetWare 6.5 -- Apache 2.x -- Apache web server *.CONF file]
SecureListen 443 "WWW_VERISIGN" or SecureListen 22.214.171.124:443 "WWW_VERISIGN"[ ] ACTION - If you are using an SSL Certificate, modify the SYS:APACHE2\CONF\HTTPD.CONF file and make reference to the SSL Certificate as shown above. Use the correct IP address, and the name of the certificate according to your server IP and certificate name.
- Apache at times will send friendly HTTP errors to the browser. Often Microsoft Internet Explorer is configured to show those friendly HTTP errors. But the experience isn't all that friendly for users, as users will sometimes get an error "The page cannot be displayed". You can configure Apache not to send these friendly errors to Microsoft Internet Explorer users.
[ ] ACTION -- Add the following three lines to the SYS:APACHE2\CONF\HTTPD.CONF file:
BrowserMatch "MSIE 6\." nokeepalive downgrade-1.0 force-response-1.0 BrowserMatch "MSIE 5\." nokeepalive downgrade-1.0 force-response-1.0 BrowserMatch "MSIE 4\." nokeepalive downgrade-1.0 force-response-1.0
- For busy WebAccess web servers you will want to increase the "MaxKeepAliveRequest" value beyond it's default configuration of 100.
[ ] ACTION -- Modify the SYS:APACHE2\CONF\HTTPD.CONF file, and look for the MaxKeepAliveRequest argument. Set it to 1000. See below:
- When I did an upgrade from NetWare 6.0 to NetWare 6.5 at one customer site, the HTTPD.CONF file was configured by the NetWare 6.5 install to use the document root path of: "DocumentRoot SYS:/novonyx/suitespot/docs". There were other references to the locations in the SYS:/novonyx/ . . . folders. Remove these.
- For most GroupWise systems, the Language selection screen in GroupWise WebAccess isn't needed. If your want your default page for the web server to come directly to the GroupWise WebAccess login page, then you need to create an INDEX.HTML with a re-direct to <web server>/servlet/webacc.
[ ] ACTION -- If you want to create an automatic re-direct page to the
/servlet/webacc, then create a new file in the SYS:APACHE2\HTDOCS directory. Name the file "INDEX.HTML". Edit the file, and add re-direct information. I like the following method:
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 3.2//EN"> <HTML> <HEAD> <TITLE>GroupWise WebAccess</TITLE> <script>location="https://webmail.wwwidgets.com/servlet/webacc"</script> </HEAD> </HTML>
[ ] ACTION - In your HTTPD.CONF file for your Apache 2.x web server, look for references to the "SYS:/novonyx/ . . ." folders. Comment out these references with the pound/hash symbol (#).
There is so much more to GroupWise WebAccess. Chapter 11 of Novell's GroupWise 6.5 Administrator's Guide has a whole lot more. If you are looking to make GroupWise WebAccess faster and more stable, make sure to read the Novell AppNote "Implementing a High Availability Web Access Solution with GroupWise 6".
|more Kratzer's Hot Docs|
See other articles written by Tay Kratzer at "Kratzer's Hot Docs": http://www.novell.com/coolsolutions/gwmag/trenches/kratzer.html
|books to read|
Novell Cool Solutions (corporate web communities) are produced by WebWise Solutions. www.webwiseone.com