SERVER
SERVER is the LightWave Server process. It supports the management console and connection requests for API services.
Starting the Process
The SERVER process is started by running the SERVER program from TACL.
tacl > run SERVER / run-options / command-line-options
You should be logged-on as a user with sufficient privileges to access the system resources that the process requires.
run-options
The standard TACL run options. The 'CPU' option is recommended if the -backupcpu command-line-option is specified. The NOWAIT option is recommended. The TERM option is also recommended if started from a dynamic terminal device. The IN and OUT options are ignored.
command-line-options
@<command-file>
Reads command line options from <command-file>. Options specified on the command line override any duplicates specified in the file. At most, one '@' option may used. The file itself cannot contain an '@' option (i.e., no nesting).
--backupcpu
Specifies the number of the CPU in which the process should run its backup process. It must not be the same as the primary CPU. If omitted, no backup process is started.
--blob-files [ $vol ].subvol ].file-name-prefix [ userid,groupid | groupname,username ] [ security-string ] [ extents=<pri>,<sec>,<max> ]
A pattern which specifies the file system location and file name prefix for output BLOB files and optionally, the user id and file security. The file name prefix is limited to 1 to 3 characters with the remaining 5 characters assigned by the SERVER / SWORKER process. If the volume or subvolume portion of the pattern is omitted, the process default volume and subvolume are used. If the option is omitted, the default pattern is "$current-vol.current-subvol.BLB" and the userid and file security are that of the SERVER / SWORKER process. Note that client applications are responsible for disposing of the BLOB files once they have been processed.
--console-ports <port-specification> [ <port-specification> ] ...
Specifies a list of TCP/IP ports that the process should listen on for browser connections. <port-specification> has the following form:
- [<tcpip-process>:]<port-number>[:<certificate-name>]
where:
- <tcpip-process> - The NonStop TCP/IP process to use for this port. If omitted, the value of the define =TCPIP^PROCESS^NAME is used if it exists, otherwise $ZTC0.
- <port-number> - The TCP/IP port to listen on, 0-65535. Port numbers 0-1023 can only be used if run by a member of the SUPER group
- <certificate-name> - The CN value of the X509 certificate to use for this port. If specified, the port will use HTTPS protocol.
Multiple port specifications are separated by spaces. If this option is omitted, no console ports will be opened. See Server Certificates for information about installing server certificates.
--default-encoding <encoding-name>
Specified the default encoding to use for character string conversions in all services. Note that encoding settings applied to API method or data type definitions will override this setting. The <encoding-name> must be one of the names listed in Character Encoding Names. If omitted, the default encoding is ISO-8859-1.
--default-tx-timeout <seconds>
Specifies the default transaction timeout value for transactions started by client applications when the lw-transaction-timeout header is not included in the request. The value must be in the range 0 to 21474836. If not specified, the value of --max-tx-timeout is used as the default.
--disable-digest-auth
Disables HTTP Digest authentication and prevents the server from advertising that Digest authentication is available through the WWW-Authenticate header.
--disable-icu
Disables the ICU package which is used for character string encoding. When disabled, character string encoding is limited to ISO-8859-1.
--disable-sensitive-data-masking
When present, the sensitive data masking feature is disabled and fields marked as sensitive will be displayed in HTTP and diagnostic logs. This option should only be used during application development when sensitive data is not contained in message payloads.
--filesystem <subvolume-spec>
The location ($volume.subvolume) that contains the LightWave File System. If omitted, the default (current) subvolume is searched, then the installation subvolume (containing the SERVER program file) is searched. Note that there is a one-to-one correspondence between each SERVER and a given filesystem; filesystems may not be shared among multiple instances of SERVER. Refer to Installing LightWave Server for information about creating the file system.
--http-keepalive-max <count>
Specifies the maximum number of requests that may occur on a persistent connection before the server closes it. The default value is 100.
--http-keepalive-timeout <seconds>
Specifies the amount of time, in seconds, for which the server will maintain a persistent connection with a client. The default value is 30 seconds.
--license <file-name>
The name of an existing edit file containing the LightWave Client product license. If this option is omitted, the license file is located according to Product Licensing rules.
--log [ { <destination> | * } [ level [ format ] ] | +<log-config-file> ]
Specifies the process log location, the level, and the log event format, or the location of a log configuration file. The destination value may be a process name, a file name, or the asterisk (*) character. If the asterisk is used then the log output is directed to the home term of the process. The level value may be "error", "warning", "info", or "debug" and controls the type of information that is output to the log destination. The "error" level produces the least output while the "debug" level produces the most output. The format value may be "text" indicating that the log events should be output as text strings or "event" indicating that the log events should be output in EMS event format. If omitted, the default is "--log * info text". See Using Configuration Files for information about logging configuration files.
--max-tx-timeout <seconds>
Specifies the maximum transaction timeout value that client applications may specify in a request (using the lw-transaction-timeout header). If a client application specifies a larger value, max-tx-timeout will be used instead. If this option is omitted, the default value 0 is used, which indicates that the NonStop system Auto Abort timer will determine the transaction timeout.
--monitor <option>[:<interval>] [ <option>[:<interval>] ] ...
Enables file monitoring and specifies the monitoring interval. If the interval is omitted, the default value is 15 seconds. The following files may be monitored: log. See Using Configuration Files for information about monitoring log configuration files.
--monitor-workers <seconds>
Specifies the number of seconds that an SWORKER process must be running before the SERVER process will restart it in the event of an SWORKER abend. This prevents the SERVER process to from continuously restarting an SWORKER process that is abending on startup. The default value is 60 seconds. Specify 0 seconds to disable monitoring of SWORKER processes.
--service-ports <port specification> [ <port-specification> ] ...
Specifies a list of TCP/IP ports that the SERVER process should listen on for service (API) connections. <port-specification> has the following form:
- [<tcpip-process>:]<port-number>[:<certificate-name>]
where:
- <tcpip-process> - The NonStop TCP/IP process to use for this port. If omitted, the value of the define =TCPIP^PROCESS^NAME is used if it exists, otherwise $ZTC0.
- <port-number> - The TCP/IP port to listen on, 0-65535. Port numbers 0-1023 can only be used if run by a member of the SUPER group.
- <certificate-name> - The CN value of the X509 certificate to use for this port. If specified, the port will use HTTPS protocol.
Multiple port specifications are separated by spaces. If this option is omitted, no service ports will be opened and therefore no services (APIs) will be available to client applications. See Server Certificates for information about installing server certificates.
--show-server-id
If present, causes LightWave to include a "Server" HTTP header in responses, otherwise it is omitted. The content of the "Server" header includes the product name, "LightWave Server", and the product version number. Although once customary for HTTP servers to include, the practice is now considered a security leak.
--shutdown <server-process-name> [ ! ]
Initiates an orderly shutdown of a SERVER or SWORKER process running with the process name <server-process-name>. When given the name of a SERVER process, any associated SWORKER processes are also shut down. The optional ! argument requests a "quick" shutdown, which causes the processes to terminate without waiting for any pending requests to complete. If the --shutdown option is used, all other options are ignored.
--sts-max-age <seconds>
Enables the Strict-Transport-Security header and specifies the max-age value in seconds. If omitted, the header is not returned in Console responses.
--tls-cipher-list <cipher-name-list> | +<cipher-list-file>
Specifies the list of ciphers to be used for TLS connections. The cipher list may be specified as a string containing a list of ciphers or an EDIT file containing a list of ciphers. Cipher names are specified using OpenSSL format. For more information on OpenSSL ciphers to OpenSSL Ciphers.
--tls-disable-v1.0
Disables TLS v1.0 connections to the console. If omitted, TLS v1.0 connections are allowed. Deprecated, use --tls-protocols.
--tls-disable-v1.1
Disables TLS v1.1 connections to the console. If omitted, TLS v1.1 connections are allowed. Deprecated, use --tls-protocols.
--tls-protocols [ TLSv1 ] [ TLSv1.1 ] [ TLSv1.2 ] [ TLSv1.3 ]
Specifies the list of protocols that should be available for TLS connections. If omittied, the default value is "TLSv1.2 TLSv1.3".
Remarks
All command-line-option names and values are case-insensitive except where noted. If multiple occurrences of the same command line parameter are encountered, the setting of the last occurrence is used.
When the -log option format is set to event, EMS events will be sent to the output device with the following EMS Subsys ID:
Z-OWNER | "NUWAVE" |
Z-NUMBER | 3 |
Z-VERSION | Product major version |
Examples
Start the SERVER process as a process pair in CPU 0 and 1. The Console may be accessed on port 8080 using HTTP or port 8443 using HTTPS. Services may be accessed on port 9080 using HTTP or 9443 using HTTPS. This example assumes that a server certificate with Common Name lightwave.example.com
has already been installed. See Server Certificates for information about installing server certificates.
tacl> run server / name $LWS, nowait, cpu 0 / --backupcpu 1 &
--console-ports $ztc0:8080 $ztc0:8443:lightwave.example.com &
--service-ports $ztc0:9080 $ztc0:9443:lightwave.example.com &
--log $zhome info
Shut down LightWave Server and any attached SWORKER processes:
tacl> run server --shutdown $LWS
More Information
See Configuration Best Practices for additional information.