Integration server HTTP listener parameters (SOAP and HTTP nodes)

Select the resources and properties that are associated with the HTTPInput, HTTPReply, SOAPInput, SOAPReply, and SOAPAsyncResponse nodes that you want to change.

To change these properties, you must specify the integration node name and -e followed by the name of a single integration server, and -o to specify the integration server object. If you specify -o integrationServerName, you can omit -e to change a property that applies to all integration servers on the specified integration node.

Because you define all of these properties at the integration server level, they apply to all HTTPInput, HTTPReply, SOAPInput, SOAPReply, and SOAPAsyncResponse nodes that you deploy to the specified integration server.

By default, the HTTP nodes that you deploy to the integration node all use the single integration node listener. If you prefer, you can change the configuration of the integration node so that all integration servers use the embedded listeners in the integration servers. You can also use the integration node listener for some integration servers, and the embedded listener in other integration servers. For more information about these options, see HTTP listeners.

By default, the SOAP nodes that you deploy to an integration server all use the embedded listener. You can change the configuration of some or all of your integration servers so that they use the integration node listener. For more information about these options, see HTTP listeners.

For more information about configuring HTTP or SOAP nodes to use the integration node listener, see Integration node HTTP listener parameters.

You must restart the integration server for all changes to be implemented.

Choose the ObjectName from the following options:

  • ExecutionGroup for controlling common properties.
  • HTTPConnector for controlling inbound HTTP communication. This connector is used for inbound (server-side) HTTP communication only. The properties do not apply to outbound traffic involving request nodes.
  • HTTPSConnector for controlling inbound HTTPS communication. This connector is used for inbound (server-side) HTTPS communication only. The properties do not apply to outbound traffic involving request nodes.

-o ExecutionGroup

The following properties and values are valid:
-n httpNodesUseEmbeddedListener
Set the value to false to make all HTTPInput and HTTPReply nodes use the integration node HTTP listener, if this listener is enabled. Set the value to true to make all HTTPInput and HTTPReply nodes that are deployed to the specified integration server use the embedded integration server listener.

If you disabled the integration node HTTP listener, all HTTPInput and HTTPReply nodes use the embedded listener regardless of the value of this property.

  • Value type - Boolean
  • Initial value - false
-n soapNodesUseEmbeddedListener
Set the value to true to make all SOAPInput, SOAPReply, and SOAPAsyncResponse nodes use the embedded HTTP listener. Set the value to false to make all SOAPInput SOAPReply, and SOAPAsyncResponse nodes that are deployed to the specified integration server use the integration node listener, if this listener is enabled.

If you disabled the integration node HTTP listener, all SOAPInput, SOAPReply, and SOAPAsyncResponse nodes use the embedded listener, regardless of the value of this property.

  • Value type - Boolean
  • Initial value - true

-o HTTPConnector

The following properties and values are valid for HTTPConnector and HTTPSConnector:
-n AutoRespondToHTTPHEADRequests
Set the value to true to ensure that the connector returns an HTTP 200 OK response if the request is for a URI that is associated with a message flow. Set the value to false to invoke the message flow if the request is for a URI that is associated with a message flow. If the request is not for a URI that is associated with a message flow, the connector returns an HTTP 404 Not Found response.
  • Value type - Boolean
  • Initial value - false
-n ConnBacklog
Set the value to the maximum number of incoming connection requests that can be queued. Requests that are received when this limit is reached are rejected.
  • Value type - integer
  • Initial value - 100
-n ContentSecurityPolicy
Set the string to be inserted in the HTTP Content-Security-Policy response header. For more information, see Content-Security-Policy.
  • Value type - string
  • Initial value - null
-n CORSAllowCredentials
Set the value to true to permit web browsers to pass credential information (HTTP Cookies and HTTP Authentication) over inbound cross-origin requests.

If set to true, an Access-Control-Allow-Credentials header is added to the response with the value true.

Set the value to false to stop web browsers from passing credential information over inbound cross-origin requests.

  • Value type - boolean
  • Initial value - false
-n CORSAllowHeaders
Use this property to control which HTTP headers a web browser is permitted to pass to HTTP services that are hosted by this connector. This value is used only when a preflight cross-origin request is received.

A preflight cross-origin request can include a list of HTTP headers that are used in the actual request as the value of the Access-Control-Request-Headers header.

To permit a preflight cross-origin request, all values in that header must be a case-insensitive match for one of the values that are listed in this property. Set this property to a comma-separated list of permitted HTTP headers.

  • Value type - string
  • Initial value - Accept,Accept-Language,Content-Language,Content-Type
-n CORSAllowMethods
Use this property to control the HTTP methods that the web browser is permitted to use when it is accessing HTTP services that are hosted by this connector. This value is used only when a preflight cross-origin request is received.

A preflight cross-origin request includes the HTTP method of the actual request as the value of the Access-Control-Request-Method header. To permit a preflight cross-origin request, the value of that header must be a case-sensitive match for one of the values that are listed in this property.

Set this property to a comma-separated list of permitted HTTP methods.

  • Value type - string
  • Initial value - GET,HEAD,POST,PUT,PATCH,DELETE,OPTIONS
-n CORSAllowOrigins
Use this property to configure the list of allowed origins for inbound cross-origin requests. An origin is the scheme, host, and port of the URI from which the cross-origin request was initiated. For example, if the cross-origin request was initiated from a web page that is hosted at http://example.com:7800/api/customers, the origin of the cross-origin request is http://example.com:7800

The cross-origin request that is made by the web browser automatically includes the origin as the value of the origin header.

Set the value to asterisk (*) to permit all cross-origin requests, otherwise, set the value to a comma-separated list of permitted origins for cross-origin access. For example: http://www.example.com,https://www.example.com:7843,http://othersite.net:7800

  • Value type - string
  • Initial value - *
-n CORSEnabled
Set the value to true to make the connector respond to valid HTTP Cross-Origin Resource Sharing (CORS) requests from a web browser.

Set the value to false to disable all CORS processing.

  • Value type - boolean
  • Initial value - false
-n CORSExposeHeaders
Use this property to permit web pages that are running within a web browser to see the value of the specified headers that are returned in the response to a cross-origin request. The following headers are always permitted, regardless of the setting for this value: Cache-Control, Content-Language, Content-Type, Expires, Last-Modified, and Pragma.

To permit a web page that is running in a web browser to see other headers in the response, set the value to a comma-separated list of header names. For example, X-Header1,X-Header2,X-Header3

If this value is set to a non-empty list and the inbound cross-origin request is permitted, an Access-Control-Expose-Headers header is added to the response with the value of this property.

If this value is set to an empty list, no Access-Control-Expose-Headers header is added to the response.

  • Value type - string
  • Initial value - Content-Type
-n CORSMaxAge
Use this property to permit web browsers to cache the response to a preflight cross-origin request. If this value is set to 0 or a positive integer and the inbound cross-origin request is permitted, an Access-Control-Max-Age header is added to the response that has the value of this property.

The value specifies the maximum time in seconds that the web browser can cache the response to a preflight cross-origin request. A value of 0 stops the web browser from caching the response to a preflight cross-origin request.

If this value is set to -1, an Access-Control-Max-Age header is not added to the response. If the header is not present, depending on the web browser, the web browser might cache the response to a preflight cross-origin request.

  • Value type - integer
  • Initial value - -1
-n EnableLookups
Set the value to true to use DNS lookups to return information (such as a fully-qualified domain name) and include it with inbound HTTP headers, such as X-Remote-Host. Set the value to false to return the IP address instead.
  • Value type - Boolean
  • Initial value - false
-n IntegratedWindowsAuthentication
Set this property to use Integrated Windows Authentication (IWA) for securing inbound requests against an integration node on Windows. You can specify one or more of the following values, separated by a semicolon or a space:
NTLM
Specify this value to use the NTLM protocol.
Negotiate
Specify this value to use the Negotiate (SPNEGO) process. This process allows IBM® App Connect Enterprise to negotiate the use of the NTLM or Kerberos protocols. If Kerberos is available, it is the preferred protocol.
Negotiate:Kerberos
Specify this value to use the Negotiate (SPNEGO) process to negotiate only the use of the Kerberos protocol. If the client cannot support the Kerberos protocol, IBM App Connect Enterprise refuses the connection.

The order in which the values are specified is the order in which they are returned to the client in the HTTP response. To disable IWA, set this property to a blank string.

  • Value type - string
  • Initial value - null
-n IWATimeout
Set the IWA session timeout in seconds. If no value is set, the default is 300 seconds.
  • Value type - integer
  • Initial value - 300
-n ListenerAddress
If your server has more than one IP address, set the value to the IP address that is used for listening on port 7080. If this property is not set, port 7080 is used on all IP addresses associated with the server. A maximum of one address can be specified.
  • Value type - string
  • Initial value - null
-n ListenerPort
Set the value to the TCP/IP port number on which the connector creates a server socket and awaits incoming connections.

Setting this value disconnects the automatic port-finding capability of the connector; this port is the only one allowed, and the connector fails to start if another program has already used this port.

  • Value type - integer
  • Initial value - 7800
  • Other valid values - any integer in the range 0-65536
-n ListenerThreads
This property specifies the number of threads that are available for the listener to run on. If this property is set to -1 or 0, the number of available threads is half the number of available CPU cores on the system.
  • Value type - integer
  • Initial value - -1
-n MaxConnections
Set the value to the maximum number of inbound HTTP connections that the listener can accept. The default is -1 (infinite).
  • Value type - integer
  • Initial value - -1
-n MaxKeepAliveRequests
Set the value to the maximum number of requests that can use a persistent connection. Set the value to 1 to disable keep-alive requests and force the creation of a new connection for each request.
  • Value type - integer
  • Initial value - -1
-n MaxPostSize
Set the value to the maximum POST size (in bytes) that can be processed by the integration node listener. Requests that exceed this limit are rejected with an HTTP 413 Payload Too Large response.
  • Value type - integer
  • Initial value - -1
-n QueueCapacity
Set the maximum number of requests that can be stored by an in-memory queue that is forwarding requests from the HTTP listener to message flows.

The QueueCapacity and QueueWait properties work together to regulate the inbound queue. When the inbound queue becomes full (by reaching the maximum number of requests specified by the QueueCapacity property), the listener waits up to the maximum interval specified by the QueueWait property for room to become available on the queue. When room becomes available (as a result of message flows taking requests from the queue), the listener adds the next inbound request to the queue. If the queue remains full until the wait interval expires, an HTTP 503 Service Unavailable message is returned to the client.

The default value is 1000.

  • Value type - integer
  • Initial value - 1000
-n QueueWait
Set the maximum interval that the listener waits before rejecting an inbound request with HTTP 503 Service Unavailable (in milliseconds).

The QueueWait and QueueCapacity properties work together to regulate the inbound queue. When the inbound queue becomes full (by reaching the maximum number of requests specified by the QueueCapacity property), the listener waits up to the maximum interval specified by the QueueWait property for room to become available on the queue. When room becomes available (as a result of message flows taking requests from the queue), the listener adds the next inbound request to the queue. If the queue remains full until the wait interval expires, an HTTP 503 Service Unavailable message is returned to the client.

  • Value type - integer
  • Initial value - 5000 (milliseconds)
-n ServerName
Set the value that is set in the "Server" header for all HTTP responses sent by this server.
  • Value type - string
  • Initial value - null
-n TimeoutSweepInterval
Set the time interval (in milliseconds) between successive checks for timed-out messages. The default time interval is 20 milliseconds.
  • Value type - integer
  • Initial value - 20
-n XContentTypeOptions
Set to nosniff to include the X-Content-Type- Options response header to opt out of MIME type sniffing. For more information, see X-Content-Type-Options.
  • Value type - string
  • Initial value - null
-n XSSProtection
Set to disable, sanitize, or block. For more information, see X-XSS-Protection.
  • Value type - string
  • Initial value - null

-o HTTPSConnector

The properties that are listed for the HTTPConnector are also valid for the HTTPSConnector. The following additional properties and values are valid for the HTTPSConnector:

-n CipherSpec
Set the value to a list of the encryption ciphers that can be used. If no value is set, any available cipher is used. The client sends a list of ciphers in priority order. The server selects the first acceptable cipher in the list. If none of the ciphers in the list are suitable, the server returns a handshake failure alert and closes the connection.

For information about the OpenSSL cipher spec, see https://www.openssl.org/docs/man1.1.0/man1/ciphers.html.

  • Value type - comma-separated list
  • Initial value - null
-n EnableTLSTrace
Set this property to enable tracing of TLS handshake messages to the console. By default this property is set to false.
  • Value type - Boolean
  • Initial value - false
-n KeyAlias
Set the value to the alias that is given to the server certificate in the keystore. By default, the first key in the keystore is used.
  • Value type - string
  • Initial value - null
-n KeyPassword
Set the value to the password that is used to access the server certificate in the keystore file. The value can either be a plaintext password or, if the value is prefixed with "brokerKeystore::KeyPassword", the password is the named value that is configured by the mqsisetdbparms command.
  • Value type - string
  • Initial value - null
-n KeystoreFile
Set the value to the path and file name of the keystore file where the server certificate is stored.
  • Value type - string
  • Initial value - platform default
-n KeystorePassword
Set the value to the password that is used to access the server certificate in the keystore file. The value can either be a plaintext password or, if the value is prefixed with "brokerKeystore::", the password is the named value that is configured by the mqsisetdbparms command.
  • Value type - string
  • Initial value - null
-n KeystoreType
Set the value to the type of keystore file used.
  • Value type - string
  • Initial value - JKS
-n ReqClientAuth
Set the value to true if a valid SSL certificate must be received from the client before a connection can be accepted.
  • Value type - Boolean
  • Initial value - false
-n RejectUnauthorizedClient
Set the value to false if you want to allow connections from clients that do not provide client certificates.

This property is applicable only when the ReqClientAuth property is set to true.

  • Value type - Boolean
  • Initial value - true
-n StrictTransportSecurity
Set this property to use a Strict-Transport-Security header for connections. For more information, see Strict-Transport-Security.
  • Value type - string
  • Initial value - null
-n TLSCertVerifyDepth
Use this value to specify the maximum number of certificates that can be in a certificate chain to pass verification. If a certificate chain has more certificates than specified by this limit, verification will fail. The default number of permitted certificates is 100.
  • Value type - integer
  • Initial value - 100
-n TLSContextTimeout
Use this value to specify the length of time after which a new session times out. The default timeout is 300 seconds.
  • Value type - integer
  • Initial value - 300
-n TLSProtocols
Use this value to specify which versions of the TLS protocols are enabled. The TLSProtocols property can take a value of all, none, or a comma-separated list of the strings TLSv1.2 and TLSv1.3. (The only supported versions of the TLS protocol are 1.2 and 1.3). The values are not case-sensitive.

If TLSProtocols is set to all, both versions are enabled.

If TLSProtocols is set to a comma-separated list of the strings TLSv1.2 and TLSv1.3, then both versions are enabled. The versions can be listed in any order.

If TLSProtocols is set to none, all TLS versions are disabled and the listener becomes unusable.

  • Value type - string
  • Initial value - null
-n TruststoreFile
Set the value to the path and file name of the truststore file.
  • Value type - string
  • Initial value - platform default
-n TruststorePassword
Set the value to the password used to access the truststore file. The value can either be a plaintext password or, if the value is prefixed with brokerTruststore::, the password is the named value that is configured by the mqsisetdbparms command.
  • Value type - string
  • Initial value - null
-n TruststoreType
Set the value to the type of truststore file used.
  • Value type - string
  • Initial value - JKS

See the mqsichangeproperties command for examples of how to change parameters.