Setting up HTTPS for myFileGateway

About this task

To run myFileGateway inside your secure network, no configuration is required. An HTTP Server adapter configuration (named Http Server Adapter) comes with Sterling File Gateway that enables the clients on the same network as Sterling File Gateway to access myFileGateway.

To run myFileGateway in a data management zone (DMZ), an HTTP Server adapter must be configured that uses a remote perimeter server.

After a Perimeter Server has been configured in Sterling B2B Integrator, its name is available to the HTTP Server adapter configuration, in the Perimeter Server Name list on the HTTP Connection Properties page.

Restriction: You cannot deploy Sterling File Gateway on an HTTP server adapter. Only myFileGateway can be installed on an HTTP server adapter.

To configure myFileGateway to run in the DMZ:

Procedure

Set up a perimeter server in the DMZ.
Configure a new Perimeter Server in Sterling B2B Integrator.
The port specified in the Perimeter Server configuration must not be the HTTP listen port (to which trading partners are expected to connect), which is specified in a subsequent stage.
Ensure that the remote perimeter server is running.
Create a new instance of the HTTP Server Adapter configuration.
1. Log into Sterling File Gateway as a system administrator.
2. Select Tools > B2B Console.
3. From the Sterling B2B Integrator Admin menu, select Deployment > Services > Configuration.
4. Under Create, next to New Service, click Go!
5. For Service Type, open the List View, select HTTP Server Adapter and click Save, then Next.
6. Give the adapter a new unique name and description. If you are using a clustered environment, from the Environment list, select the node where the remote perimeter server is to be assigned. Click Next.
7. For the HTTP Listen Port, specify the port that the Partner is expected to connect to. This port must not be used by a different application on the computer that the remote perimeter server is installed on. No two HTTP Server adapter configurations can listen on the same port on the same remote perimeter server computer. The default port for Sterling File Gateway is 33, so select a different port number.
8. From the Perimeter Server Name list, select the name of the Perimeter Server (previously configured) that corresponds to the specific remote perimeter server to be used. The name is in the format node & name, where name is what you specified.
9. For Total Business Process queue depth threshold, enter a number of business processes to allow in queue. The value of this setting has no effect if Sterling File Gateway is the only application hosted on this HTTP Server adapter, because Sterling File Gateway does not depend upon the HTTP Server Adapter to initiate business processes.
10. For Document Storage and User Authentication Required, you can accept the default or change to match your system.
  If User Authentication Required is chosen, the user will have to login twice, once entering their username and password in a pop up browser dialog and a second time through the standard myFileGateway login page.
11. For Use SSL, select Must to implement stronger security. Click Next. See Implementing SSL in the Sterling B2B Integrator 5.2 online library for more information about settings for the SSL Settings page. Click Next.
12. On the Services Configuration page, click add, type the URI /myfilegateway.
  To accomplish multiple different custom versions of myFileGateway, specify URI names that match their skin names ("/department1", "/department2", and so forth), all linked to myfilegateway.war.
13. Select War File. Click Next.
14. Enter the War File Path. The myFileGateway War file is located at <install dir>\SI\container\Applications\myfilegateway.war. (For UNIX, <install dir>/container/Applications/myfilegateway.war.)
15. Click Save.
16. In the Confirm page, verify that all parameters are as specified.
17. Ensure the Enable Service for Business Process check box enabled.
18. Click Finish.
If you have access to the computer on which the remote perimeter server is running, log in to that computer and run the following command:
```
netstat -an | grep <httpListenPort>
```
where <httpListenPort> is the port previously specified. If a row is found that reads, LISTEN, the HTTP Server adapter is ready to handle requests from external clients.
Verify that the HTTP Server adapter is listening and that myFileGateway is configured correctly by pointing an HTTP browser to the following URL:
```
https://<host>:<httpListenPort>/myfilegateway
```
where <host> is the IP address or host name of the computer where the remote perimeter server is running and <httpListenPort> is the port previously specified. A dialog opens, requesting the user name and password to use with myFileGateway. If instead the browser encounters an error, verify that <httpListenPort> is being listened on. If it is listening, verify that some other application has not reserved this port. To do this, disable the HTTP Server adapter and verify that this port is not being listened on. If it is, find the application that has the port bound and shut it down. Alternately, select a different HTTP Listen Port and try again.

What to do next

If you have many concurrent users, you may find some degradation of performance. All HTTP server adapters in your Sterling B2B Integrator installation share the setting for maximum number of threads that they will consume. To increase the maximum number of threads running at the same time, edit customer_overrides.properties to modify the following property:

http.numOfmaxThread=X

where X is the number of threads. The default value is 10. If your users experience slow response when many concurrent connections have been made to the same port, increase this value to 50. Continue tuning this value until the system response is acceptable for the number of concurrent connections that must be supported. Setting this value too high could be detrimental to system stability when too many concurrent connections are made.