Select the resources and properties that are
associated with the HTTPInput, HTTPReply, SOAPInput, SOAPReply, and SOAPAsyncResponse nodes that
you want to change.
To change these properties, you must specify the integration node name and
-e followed by the name of a single integration server, and
-o to specify the integration server object. If you specify
-o
integrationServerName, you can omit -e to change a
property that applies to all integration servers on the specified integration node.
Because you define all of these properties
at the integration server level, they apply to all HTTPInput, HTTPReply, SOAPInput, SOAPReply, and SOAPAsyncResponse nodes that
you deploy to the specified integration server.
By default,
the HTTP nodes that you deploy to the integration node all use the
single integration node listener. If you prefer, you can change the
configuration of the integration node so that all integration servers
use the embedded listeners in the integration servers. You can also
use the integration node listener for some integration servers, and
the embedded listener in other integration servers. For more information
about these options, see HTTP listeners.
By default, the SOAP nodes that you deploy to an integration
server all use the embedded listener. You can change the configuration
of some or all of your integration servers so that they use the integration
node listener. For more information about these options, see HTTP listeners.
For more information about configuring HTTP or SOAP nodes to use the
integration node listener, see Integration node HTTP listener parameters.
You must restart the integration
server for all changes to be implemented.
Choose the ObjectName from
the following options:
- ExecutionGroup for controlling common
properties.
- HTTPConnector for controlling inbound HTTP
communication. This connector is used for inbound (server-side) HTTP communication only. The
properties do not apply to outbound traffic involving request nodes.
- HTTPSConnector for controlling inbound HTTPS
communication. This connector is used for inbound (server-side) HTTPS communication only. The
properties do not apply to outbound traffic involving request nodes.
-o ExecutionGroup
The following properties
and values are valid:
- -n httpNodesUseEmbeddedListener
- Set the value to false to make all HTTPInput and HTTPReply
nodes use the integration node HTTP listener, if this listener is enabled. Set the value to
true to make all HTTPInput and HTTPReply nodes that are deployed to the specified integration
server use the embedded integration server listener.
If you disabled the integration node HTTP
listener, all HTTPInput and HTTPReply nodes use the embedded listener regardless of the value
of this property.
- Value type - Boolean
- Initial value - false
- -n soapNodesUseEmbeddedListener
- Set the value to true to make all SOAPInput, SOAPReply, and SOAPAsyncResponse nodes use
the embedded HTTP listener. Set the value to false to
make all SOAPInput SOAPReply, and SOAPAsyncResponse nodes that
are deployed to the specified integration server use the integration
node listener, if this listener is enabled.
If you disabled the
integration node HTTP listener, all SOAPInput, SOAPReply, and SOAPAsyncResponse nodes use
the embedded listener, regardless of the value of this property.
- Value type - Boolean
- Initial value - true
-o HTTPConnector
The following properties and values are valid for
HTTPConnector and HTTPSConnector:
- -n AutoRespondToHTTPHEADRequests
- Set the value to true to ensure that the connector returns an
HTTP 200 OK response if the request is for a URI that is associated
with a message flow. Set the value to false to invoke the message flow if the
request is for a URI that is associated with a message flow. If the request is not for a URI that is
associated with a message flow, the connector returns an HTTP 404 Not
Found response.
- Value type - Boolean
- Initial value - false
- -n ConnBacklog
- Set the value to the maximum number of incoming connection requests that can be queued. Requests
that are received when this limit is reached are rejected.
- Value type - integer
- Initial value - 100
- -n ContentSecurityPolicy
- Set the string to be inserted in the HTTP Content-Security-Policy response header. For more
information, see Content-Security-Policy.
- Value type - string
- Initial value - null
- -n CORSAllowCredentials
- Set the value to true to permit web browsers to pass credential information
(HTTP Cookies and HTTP Authentication) over inbound cross-origin requests.
If set to
true, an Access-Control-Allow-Credentials header is added to the response with the
value true.
Set the value to false to stop web browsers from
passing credential information over inbound cross-origin requests.
- Value type - boolean
- Initial value - false
- -n CORSAllowHeaders
- Use this property to control which HTTP headers a web browser is permitted to pass to HTTP
services that are hosted by this connector. This value is used only when a preflight cross-origin
request is received.
A preflight cross-origin request can include a list of HTTP headers that are
used in the actual request as the value of the Access-Control-Request-Headers header.
To
permit a preflight cross-origin request, all values in that header must be a case-insensitive match
for one of the values that are listed in this property. Set this property to a comma-separated list
of permitted HTTP headers.
- Value type - string
- Initial value - Accept,Accept-Language,Content-Language,Content-Type
- -n CORSAllowMethods
- Use this property to control the HTTP methods that the web browser is permitted to use when it
is accessing HTTP services that are hosted by this connector. This value is used only when a
preflight cross-origin request is received.
A preflight cross-origin request includes the HTTP
method of the actual request as the value of the Access-Control-Request-Method header. To permit a
preflight cross-origin request, the value of that header must be a case-sensitive match for one of
the values that are listed in this property.
Set this property to a comma-separated list of
permitted HTTP methods.
- Value type - string
- Initial value - GET,HEAD,POST,PUT,PATCH,DELETE,OPTIONS
- -n CORSAllowOrigins
- Use this property to configure the list of allowed origins for inbound cross-origin requests. An
origin is the scheme, host, and port of the URI from which the cross-origin request was initiated.
For example, if the cross-origin request was initiated from a web page that is hosted at
http://example.com:7800/api/customers
, the origin of the cross-origin request is
http://example.com:7800
The cross-origin request that is made by the web browser
automatically includes the origin as the value of the origin header.
Set the value to asterisk
(*) to permit all cross-origin requests, otherwise, set the value to a
comma-separated list of permitted origins for cross-origin access. For example:
http://www.example.com,https://www.example.com:7843,http://othersite.net:7800
- Value type - string
- Initial value - *
- -n CORSEnabled
- Set the value to true to make the connector respond to valid HTTP Cross-Origin
Resource Sharing (CORS) requests from a web
browser.
Set the value to false to disable all CORS processing.
- Value type - boolean
- Initial value - false
- -n CORSExposeHeaders
- Use this property to permit web pages that are running within a web browser to see the value of
the specified headers that are returned in the response to a cross-origin request. The following
headers are always permitted, regardless of the setting for this value: Cache-Control,
Content-Language, Content-Type, Expires, Last-Modified, and Pragma.
To permit a web page that is
running in a web browser to see other headers in the response, set the value to a comma-separated
list of header names. For example, X-Header1,X-Header2,X-Header3
If this
value is set to a non-empty list and the inbound cross-origin request is permitted, an
Access-Control-Expose-Headers header is added to the response with the value of this property.
If this value is set to an empty list, no Access-Control-Expose-Headers header is added to
the response.
- Value type - string
- Initial value - Content-Type
- -n CORSMaxAge
- Use this property to permit web browsers to cache the response to a preflight cross-origin
request. If this value is set to 0 or a positive integer and the inbound
cross-origin request is permitted, an Access-Control-Max-Age header is added to the response that
has the value of this property.
The value specifies the maximum time in seconds that the web
browser can cache the response to a preflight cross-origin request. A value of 0
stops the web browser from caching the response to a preflight cross-origin request.
If this
value is set to -1, an Access-Control-Max-Age header is not added to the response.
If the header is not present, depending on the web browser, the web browser might cache the response
to a preflight cross-origin request.
- Value type - integer
- Initial value - -1
- -n EnableLookups
- Set the value to true to use DNS lookups to return information (such as a
fully-qualified domain name) and include it with inbound HTTP headers, such as
X-Remote-Host
. Set the value to false to return the IP address
instead.
- Value type - Boolean
- Initial value - false
- -n IntegratedWindowsAuthentication
- Set this property to use Integrated Windows Authentication (IWA) for securing inbound requests
against an integration node on Windows. You can specify one or more of the following values,
separated by a semicolon or a space:
- NTLM
- Specify this value to use the NTLM protocol.
- Negotiate
- Specify this value to use the Negotiate (SPNEGO) process. This process allows IBM® App Connect Enterprise to negotiate the use of the NTLM or Kerberos protocols. If
Kerberos is available, it is the preferred protocol.
- Negotiate:Kerberos
- Specify this value to use the Negotiate (SPNEGO) process to negotiate only the use of the
Kerberos protocol. If the client cannot support the Kerberos protocol, IBM App Connect Enterprise refuses the connection.
The order in which the values are specified is the order in which they are returned to the
client in the HTTP response. To disable IWA, set this property to a blank string.
- Value type - string
- Initial value - null
- -n IWATimeout
- Set the IWA session timeout in seconds. If no value is set, the default is 300
seconds.
- Value type - integer
- Initial value - 300
- -n ListenerAddress
- If your server has more than one IP address, set the value to the IP address that is used for
listening on port 7080. If this property is not set, port 7080 is used on all IP addresses
associated with the server. A maximum of one address can be specified.
- Value type - string
- Initial value - null
- -n ListenerPort
- Set the value to the TCP/IP port number on which the connector creates a server socket and
awaits incoming connections.
Setting this value disconnects the automatic port-finding capability
of the connector; this port is the only one allowed, and the connector fails to start if another
program has already used this port.
- Value type - integer
- Initial value - 7800
- Other valid values - any integer in the range 0-65536
- -n ListenerThreads
- This property specifies the number of threads that are available for the listener to run on. If
this property is set to
-1
or 0
, the number of available threads
is half the number of available CPU cores on the system.
- Value type - integer
- Initial value - -1
- -n MaxConnections
- Set the value to the maximum number of inbound HTTP connections that the listener can accept.
The default is -1 (infinite). If MaxConnections limit is
reached and a new connection attempt is made, the listener rejects the connection.
- Value type - integer
- Initial value - -1
- -n MaxKeepAliveRequests
- Set the value to the maximum number of requests that can use a persistent connection. Set the
value to 1 to disable keep-alive requests and force the creation of a new
connection for each request.
- Value type - integer
- Initial value - -1
- -n MaxPostSize
- Set the value to the maximum POST size (in bytes) that can be processed by the integration node
listener. Requests that exceed this limit are rejected with an HTTP 413 Payload Too Large
response.
- Value type - integer
- Initial value - -1
- -n QueueCapacity
- Set the maximum number of requests that can be stored by an in-memory queue that is forwarding
requests from the HTTP listener to message flows.
The QueueCapacity and
QueueWait properties work together to regulate the inbound queue. When the
inbound queue becomes full (by reaching the maximum number of requests specified by the
QueueCapacity property), the listener waits up to the maximum interval
specified by the QueueWait property for room to become available on the queue.
When room becomes available (as a result of message flows taking requests from the queue), the
listener adds the next inbound request to the queue. If the queue remains full until the wait
interval expires, an HTTP 503 Service Unavailable message is returned to the
client.
The default value is 1000.
- Value type - integer
- Initial value - 1000
- -n QueueWait
- Set the maximum interval that the listener waits before rejecting an inbound request with
HTTP 503 Service Unavailable (in milliseconds).
The QueueWait and
QueueCapacity properties work together to regulate the inbound queue. When the
inbound queue becomes full (by reaching the maximum number of requests specified by the
QueueCapacity property), the listener waits up to the maximum interval
specified by the QueueWait property for room to become available on the queue.
When room becomes available (as a result of message flows taking requests from the queue), the
listener adds the next inbound request to the queue. If the queue remains full until the wait
interval expires, an HTTP 503 Service Unavailable message is returned to the client.
- Value type - integer
- Initial value - 5000 (milliseconds)
- -n ServerName
- Set the value that is set in the "Server" header for all HTTP responses sent by this server.
- Value type - string
- Initial value - null
- -n TimeoutSweepInterval
- Set the time interval (in milliseconds) between successive checks for timed-out messages. The
default time interval is 20 milliseconds.
- Value type - integer
- Initial value - 20
- -n XContentTypeOptions
- Set to nosniff to include the X-Content-Type- Options response header to opt
out of MIME type sniffing. For more information, see X-Content-Type-Options.
- Value type - string
- Initial value - null
- -n XSSProtection
- Set to disable, sanitize, or block. For more
information, see X-XSS-Protection.
- Value type - string
- Initial value - null
-o HTTPSConnector
The properties that are
listed for the HTTPConnector are also valid for
the HTTPSConnector. The following additional
properties and values are valid for the HTTPSConnector:
- -n CipherSpec
- Set the value to a list of the encryption ciphers that can be used. If no value is set, any
available cipher is used. The client sends a list of ciphers in priority order. The server selects
the first acceptable cipher in the list. If none of the ciphers in the list are suitable, the server
returns a handshake failure alert and closes the connection.
For information about the OpenSSL
cipher spec, see https://www.openssl.org/docs/man1.1.0/man1/ciphers.html.
- Value type - comma-separated list
- Initial value - null
- -n EnableTLSTrace
- Set this property to enable tracing of TLS handshake messages to the console. By default this
property is set to false.
- Value type - Boolean
- Initial value - false
- -n KeyAlias
- Set the value to the alias that is given to the server certificate in the keystore. By default,
the first key in the keystore is used.
- Value type - string
- Initial value - null
- -n KeyPassword
- Set the value to the password that is used to access the server certificate in the keystore
file. The value can either be a plaintext password or, if the value is prefixed with
"brokerKeystore::KeyPassword", the password is the named value that is configured by the
mqsisetdbparms command.
- Value type - string
- Initial value - null
- -n KeystoreFile
- Set the value to the path and file name of the keystore file where the server certificate is
stored.
- Value type - string
- Initial value - platform default
- -n KeystorePassword
- Set the value to the password that is used to access the server certificate in the keystore
file. The value can either be a plaintext password or, if the value is prefixed with
"brokerKeystore::", the password is the named value that is configured by the
mqsisetdbparms command.
- Value type - string
- Initial value - null
- -n KeystoreType
- Set the value to the type of keystore file used.
- Value type - string
- Initial value - JKS
- -n ReqClientAuth
- Set the value to true if a valid SSL certificate must be received from the
client before a connection can be accepted.
- Value type - Boolean
- Initial value - false
- -n RejectUnauthorizedClient
- Set the value to false if you want to allow connections from clients that do
not provide client certificates.
This property is applicable only when the
ReqClientAuth property is set to true.
- Value type - Boolean
- Initial value - true
- -n StrictTransportSecurity
- Set this property to use a Strict-Transport-Security header for connections. For more
information, see Strict-Transport-Security.
- Value type - string
- Initial value - null
- -n TLSCertVerifyDepth
- Use this value to specify the maximum number of certificates that can be in a certificate chain
to pass verification. If a certificate chain has more certificates than specified by this limit,
verification will fail. The default number of permitted certificates is 100.
- Value type - integer
- Initial value - 100
- -n TLSContextTimeout
- Use this value to specify the length of time after which a new session times out. The default
timeout is 300 seconds.
- Value type - integer
- Initial value - 300
- -n TLSProtocols
- Use this value to specify which versions of the TLS protocols are enabled. The
TLSProtocols property can take a value of all,
none, or a comma-separated list of the strings TLSv1.2 and
TLSv1.3. (The only supported versions of the TLS protocol are 1.2 and 1.3). The
values are not case-sensitive.
If TLSProtocols is set to
all, both versions are enabled.
If TLSProtocols is set
to a comma-separated list of the strings TLSv1.2 and TLSv1.3,
then both versions are enabled. The versions can be listed in any order.
If
TLSProtocols is set to none, all TLS versions are disabled
and the listener becomes unusable.
- Value type - string
- Initial value - null
- -n TruststoreFile
- Set the value to the path and file name of the truststore file.
- Value type - string
- Initial value - platform default
- -n TruststorePassword
- Set the value to the password used to access the truststore file. The value can either be a
plaintext password or, if the value is prefixed with
brokerTruststore::
, the
password is the named value that is configured by the mqsisetdbparms command.
- Value type - string
- Initial value - null
- -n TruststoreType
- Set the value to the type of truststore file used.
- Value type - string
- Initial value - JKS
See the mqsichangeproperties command for examples
of how to change parameters.