Virtual Host (virtualHost)
A virtual host provides a logical grouping for configuring web applications to a particular host name. The default virtual host (default_host) is suitable for most simple configurations.
Name | Type | Default | Description |
---|---|---|---|
allowFromEndpointRef | List of references to top level httpEndpoint elements (comma-separated string). | Specify the identifier of one or more HTTP endpoints to restrict inbound traffic for this virtual host to the specified endpoints. | |
enabled | boolean | true | Enable this virtual host. |
hostAlias | string | Associate a host and port with this virtual host, using the host:port syntax. The specified host can be an IP address, domain name server (DNS) hostname with a domain name suffix, the DNS hostname, or * for a wildcard match on all hostnames. Note that IPv6 addresses must be enclosed in []. | |
id | string | A unique configuration ID. |
allowFromEndpoint
Specify the identifier of one or more HTTP endpoints to restrict inbound traffic for this virtual host to the specified endpoints.
Name | Type | Default | Description |
---|---|---|---|
accessLoggingRef | A reference to top level httpAccessLogging element (string). | HTTP access logging configuration for the endpoint. | |
compressionRef | A reference to top level compression element (string). | defaultCompression | Compression options for the endpoint. |
enabled | boolean | true | Toggle the availability of an endpoint. When true, this endpoint will be activated by the dispatcher to handle HTTP requests. |
headersRef | A reference to top level headers element (string). | defaultHeaders | Header options for the endpoint. |
host | string | localhost | IP address, domain name server (DNS) host name with domain name suffix, or just the DNS host name, used by a client to request a resource. Use '*' for all available network interfaces. |
httpOptionsRef | A reference to top level httpOptions element (string). | defaultHttpOptions | HTTP protocol options for the endpoint. |
httpPort | int | The port used for client HTTP requests. Use -1 to disable this port. | |
httpsPort | int | The port used for client HTTP requests secured with SSL (https). Use -1 to disable this port. | |
id | string | A unique configuration ID. | |
onError |
| WARN | Action to take after a failure to start an endpoint. |
protocolVersion | string | When Servlet 4.0 API is enabled as a feature, set this attribute to http/1.1 to disable HTTP/2 processing for the ports that were defined for the httpEndpoint element. When Servlet 3.1 API is enabled as a feature, set this attribute to http/2 to enable HTTP/2 processing for the ports that are defined for the httpEndpoint element. | |
remoteIpRef | A reference to top level remoteIp element (string). | defaultRemoteIp | Remote IP options for the endpoint. |
samesiteRef | A reference to top level samesite element (string). | defaultSameSite | SameSite options for the endpoint. |
sslOptionsRef | A reference to top level sslOptions element (string). | SSL protocol options for the endpoint. | |
tcpOptionsRef | A reference to top level tcpOptions element (string). | defaultTCPOptions | TCP protocol options for the endpoint. |
allowFromEndpoint > accessLogging
HTTP access logging configuration for the endpoint.
Name | Type | Default | Description |
---|---|---|---|
enabled | boolean | true | Enables access logging when the accessLogging configuration element is defined. Note: Access logging must be configured for this attribute to take effect. |
filePath | Path to a file | ${server.output.dir}/logs/http_access.log | Directory path and name of the access log file. Standard variable substitutions, such as ${server.output.dir}, can be used when specifying the directory path. |
logFormat | string | %h %u %{t}W "%r" %s %b | Specifies the log format that is used when logging client access information. |
maxFileSize | int | 20 | Maximum size of a log file, in megabytes, before being rolled over; a value of 0 means no limit. |
maxFiles | int | 2 | Maximum number of log files that will be kept, before the oldest file is removed; a value of 0 means no limit. |
rolloverInterval | A period of time with minute precision | -1 | The time interval in between log rollovers, in minutes if a unit of time is not specified. Specify a positive integer followed by a unit of time, which can be days (d), hours (h), or minutes (m). For example, specify 5 hours as 5h. You can include multiple values in a single entry. For example, 1d5h is equivalent to 1 day and 5 hours. If rolloverStartTime is specified, the default value of rolloverInterval is 1 day. If both rolloverInterval and rolloverStartTime are unspecified, time based log rollover is disabled. Specify a positive integer followed by a unit of time, which can be hours (h) or minutes (m). For example, specify 30 minutes as 30m. You can include multiple values in a single entry. For example, 1h30m is equivalent to 90 minutes. |
rolloverStartTime | string | The scheduled time of day for logs to first roll over. The rollover interval duration begins at rollover start time. Valid values follow a 24-hour ISO-8601 datetime format of HH:MM, where 00:00 represents midnight. Padding zeros are required. If rolloverInterval is specified, the default value of rolloverStartTime is 00:00, midnight. If both rolloverInterval and rolloverStartTime are unspecified, time based log rollover is disabled. |
allowFromEndpoint > compression
Compression options for the endpoint.
Name | Type | Default | Description |
---|---|---|---|
serverPreferredAlgorithm | string | none | The configured compression algorithm is used to compress the body of responses when it is specified with a non-zero quality value in the request's Accept-Encoding header. The valid compression algorithms include: deflate, gzip, x-gzip, zlib, and identity. |
types | string | text/* | To include a content type in addition to the default values, affix the add (+) character as a prefix to that content type. To exclude a content type from compression, affix the remove (-) character as a prefix to that content type. Note: The wildcard (*) character is supported only as a content subtype, such as text/*. |
allowFromEndpoint > headers
Header options for the endpoint.
Name | Type | Default | Description |
---|---|---|---|
add | string | Specifies the header names and values that are added to each HTTP response. Header values are optionally included by using a colon (:) delimiter. Any header name that is defined by using this child element must not be empty or present in the 'remove', 'set', or 'setIfMissing' header configurations. | |
remove | string | Specifies the header names that are removed from each HTTP response. Any header name that is defined by using this child element must not be empty. No header values are expected. Any header name that is defined by using this child element must not be present in the 'add', 'set', or 'setIfMissing' header configurations. | |
set | string | Specifies the header names and values that are set to each HTTP response. Header values are optionally included by using a colon (:) delimiter. Any header name that is defined by using this child element must not be empty, defined more than once, or present in the 'remove', 'add', or 'setIfEmpty' header configurations. If the header is already present on the response, existing values are overwritten in favor of this configuration. | |
setIfMissing | string | Specifies the header names and values that are set to each HTTP response if not already present. Header values are optionally included by using a colon (:) delimiter. Any header name that is defined by using this child element must not be empty, defined more than once, or present in the 'remove', 'add', or 'set' header configurations. |
allowFromEndpoint > httpOptions
HTTP protocol options for the endpoint.
Name | Type | Default | Description |
---|---|---|---|
AutoDecompression | boolean | true | Specifies whether the HTTP Channel automatically decompresses incoming request body data. |
DoNotAllowDuplicateSetCookies | string | false | Prevents the HTTP Channel from sending multiple Set-Cookie headers with the same name. |
MessageSizeLimit | long | -1 | Limits the acceptable size of an incoming message. If a message arrives with a size larger than this value, then an error is returned to the remote client. |
NoCacheCookiesControl | boolean | true | Allows the user to control whether or not the presence of a Set-Cookie header should update the Cache-Control header with a matching no-cache value. This also adds the Expires header. |
ThrowIOEForInboundConnections | boolean | Specifies whether the HTTP channel creates an I/O exception when an inbound connection is closed while still in use by the servlet. The default value is set according to the configured servlet feature. Prior to Servlet 4.0, the default value is false; starting with Servlet 4.0, the default value is true. | |
connectionWindowSize | int | 65535 | Specifies the window size in octets for HTTP/2 connection-level flow control. This value can be configured to any size within the range of 65,535 to 2,147,483,647 octets, inclusive. If no value is specified, the default value is 65,535 octets. |
decompressionRatioLimit | int | 200 | Specifies the maximum ratio of decompressed to compressed request body payload. The HTTP channel reads the request body and verifies the ratio as the body decompresses. The channel stops decompression of the request body if the decompression ratio remains above the configured value and the decompressionTolerance is reached. |
decompressionTolerance | int | 3 | Specifies the maximum number of times the HTTP channel tolerates a decompression ratio above the configured ratio, depicted by the decompressionRatioLimit httpOption attribute. If this number reaches, and the next decompression cycle still contains a decompression ratio above the ratio limit, then the HTTP channel stops decompressing the request body. |
http2ConnectionIdleTimeout | A period of time with second precision | 0 | Specifies the amount of time, in seconds, that an HTTP/2 connection will be allowed to remain idle between socket IO operations. If not specified, or set to a value of 0, there is no connection timeout set. Specify a positive integer followed by a unit of time, which can be hours (h), minutes (m), or seconds (s). For example, specify 30 seconds as 30s. You can include multiple values in a single entry. For example, 1m30s is equivalent to 90 seconds. |
incomingBodyBufferSize | int | 32768 | Specifies the size of each buffer used when reading the body of an incoming HTTP message. |
keepAliveEnabled | boolean | true | Enables persistent connections (HTTP keepalive). If true, connections are kept alive for reuse by multiple sequential requests and responses. If false, connections are closed after the response is sent. |
limitFieldSize | int | 32768 | Enforces the size limits on various HTTP fields, such as request URLs, or individual header names or values. Enforcing the size limits of these fields guards against possible Denial of Service attacks. An error is returned to the remote client, if a field exceeds the allowed size. |
limitNumHeaders | int | 500 | Limits the number of HTTP headers that can exist in an incoming message. When this limit is exceeded, an error is returned to the remote client. |
limitWindowUpdateFrames | boolean | false | Specifies whether the server waits until half of the HTTP/2 connection-level and stream-level windows are exhausted before it sends WINDOW_UPDATE frames. Valid values are true or false. If no value is specified, the default value is false. |
maxConcurrentStreams | int | 100 | Specifies the maximum number of streams that an HTTP/2 connection can have active at any given point. Opening streams over the limit, will result on a REFUSED_STREAM (0x7). If not specified, the default value of concurrent streams will be set to 200. |
maxFrameSize | int | 57344 | Specifies the maximum allowed size of a frame payload the server will advertise in the SETTINGS_MAX_FRAME_SIZE HTTP/2 settings frame. This can be configured to any size within the range of 16,384 to 16,777,215 bytes, inclusive. If not specified, the default is set to 57,344 bytes. |
maxHeaderBlockSize | long | 512000 | Specifies the maximum size in bytes for the header block of individual HTTP2 streams. If this value is exceeded, the connection is closed with an error. Set this parameter to 0 to disable the check. |
maxKeepAliveRequests | int | -1 | Maximum number of persistent requests that are allowed on a single HTTP connection if persistent connections are enabled. A value of -1 means unlimited. This option supports low latency or high throughput applications, and SSL connections for use in situations where building up a new connection can be costly. |
maxResetFrames | int | 100 | Specifies the maximum number of reset frames per connection that are allowed during the reset frame window. If this value is exceeded, the connection is closed. Set this parameter to 0 to disable the check. |
maxStreamsRefused | int | 100 | Specifies the maximum number of streams that are refused after the maximum concurrent streams limit is reached. If this value is exceeded, the connection is closed. Set this parameter to 0 to disable the check. |
persistTimeout | A period of time with second precision | 30s | Amount of time that a socket will be allowed to remain idle between requests. This setting only applies if persistent connections are enabled. Specify a positive integer followed by a unit of time, which can be hours (h), minutes (m), or seconds (s). For example, specify 30 seconds as 30s. You can include multiple values in a single entry. For example, 1m30s is equivalent to 90 seconds. |
readTimeout | A period of time with second precision | 60s | Amount of time to wait for a read request to complete on a socket after the first read occurs. Specify a positive integer followed by a unit of time, which can be hours (h), minutes (m), or seconds (s). For example, specify 30 seconds as 30s. You can include multiple values in a single entry. For example, 1m30s is equivalent to 90 seconds. |
removeServerHeader | boolean | false | Removes server implementation information from HTTP headers. |
resetFramesWindow | A period of time with millisecond precision | 30s | Specifies the window of time during which reset frames are counted on each connection. Set this parameter to 0 for unlimited time window. Specify a positive integer followed by a unit of time, which can be hours (h), minutes (m), seconds (s), or milliseconds (ms). For example, specify 500 milliseconds as 500ms. You can include multiple values in a single entry. For example, 1s500ms is equivalent to 1.5 seconds. |
settingsInitialWindowSize | int | 65535 | Specifies the initial window size in octets for HTTP/2 stream-level flow control. This value can be configured to any size within the range of 1 to 2,147,483,647 octets, inclusive. If no value is specified, the default value is 65,535 octets. |
writeTimeout | A period of time with second precision | 60s | Amount of time to wait on a socket for each portion of the response data to be transmitted. Specify a positive integer followed by a unit of time, which can be hours (h), minutes (m), or seconds (s). For example, specify 30 seconds as 30s. You can include multiple values in a single entry. For example, 1m30s is equivalent to 90 seconds. |
allowFromEndpoint > remoteIp
Remote IP options for the endpoint.
Name | Type | Default | Description |
---|---|---|---|
proxies | string | 10\.\d{1,3}\.\d{1,3}\.\d{1,3}|192\.168\.\d{1,3}\.\d{1,3}|169\.254\.\d{1,3}\.\d{1,3}|127\.\d{1,3}\.\d{1,3}\.\d{1,3}|172\.1[6-9]{1}\.\d{1,3}\.\d{1,3}|172\.2[0-9]{1}\.\d{1,3}\.\d{1,3}|172\.3[0-1]{1}\.\d{1,3}\.\d{1,3}|0:0:0:0:0:0:0:1|::1 | A regular expression that defines trusted proxies. |
useRemoteIpInAccessLog | boolean | false | If this property is set to true and the remote client information was verified by the HTTP Channel, the NCSA access log reflects the Forwarded or X-Forwarded-* headers. These headers are reflected when one or more of the following items are recorded: the remote client IP, the host, or the request protocol. |
allowFromEndpoint > samesite
SameSite options for the endpoint.
Name | Type | Default | Description |
---|---|---|---|
lax | string | List of cookie names or patterns for which the SameSite attribute is set to a value of Lax, if not already defined. A single wildcard (*) character is supported as a stand-alone value, or following cookie name prefixes. Any cookie name or pattern that is defined by this list must be unique and not present in the 'none' nor 'strict' configurations. | |
none | string | List of cookie names or patterns for which the SameSite attribute is set to a value of None, if not already defined. A single wildcard (*) character is supported as a stand-alone value, or following cookie name prefixes. Any cookie name or pattern that is defined by this list must be unique and not present in the 'lax' nor 'strict' configurations. Each cookie that is modified to contain a SameSite value of None as a result of this configuration is also set to Secure. | |
partitioned | boolean | false | When this attribute is set to true, all SameSite=None cookies are partitioned and therefore are sent in cross-site requests. The default value is false, which means that cookies are not partitioned. |
strict | string | List of cookie names or patterns for which the SameSite attribute is set to a value of Strict, if not already defined. A single wildcard (*) character is supported as a stand-alone value, or following cookie name prefixes. Any cookie name or pattern that is defined by this list must be unique and not present in the 'lax' nor 'none' configurations. |
allowFromEndpoint > sslOptions
SSL protocol options for the endpoint.
Name | Type | Default | Description |
---|---|---|---|
sessionTimeout | A period of time with second precision | 1d | Amount of time to wait for a read or write request to complete on a socket. This value is overridden by protocol-specific timeouts. Specify a positive integer followed by a unit of time, which can be hours (h), minutes (m), or seconds (s). For example, specify 30 seconds as 30s. You can include multiple values in a single entry. For example, 1m30s is equivalent to 90 seconds. |
sslRef | A reference to top level ssl element (string). | The default SSL configuration repertoire. The default value is defaultSSLConfig. | |
sslSessionCacheSize | int | 100 | The maximum number of session objects that can be stored in the cache. |
sslSessionTimeout | A period of time with millisecond precision | 86400s | The timeout limit for an SSL session that is established by the SSL Channel. Specify a positive integer followed by a unit of time, which can be hours (h), minutes (m), seconds (s), or milliseconds (ms). For example, specify 500 milliseconds as 500ms. You can include multiple values in a single entry. For example, 1s500ms is equivalent to 1.5 seconds. |
suppressHandshakeErrors | boolean | false | Disable logging of SSL handshake errors. SSL handshake errors can occur during normal operation, however these messages can be useful when SSL is behaving unexpectedly. If disabled, the message and console logs do not record handshake errors, and the trace log records handshake errors when SSL Channel tracing is on. |
allowFromEndpoint > tcpOptions
TCP protocol options for the endpoint.
Name | Type | Default | Description |
---|---|---|---|
acceptThread | boolean | false | If true, then listening ports do not share the same thread for accepting connections. Otherwise, they share the same thread. |
addressExcludeList | string | A comma-separated list of addresses that are not allowed to make inbound connections on this endpoint. You can specify IPv4 or IPv6 addresses. All values in an IPv4 or IPv6 address must be represented by a number or by an asterisk wildcard character. As examples, valid IPv4 addresses for this list include "*.1.255.0", "254.*.*.9", and "1.*.*.*", and valid IPv6 addresses include "0:*:*:0:007F:0:0001:0001", "F:FF:FFF:FFFF:1:01:001:0001", and "1234:*:4321:*:9F9f:*:*:0000". | |
addressIncludeList | string | A comma-separated list of addresses that are allowed to make inbound connections on this endpoint. You can specify IPv4 or IPv6 addresses. All values in an IPv4 or IPv6 address must be represented by a number or by an asterisk wildcard character. As examples, valid IPv4 addresses for this list include "*.1.255.0", "254.*.*.9", and "1.*.*.*", and valid IPv6 addresses include "0:*:*:0:007F:0:0001:0001", "F:FF:FFF:FFFF:1:01:001:0001", and "1234:*:4321:*:9F9f:*:*:0000". | |
hostNameExcludeList | string | A comma-separated list of host names that are not allowed to make inbound connections on this endpoint. Host names are not case-sensitive and can start with an asterisk, which is used as a wildcard character. However, asterisks cannot be elsewhere in the host name. For example, *.abc.com is valid, but *.abc.* is not valid. | |
hostNameIncludeList | string | A comma-separated list of host names that are allowed to make inbound connections on this endpoint. Host names are not case-sensitive and can start with an asterisk, which is used as a wildcard character. However, asterisks cannot be elsewhere in the host name. For example, *.abc.com is valid, but *.abc.* is not valid. | |
inactivityTimeout | A period of time with millisecond precision | 60s | Amount of time to wait for a read or write request to complete on a socket. This value is overridden by protocol-specific timeouts. Specify a positive integer followed by a unit of time, which can be hours (h), minutes (m), seconds (s), or milliseconds (ms). For example, specify 500 milliseconds as 500ms. You can include multiple values in a single entry. For example, 1s500ms is equivalent to 1.5 seconds. |
maxOpenConnections | int | 128000 | Defines the maximum number of connections allowed to be open on this endpoint. |
portOpenRetries | int | 0 | Number of retries to open a TCP/IP port during server startup. There will be a one second delay between retries, until the opening is successful or the port open retry number is reached. |
soReuseAddr | boolean | true | Enables immediate rebind to a port with no active listener. |
waitToAccept | boolean | false | Queries whether this TCP Channel will delay accepting connections until the server starts. If false, connections are closed until the server starts. If true, the value for the acceptThread tcpOption is also set to true, and connections are delayed until the server starts. |