OpenVMS Notes: WASD HTTPd

Table of Contents

Introduction to the y2k20 dilemma
- the OpenVMS ecosystem
Introduction to WASD HTTPd
First Steps
Unzip then Install
Config then initial startup
Serving up Apache files
Scripting (serving up DCL scripts)
Properly enabling Server Admin
Supporting gSOAP on WASD
Links (and departing comments)

Edit: 2023-05-25 (a work in progress)

y2k20 - a potential crisis in 2020 (nothing to do with WASD)

Modern browsers in 2020 will expect to "connect HTTPS" only using TLSv1.2 and TLSv1.3 (this assumes that support for everything from SSLv3 up to and including TLSv1.1 will be removed)

While browsers are constantly being updated because of their use in everything from on-line purchases to on-line investing and banking, many web servers are not. What is worse it this: many organizations, including governments large and small, are slow to update their server software

comment: Firefox has been warning for several months (today is 2019-08-25) that one of my servers is preferentially offering connections via TLS-1.0 (the lock icon is closed but is orange). Chrome and IE11 each present a green lock icon.

Comparing y2k to y2k20

y2k (2000) was a problem related to old technology (both hardware and software) where it was not certain if internal clocks would know how to handle these two problems:
1. would clocks properly roll over from 1999 to 2000 or would they wrap back to 1900?
2. would the year 2000 be a leap year or not? (it was a leap year according to rule-3)
Notice that these human-caused problems where caused by:
1. a lack of coordination in the computer industry (caused by companies competing with each other rather than working together)
2. businesses and governments refusing to upgrade hardware and/or software
3. egotistic programmers doing their own thing rather than calling the operating system
y2k20 (2020) is a potential problem where:
- security changes in client browsers (which are usually auto-upgraded) may not be able to communicate with web servers (which are not auto-upgraded)
  - this is a client-server problem
- security changes in web servers (depending upon how they are implemented) may not accept connections from customers unwilling or unable to update
  - this is a B2B (business to business) problem where third party software (usually linked to older OpenSSL libraries) is used to initiate a web connection.

Why is 2020 going to be a problem?

y2k was (perhaps) so overblown that many people assumed that a whole lot of money had been spent but nothing happened. This assumption is faulty because the problem was largely averted
y2k20 does not appear to be taken seriously by anyone
- back during Y2K, not very many people relied on browsers
- twenty years later, almost everyone relies upon browsers for something
  - email clients have gone the way of the dodo (Microsoft will not allow you to install Windows Mail on a new Windows-10 platform); most companies tell you to read mail using a browser
  - many people uses browsers for online banking; online investing; online purchases; online entertainment (eg. youtube)
  - programmers aside, anyone who used a terminal emulator back in 2000 will most likely be using a browser today.
  - to save money, many companies are not patching internal web-servers which are only accessed by internal employees on their internal intranets. But their employees are still agreeing to upgrade their own browsers. Kaboom!
Don't think this will affect you? An unexpected change to OpenSSL in CentOS-7.3 on January of 2018 broke some things for me as I have documented here

Good News from Microsoft

There are a lot of desktops in the world still running Windows-7 and those users were either unwilling or unable to upgrade to Windows-10
Windows-10 was rolled out with two browsers, IE11 (Internet Explorer 11) and Microsoft Edge. Customers were instructed to begin using the new browser but many refused
Microsoft Edge was not available on older platforms which left older Windows desktops exposed to security exploits (appeared to be happening daily if not weekly)
Since the customer adoption of Microsoft Edge wasn't successful, in 2019 Microsoft decided to partner with Google by replacing Microsoft Edge with a newer variation called Microsoft Chrome Edge.
- Google's Chrome browser is based upon similar technology
- Microsoft Edge version numbers run from 12 to 18 (EDGE-12 to EDGE-18)
- Microsoft Chrome Edge is currently at version 80
This new Edge variation was only available to WIndows-10 users but it needed to be downloaded manually (was never part of an automated patch kit).
In 2020-02-xx Microsoft announced that Microsoft Chrome Edge would be available to older platforms, including Windows-7
- Download link for Chrome Edge (Windows 7-10): https://www.microsoft.com/en-us/edge
comment: we have got to convince everyone (friends, family, employers, customers) to abandon IE11 as soon as possible because it is holding back evolution of the internet.
- IE11 is the only popular-use browser that does not properly implement HTML5 (see: https://html5test.com/compare/browser/ie-11/firefox-60/chrome-68.html )
- IE11 is the only popular-use browser that does not support JavaScript-1.6 (a.k.a. ECMAScript-6 or ECMAScript-2015) see: https://www.w3schools.com/js/js_versions.asp
- IE11 is the only popular-use browser that does not support Angular2 or higher (see: https://angular.io/guide/browser-support )
- IE11 is the only popular-use browser that does not support jQuery2 (see: https://jquery.com/browser-support/ )

Additional news

2020-07-02
- https://www.zdnet.com/article/mozilla-halts-firefox-78-rollout-and-then-restarts-it-after-fixing-this-search-engine-bug/
  note: Firefox-74 was supposed to be released in March without default support for legacy protocols "TLS 1.0" and "TLS 1.1" but COVID-19 (amongst other things) changed that. Firefox-78.0.1 began downloading July-2 and only offers TLS-1.2 and TLS-1.3 (if your initial connection fails, just follow the prompts to re-enable lower protocols because this is just a warning for now)
2020-08-20
- Two different people told me today that a recent Windows-10 update just killed their "Windows Live Mail" client. (I have not seen anyone else on the internet crabbing about this - yet)
- Like IE11, Microsoft no longer supports the Windows Live Mail client (IIRC, the last version came out in 2012; if it was on Window-7 when you updated to Windows-10 then you were allowed to keep it; you were not allowed to install it onto a new version of Windows-10)
- Non-Microsoft software, like Mozilla Firefox and Google Chrome, had the SSL and TLS protocols built into their stand-alone programs. Microsoft software (at least the stuff published ten years ago and older) relied heavily upon a large number of DLL files which were shared by many Microsoft applications in the Windows ecosystem.
  SPECULATION: it is entirely possible that the latest Windows-10 update deleted DLL files required by the "Windows Live Mail" client. Those people will either need to get a third-party email reader (here are two: thunderbird and emclient ) or sign up for an annual Microsoft subscription to Office 365 (in this new marketing paradigm, software will be rented rather than purchased)

The OpenVMS ecosystem

Two companies are currently supporting OpenVMS (but this is about to change)
- In 2014, HP transferred the rights to develop/support OpenVMS to VSI (VMS Software Inc)
- In 2015, HP split into two companies: HP (most desktop products) and HPE (enterprise)
- HPE continued to support OpenVMS software contracts sold to HP customers before 2015 (they also sold/supported VSI products)
- Early in 2019, HPE removed most OpenVMS stuff (documentation as well as software) from their website including CSWS-2.2-1 (Compaq Secure Web Services) based upon Apache 2.0.63
  - For example, this link: http://h41379.www4.hpe.com/openvms/products/ips/apache/csws.html previously provided both software-downloads and product documentation but now diverts you to this common landing page: https://support.hpe.com/hpsc/doc/public/display?docId=a00058693en_us (in fact, all HPE OpenVMS software links now drop you here)
- If you have an OpenVMS support contract with HPE, then you will be able to request the latest version of file MOD_SSL (an Apache module for CSWS) which is based upon OpenSSL-1.0L but does not implement TLSv1.3
  - HPE has announced the end of all OpenVMS support by the end of 2020.
- Businesses requiring CSWS/Apache on OpenVMS should immediately move their support contracts over to VSI where you will have access to a new version of CSWS based upon Apache 2.4.12
  - caveat: you may be required to update your OS to OpenVMS-8.4-2 so do not wait until the last minute
For companies and/or hobbyists financially unable to move to VMS Software Inc, your only remaining option is to replace CSWS/Apache with WASD HTTPd
- WASD HTTPd is a high quality high performance OpenVMS web server from Australia which is not based upon Apache
- WASD HTTPd already supports TLSv1.2 and TLSv1.3
- "I think" support agreements may be available
This web-page will document my efforts to replace CSWS/Apache with WASD HTTPd on a sacrificial laboratory system (we employ a lot of CGI including one SOAP-based feed)

Web server products available for VMS/OpenVMS

Publisher	Product Name	Apache Version	VAX	Alpha	Itanium	x86-64	Active	Notes
Compaq HP HPE	CSWS-1	2.0	N	Y	Y	N	?	HPE will exit the OpenVMS support business in 2020 Old CSWS (products, patches, plugins) were free until 2016 Since then patches are available only if you have an HPE support agreement
VSI	CSWS-2	2.4	N	Y	Y	Y	Y	New CSWS (available with new support agreement)
Ohio State University	OSU DECthreads	n/a	Y	Y	N	N	N	Product hasn't been supported for more than a decade Can be found on the VMS Freeware packages
VSM Software Services	WASD HTTPd	n/a	Y	Y	Y	Y	Y	Still actively supported

Introduction to WASD HTTPd (one solution to the y2k20 problem on OpenVMS)

WASD HTTPd - is a very high quality free web server from VSM Software Services in Australia
- it runs on all VMS and OpenVMS platforms: VAX, Alpha, and Itanium
- it will run on x86-64 when VSI finally publishes a OpenVMS-9 for that CPU architecture
- it is NOT based upon Apache
- it is published with all the source code so if you can program in C then you can improve/extend/tinker
- it can link to its own SSL libraries which already support TLS-1.3, or HP-SSL (based upon OpenSSL-0.9 and lower), or HP-SSL1 (OpenSSL-1.0 and higher)
- excerpt from page-13 of the book OpenVMS with Apache, OSU, and WASD
  The idea with WASD was to be a really good VMS-only server: Mark Daniel says, "I suffered a bit of a VMS cringe when amongst my UNIX colleagues (VMS was perceived to be a bit slow and cumbersome), so I have also endeavored to make WASD as fast and efficient as I could, avoiding C run-time library and even RMS code layers where it was feasible and worth it. I also wanted a similarly tight scripting environment and have spent a lot of time honing this aspect"
- Trivia: WASD = "Wide Area Surveillance Division". WASD was previously known as HFRD (High Frequency Radar Division) of Australia's Defense, Science and Technology Organization

Executive Summary:

What an unexpected surprise. WASD HTTPd is the fastest web server I have worked on to date.
I am currently supporting web servers on these production platforms...

Hardware	CPU	Cores	Memory	Network	OS	Software
rx2800-i2	Itanium2	8	64G	IPv4 on 1Gb/s	OpenVMS-8.4	CSWS/Apache 2.0.xx
DL385p-gen8	AMD x86-64	24	132G	IPv4 on 1Gb/s	CentOS-7.5	Apache 2.4.xx
rx2660	Itanium2	8	16G	Ipv4 on 1Gb/s	OpenVMS-8.4	WASD HTTPd 11

...and it appears that WASD on the oldest hardware is able to out-perform Apache on the newest hardware (caveat: I haven't done any full-load stress tests just yet)

WASD HTTPd is published with all the source code. This means that if Adelaide gets hit with an asteroid you will be able to fix your own code (provided you have access to the DECC "C compiler)
The source code is mirrored in at least three other locations (see asteroid comment)

First Steps

download all the zip files you think you will need from here: https://wasd.vsm.com.au/wasd/ (or the various mirror sites)
- caveat: do not skip any CUP (cumulative update package) files. I wasted a whole day trying to get both Server Admin and SYSUAF to work (I assumed I was doing something wrong). I was only successful after I noticed, then installed, the CUP file (probably need new eyeglasses)
none of these files offer executables so you will need to download a vanilla package (necessary to "compile-link" or just "link") as well as the architecture-specific files

Unzip then install

Unzip

$! DCL script to unzip WASD
$! this is an rx2660 (Itanium2)
$! CSWS/Apache is located on disk dka200 so that's where I'll put WASD
$!
$ define/job yada CSMIS$USER3:[ADMCSM.NEIL._WASD]	! files where downloaded here
$ set default DKA200:[000000]				! move to root of disk dka200
$ unzip yada:WASD1130.zip				! also creates folder [WASD_ROOT}
$ unzip yada:WASD1130-ia64.zip				!
$ set default [WASD_ROOT]				!
$ unzip yada:WASD_CUP_1130b.ZIP 			! do not forget this (or SYSUAF stuff won't work)
$ unzip yada:opensslwasd102r-ia64.zip			! optional

Install (part 1) you need a DEC-C compiler to do perform step 1 so consider starting with step 2

$set default wasd_root:[000000]				!
$@install						!

******************* 
*  BUILD PACKAGE  * 
******************* 

Package executables must be built.

0. skip this step 
1. compiling from source, then linking 
2. linking (separate package) object modules 

Select build method [0]:

[...snip...]

Install (part 2) really cool because you have a choice

************************** 
*  SSL TOOLKIT DETECTED  * 
************************** 

A supported Secure Sockets Layer (SSL) toolkit has been detected.
Those with item numbers are available for building, 'x's are not available.

0. do not build an SSL version 
1. OpenSSL (prior to v1.1.0) toolkit
x. OpenSSL (v1.1.0 or later) toolkit 
2. OpenVMS SSL1 product (HP)                    (OpenSSL 1.0 and higher)
x. WASD OpenSSL package                         ("x" because download it) 
x. OpenVMS SSL product (HP) no longer supported (OpenSSL 0.9 and lower)

Select item number [2]:

Config then initial start

now read install-and-config as well as features (or download the PDFs of those html docs from here)
- the vanilla http server (port 80) installs itself.
- The secure https server (443) will not work without having chapter-4 of features open while you edit the config files documented in install-and-config. IMHO, this is a good thing since we've all worked on systems initially set up by "the brain dead". Security is no laughing matter. I was not able to get HTTPS working without first using the OpenSSL CLI from another system
quick steps 1
- locate your current ssl certificate file (name.crt) and key file (name.key)
- copy both of these files into a third file with an extension of ".pem" like so:
      $copy name.crt , name.key name.pem
  caveat: depending on the text file format, doing a DCL copy-concatenate will result in the middle of the file looking like this:
       -----END CERTIFICATE----------BEGIN RSA PRIVATE KEY-----
  rather than this:
       -----END CERTIFICATE-----
       -----BEGIN RSA PRIVATE KEY-----

quick steps 2:

edit this file: WASD_ROOT:[LOCAL]wasd_config_global.conf

field	current contents	new contents	notes
[SecureSocket]	disabled	enabled
[SSLversion]	TLSvALL	TLSvALL,SSLv3	my system will require SSLv3 for a time
[SSLcipherList]		MEDIUM:HIGH	https will not work if this field is BLANK
[SSLcert]		dka100:[certificates]name.pem	https will not work if this field is BLANK
[SSLkey]			leave this field BLANK
[SSLverifyPeerCAFile]		dka100:[certificates]vendor.crt	this is the vendor's chain file (in PEM format)
[Welcome]	INDEX.HTML	INDEX.HTML DEFAULT.HTML	this is standard this is the name of our Apache home page
[Http2Protocol]	enable	disable	disable for use with Firefox and Chrome in 2019

quick step 3:

$ @dka200:[WASD_ROOT.STARTUP]STARTUP.COM

startup problems? The check these locations:

server logs: WASD_ROOT:[LOG_SERVER]
client logs: WASD-ROOT:[LOG]

https testing

testing with browsers can be problematic because they all implement different levels of security. So I recommend you first test with the OpenSSL CLI. Do not move to browsers until this command works
```
$ openssl s_client -connect www.server.ext:443 -showcerts
```

This is an example of a failure (handshake could not find, or agree upon, a common protocol):

$ openssl s_client -connect kawc4r.on.bell.ca:443 -ssl3
CONNECTED(00000005)
1211764609:error:14077410:SSL routines:SSL23_GET_SERVER_HELLO:sslv3 alert handshake failure ...
---
no peer certificate available
---
No client certificate CA names sent
---
SSL handshake has read 7 bytes and written 305 bytes
---
New, (NONE), Cipher is (NONE)
Secure Renegotiation IS NOT supported
Compression: NONE
Expansion: NONE
No ALPN negotiated
SSL-Session:
Protocol  : TLSv1.2 
Cipher    : 0000 
Session-ID: 
Session-ID-ctx: 
Master-Key: 
Key-Arg   : None 
PSK identity: None 
PSK identity hint: None 
SRP username: None 
Start Time: 1554322235 
Timeout   : 300 (sec) 
Verify return code: 0 (ok) 
---

While this is an abbreviated pass

$ openssl s_client -connect kawc4r.on.bell.ca:443 -showcerts
CONNECTED(00000005)
depth=2 C = US, O = "Entrust, Inc.", OU = See www.entrust.net/legal-terms,
	OU = "(c) 2009 Entrust, Inc. - for authorized use only",2 verify error:num=19:self ...
---
Certificate chain
0 s:/C=CA/ST=Ontario/L=Kitchener/O=Bell Canada/CN=kawc96.on.bell.ca 
i:/C=US/O=Entrust, Inc./OU=See www.entrust.net/legal-terms/OU=(c) 2012 Entrust, Inc. - for ...
-----BEGIN CERTIFICATE-----
MIIHPDCCBiSgAwIBAgIRAPaL2NZkwkK1AAAAAFDmVrowDQYJKoZIhvcNAQELBQAw
[...snip...]
TW6QHJa01MG8nTNfTYHEnZ4EbKFN+XjXb5+8+huXIJYO7Mvbpx9Uv78RJQJxn1cj
Irl6f6Wu3P59Gn5kpvwHmU4T6llV1jbquKp00G+7JDg=
-----END CERTIFICATE-----
1 s:/C=US/O=Entrust, Inc./OU=See www.entrust.net/legal-terms/OU=(c) 2012 Entrust, Inc. - f ...
i:/C=US/O=Entrust, Inc./OU=See www.entrust.net/legal-terms/OU=(c) 2009 Entrust, Inc. - fo  ...
-----BEGIN CERTIFICATE-----
MIIFDjCCA/agAwIBAgIMDulMwwAAAABR03eFMA0GCSqGSIb3DQEBCwUAMIG+MQsw
[...snip...]
exCdtTix9qrKgWRs6PLigVWXUX/hwidQosk8WwBD9lu51aX8/wdQQGcHsFXwt35u
Lcw=
-----END CERTIFICATE-----
2 s:/C=US/O=Entrust, Inc./OU=See www.entrust.net/legal-terms/OU=(c) 2009 Entrust, Inc. - f ...
i:/C=US/O=Entrust, Inc./OU=See www.entrust.net/legal-terms/OU=(c) 2009 Entrust, Inc. - fo  ...
-----BEGIN CERTIFICATE----- MIIEPjCCAyagAwIBAgIESlOMKDANBgkqhkiG9w0BAQsFADCBvjELMAkGA1UEBh ...
[...snip...]
nAuknZoh8/CbCzB428Hch0P+vGOaysXCHMnHjf87ElgI5rY97HosTvuDls4MPGmH
VHOkc8KT/1EQrBVUAdj8BbGJoX90g5pJ19xOe4pIb4tF9g==
-----END CERTIFICATE-----
---
Server certificate
subject=/C=CA/ST=Ontario/L=Kitchener/O=Bell Canada/CN=kawc96.on.bell.ca issuer=/C=US/O=Ent ...
---
No client certificate CA names sent
---
SSL handshake has read 4579 bytes and written 623 bytes
---
New, TLSv1/SSLv3, Cipher is AES256-GCM-SHA384 Server public key is 2048 bit Secure Renegot ...
Compression: NONE
Expansion: NONE
No ALPN negotiated
SSL-Session:
Protocol  : TLSv1.2 
Cipher    : AES256-GCM-SHA384 
Session-ID: D24A4196DD1C6E36B35B4E85A5985BFA58A7541487A84F9B863926BB45BC249E 
Session-ID-ctx: 
Master-Key: 9C14A7397DC7FB7CCF8684A4F05EC8F3F56364491E497B9CADF7FC8550F7A25861F97B12FBA1B7 ... 
Key-Arg   : None 
PSK identity: None 
PSK identity hint: None 
SRP username: None 
TLS session ticket lifetime hint: 300 (seconds) 
TLS session ticket: 
0000 - 47 b7 de fa 7c f1 cb db-0b 80 3a 58 31 21 c8 84   G...|.....:X1!.. 
0010 - 4b 65 6b 8b 49 88 ee 49-5d 3b e0 1f f6 c1 55 81   Kek.I..I];....U. 
0020 - ee 7d 01 2e fc 85 e7 e4-c2 b4 4e 1a d0 a4 65 b7   .}........N...e. 
0030 - 09 3d 46 05 7e 6c 7c 21-97 df 4a 56 9f aa c7 3e   .=F.~l|!..JV...> 
0040 - 6b 6d 68 6a c7 81 7e 07-30 70 c8 64 a6 6a 54 f1   kmhj..~.0p.d.jT. 
0050 - 23 fb 38 4d d5 dc 83 95-95 fa c9 c5 e2 28 cc 42   #.8M.........(.B 
0060 - a6 5b 34 ac ed 80 b0 d6-7e ae de 48 12 22 68 48   .[4.....~..H."hH 
0070 - 15 34 ea 1e df fa 76 b3-3c 4b 2e 1d 58 7f 8b e1   .4....v.

most of our clients still use IE11 while our developers use Firefox or Chrome. Be sure to test with all browsers. For example, I initially set "[SSLcipherList] ALL" which prevented connections by Firefox and Chrome (complained that the negotiated protocols were too dangerous) but not IE11 (hasn't been patched in a long while)

Serving up Apache/CSWS Files from WASD HTTPd

caveat: I am currently looking for a quick way to replace CSWS/Apache with WASD under emergency conditions. Your map file would look quite different when using WASD on a new system

change the contents of file WASD_ROOT:[local]wasd_config_map.conf with something similar to this

Apache notes:
- all the folders listed after "/dka200/apache" are folders under APACHE_ROOT:[000000] on my system
- file "default.html" can be found in APACHE_ROOT:[MAIN] on my system

#-------------------------------------
#	basic stuff (also means we can't use these paths in Apache)
exec	/cgi-bin/*	/cgi-bin/*
exec+	/cgiplus-bin/*	/cgi-bin/*
pass	/wasd_root/*	/wasd_root/*	dir=access dir=wildcard
#-------------------------------------
#	for CERN HTTPd compatibility
map	/httpd-intenal-icons/*	/httpd/-/*
#-------------------------------------
#	other
pass	/*/-/*	/wasd_root/runtime/*/*	cache=perm
pass	/wasd_root/runtime/*	/wasd_root/runtime/*
pass	/wasd_root/src/misc/*	/wasd_root/src/misc/*
#-------------------------------------
#	for access to server admin
pass	/httpd/-/admin/
#-------------------------------------
#	for Apache compatibility on the Bell-ATS system
set * map=root=/dka200/apache
exec /cgi-bin/*	/cgi-bin/*
exec /scripts/*	/scripts/*
pass /css/*	/css/*
pass /icons/*	/icons/*
pass /images/*	/images/*
pass /public/*	/public/*
pass /jquery/*  /jquery/*
pass /*		/main/*
fail *

shutdown CSWS/Apache
change the ownership of Apache root
- set def dka200:[000000]
- set file/owner=HTTP$SERVER apache.dir
change the ownership of Apache files
- set file/owner=HTTP$SERVER [apache...]*.*;
start WASD
you are ready to go (at least with static HTML)

Scripting (serving up DCL scripts)

Introduction

caveat: here I am referring to the scripts usually executed by the webserver on behalf of some user request (not the scripts you might find in folders like wasd_root:[startup]). Some DCL scripts might do nothing else other than run an executable (e.g. they have one line like this: "$run csmis$exe:progam.exe")
the scripting environment is locked down on WASD and that is probably a good thing (see my previous comments on systems setup by "the brain dead")
When working with Apache on most systems including Linux, Unix and OpenVMS, you can get around most webserver issues by increasing the privileges of the associated accounts.
The default behavior of WASD prevents you from doing this
- remember how computers were setup before the first appearance of web servers in 1991 at CERN? No one was able to access anyone else's directories or files. Web servers were only meant to offer unrestricted access to files in a certain area of the computer. Later webserver versions attempted to add-on user authentication and authorization but the implementation was usually done in a sloppy haphazard fashion
- scripting on WASD is usually assigned to account HTTP$NOBODY which must only have these VMS privileges: NETMBX and TMPMBX. On top of that, the account cannot be a member of the SYSTEM group. On startup, WASD will inspect these setting then will disable default scripting if it sees anything that might appear dangerous)
Unfortunately, over the past 20-years the CSWS/Apache on my systems have be run with more privs than NETMBX and TMPMBX. So producing a solution where WASD can be used as a drop-in replacement for CSWS/Apache required a little more effort.

Quick steps

step-1

edit file: [WASD_ROOT.local]wasd_config_global.conf

field	current contents	new contents	notes
[Scripting]	disabled	enabled
[DclDetachProcess]	disabled	enabled
[DclDetachProcessPriority]		1
[DclScriptRunTime]	.PL__ @cgi-bin:[000000]PERL.com .PL perl .DLL $CGI-BIN:[000000]CGISAPI.EXE .CLASS @CGI-BIN:[000000]JAVA.COM	.COM text/plain DCL procedure .EXE application/octet-stream executable	append these two lines to the current list or replace the current list as you see fit

step-2 (add this line to file "STARTUP_LOCAL.COM")

$!-------------------------------------
$! initial setting to start hacking
$!	define/system WASD_STARTUP_SERVER "/PERSONA=(APACHE$WWW,RELAXED)/SCRIPT=AS=APACHE$WWW"
$!-------------------------------------
$! initial hacking may require /watch to write more stuff to the server log file
$!
$ if 1.eq.0
$ then
$ define/system WASD_STARTUP_SERVER "/PERSONA=relaxed/SYSUAF=relaxed/Profile"
$ else
$ define/system WASD_STARTUP_SERVER -
  "/PERSONA=relaxed/SYSUAF=relaxed/Profile/WATCH=NOSTARTUP,ITEMS=(REQUEST,RESPONSE,MAPPING,error)"
$ endif

step-3 (modify file [WASD_ROOT.local]WASD_CONFIG_MAP.CONF to look similar to this)

#-------------------------------------
#	basic stuff (also means we can't use these paths in Apache)
exec	/cgi-bin/*	/cgi-bin/*
exec+	/cgiplus-bin/*	/cgi-bin/*
pass	/wasd_root/*	/wasd_root/*	dir=access dir=wildcard
#-------------------------------------
#	for CERN HTTPd compatibility
map	/httpd-intenal-icons/*	/httpd/-/*
#-------------------------------------
#	other
pass	/*/-/*	/wasd_root/runtime/*/*	cache=perm
pass	/wasd_root/runtime/*	/wasd_root/runtime/*
pass	/wasd_root/src/misc/*	/wasd_root/src/misc/*
#-------------------------------------
#	for access to server admin
pass	/httpd/-/admin/
#-------------------------------------------------------------------------
# Bell-ATS notes
# 1) we want WASD to serve up content the same way as APACHE$WWW so the
#       server must run in persona=relaxed mode
# 2) the folders below are required by our CSWS/Apache server
# 3) WASD variables employ a CGIprefix of "www_" while our Apache does not
#-------------------------------------------------------------------------
SET     * map=root=/dka200/apache
SET     /*              report=detailed
SET     /scripts/* script=as=APACHE$WWW CGIprefix=
SET     /cgi-bin/* script=as=APACHE$WWW CGIprefix=
exec    /cgi-bin/*      /cgi-bin/*
exec    /scripts/*      /scripts/*
pass    /css/*          /css/*
pass    /icons/*        /icons/*
pass    /images/*       /images/*
pass    /public/*       /public/*
pass    /jquery/*       /jquery/*
pass    /*              /main/*
fail    *

restart WASD like so:

$ @WASD_ROOT:[STARTUP]SHUTDOWN
$ wait 0:0:05
$ @WASD_ROOT:[STARTUP]STARTUP

Properly enabling Server Admin

edit file WASD_ROOT:[LOCAL]WASD_CONFIG_SERVICE.MAP

current contents	new contents	notes
[[http://:80]] [[https://:443]]	[[http://:80]] [[https://:443]] [[https://*:44443]] [ServiceAdmin] enabled	append the stanza in red to enable Service Admin on port: 44443

edit file WASD_ROOT:[LCOAL]WASD_CONFIG_AUTH.MAP

current contents	new contents	notes
whatever	[[https://:44443]] ["Web Admin"=VMS] # only from Neil's Desktop #/httpd/-/admin/ r+w,142.180.221.225 #/wasd_root/local/* r+w,142.180.221.225 # only from Neil's subnet /httpd/-/admin/* r+w,142.180.221.0/24 /wasd_root/local/* r+w,142.180.221.0/24	insert a block like this

current contents

new contents

notes

whatever

[[https://*:44443]]
["Web Admin"=VMS]
#       only from Neil's Desktop
#/httpd/-/admin/*       r+w,142.180.221.225
#/wasd_root/local/*     r+w,142.180.221.225
#       only from Neil's subnet
/httpd/-/admin/*        r+w,142.180.221.0/24
/wasd_root/local/*      r+w,142.180.221.0/24

insert a block like this

restart WASD

Supporting gSOAP

before you begin this section, ensure that gSOAP is already installed on your system. Start by typing this command:
```
$ show logical gsoap_root
```
if that command doesn't work then you will need to acquire an appropriate kit (Alpha or Itanium) from here: http://gsoaponopenvms.blogspot.com/
notes:
- John Apps has retired but Brett Cameron is still answering email requests
- more gSOAP information can be found here: OpenVMS-Notes: AXIS2

unzip

$! DCL script to unzip gSOAP support for WASD
$! this is an rx2660 (Itanium2)
$!
$ define/job yada CSMIS$USER3:[ADMCSM.NEIL._WASD]	! files where downloaded here
$ set def DKA200:[000000]				! move to root of disk dka200
$ set def [WASD_ROOT]					!
$ unzip yada:gsoaprte104.zip				!

read this
- https://wasd.vsm.com.au/wasd_root/src/gsoap/READMORE.HTML

install

$ @ WASD_ROOT:[EXAMPLE]WASDVERBS.COM		! create some verbs required for the build script
$ SET DEFAULT WASD_ROOT:[SRC.GSOAP]		!
$ @BUILD_GSOAPRTE				! can link-only or compile-and-link
$ COPY WASD_EXE:GSOAPRTE.EXE CGI_EXE:		!

build gSOAP example programs found the calc folder under WASD (these are slightly different from examples found under gsoap$root)

$ set def WASD_ROOT:[SRC.GSOAP.CALC]		! navigate here
$ edit/read calc.c				! inspect this file (basis of the service)
$ edit/read calcclient.c			! inspect this file (the standalone client)
$!
$! note: if you enable interface logging: soap_set_recv_logfile(),
$!	soap_set_sent_logfile(), soap_set_test_logfile()
$!	then you must link against gsoapdbg.olb rather than gsoap.olb 
$!
$ @build					!
$!	yields:	soap_calc_share.exe		! similar to the Brett Cameron's demo
$!		soap_calc_cgiplus.exe		! a cgi+ variant
$!		calcclient.exe			! DCL-based client
$!

changes to the mapping file

#
exec	/cgi-bin/*	/cgi-bin/*
exec+	/cgiplus-bin/*	/cgi-bin/*
#-------------------------------------------------------------------------
# Default
pass	/wasd_root/*	/wasd_root/*	dir=access dir=wildcard
#-------------------------------------------------------------------------
# for CERN HTTPd icon compatibility
map	/httpd-internal-icons/*		/httpd/-/*
#-------------------------------------------------------------------------
# other
pass	/*/-/*	wasd_root/runtime/*/*	cache=perm
pass	/wasd_root/runtime/*		/wasd_root/runtime/*
pass	/wasd_root/scr/misc/*		/wasd_root/src/misc/*
#-------------------------------------------------------------------------
# access to server admin
pass	/httpd/-/admin/*
#-------------------------------------------------------------------------
# use this mapping for wasd gsoap example files copied to /cgi-bin
exec+	/soapdemo/soap_calc_sha*	(cgi_exe:gsoaprte)/cgi-bin/soap_calc_sha*
exec+	/soapdemo/soap_calc_cgi*	(cgi_exe:gsoaprte)/cgi-bin/soap_calc_cgi*
#	alternative access notes:
#		$copy soap_calc_share.exe   calc1.exe
#		$copy soap_calc_cgiplus.exe calc2.exe
exec+	/calc*				(cgi_exe:gsoaprte)/cgi-bin/calc*
#-------------------------------------------------------------------------

copying files to their target directories then use the DCL-based client to test the service

$ set def WASD_ROOT:[SRC.GSOAP.CALC]
$ dir *.exe/col=1

Directory DKA200:[WASD_ROOT.SRC.GSOAP.CALC]

CALCCLIENT.EXE;1
SOAP_CALC_CGIPLUS.EXE;1
SOAP_CALC_SHARE.EXE;1

Total of 3 files.
$ copy SOAP_CALC_CGIPLUS.EXE wasd_root:[cgi-bin]
$ copy SOAP_CALC_SHARE.exe   wasd_root:[cgi-bin]
$ copy SOAP_CALC_SHARE.exe   wasd_root:[cgi-bin]calc1.exe
$ test := $DKA200:[WASD_ROOT.SRC.GSOAP.CALC]CALCCLIENT.EXE
$ test
Requires: $ CALC_URL = "http://the.host.name/the/path"
$ CALC_URL = "http://kawc4r.on.bell.ca/calc1"
$ test
Usage: [add|sub|mul|div|pow] num num
$ test add 123 456
http://kawc4r.on.bell.ca/calc1
result = 579
$