Configure Web Services Proxy

Contributors netapp-jolieg NetAppZacharyWambold

You can modify the Web Services Proxy settings to meet the unique operating and performance requirements for your environment.

Stop or restart the Webserver

The Webserver service is started during installation and runs in the background. During some configuration tasks, you might need to stop or restart the Webserver service.

Steps
  1. Do one of the following:

    • For Windows, go to the Start menu, select Administrative Tools  Services, locate NetApp SANtricity Web Services and then select either Stop or Restart.

    • For Linux, choose the method of stopping and restarting the Webserver for your operating system version. During the installation, a popup dialog indicated what daemon started. For example:

      web_services_proxy webserver installed and started. You can interact with it using systemctl start|stop|restart|status web_services_proxy.service

      The most common method for interacting with the service is by using systemctl commands.

Resolve port conflicts

If the Web Services Proxy is running while another application is available at the defined address or port, you can resolve the port conflict in the wsconfig.xml file.

Steps
  1. Open the wsconfig.xml file, located at:

    • (Windows) — C:\Program Files\NetApp\SANtricity Web Services Proxy

    • (Linux) — /opt/netapp/santricity_web_services_proxy

  2. Add the following line to the wsconfig.xml file, in which n is the port number:

    <sslport clientauth=”request”>*n*</sslport>
    <port>n</port>

    The following table shows the attributes that control HTTP ports and HTTPS ports.

    Name Description Parent Node Attributes Required

    config

    The root node for the config

    Null

    Version - The version of the config schema is currently 1.0.

    Yes

    sslport

    The TCP port to listen for SSL requests. Defaults to 8443.

    config

    Clientauth

    No

    port

    The TCP port to listen for HTTP request, defaults to 8080.

    config

    -

    No

  3. Save and close the file.

  4. Restart the Webserver service so the change takes effect.

Configure load-balancing and/or high-availability

To use the Web Services Proxy in a highly-available (HA) configuration, you can configure load balancing. In an HA configuration, typically either a single node receives all requests while the others are on stand-by, or requests are load-balanced across all nodes.

The Web Services Proxy can exist in a highly-available (HA) environment, with most APIs operating correctly regardless of the recipient of the request. Metadata tags and folders are two exceptions, because tags and folders are stored in a local database and are not shared between Web Services Proxy instances.

However, there are some known timing issues that occur in a small percentage of requests. Specifically, one instance of the proxy can have newer data faster than a second instance for a small window. The Web Services Proxy includes a special configuration that removes this timing issue. This option is not enabled by default, because it increases the amount of time it takes to service requests (for data consistency). To enable this option, you must add a property to an .INI file (for Windows) or an .SH file (for Linux).

Steps
  1. Do one of the following:

    • Windows: Open the appserver64.ini file, and then add the Dload-balance.enabled=true property.

      For example: vmarg.7=-Dload-balance.enabled=true

    • Linux: Open the webserver.sh file, and then add the Dload-balance.enabled=true property.

      For example: DEBUG_START_OPTIONS="-Dload-balance.enabled=true"

  2. Save your changes.

  3. Restart the Webserver service so the change takes effect.

Disable SYMbol HTTPS

You can disable SYMbol commands (default setting) and send commands over a remote procedure call (RPC). This setting can be changed in the wsconfig.xml file.

By default, the Web Services Proxy sends SYMbol commands over HTTPS for all E2800 series and E5700 series storage systems running SANtricity OS versions 08.40 or later. SYMbol commands sent over HTTPS are authenticated to the storage system. If needed, you can disable HTTPS SYMbol support and send commands over RPC. Whenever SYMbol over RPC is configured, all passive commands to the storage system are enabled without authentication.

Note When SYMbol over RPC is used, the Web Services Proxy cannot connect to systems with the SYMbol management port disabled.
Steps
  1. Open the wsconfig.xml file, located at:

    • (Windows) — C:\Program Files\NetApp\SANtricity Web Services Proxy

    • (Linux) — /opt/netapp/santricity_web_services_proxy

  2. In the devicemgt.symbolclientstrategy entry, replace the httpsPreferred value with rpcOnly.

    For example:

    <env key="devicemgt.symbolclientstrategy">rpcOnly</env>

  3. Save the file.

Configure cross-origin resource sharing

You can configure cross-origin resource sharing (CORS), which is a mechanism that uses additional HTTP headers to provide a web application running at one origin to have permission to access selected resources from a server at a different origin.

CORS is handled by the cors.cfg file located in the working directory. The CORS configuration is open by default, so cross domain access is not restricted.

If no configuration file is present, CORS is open. But if the cors.cfg file is present, then it is used. If the cors.cfg file is empty, you cannot make a CORS request.

Steps
  1. Open the cors.cfg file, which is located in the working directory.

  2. Add the desired lines to the file.

    Each line in the CORS configuration file is a regular expression pattern to match. The origin header must match a line in the cors.cfg file. If any line pattern matches the origin header, the request is allowed. The complete origin is compared, not just the host element.

  3. Save the file.

Requests are matched on the host and according to protocol, such as the following:

  • Match localhost with any protocol — *localhost*

  • Match localhost for HTTPS only — https://localhost*