B.1.1 Setting Up WebAdmin

In the case of a re-setup, the existing server.xml is overwritten with the default values. Therefore, back up the information in server.xml beforehand and update it manually after setting up WebAdmin.
No action is required because the certificate is not overwritten during re-setup.

Follow the procedure below to set up WebAdmin.

Change to the superuser
Acquire superuser privileges on the system.
Example
```
$ su -
Password:******
```
Set the JAVA_HOME environment variable
Set the JAVA_HOME environment variable to the installation destination of Open JRE 8.
Example
```
# export JAVA_HOME="OpenJRE8InstallDir"
```
Run Setup
Run the WebAdminSetup command.
Example
If WebAdmin is installed in /opt/fsepv<x>webadmin:
```
# cd /opt/fsepv<x>webadmin/sbin
# ./WebAdminSetup
```

Specifying Setup Items

Specify the following:

Refer to the "/etc/services" file and only change to a different port number if there is overlap with a port number from another service.

Make a note of the port number for the Web server, because it will be required for starting the WebAdmin window.

Item
HTTPS usage Do you want to use HTTPS (secure communication)? [y,n,q] (default: n)
Web server port number Enter port number of Web Server (default: 27515):
(Can be set only when HTTPS is used.) HTTPS Client Authentication usage Do you want to use HTTPS Client Authentication? [y,n,q] (default: n)
WebAdmin internal port number Enter Internal port number for WebAdmin (default: 27516):
WebAdmin automatic start Start WebAdmin automatically when system starting? [y,n] (default: y)

HTTPS usage

Specify whether to use HTTPS, for secure communication with the WebAdmin (and to be used internally by the WebAdmin).

To facilitate HTTPS deployment, WebAdmin automatically creates a self-signed server certificate. This certificate should only be used for testing purposes, such as connection verification, and should be replaced with an appropriate CA-signed certificate in production.

Refer to "B.1.2 Certificate Settings For Secure Connection Support" for detail certificate settings.

Point

If you continue to use the self-signed server certificate that WebAdmin created, your browser displays a warning screen when you access the WebAdmin page because you can access WebAdmin but the certificate is not signed by a known and trusted CA.

Web server port number

Specify a numeric value from 1024 to 32767 for the port number to be used for communication between the Web browser and the Web server.

The Web server port number will be registered as a port number with the following service name in the "/etc/services" file.

fsep_170_WA_64_WebAdmin_Port1

HTTPS Client Authentication usage

Specify whether to use HTTPS Client Authentication, to ensure that only authenticated clients can use the WebAdmin.

To facilitate the deployment of HTTPS client authentication, WebAdmin automatically creates two self-signed client certificates.

One is for browser-to-server authentication. and one for server-to-server authentication.

Server to server authentication is required because WebAdmins can have multiple server configurations and communicate between them. Refer to "Appendix I Determining the Preferred WebAdmin Configuration".

These certificate should only be used for testing purposes, such as connection verification, and should be replaced with an appropriate CA-signed certificate in production.

Refer to "B.1.2 Certificate Settings For Secure Connection Support" for detail certificate settings.

Point

If client authentication is selected, client certificate for browser must be registered in user’s browser before accessing to WebAdmin. Otherwise, WebAdmin will not be accessible.

WebAdmin internal port number

Specify a numeric value from 1024 to 32767 for the port number to be used for communication between the Web server and the WebAdmin runtime environment.

The WebAdmin internal port number will be registered as a port number with the following service name in the /etc/services file.

fsep_170_WA_64_WebAdmin_Port2

WebAdmin automatic start: Select whether or not to start WebAdmin when the machine is started.

Note

Unused port numbers
Irrespective of the information specified in the "/etc/services" file, unused port numbers in the OS and other products can sometimes be automatically numbered and then used, or port numbers specified in environment files within products may also be used. Check the port numbers used by the OS and other products, and ensure that these are not duplicated.
Access restrictions
Prevent unauthorized access and maintain security by using a firewall product, or the packet filtering feature of a router device, to restrict access to the server IP address and the various specified port numbers.
Port access permissions
If a port is blocked (access permissions have not been granted) by a firewall, enable use of the port by granting access. Refer to the vendor document for information on how to grant port access permissions.
Consider the security risks carefully when opening ports.
Changing port numbers
When using WebAdmin in multiserver mode, it is recommended not to change WebAdmin ports after creating instances. Otherwise, the created instances may not be accessible through WebAdmin after the port is changed.
Building in a Multi-Server Environment
Configure your environment so that all servers have the same settings for using HTTPS and using HTTPS client authentication.