| Admin Listeners |
| Admin Listener is dedicated to Admin Server. Secure (SSL) listener is recommended for Admin Server.
|
| |
| Table of Contents |
|
| |
| Listener Name |  |
|
| Description: A unique name for this listener.
|
|
| IP Address | |
|
| Description: Specifies the IP of the listener. All available IP address is listed,
IPv6 address is enclosed in "[]". To listen on all IPv4 IP address,
ANY should be selected; to listen on all IPv4 and IPv6 IP address,
[ANY] should be selected. In order to serve both IPv4 and IPv6
clients, an IPv4-mapped IPv6 address should be used instead of a
plain IPv4 address, which looks like [::FFFF:x.x.x.x].
|
| Syntax: Select from drop down list |
| Tips: [Security] If your machine has multiple IPs which are on different sub networks,
you can select a specific IP to only allow traffic from corresponding sub network. |
|
| Port | |
|
| Description: Specifies the TCP port of the listener. Only super user (root) can use port
lower than 1024. Port 80 is the default HTTP port; port 443 is the default HTTPS port.
|
| Syntax: Integer number |
|
| Binding | |
|
| Description: [Enterprise Edition Only] Specifies which lshttpd child
process the listener is assigned to. Enterprise Edition spawns
multiple children processes to take advantage of multiple CPUs in a
SMP system, different child process can be used to handle requests to
different listener by manually associating a listener with a
process. By default, a listener is assigned to all children processes.
|
| Syntax: Select from checkbox |
|
| Secure | |
|
| Description: Specifies whether this is a secure (SSL) listener.
For secure listeners, additional SSL settings need to be set properly.
|
| Syntax: Select from radio box |
|
| SSL Private Key & Certificate | |
|
| Description: Every SSL listener requires a pair of SSL private key and SSL certificate.
Multiple SSL listeners can share same key and certificate.
SSL private key can be generated by yourself using SSL software
package, such as OpenSSL. SSL certificate can be purchased from an authorized certificate
issuer like VeriSign or Thawte. You can also sign the certificate by yourself,
but that certificate is not trusted and not supposed to be used on public web
sites containing critical data. However, the self signed certificate is good
enough for internal use, for e.g., for encrypting traffic for the
web administration console of LiteSpeed server. |
|
| Private Key File | |
|
| Description: Specifies the file name of the SSL private key file. The key file should not be encrypted.
|
| Syntax: File name which can be an absolute path or relative to $SERVER_ROOT. |
| Tips: [Security] The private key file should be placed in a secured directory that
allows only readable access by whom the server running as. |
|
| Certificate File | |
|
| Description: Specifies the file name of the SSL certificate file.
|
| Syntax: File name which can be an absolute path or relative to $SERVER_ROOT. |
| Tips: [Security] The certificate file should be placed in a secured directory,
which allows only readable access by the user that the server running as. |
|
| Chained Certificate | |
|
| Description: Specifies whether the certificate is a chained certificate or
not. The file that stores a certificate chain must be in PEM format,
and the certificates must be in the chained order, from the lowest level
(the actual client or server certificate), to the highest level (root) CA.
|
| Syntax: Select from radio box |
|
| CA Certificate Path | |
|
| Description: Specifies the directory where the Certificates of Certification
Authorities (CAs) are being kept. Those certificates are for
constructing the server certificate chain, which will be sent to browsers in
addition to the server certificate.
|
| Syntax: path |
|
| CA Certificate File | |
|
| Description: Specifies the file contains all certificates of Certification
Authorities (CAs) for chained certificates.
It is simply the concatenation of PEM-encoded Certificate
files, in order of preference. This can be used alternatively or
additionally to CA Certificate Path. Those certificates are for
constructing the server certificate chain, which will be sent to browsers in
addition to the server certificate.
|
| Syntax: File name which can be an absolute path or relative to $SERVER_ROOT. |
|
| SSL Protocol | |
|
| Description: Customizes SSL Protocols accepted by the listener. |
|
| SSL Version | |
|
| Description: Specifies which version of SSL protocol will be used. You can choose from
SSLv2, SSLv3 and TLSv1.
|
| Tips: [Security] Enable SSLv2 only if you have to because it is flawed. |
|
| Encryption Level | |
|
| Description: Specifies the strength level of SSL encryption.
|
| Syntax: Check all the encryption method that you want to accept. |
| Tips: [Security & Performance] Stronger encryption consumes more CPU
cycles. eNULL means no encryption at all, therefore has the best performance. |
|
