The Server.xml file is located at the root level of the conf directory and contains tags that define user names and passwords for server administrators and virtual host administrators. You edit the Server.xml file to add or remove administrators. The administrators defined in this file will be able to connect to the server with the Administration Console. Server administrators can use all of the features and see all of the information available in the Administration Console. Virtual host administrators can use the Administration Console only to see information and perform tasks that relate to their particular virtual host.
The Server.xml file contains the following tag structure, along with comments that briefly describe each tag.
 |
<Root> is the root tag for the XML document. It is a container for all the other tags.
|
|
<Admin> is a container for server administrator and virtual host administrator settings.
|
|
The first <Server> tag is a container for the server administrator <UserList> tags. |
|
<UserList> is a container for one or more <User> tag groups.
|
|
The <User> tag inside the <UserList> tag specifies the user name of a server administrator in its name parameter and is a container for the <Password>, <Allow>, <Deny>, and <Order> tags. |
|
To connect with the Administration Console that is installed with the server, a user must be defined in a <User> tag group. For more information about using the Administration Console (admin.swf), see Using the Administration Console. |
|
You define the first administrator when you run the server installer. There must be at least one administrator defined for the server; otherwise no users can connect with the Administration Console. You can define additional administrators by including additional <User> sections in the Server.xml file. Each <User> section must contain a <Password> tag. Normally, you edit administrator user names and passwords using the Administration Console. You may use any characters in user names entered with the Administration Console. However, if you edit this information directly in the Server.xml file, remember to use only valid XML. |
|
By default, only the Administration Console requires a valid administrator user name and password when a connection is being made to the server. Other client applications do not require any user name or password unless they are explicitly programmed to do so by the author. |
|
<Password> specifies the password for the <User> tag that contains it. The encrypt attribute indicates whether to encrypt the contents of the password. If the encrypt attribute is set to true, the password you see in the file is the encrypted password. If you edit the contents of this tag directly in the Server.xml file rather than with the Administration Console, you must set the encrypt attribute to false and use only valid XML in the password. Passwords cannot be empty ("").
|
|
<Allow> contains a list of hosts from which the administrator user should be allowed to connect. You can include whole host names (also called domain names) or IP addresses in the list. Separate each host name or address with a comma. The keyword all can be specified to allow connections from all hosts.
|
|
For example, an <Allow> tag might look like this: |
|
<Allow>www.macromedia.com, 12.34.56.78</Allow>
|
|
Whenever possible, use IP addresses in the <Allow> tag. This increases the server's performance when processing connection requests. |
|
<Deny> contains a list of hosts from which the administrator user should not be allowed to connect. You can include whole or partial host names (also called domain names) or IP addresses in the list. By including partial host names, such as myCompany.com, you can deny connections to users connecting from any computer within the myCompany.com domain. Separate host names or addresses with a comma. The keyword all can be specified to deny connections from all hosts except the local host. |
|
For example, a <Deny> tag might look like this: |
|
<Deny>hackerSite.com, 87.65.43.21</Deny>
|
|
As with the <Allow> tag, use IP addresses in the <Deny> tag whenever possible for increased server performance. |
|
<Order> specifies the order in which to evaluate the preceding <Allow> and <Deny> tags. It can be set to either Deny,Allow (the default) or Allow,Deny. |
|
When Deny,Allow is specified, the server allows the user specified in <Username> to connect from any host that is not included in the <Deny> tag or is included in the <Allow> tag. Access is denied from any host that is included in the <Deny> tag and is not included in the <Allow> tag. |
|
When Allow,Deny is specified, the server allows the specified user to connect only from hosts that are included in the <Allow> tag and are not included in the <Deny> tag. Access is denied from any host that is not included in the <Allow> tag or is included in the <Deny> tag. |
|
<Adaptor> specifies the name of an adaptor in its name attribute. It is a container for one or more <VirtualHost> tag groups that specify the virtual host administrators for each virtual host in the adaptor. You may specify multiple adaptors by adding additional <Adaptor> tag groups to the Server.xml file.
|
|
<VirtualHost> specifies the name of a virtual host in its name parameter. It is a container for a <UserList> tag that defines administrators for the specified virtual host. The name parameter specifies the name of the virtual host; the name of the virtual host should be the same as used in the NetConnection.connect statement of an application that connects to this host.
|
|
The name parameter also tells the server which virtual host the enclosed <UserList> tag refers to. If you have more than one virtual host on one or more adaptors on the server, you specify their administrator information with separate sets of <VirtualHost> tags in the Server.xml file. |
|
The <UserList> tag is a container for one or more <User> tag groups. |
|
The next <User> tag specifies the name of a virtual host administrator in its name parameter. The user name can contain only alphanumeric characters. The <User> tag contains the same set of password and host-permission tags as the <User> tag in the earlier <Server> tag, but this <User> tag specifies the administrator user information for the virtual host tag that contains it. Virtual host administrators can only perform administration tasks relating to the applications running on their own virtual host. Administration tasks relating to the virtual host itself must be performed by a server administrator. |
|
You can specify multiple administrator users for a single virtual host by including additional sets of <User> tags in the <UserList> tag for the virtual host. |
|
Only users defined here and in the earlier <User> tag (in the <Server> section) are allowed to connect to the Administration Console. (For more information, see Using the Administration Console.) Normally, you add and edit virtual host administrator information with the Administration Console. If you edit user names directly in the Server.xml file, you must use only valid XML in the <User> and <Password> tags. |
|
By default, only the Administration Console requires a valid administrator user name and password when connecting to the server. Other client applications do not require any user name or password unless they are explicitly programmed to do so by the author. |
|
The <Password> tag specifies the password for the <User> tag that contains it. Its format is the same as the <Password> tag inside the earlier <Server> tag. |
|
The <Allow> tag inside the <VirtualHost> tag works the same way as the <Allow> tag inside the earlier <Server> tag, but applies only to the <User> tag that contains it. |
|
The <Deny> tag inside the <VirtualHost> tag works the same way as the <Deny> tag inside the earlier <Server> tag, but applies only to the <User> tag that contains it. |
|
The <Order> tag inside the <VirtualHost> tag works the same way as the <Order> tag inside the earlier <Server> tag, but applies only to the <User> tag that contains it. |
|
The <Server> tag contains the <Process> tag, the <Mask> tag, the <LicenseInfo> tag, the <AdminServer> tag, and the <ResourceLimits> tag. This <Server> tag is distinct from the <Server> tag found under the <Admin> tag earlier in the file. |
|
<Process> contains the next two tags, <UID> and <GID>. These tags are applicable for Flash Communication Server systems running on UNIX systems only. At installation, you specify which user (the default is the "nobody" user) server processes should run as. This user is also the owner of the Flash Communication Server files. To make server processes run as a different user than what you specified at installation, you can use the <UID> and <GID> tags. Note that if <UID> and <GID> are empty, the server runs as root.
|
|
<UID> contains the process user ID (valid for UNIX systems only). The default value is 99 for the "nobody" user. If this or the <GID> tag are empty, the server runs as root.
|
|
<GID> contains the process group ID (valid for UNIX systems only). The default value is 99 for the "nobody" group. If this or the <UID> tag are empty, the server runs as root.
|
|
<Mask> contains a three-digit octal value used by the umask (user permissions mask) command to set a file creation mask. It controls who has read/write access to shared object and stream files in the server. This tag is applicable for UNIX systems only. The default mask value is 017; the server attempts to create files with a permissions setting of 666 and applies 666 to the 017 mask, resulting in a permissions setting of 0660. Acceptable values for each digit are from 0 to 7; if an invalid value is given, the default mask is applied.
|
|
The default value indicates that the owner of the server files and all the users belonging to the same group as the owner will have read/write access to shared object and stream files. (The owner is the root user or the user as which the server processes run, as specified during installation or in the <UID> tag.) |
|
Note: Regardless of the value of <Mask>, the server will never create files with execute permissions. Also, be careful if you change the first digit of <Mask>, which controls permissions for the owner: if the first digit is set to anything other than 0 or 1, the owner is denied read/write access, and the server itself will not be able to access the files it creates. All users will be denied the ability to record streams, keep persistent shared objects, or access FLV files or other features related to shared objects. For more information on umask usage, consult a standard UNIX reference manual. |
|
<LicenseInfo> contains the serial number for the server. The value of this tag is written to the Server.xml file by the server installer during installation.
|
|
<AdminServer> is a container for the <HostPort> tag, the <SocketGC> tag, and the <Process> tag.
|
|
<HostPort> specifies the port that the Admin service binds to. The Admin service is separate from the Flash Communication Server service. When administrators connect to the server with the Administration Console, they are connecting to the Flash Communication Admin service, which in turn connects to the Flash Communication Server. The default value is :1111 (note the colon). Only one port number may be specified in this tag.
|
|
<SocketGC> specifies how often, in seconds, to check for and remove inactive sockets on the Admin service.
|
|
<Process> contains the next two tags, <UID> and <GID>. These tags are applicable for Flash Communication Server systems running on UNIX systems only. At installation, Admin service processes are defined to run as a root user. You can specify a user ID and group ID for Admin service processes using these tags.
|
|
<UID> contains the process user ID. The default value is "nobody". If this and the <GID> tag are empty, the Admin service runs as root.
|
|
<GID> contains the process group ID. The default value is "nobody". If this and the <UID> tag are empty, the Admin service runs as root.
|
|
<ResourceLimits> specifies the maximum resource limits for the server. It contains the next five tags.
|
|
<CPUMonitor> specifies, in seconds, how often to monitor CPU usage. The default value is 1 second.
|
|
<ThreadPoolGC> specifies, in minutes, how often to collect and dispose of unused I/O threads. The default value is 20 minutes.
|
|
<ApplicationGC> specifies, in minutes, how often to collect and dispose of unused application instances. The default and minimum value is 5 minutes.
|
|
<FLVCacheSize> specifies the maximum FLV cache size, as a percentage of the total physical memory on the system. The default value is 40%.
|
|
<ServerDomain> specifies the domain name of the server. Set this to the server's domain name so that it can pass the domain name to any application servers it connects to. For security purposes, some application servers require this information as a part of incoming connection requests.
|
The following set of Server.xml tags has been customized for real-world use. Two server administrators are defined, root and jsmith. An administrator named panderson is defined for two virtual hosts, _defaultVHost_ and mysite.com. The <Allow> and <Deny> tags are set for all four administrators to allow them to connect only from the IP address 12.34.56.78. The server domain is set to www.macromedia.com.
