.TH tntnet.xml 7 "2006\-07\-23" Tntnet "Tntnet users guide"
.SH NAME
.PP
tntnet.xml \- configuration file for
.BR tntnet (8)
.SH DESCRIPTION
.PP
Tntnet is configured using a xml file. The name of the file is \fItntnet.xml\fP. The
root node of \fItntnet.xml\fP should be \fB\fCtntnet\fR while it is not checked. Most of
the settings are just single values. They are described here in alphabetical
order.
.SH SETTINGS
.PP
This section describes the variables, used by Tntnet (8).
.TP
\fB\fC\fR\fIfilename\fP\fB\fC\fR
Writes a log entry for each request in a common format. This format is
compatible with most log file analyze systems for http servers.
.IP
The log file has the fields: \fB\fCpeer-ip\fR \- \fB\fCusername\fR [\fB\fCtime\fR] "\fB\fChttp-method\fR
\fB\fCquery-string\fR HTTP/\fB\fCmajor-version\fR.\fB\fCminor-version\fR" \fB\fChttp-return-code\fR
\fB\fCcontent-size\fR "\fB\fCreferer\fR" "\fB\fCuser-agent\fR"
.IP
The \fB\fCusername\fR, \fB\fCreferer\fR and \fB\fCuser-agent\fR may be '\-' when the value is not
available. Also the \fB\fCcontent-size\fR can be empty in some cases.
.IP
\fIExample\fP
.PP
.RS
.nf
/var/log/tntnet/access.log\fR\fIbytes\fP\fB\fC\fR
.IP
Specifies the number of bytes sent in a single system\-call. This does not
limit anything in application\-level. It does not affect e.g. savepoints or
exception\-handling. Component\-output is collected completely and then passed
in chunks of \fB\fCbufferSize\fR bytes to the operating system.
.IP
The default value is 16384.
.PP
\fB\fC\fR [ \fB\fC\fR\fIpath1\fP\fB\fC\fR ] \fB\fC\fR
.IP
\fB\fCcompPath\fR specifies, where tntnet should search for webapplications. Tntnet
searches first in the current directory and then in each directory, you
specify here, until a library is found. You can repeat the directive as many
times as desired to add more entries. If it is not found, the next
\fB\fCmappings\fR entry is tried.
.IP
\fIExample\fP
.PP
.RS
.nf
/usr/local/lib/tntnet
/usr/local/share/tntnet
.fi
.RE
.PP
\fB\fC\fR\fIdirectory\fP\fB\fC\fR
.IP
Does a
.BR chroot (2)-system
call on startup, which locks the process into the directory at system\-level.
.IP
\fIExample\fP
.PP
.RS
.nf
/var/tntnet
.fi
.RE
.PP
\fB\fC\fR\fI0|1\fP\fB\fC\fR
.IP
If this flag is set to 1, Tntnet forks at startup and terminates the
parent\-process on successful initialization.
.PP
\fB\fC
\fR\fIdirectory\fP\fB\fC\fR
.IP
Changes the current working directory of the process on startup.
.IP
\fIExample\fP
.PP
.RS
.nf
/var/tntnet
.fi
.RE
.PP
\fB\fC\fR\fIyes|no\fP\fB\fC\fR
.IP
Specifies, if Tntnet should use gzip\-compression at http\-level. By default
Tntnet use compression. A http\-client like a web browser can send a header
"Accept\-Encoding", to tell Tntnet, that it would accept compressed data.
Tntnet then can decide, if it use compression. When the body is complete,
Tntnet tries to compress the body. If the data can be compressed by more than
10%, Tntnet sends this compressed data. With this flag, this feature can be
turned off.
.IP
Compression slows down processing but reduces the network\-load. Normally the
size of html\-pages can be compressed by about 70%, while Tntnet slows down by
up to 30%.
.IP
\fIExample\fP
.PP
.RS
.nf
no
.fi
.RE
.PP
\fB\fC\fR\fIfilename\fP\fB\fC\fR
.IP
Redirects stderr to the specified file when tntnet runs as a daemon. If
ErrorLog is not set stderr is redirected to /dev/null.
.IP
\fIExample\fP
.PP
.RS
.nf
/var/log/tntnet/error.log
.fi
.RE
.PP
\fB\fC\fR\fIunix\-group\-id\fP\fB\fC\fR
.IP
Changes the group under which tntnet runs.
.IP
The user is changes using the system call
.BR setgid (2),
which is only allowed,
when tntnet starts as root user.
.IP
\fIExample\fP
.PP
.RS
.nf
tntnet-group
.fi
.RE
.PP
\fB\fC\fR\fImilliseconds\fP\fB\fC\fR
.IP
Sets the timeout for keep\-alive requests.
.IP
Tntnet tries to do keep\-alive\-requests wherever possible. This has the effect,
that tntnet can receive multiple requests within a single tcp\-connection. The
connection times out after KeepAliveTimeout milliseconds. The timeout defaults
to 15000ms.
.IP
\fIExample\fP
.PP
.RS
.nf
300000
.fi
.RE
.PP
\fB\fC\fR\fInumber\fP\fB\fC\fR
.IP
Sets the maximum number of request per tcp\-connection. This defaults to 100.
.IP
\fIExample\fP
.PP
.RS
.nf
10
.fi
.RE
.PP
\fB\fC\fR\fIlistener definition\fP\fB\fC\fR
.IP
Specifies, on which local interfaces tntnet waits for connections. There can
be more than one Listen\-directives, in which case tntnet waits on every
address.
.IP
See separate section \fIListeners\fP
.PP
\fB\fC\fR\fIlistener definition\fP\fB\fC\fR
.IP
Configures logging. See separate section \fIlogging\fP
.PP
\fB\fC\fR\fInumber\fP\fB\fC\fR
.IP
On startup Tntnet calls listen on the specified port. When the systemcall
returns with an error, Tntnet tries again and fails after the specified number
of attempts.
.IP
The default number is 5.
.IP
\fIExample\fP
.PP
.RS
.nf
10
.fi
.RE
.PP
\fB\fC\fR\fInumber\fP\fB\fC\fR
.IP
The system\-call
.BR listen (3p)
needs a parameter backlog, which specifies, how
many pending connections the operating\-system should queue before it starts to
ignore new request. The value is configurable here.
.IP
The default value is 16.
.IP
\fIExample\fP
.PP
.RS
.nf
64
.fi
.RE
.PP
\fB\fC\fR\fIurlmappings\fP\fB\fC\fR
.IP
This is the most important setting for tntnet. It specifies, which components
schould be called on which urls.
.IP
For details see the section \fIUrl mapping\fP.
.PP
\fB\fC\fR\fInumber\fP\fB\fC\fR
.IP
Mapping urls to components is done using regular expressions. Executing these
expressions is quite expensive while the number of different urls is quite
limited in typical web applications. Hence tntnet caches the results.
.IP
The caching algorithm is very simple. Tntnet just collects the results in a
map. When the maximum size of the list is reached, it is cleared. This makes
management of the cache very cheap.
.IP
This setting sets the maximum number of entries in the map.
.IP
If you see frequently a warning message, that the cache is cleared, you may
consider increasing the size.
.IP
The default value is 8192.
.IP
\fIExample\fP
.PP
.RS
.nf
32768
.fi
.RE
.PP
\fB\fC\fR\fInumber\fP\fB\fC\fR
.IP
This directive limits the size of the request. After \fInumber\fP Bytes the
connection is just closed. This prevents denial\-of\-service\-attacks through
long requests. Every request is read into memory, so it must fit into it.
Bear in mind, that if you use file\-upload\-fields a request might be larger
than just a few bytes.
.IP
The value defaults to 0, which means, that there is no limit at all.
.IP
\fIExample\fP
.PP
.RS
.nf
65536
.fi
.RE
.PP
\fB\fC\fR\fIseconds\fP\fB\fC\fR
.IP
In daemon mode tntnet has a watchdog, which restarts tntnet when the maximum
request time is exceeded. This happens, when a request is in a endless loop or
otherwise hangs. Restarting tntnet looses all active sessions and the
currently running requests. Therefore the timeout should be well long enough
for the longes request.
.IP
The default value is 600 seconds, which is normally much longer than a http
request should run. If the Timeout is set to 0, the watchdog is deactivated.
.IP
\fIExample\fP
.PP
.RS
.nf
1200
.fi
.RE
.PP
\fB\fC\fR\fInumber\fP\fB\fC\fR
.IP
Tntnet uses a dynamic pool of worker\-threads, which wait for incoming
requests. MinThreads specifies, how many worker threads there have to be. This
defaults to 5.
.IP
\fIExample\fP
.PP
.RS
.nf
10
.fi
.RE
.PP
\fB\fC\fR\fInumber\fP\fB\fC\fR
.IP
Http\-compression for replies smaller than this are not compressed at all.
.IP
The default value for this is 1024.
.IP
\fIExample\fP
.PP
.RS
.nf
256
.fi
.RE
.PP
\fB\fC\fR\fIfilename\fP\fB\fC\fR
.IP
Specify filename for mime db. The default is /etc/mime.types.
.IP
The format of the file is just like this /etc/mime.types. A mime type is
followed after white space by a list of file extensions delimited by white
space.
.PP
\fB\fC\fR\fInumber\fP\fB\fC\fR
.IP
Tntnet uses a dynamic pool of worker\-threads, which wait for incoming
requests. \fB\fCmaxThreads\fR limits the number of threads.
.IP
The default is 100.
.IP
\fIExample\fP
.PP
.RS
.nf
200
.fi
.RE
.PP
\fB\fC\fR\fIfilename\fP\fB\fC\fR
.IP
When run in daemon\-mode, tntnet writes the process\-id of the monitor\-process
to filename. When the monitor\-process is deactivated, the pid of the
worker\-process is written. This ensures, that sending a sigkill to the the
stored process\-id stops tntnet.
.IP
\fIExample\fP
.PP
.RS
.nf
/var/run/tntnet.pid
.fi
.RE
.PP
\fB\fC\fR\fInumber\fP\fB\fC\fR
.IP
Tntnet has a request\-queue, where new requests wait for service. This sets a
maximum size of this queue, after wich new requests are not accepted.
.IP
The default value is 1000.
.IP
\fIExample\fP
.PP
.RS
.nf
50
.fi
.RE
.PP
\fB\fC\fR\fIseconds\fP\fB\fC\fR
.IP
This sets the number of seconds without requests after which a sesssion is
timed out.
.IP
The default value is 300 seconds.
.IP
\fIExample\fP
.PP
.RS
.nf
600
.fi
.RE
.PP
\fB\fC\fR\fImilliseconds\fP\fB\fC\fR
.IP
A worker\-thread waits for some milliseconds on incoming data. If there is no
data, the job is put into a queue and another thread waits with
.BR poll (2)
on
incoming data on multiple sockets. The workerthreads are freed and they can
respond to other requests quickly. The default value is 10 milliseconds, which
is good for normal operation. A value of 0 results in non\-blocking read. If
timeout is reached, this does not mean, that the socket is closed. A small
timeout reduces contextswitches on slow connections.
.IP
\fIExample\fP
.PP
.RS
.nf
0
.fi
.RE
.PP
\fB\fC\fR\fImilliseconds\fP\fB\fC\fR
.IP
This defines the time, how long the workerthreads wait on write. If the
timeout is exceeded, the socket is closed and the browser might not get all
data. The default value is 10000 milliseconds.
.IP
\fIExample\fP
.PP
.RS
.nf
20000
.fi
.RE
.PP
\fB\fC\fR\fIms\fP\fB\fC\fR
.IP
When additional worker threads are needed tntnet waits the number of
milliseconds before it starts additional threads to prevent high load when
starting many threads at once.
.IP
The default value is 10ms.
.IP
\fIExample\fP
.PP
.RS
.nf
1000
.fi
.RE
.PP
\fB\fC\fR\fIusername\fP\fB\fC\fR
.IP
Changes the user under which tntnet answers requests.
.IP
The user is changes using the system call
.BR setuid (2),
which is only allowed,
when tntnet starts as root user.
.IP
\fIExample\fP
.PP
.RS
.nf
www-data
.fi
.RE
.SH URL MAPPING
.PP
Tntnet is a web server, which receives http requests from a http client and
answers them. A http request has a url and other attributes, which are used to
decide, how the answer should look like. This is done my mapping urls to components.
.PP
A component is something, which generates a http reply. They are normally
generated with the ecpp compiler
.BR ecppc (1).
The ecppc compiler generated C++
classes with component names. The classes are compiled and linked into a shared
library. Both the component name and the shared library name is needed to
identify a component.
.PP
The component identifier is a string built from the component name, the @
character and the shared library name. A example is \fB\fCmyclass@myapplication\fR.
This tells tntnet: load shared library \fB\fCmyapplication\fR and call the component
with the name \fB\fCmyclass\fR in that library, which creates the reply to the request.
.PP
To tell tntnet, which component to call, url mappings must be configured.
.PP
Configuration is done in the xml section \fB\fC\fR. Multiple mappings can be
configured there. A mapping has a condition and a target. Tntnet looks in the
list of mappings for the first mapping, where the condition is met and uses that
to call the component. The component may return either a reply \- then the
request is done or a special value \fB\fCDECLINED\fR, which tells tntnet to continue in
the list and look for the next mapping, where the condition is met.
.PP
The component, which returns \fB\fCDECLINED\fR may already have generated part of the
request. This is preserved for the next mapping. A common use case is to write a
special component, which just checks the user name and password. If the user
name and password is valid, \fB\fCDECLINED\fR is returned and tntnet calls the next
mapping where the condition is met.
.PP
Also when the condition is met, but the component could not be loaded, tntnet
continues with the next mapping.
.PP
When the end of the list is reached and no mapping returned a http reply code,
tntnet replies with http not found (404) error.
.PP
So how these mapping are specified then?
.PP
The mapping contains 3 kind of nodes:
.TP
\fB\fCconditions\fR
Multiple conditions can be specified. All conditions must be met when the
mapping is to be used.
.IP
The most important is \fB\fC\fR, which contains a extended regular expression
(see
.BR regex (7)
for details). This expression is checked against the url of the
request. If the url tag is omitted, the mapping is used for every url.
.IP
The condition \fB\fC\fR specifies the virtual host, for which this mapping is
valid. When this is specified, the mapping is only valid for requests, where
the virtual host matches the setting. The value is also a extended regular
expression. Note, that a dot matches any character in regular expressions,
which may be irritating here. If you want to specify a mapping for the all
hosts of the domain \fB\fCtntnet.org\fR, you have to set
\fB\fCtntnet\\.org$\fR. Also the dollar sign at the end is important,
since it matches the end of the string. Otherwise the mapping would be also
valid for a virtual host like \fB\fCtntnet.org.foo.com\fR, which may not be what you
meant.
.IP
The condition \fB\fCmethod\fR specifies the http method for which the mapping should
be considered. Again a extended regular expression is used.
.IP
The condition \fB\fCssl\fR is a boolean value. The value should be 0 or 1. The
setting checks, whether this mapping should be used depending on ssl. If the
value is 1, the condition is met, when the request is sent via ssl. If the
value is 0, the condition is met, when the request is sent without ssl.
.TP
\fB\fCtarget\fR
The mapping node contains a node \fB\fC\fR, which contains the component name,
which is to be called when the conditions are met.
.IP
The target may contain back references to the regular expression in the
\fB\fC\fR condition. Parts of the regular expression may be in brackets. In the
target $1 is replaced with the first bracketed expression, $2 with the second
and so on.
.IP
This node is mandatory.
.TP
\fB\fCparameters\fR
When the condition is met, additional parameters may be passed to the called
component. There are 2 nodes for this.
.IP
The node \fB\fC\fR can be requested in the component using
\fB\fCrequest.getPathInfo()\fR. If the node is not set, the url is set as path info.
.IP
The node \fB\fC\fR contains additional parameters, which can be passed to the
component. The node can have any number of nodes with values. The tags are
used as a parameter name and the content as the value. The method
\fB\fCrequest.getArg(\fR\fIname\fP\fB\fC)\fR returns the value of the specified \fIname\fP. When the
node is not set, the method returns a empty string. Optionally a diffrent
default value can be passed to the method as an additional parameter like
\fB\fCrequest.getArg(\fR\fIname\fP\fB\fC,\fR\fIdefaultValue\fP\fB\fC)\fR.
.IP
For compatibility reasons with older tntnet \fB\fCrequest.getArg\fR accepts a numeric
argument. Previously the arguments did not have names but were accessed by
index. To emulate this, \fB\fCrequest.getArg\fR with a numeric argument translates
the number into the name "\fB\fCarg\fR\fInumber\fP". So accessing
\fB\fCrequest.getArg(\fR\fI2\fP\fB\fC)\fR returns the value of the argument with the name
\fB\fCarg2\fR. Accessing a numeric argument equal or greater than the number of
arguments (the first is number 0) used to be not allowed. Now a empty string
is returned.
.PP
\fIExample\fP
.PP
.RS
.nf
index@myapp
^/$
index.html
action@myapp
POST
localhost
1
$1@myapp
^/([^.]+)(\\.(.+))?
$2
.fi
.RE
.SH LISTENERS
.PP
The section \fB\fC\fR specifies the ip addresses and ports, where tntnet
waits for incoming requests. Multiple listeners may be defined, when tntnet
should listen on multiple ip addresses or ports.
.PP
Each listener is defined in a node \fB\fC\fR. A listener must have a subnode
\fB\fC\fR and \fB\fC\fR. The node \fB\fC\fR may contain a ip address or hostname or may
be left empty. If the node is empty, any interface is used. The \fB\fC\fR must
contain the numeric port number.
.PP
The ip address may be a IPv4 or IPv6 address.
.PP
Optionally a tag \fB\fC\fR may be added. This enables ssl on the interface
and specifies the ssl host certificate for the interface. Note that tntnet can
be built without ssl support. In that case the certificate is just ignored and
unencrypted http is used here.
.PP
\fIExample\fP
.PP
.RS
.nf
80
443
tntnet.pem
.fi
.RE
.SH AUTHOR
.PP
This manual page was written by Tommi Mäkitalo
.MT tommi@tntnet.org
.ME .
.SH SEE ALSO
.PP
tntnet (1)