InterSystems Official
· Dec 15, 2022 5m read

Discontinue Apache web server installations (aka Private Web Server (PWS))

As previously announced at Global Summit 2022, InterSystems will discontinue shipping or installing an Apache-based web server (often referred to as the private web server or PWS); this change is currently planned for InterSystems IRIS 2023.2. 


With this new approach, you have full control to choose which web server best suits your purposes, and how you configure, maintain, and update it. A key benefit of this change is that you will no longer have to wait for an updated kit from InterSystems to get the latest version, which is important especially in security vulnerability situations. InterSystems will provide tools that you can use to help to configure Apache or IIS. (Note that the InterSystems IRIS Community Edition will continue to install a PWS.)


Installing a web server is a common process and typically easy – and it is well documented by the various web server vendors.

Below are examples for Ubuntu, Windows, and macOS. They demonstrate a quick installation so you can see the new behavior when InterSystems products do not include or install a web server. (Note that this code is provided as is and it not supported, nor is it sufficient to host mission-critical or data-sensitive applications.)

A FAQ is available, which has additional information and access to kits to try this new process. Please see the PDF linked at the end of this article for the FAQs, or at https://community.intersystems.com/post/discontinue-apache-web-server-installations-faq if you want to add to the discussion.    

There are often multiple ways to install a web server, please choose the one you are familiar with and works best for you. 

A new Early Access Program (EAP) has been created for those customer who wish to try out the new installer which doesn't include the PWS.  Please email nopws@InterSystems.com if you would to become part of this EAP and get access to the kits.

For feedback or concerns please contact us at nopws@InterSystems.com.

 

Here is an example for Microsoft Windows:

Use Microsoft Windows to install IIS.

Once installed you can install InterSystems IRIS, which will ask the user if IIS should be configured.

Here is an example using Ubuntu:

Prerequisites: User is allowed to use sudo, Ubuntu OS, no PWS installed

For Ubuntu the official repository of Apache can be used with the apt-get command.

Update the repository

            $ sudo apt-get update

Install Apache

            $ sudo apt-get install apache2

Verify that is installed

            $ apache2 -v

Install InterSystems IRIS

Test with the SMP (http://localhost/iris/csp/sys/UtilHome.csp)

If you just installed for testing purposes you can remove apache2 with:

            $ sudo apt-get remove apache2

Here is an example using macOS:

Install with

            $ brew install apache-httpd

To restart httpd after an upgrade or installation:

            $ brew services restart httpd

start it by using

sudo apachectl -k start

or restart it by using

            $ sudo apachectl -k restart

test if it by located your browser to

http://localhost:8080

 it should display: "It works"

 

Install IRIS  (please observe the new installation dialog as it is new)

Restart the Web Server

            $ sudo apachectl -k restart

Test with the SMP (http://localhost:8080/iris/csp/sys/UtilHome.csp)

If you just installed for testing purposes you can remove apache-http with:

            $ brew remove apache-httpd

Removal of Apache related settings or installations

Please be careful removing settings or configurations, and use at your own risk.

To remove apache httpd configuration for a single instance.

Locate Apache httpd.conf file. It’s location is platform dependent:

macOS: /usr/local/etc/httpd/httpd.conf

SuSE Linux: /etc/apache2/httpd.conf

Red Hat Linux: /etc/httpd/conf/httpd.conf

Ubuntu Linux: /etc/apache2/apache2.conf

AIX: /opt/freeware/etc/httpd/conf/httpd.conf_64 (if using 64-bit httpd)

        /opt/freeware/etc/httpd/conf/httpd.conf (if using 32-bit httpd)

 

As root edit httpd.conf and at the end of file remove section that starts with 

#### BEGIN-ApacheCSP-SECTION-<INSTANCENAME> ####

and ends with

#### BEGIN-ApacheCSP-SECTION-<INSTANCENAME> ####.

 

Restart Apache using command “sudo apachectl -k restart”

To remove Web Gateway configuration for a single instance:

If WebGateway installation directory was changed from the default, use the appropriate path in the instructions below.

As root edit /opt/webgateway/conf/CSP.ini and remove the following lines:

In section “[SYSTEM_INDEX]” remove line <INSTANCENAME>=Enabled

In section “[APP_PATH_INDEX]” remove line “/<nstancename>=Enabled”

Remove section “[APP_PATH:/<instancemame>]”

To cleanup Apache httpd from all IRIS instances:

Apache Configuration

Locate Apache httpd.conf file. It’s location is platform dependent:

macOS: /usr/local/etc/httpd/httpd.conf

SuSE Linux: /etc/apache2/httpd.conf

Red Hat Linux: /etc/httpd/conf/httpd.conf

Ubuntu Linux: /etc/apache2/apache2.conf

AIX: /opt/freeware/etc/httpd/conf/httpd.conf_64 (if using 64-bit httpd)

        /opt/freeware/etc/httpd/conf/httpd.conf (if using 32-bit httpd)

 

As root edit httpd.conf and at the end of file all sections which start with 

#### BEGIN-ApacheCSP-

and end with

#### END-ApacheCSP

 

Restart Apache using command “sudo apachectl -k restart”

 

To cleanup Web Gateway from all IRIS instances:

To remove Web Gateway configuration for a single instance:

If WebGateway installation directory was changed from the default, use the appropriate path in the instructions below.

sudo rm -rf /opt/webgateway

sudo rm -f /usr/local/etc/irissys/CSP_options

Discussion (23)6
Log in or sign up to continue

Just to be clear: in future IRIS installations, the System Management Portal will be unavailable, unless you have a web server installed and configured?

Separate question: the EAP program page mentioned above requires a login, and then offers to download an evaluation version of IRIS. I just want to look at that FAQ, which I couldn't find. Could that be made available more easily?

While I agree that embedding of a yet another web-server into installation of some enterprise software is really a very, very bad idea, increasing a vector of attack, and in the scenario of tightened enterprise install it should be avoided at all costs. But, OTOH, I understand the position of developers using full kit of IRIS (not community edition) for those this immediate Apache removal might lead to significant user experience regression. And it would be rather more preferable to "deprecate" it somehow smoother (e.g. change default to not install, but still keep it as part of a kit for developers installations).

But all this sounds like you actually need to have 3 kinds of kits available:

- community with PWS enabled by default;

- developer version, with all theoretical insecurities, but with convenient goodies integrated (i.e. Apache available, may be with vscode+extensions, and so on);

- and tightened, production ready kit, with Apache kit removed.

Use Microsoft Windows to install IIS.
Once installed you can install InterSystems IRIS, which will ask the user if IIS should be configured.

Unfortunately, as of latest IRIS and any previous IRIS/Caché, after default/standard configuration by install kit the SMP won't work properly without additional manual configuration of IIS.

I suggest ISC to fix this before removing PWS.

So currently I have iris installs with PWS as we all do, and I've configured IIS for https access to the management portal, but I'd like to see how the installer would setup IIS. Is the IIS configuration part of the setup agent going to be available to run outside the installer so that I could run it against a prior version of Iris and see how the IIS setup is configured? 

Additionally if I want to remove the PWS from an install after having configured IIS, is that supported for prior versions than 2023? Assuming the testing, upgrade release cycle internally is such that upgrading to 2023 isn't an option yet. 
Would that be answered in the future documentation mentioned here? 
"Once a customer has migrated off the private web server, they'll need to remove it manually.  (Add link to future documentation)"

Mark, you can try it out by joining the Early Access Program. The PWS was provided for convenience only and can always be removed or replaced with a different web server. In the future IRIS will check if a local web server is present and can configure the instance during the installation to use that web server (IIS on Windows, Apache everywhere else). I am going to augment the primary post to include removal information. Hope this helps.