HTTP Server

GreenArrow Engine comes with an HTTP server to provide a web interface, and click and open tracking.

• Table of Contents
• Enabling and Starting the HTTP Server
• IP Addresses and Ports to Provide HTTP
• IP Addresses and Ports to Provide HTTPS
• SSL key, Certificate Request, and Certificate
• Multiple SSL Certificates with Dedicated IPs
• Multiple SSL Certificates with Shared IPs
• Graceful Restarts
• URI Filtering
• Performance Tuning
• Advanced Configuration Changes
• Apache Server Status
• Passenger Status

Enabling and Starting the HTTP Server

• To enable the HTTP server, set the /var/hvmail/control/httpd.enabled file to 1 or true:

  echo 1 > /var/hvmail/control/httpd.enabled
  

• After enabling the HTTP server, you can start it with:

  svc -u /service/hvmail-httpd
  

• To disable the HTTP server, set the /var/hvmail/control/httpd.enabled file to 0 or false:

  echo 0 > /var/hvmail/control/httpd.enabled
  

• After disabling the HTTP server, you can shut it down with:

  svc -d /service/hvmail-httpd
  

IP Addresses and Ports to Provide HTTP

If you’re using GreenArrow’s click and open tracking, then we recommend running GreenArrow’s HTTP server on the default port (port 80). This is because some spam filters and firewalls are more likely to score a message as spam, or block access to a URL if a non-default port is used.

• List the IP address and port combinations for the HTTP service to listen on, one per line, in the /var/hvmail/control/httpd.listen file. For example, a line can contain just a port number, such as 80 to configure GreenArrow Engine’s HTTP server to listen on that port for all IP addresses assigned to the server:

  echo 80 > /var/hvmail/control/httpd.listen
  

• A line can also contain an IP address and a port combination, such as 1.2.3.4:80:

  echo 1.2.3.4:80 > /var/hvmail/control/httpd.listen
  

• To apply these changes, run:

  svc -t /service/hvmail-httpd
  

IP Addresses and Ports to Provide HTTPS

• List the IP address and port combinations for the HTTPS service to listen on, one per line, in the /var/hvmail/control/httpd.ssl.listen file. This file is in the same format as the /var/hvmail/control/httpd.listen file, unless you’re using multiple SSL Virtual Hosts.

• To apply changes, run:

  svc -t /service/hvmail-httpd
  

SSL key, Certificate Request, and Certificate

• To auto generate an SSL key and self-signed certificate run:

  /var/hvmail/bin/hvmail_generate_https_keys
  

• If you want to specify a name for the certificate request, other than the server name listed in /var/hvmail/control/me, run:

  /var/hvmail/bin/hvmail_generate_https_keys host.example.com
  

• The following files will be created:

  File	Contents
  /var/hvmail/control/httpd.ssl.crt	SSL certificate in PEM format.
  /var/hvmail/control/httpd.ssl.key	SSL private key in PEM format.
  /var/hvmail/control/httpd.ssl.csr	SSL certificate request in PEM format.

• You can overwrite any of these files with your own certificate, private key, or certificate request.

• To apply these changes, run:

  svc -t /service/hvmail-httpd
  

Multiple SSL Certificates with Dedicated IPs

You can configure different IP addresses to use different SSL certificates.

The default SSL certificate and key are stored in /var/hvmail/control/httpd.ssl.crt and /var/hvmail/control/httpd.ssl.key.

You can specify what ports or IP/port pairs the HTTPS server should listen on and optionally overwrite the default SSL certificate in /var/hvmail/control/httpd.ssl.listen. Here’s an example that uses the default SSL certificate on port 443, with the exception of three IP addresses, which each use a custom key, certificate and certificate chain:

443
10.0.0.1:443 key=/var/hvmail/control/custom_certificates/1.key crt=/var/hvmail/control/custom_certificates/1.crt crt_chain=/var/hvmail/control/custom_certificates/ca1.crt
10.0.0.2:443 key=/var/hvmail/control/custom_certificates/2.key crt=/var/hvmail/control/custom_certificates/2.crt crt_chain=/var/hvmail/control/custom_certificates/ca2.crt
10.0.03:443 key=/var/hvmail/control/custom_certificates/3.key crt=/var/hvmail/control/custom_certificates/3.crt crt_chain=/var/hvmail/control/custom_certificates/ca3.crt

To apply these changes, run:

svc -t /service/hvmail-httpd

Multiple SSL Certificates with Shared IPs

You can configure the same IP address to use multiple SSL certificates.

The default SSL certificate and key are stored in /var/hvmail/control/httpd.ssl.crt and /var/hvmail/control/httpd.ssl.key.

You can specify what ports or IP/port pairs the HTTPS server should listen on and optionally overwrite the default SSL certificate in /var/hvmail/control/httpd.ssl.listen. Here’s an example that uses the default SSL certificate on port 443, with the exception of an IP address which uses two custom certificates:

443
10.0.0.1:443 key=/var/hvmail/control/custom_certificates/1.key crt=/var/hvmail/control/custom_certificates/1.crt server_name=ssl1.example.com
10.0.0.1:443 key=/var/hvmail/control/custom_certificates/2.key crt=/var/hvmail/control/custom_certificates/2.crt server_name=ssl2.example.com

To apply these changes, run:

svc -t /service/hvmail-httpd

Graceful Restarts

To gracefully restart the web server, rather sending it a TERM signal with svc, run the following command:

/var/hvmail/bin/hvmail_update_httpd_config --graceful

URI Filtering

The following URI prefix needs to be publicly accessible in order for Engine to properly function:

• /click/

If you want to use the embeddable HTML campaign stats API then you should allow the access to the following URI prefixes:

• /greenarrowembed/assets/
• /greenarrowembed/stats_sends_view_drilldown.php
• /greenarrowembed/stats_sends_view_logs.php
• /gaeembed/assets/
• /gaeembed/stats_sends_view_drilldown.php
• /gaeembed/stats_sends_view_logs.php

The following URI prefixes need to be publicly accessible in order for Studio to properly function:

• /ga/open/
• /ga/click/
• /ga/unsubscribe/
• /ga/webviews/
• /ga/campaign_images/
• /ga/front/

Performance Tuning

The greenarrow.conf configuration file can be used to tune performance-related settings.

Advanced Configuration Changes

GreenArrow Engine uses the Apache HTTP Server. To customize this Apache installation’s configuration beyond the settings described above, place the configuration in one of the following files:

• Update the /var/hvmail/control/httpd.custom.conf file to make changes to the main Apache configuration.
• Update the /var/hvmail/control/httpd.ssl.custom.conf file to make change to the configuration of both GreenArrow’s default HTTPS Virtual Host, and any Virtual Hosts defined in /var/hvmail/control/httpd.ssl.listen.

To avoid creating conflicting configurations, please verify that your desired customizations are not configurable via some other mechanism, such as the configuration file before editing either of these advanced configuration files.

Apache Server Status

To view the status of Apache, navigate to the /greenarrowadmin/server-status path. This will require the credentials for GreenArrow Engine.

This screen can also be reached locally on the server at http://127.0.0.1/server-status-localhost.

Passenger Status

The web application server includes a command to check its status.

$ passenger-status
Version : 5.1.2
Date    : 2017-10-16 09:47:07 -0500
Instance: c7f46ehD (Apache/2.4.27 (Unix) OpenSSL/1.0.1e-fips PHP/5.6.31 Phusion_Passenger/5.1.2)

----------- General information -----------
Max pool size : 1
App groups    : 1
Processes     : 1
Requests in top-level queue : 0

----------- Application groups -----------
/var/hvmail/studio (production):
  App root: /var/hvmail/studio
  Requests in queue: 0
  * PID: 25131   Sessions: 0       Processed: 1       Uptime: 8m 55s
    CPU: 3%      Memory  : 146M    Last used: 8m 55s ago

In this screen, we can see Processes that indicates how many application processes are available for serving web requests. If pass__min_instances is lower than pass__max_pool_size, this number will vary based upon the volume of traffic. If they are equal, they will stay steady at that value.