PLGWL 2
PLGWL 2
PLGWL 2
February 2015
This document describes the use of version 12.1.2 plug-ins
provided for proxying requests from web servers to Oracle
WebLogic Server. This document is intended mainly for
system administrators who manage the WebLogic Server
application platform and its various subsystems.
Oracle Fusion Middleware Using Oracle WebLogic Server Proxy Plug-Ins 12.1.2, 12c (12.1.2)
E38389-07
Copyright © 2007, 2015, Oracle and/or its affiliates. All rights reserved.
This software and related documentation are provided under a license agreement containing restrictions on
use and disclosure and are protected by intellectual property laws. Except as expressly permitted in your
license agreement or allowed by law, you may not use, copy, reproduce, translate, broadcast, modify, license,
transmit, distribute, exhibit, perform, publish, or display any part, in any form, or by any means. Reverse
engineering, disassembly, or decompilation of this software, unless required by law for interoperability, is
prohibited.
The information contained herein is subject to change without notice and is not warranted to be error-free. If
you find any errors, please report them to us in writing.
If this is software or related documentation that is delivered to the U.S. Government or anyone licensing it
on behalf of the U.S. Government, then the following notice is applicable:
U.S. GOVERNMENT END USERS: Oracle programs, including any operating system, integrated software,
any programs installed on the hardware, and/or documentation, delivered to U.S. Government end users
are "commercial computer software" pursuant to the applicable Federal Acquisition Regulation and
agency-specific supplemental regulations. As such, use, duplication, disclosure, modification, and
adaptation of the programs, including any operating system, integrated software, any programs installed on
the hardware, and/or documentation, shall be subject to license terms and license restrictions applicable to
the programs. No other rights are granted to the U.S. Government.
This software or hardware is developed for general use in a variety of information management
applications. It is not developed or intended for use in any inherently dangerous applications, including
applications that may create a risk of personal injury. If you use this software or hardware in dangerous
applications, then you shall be responsible to take all appropriate fail-safe, backup, redundancy, and other
measures to ensure its safe use. Oracle Corporation and its affiliates disclaim any liability for any damages
caused by use of this software or hardware in dangerous applications.
Oracle and Java are registered trademarks of Oracle and/or its affiliates. Other names may be trademarks of
their respective owners.
Intel and Intel Xeon are trademarks or registered trademarks of Intel Corporation. All SPARC trademarks
are used under license and are trademarks or registered trademarks of SPARC International, Inc. AMD,
Opteron, the AMD logo, and the AMD Opteron logo are trademarks or registered trademarks of Advanced
Micro Devices. UNIX is a registered trademark of The Open Group.
This software or hardware and documentation may provide access to or information about content,
products, and services from third parties. Oracle Corporation and its affiliates are not responsible for and
expressly disclaim all warranties of any kind with respect to third-party content, products, and services
unless otherwise set forth in an applicable agreement between you and Oracle. Oracle Corporation and its
affiliates will not be responsible for any loss, costs, or damages incurred due to your access to or use of
third-party content, products, or services, except as set forth in an applicable agreement between you and
Oracle.
Contents
3 Configuring WLS Web Server Proxy Plug-In for Apache HTTP Server
3.1 Support Note ............................................................................................................................... 3-1
3.2 Install the WLS Web Server Proxy Plug-In for Apache HTTP Server................................. 3-1
iii
3.2.1 Installation Prerequisites .................................................................................................... 3-2
3.2.2 Installing the Apache HTTP Server Plug-In .................................................................... 3-2
3.3 Configure the Apache HTTP Server Plug-In .......................................................................... 3-3
3.3.1 Editing the httpd.conf File.................................................................................................. 3-3
3.3.1.1 Placing WebLogic Properties Inside Location or VirtualHost Blocks .................. 3-6
3.3.1.2 Example: Configuring the Apache Plug-In .............................................................. 3-6
3.3.2 Including a weblogic.conf File in the httpd.conf File ..................................................... 3-7
3.3.2.1 Creating weblogic.conf Files ....................................................................................... 3-7
3.3.2.2 Sample weblogic.conf Configuration Files ............................................................... 3-8
3.3.2.3 Template for the Apache HTTP Server httpd.conf File ....................................... 3-10
3.4 Deprecated Directives for Apache HTTP Server................................................................. 3-10
4 Configuring the WLS Web Server Proxy Plug-In 12.1.2 for iPlanet Web Server
4.1 Overview of the WLS Web Sever Proxy Plug-In 12.1.2 for iPlanet ..................................... 4-1
4.2 Installing and Configuring the WLS Web Sever Proxy Plug-In 12.1.2 for iPlanet ........... 4-2
4.2.1 Installation Prerequisites .................................................................................................... 4-2
4.2.2 Installing the WLS Web Server Proxy Plug-In 12.1.2 for iPlanet Web Server ............ 4-3
4.2.3 Configuring the WLS Web Sever Proxy Plug-In 12.1.2 for iPlanet Web Server ......... 4-3
4.2.3.1 Proxying Requests by URL ......................................................................................... 4-3
4.2.3.2 Proxying the Request by MIME Type ....................................................................... 4-4
4.2.3.3 Testing the Plug-in ....................................................................................................... 4-5
4.2.4 Example: Configuring the iPlanet Plug-in ....................................................................... 4-6
4.2.5 Guidelines for Modifying the obj.conf File ...................................................................... 4-6
4.2.6 Sample obj.conf File (Not Using a WebLogic Cluster) ................................................... 4-6
4.2.7 Sample obj.conf File (Using a WebLogic Cluster)........................................................... 4-8
4.3 Deprecated Directives for iPlanet Web Server ....................................................................... 4-9
5 Configuring the WLS Web Server Proxy Plug-In 12.1.2 for Microsoft IIS Web
Server
5.1 Installing and Configuring the WLS Web Server Proxy Plug-In 12.1.2 for Microsoft IIS 5-1
5.1.1 Example: Configuring the IIS Plug-In .............................................................................. 5-5
5.2 Installing and Configuring the Microsoft IIS Plug-In for IIS 7.0.......................................... 5-6
5.3 Serving Static Files from the Web Server ............................................................................. 5-10
5.4 Using Wildcard Application Mappings to Proxy by Path ................................................. 5-11
5.4.1 Installing Wildcard Application Mappings (IIS 6.0).................................................... 5-11
5.4.2 Adding a Wildcard Script Map for IIS 7.5..................................................................... 5-11
5.5 Proxying Requests from Multiple Virtual Web Sites to WebLogic Server ...................... 5-12
5.5.1 Sample iisproxy.ini File.................................................................................................... 5-13
5.6 Creating ACLs Through IIS.................................................................................................... 5-13
5.7 Testing the Installation............................................................................................................ 5-14
iv
6.2 Use IPv6 With Plug-Ins .............................................................................................................. 6-5
6.3 Set Up Perimeter Authentication.............................................................................................. 6-5
6.4 Understanding Connection Errors and Clustering Failover ................................................ 6-6
6.4.1 Possible Causes of Connection Failures ........................................................................... 6-6
6.4.2 Tips for reducing Connection_Refused Errors................................................................ 6-7
6.4.3 Failover with a Single, Non-Clustered WebLogic Server .............................................. 6-7
6.4.4 The Dynamic Server List .................................................................................................... 6-7
6.4.5 Failover, Cookies, and HTTP Sessions ............................................................................. 6-8
6.4.6 Using SSL with the WLS Web Sever Proxy Plug-In 12.1.2 for iPlanet Web Server ... 6-9
6.4.7 Failover Behavior When Using Firewalls and Load Directors .................................. 6-10
v
vi
Preface
This preface describes the document accessibility features and conventions used in this
guide—Using Oracle WebLogic Server Proxy Plug-Ins 12c.
Documentation Accessibility
For information about Oracle's commitment to accessibility, visit the Oracle
Accessibility Program website at
http://www.oracle.com/pls/topic/lookup?ctx=acc&id=docacc.
Conventions
The following text conventions are used in this document:
Convention Meaning
boldface Boldface type indicates graphical user interface elements associated
with an action, or terms defined in text or the glossary.
italic Italic type indicates book titles, emphasis, or placeholder variables for
which you supply particular values.
monospace Monospace type indicates commands within a paragraph, URLs, code
in examples, text that appears on the screen, or text that you enter.
vii
viii
1
Overview of Web Server Proxy Plug-Ins 12.1.2
1
The following sections describe the plug-ins provided by Oracle for use with
WebLogic Server:
■ Section 1.1, "What are WLS Web Server Proxy Plug-Ins?"
■ Section 1.2, "Availability of WLS Web Server Proxy Plug-In 12.1.2"
■ Section 1.3, "Upgrading from 1.0 Plug-Ins"
■ Section 1.4, "Features of the Version 12.1.2 Plug-Ins"
■ Section 1.5, "Support and Patching"
Note: For Apache HTTP Server 1.3.x or 2.0.x, continue to use the
version 1.0 plug-in.
Note: If you upgrade from the 1.0 plug-ins and had been using
128-bit encryption, you need to change your configuration file to
reflect the new naming convention. For example, you need to change
mod_wl128_22.so to mod_wl.so.
Note: On the Apache Web Server for Linux, You can also obtain the
plugin version by issuing the following command:
$ strings ${PLUGIN_HOME}/lib/mod_wl.so | grep -i wlsplugins
A patch for a plug-in typically will contain one or more shared objects to be replaced.
Be sure to backup your original files as you replace them with those in the patch.
Validate that the patch has been correctly updated by checking the version string in
the logs.
This chapter describes how to configure the WebLogic Proxy Plug-In (mod_wl_ohs),
which is the plug-in for proxying requests from Oracle HTTP Server to Oracle
WebLogic server. The WebLogic Proxy Plug-In is included in the Oracle HTTP Server
12.1.2 installation. You need not download and install it separately.
You can configure the WebLogic Proxy Plug-In either by using Fusion Middleware
Control or by editing the mod_wl_ohs.conf configuration file manually.
This chapter contains the following topics:
■ Section 2.1, "Prerequisites for Configuring the WebLogic Proxy Plug-In"
■ Section 2.2, "Configuring the WebLogic Proxy Plug-In Using Fusion Middleware
Control"
■ Section 2.3, "Configuring the WebLogic Proxy Plug-In Manually"
■ Section 2.4, "Deprecated Directives for Oracle HTTP Server"
■ Section 2.5, "Troubleshooting WebLogic Proxy Plug-In Implementations"
Configuring the WebLogic Proxy Plug-In for Oracle HTTP Server 2-1
Configuring the WebLogic Proxy Plug-In Using Fusion Middleware Control
Field Description
WebLogic Cluster List of Oracle WebLogic Servers that can be used for load
balancing. The server or cluster list is a list of host:port
entries. If a mixed set of clusters and single servers is
specified, the dynamic list returned for this parameter will
return only the clustered servers.
If you are not sure if the correct cluster, you can click the
search icon to see a list of all associated clusters. For more
information, see Section 2.2.1, "Using the Search Function".
The module does a simple round-robin between all available
servers. The server list specified in this property is a starting
point for the dynamic server list that the server and module
maintain. Oracle WebLogic Server and the module work
together to update the server list automatically with new,
failed, and recovered cluster members.
You can disable the use of the dynamic cluster list by
disabling the Dynamic Server List ON field. The module
directs HTTP requests containing a cookie, URL-encoded
session, or a session stored in the POST data to the server in
the cluster that originally created the cookie.
Note: WebLogic Cluster and WebLogic Host are
mutually-exclusive fields; you should only specify one. If
you provide a value for both fields, WebLogic Cluster takes
precedence.
WebLogic Host Oracle WebLogic Server host (or virtual host name as defined
in Oracle WebLogic Server) to which HTTP requests should
be forwarded. If you are using a WebLogic cluster, use the
WebLogic Cluster parameter instead of WebLogic Host.
If you are not sure if the correct server, you can click the
search icon to see a list of all associated clusters. For more
information, see Section 2.2.1, "Using the Search Function".
Note: WebLogic Host and WebLogic Cluster are
mutually-exclusive fields; you should only specify on. If you
provide a value for both fields, WebLogic Cluster takes
precedence.
WebLogic Port Port at which the Oracle WebLogic Server host is listening for
connection requests from the module (or from other servers).
(If you are using SSL between the module and Oracle
WebLogic Server, set this parameter to the SSL listen port.)
Dynamic Server List ON | When set to OFF, the module ignores the dynamic cluster list
OFF used for load balancing requests proxied from the module
and only uses the static list specified with the WebLogic
Cluster parameter. Normally this parameter should be set to
ON.
There are some implications for setting this parameter to
OFF:
■ If one or more servers in the static list fails, the module
could waste time trying to connect to a dead server,
resulting in decreased performance.
■ If you add a new server to the cluster, the module cannot
proxy requests to the new server unless you redefine this
parameter. Oracle WebLogic Server automatically adds
new servers to the dynamic server list when they
become part of the cluster.
Error Page You can create your own error page to appear when your
Web server is unable to forward requests to Oracle WebLogic
Server.
Configuring the WebLogic Proxy Plug-In for Oracle HTTP Server 2-3
Configuring the WebLogic Proxy Plug-In Using Fusion Middleware Control
Field Description
WebLogic Temp Directory Specifies the location of the _wl_proxy directory for post data
files.
Exclude Path or MIME Type This parameter allows you exclude certain requests from
proxying.
This parameter can be defined locally at the Location tag
level as well as globally. When the property is defined locally,
it does not override the global property but defines a union
of the two parameters.
Match Expressions This region is used to specify any Expression overrides. For
example, if you were proxying by MIME type, you might
enter:
*.jsp WebLogicHost=myHost|paramName=value
You can define a new parameter for Match Expression by
using the following syntax:
*.jsp PathPrepend=/test PathTrim=/foo
Location This table is used to specify any location overrides. See step
6, below.
Path Trim specifies the string trimmed by the module from the
{PATH}/{FILENAME} portion of the original URL, before the request is
forwarded to WebLogic Server. For example, if the URL:
http://myWeb.server.com/weblogic/foo
is passed to the module for parsing and if Path Trim has been set to strip off
/weblogic before handing the URL to WebLogic Server, the URL forwarded to
WebLogic Server is:
http://myWeb.server.com:7002/foo
e. For the Path Prepend field, as per the RFC specification, generic syntax for
URL is:
[PROTOCOL]://[HOSTNAME]:{PORT}/{PATH}/{FILENAME};{PATH_PARAMS}/{QUERY_
STRING}...
Path Prepend specifies the path that the module prepends to the {PATH}
portion of the original URL, after Path Trim is trimmed and before the request
is forwarded to WebLogic Server.
Configuring the WebLogic Proxy Plug-In for Oracle HTTP Server 2-5
Configuring the WebLogic Proxy Plug-In Manually
DOMAIN_
HOME/config/fmwconfig/components/OHS/instances/componentName
3. Look for the <IfModule weblogic_module> element.
4. Add directives within the <IfModule weblogic_module> element in the
configuration file, as follows:
Example:
With the following configuration, requests for the /myapp1 URI received at the
Oracle HTTP Server listen port will be forwarded to /myapp1 on the Oracle
WebLogic Server with the listen port localhost:7001
<IfModule weblogic_module>
<Location /myapp1>
WLSRequest On
WebLogicHost localhost
WeblogicPort 7001
</Location>
</IfModule>
Example:
With the following configuration, requests for the /myapp2 URI received at the
Oracle HTTP Server listen port will be forwarded to /myapp2 the Oracle
WebLogic Server cluster containing the managed servers with the listen ports
localhost:8002 and localhost:8003.
<IfModule weblogic_module>
<Location /myapp2>
WLSRequest On
WebLogicCluster localhost:8002,localhost:8003
</Location>
</IfModule>
</IfModule>
<Location /weblogic>
WLSRequest On
WebLogicCluster apphost1.mycompany.com:7050,apphost2.com:7050
DefaultFileName index.jsp
</Location>
Configuring the WebLogic Proxy Plug-In for Oracle HTTP Server 2-7
Deprecated Directives for Oracle HTTP Server
For example:
<Location /weblogic>
WLSRequest On
WebLogicCluster apphost1.mycompany.com:7050,apphost2.com:7050
WLProxySSL On
WLProxySSLPassThrough ON
DefaultFileName index.jsp
</Location>
The directives WLLogFile and Debug are deprecated. If the configuration still uses any
of these directives, the following note will appear in the console log file:
The WLLogFile directive is ignored. The web server log file is used instead. The
Debug directive is ignored. The web server log level is used instead.
Configuring the WebLogic Proxy Plug-In for Oracle HTTP Server 2-9
Troubleshooting WebLogic Proxy Plug-In Implementations
This usually occurs if WLS server is too busy to respond to the connect request from
the WebLogic Proxy Plug-In. This can be resolved by setting WLSocketTimeoutSecs to
a higher value. This allows the WebLogic Proxy Plug-In to wait longer for the connect
request to be responded by the WLS server.
This chapter describes how to install and configure the WLS Web Server Proxy Plug-In
for Apache HTTP Server. It contains the following sections:
■ Section 3.1, "Support Note"
■ Section 3.2, "Install the WLS Web Server Proxy Plug-In for Apache HTTP Server"
■ Section 3.3, "Configure the Apache HTTP Server Plug-In"
■ Section 3.4, "Deprecated Directives for Apache HTTP Server"
3.2 Install the WLS Web Server Proxy Plug-In for Apache HTTP Server
After you download the WLS Web Server Proxy Plug-In for Apache HTTP Server, as
described in Section 1.2, "Availability of WLS Web Server Proxy Plug-In 12.1.2,", you
can install it as an Apache HTTP Server module in your Apache HTTP Server
installation.
Configuring WLS Web Server Proxy Plug-In for Apache HTTP Server 3-1
Install the WLS Web Server Proxy Plug-In for Apache HTTP Server
Table 3–1 Files Included in the Apache Web Server Plug-in Zip
(path)/filename Description
README.txt The README file for the plug-in.
bin/orapki.bat orapki tool for configuring Oracle wallets
jlib/*.jar orapki helper Java libraries
lib/mod_wl.so WebLogic proxy module
lib/*.so(.dll) Helper libraries
■ Install JDK 6 if you want to use SSL. The JDK 6 installation is required to use the
orapki utility, which manages public key infrastructure (PKI) elements, such as
wallets and certificate revocation lists, for use with SSL.
■ Ensure that you have a supported Apache HTTP Server installation.
For more information, see:
http://www.oracle.com/technology/software/products/ias/files/fusion_
certification.html.
■ Ensure that a supported version of Oracle WebLogic Server is configured and
running on a target system. Note that this server does not need to be running on
the system on which you extracted the plug-in zip distribution. For the supported
Oracle WebLogic Server versions, see:
http://www.oracle.com/technology/software/products/ias/files/fusion_
certification.html.
If you installed Apache HTTP Server using the script supplied by Apache, mod_
so.c is already enabled. Verify that mod_so.c is enabled by executing the following
command:
■ UNIX/Linux
APACHE_HOME/bin/apachectl -l
7. Verify the syntax of the httpd.conf file by running the following command:
■ UNIX/Linux
> APACHE_HOME/bin/apachectl -t
If the httpd.conf file contains any errors, the output of this command shows the
errors; otherwise, the command returns the following:
Syntax OK
Configuring WLS Web Server Proxy Plug-In for Apache HTTP Server 3-3
Configure the Apache HTTP Server Plug-In
WebLogicPort 7001
DebugConfigInfo ON
</IfModule>
If you are proxying requests by MIME type to a cluster of WebLogic Servers, use
the WebLogicCluster parameter instead of the WebLogicHost and WebLogicPort
parameters. For example:
<IfModule mod_weblogic.c>
WebLogicCluster w1s1.com:7001,w1s2.com:7001,w1s3.com:7001
MatchExpression *.jsp
MatchExpression *.xyz
</IfModule>
4. To proxy requests by path, use the <Location> block and the WLSRequest
statement. WLSRequest specifies the handler for the WLS Web Server Proxy Plug-In
for Apache HTTP Server module. For example the following Location block
proxies all requests containing /weblogic in the URL:
<Location /weblogic>
WLSRequest On
PathTrim /weblogic
</Location>
The PathTrim parameter specifies a string trimmed from the beginning of the URL
before the request is passed to the WebLogic Server instance (see Section 7.1,
"General Parameters for Web Server Plug-Ins").
5. The PathTrim parameter must be configured inside the <Location> tag. These
known issues arise when you configure the WLS Web Server Proxy Plug-In for
Apache HTTP Server to use SSL
■ The following configuration is incorrect:
<Location /weblogic>
WLSRequest On
</Location>
<IfModule mod_weblogic.c>
WebLogicHost localhost
WebLogicPort 7001
PathTrim /weblogic
</IfModule>
■ The current implementation of the WLS Web Server Proxy Plug-In for Apache
HTTP Server does not support the use of multiple certificate files with Apache
SSL.
6. Optionally, enable HTTP tunneling for t3 or IIOP.
a. To enable HTTP tunneling if you are using the t3 protocol and weblogic.jar,
add the following <Location> block to the httpd.conf file:
<Location /bea_wls_internal>
WLSRequest On
</Location>
b. To enable HTTP tunneling if you are using the IIOP, the only protocol used by
the WebLogic Server thin client, wlclient.jar, add the following Location block
to the httpd.conf file:
<Location /bea_wls_internal>
WLSRequest On
</Location>
7. Define any additional parameters for the WLS Web Server Proxy Plug-In for
Apache HTTP Server.
The WLS Web Server Proxy Plug-In for Apache HTTP Server recognizes the
parameters listed in Section 7.1, "General Parameters for Web Server Plug-Ins". To
modify the behavior of your WLS Web Server Proxy Plug-In for Apache HTTP
Server, define these parameters either:
■ In a <Location> block, for parameters that apply to proxying by path, or
■ At global or virtual host scope, for parameters that apply to proxying by
MIME type.
8. Verify the syntax of the httpd.conf file by running the following command:
■ UNIX/Linux
> APACHE_HOME/bin/apachectl -t
If the httpd.conf file contains any errors, the output of this command shows the
errors; otherwise, the command returns the following:
Syntax OK
Configuring WLS Web Server Proxy Plug-In for Apache HTTP Server 3-5
Configure the Apache HTTP Server Plug-In
<Location /weblogic>
WLSRequest On
WebLogicCluster w1s1.com:7001,w1s2.com:7001,w1s3.com:7001
</Location>
<VirtualHost apachehost:80>
WLSRequest On
WebLogicServer weblogic.server.com
WebLogicPort 7001
</VirtualHost>
<IfModule mod_weblogic.c>
WebLogicHost wls-host
WebLogicPort wls-port
</IfModule>
<Location /mywebapp>
WLSRequest On
</Location>
...
Note:You can also update the PATH by copying the 'lib' contents to
APACHE_HOME\lib or by editing the APACHE_
HOME/bin/apachectl to update the LD_LIBRARY_PATH.
The syntax of weblogic.conf files is the same as that for the httpd.conf file.
This section describes how to create weblogic.conf files, and includes sample
weblogic.conf files.
<Location /jurl>
WLSRequest On
WebLogicCluster agarwalp01:7001
WLTempDir "c:\jurl
</Location>
<Location /web>
WLSRequest On
PathTrim /web
Configuring WLS Web Server Proxy Plug-In for Apache HTTP Server 3-7
Configure the Apache HTTP Server Plug-In
WebLogicHost myhost
WebLogicPort 8001
WLTempDir "c:\web"
</Location>
<Location /foo>
WLSRequest On
WebLogicHost myhost02
WebLogicPort 8090
WLTempDir "c:\foo"
PathTrim /foo
</Location>
■ All the requests that match /jurl/* will have the POST data files in c:\jurl and will
reverse proxy the request to agarwalp01 and port 7001. All the requests that match
/web/* will have the POST data files in c:\web and will reverse proxy the request
to myhost and port 8001. All the requests that match /foo/* will have the POST
data files written to c:\foo and will reverse proxy the request to myhost02 and
port 8090.
■ You should use the MatchExpression statement instead of the <Files> block.
<IfModule mod_weblogic.c>
WebLogicCluster w1s1.com:7001,w1s2.com:7001,w1s3.com:7001
ErrorPage http://myerrorpage.mydomain.com
MatchExpression *.jsp
</IfModule>
####################################################
In Example 3–2, the MatchExpression parameter syntax for expressing the filename
pattern, the WebLogic Server host to which HTTP requests should be forwarded, and
various other parameters is as follows:
MatchExpression [filename pattern] [WebLogicHost=host] | [paramName=value]
The first MatchExpression parameter below specifies the filename pattern *.jsp, and
then names the single WebLogicHost. The paramName=value combinations following
the pipe symbol specify the port at which WebLogic Server is listening for connection
requests, and also activate the Debug option. The second MatchExpression specifies
the filename pattern *.html and identifies the WebLogic Cluster hosts and their ports.
The paramName=value combination following the pipe symbol specifies the error page
for the cluster.
# these parameters for each URL, you can set them again in
# the <Location> or <Files> blocks (Except WebLogicHost,
# WebLogicPort, WebLogicCluster, and CookieName.)
<IfModule mod_weblogic.c>
MatchExpression *.jsp WebLogicHost=myHost|WebLogicPort=7001|Debug=ON
MatchExpression *.html WebLogicCluster=myHost1:7282,myHost2:7283|ErrorPage=
http://www.xyz.com/error.html
</IfModule>
# VirtualHost2 = 127.0.0.2:80
<VirtualHost 127.0.0.2:80>
DocumentRoot "C:/test/VirtualHost1"
ServerName 127.0.0.2:80
<IfModule mod_weblogic.c>
#... WLS parameter ...
WebLogicCluster localhost:7101,localhost:7201
# Example: MatchExpression *.jsp <some additional parameter>
MatchExpression *.jsp PathPrepend=/test2
#... WLS parameter ...
</IfModule>
</VirtualHost>
You must define a unique value for ServerName or some plug-in parameters will not
work as expected.
Configuring WLS Web Server Proxy Plug-In for Apache HTTP Server 3-9
Deprecated Directives for Apache HTTP Server
<Location /weblogic>
WLSRequest On
PathTrim /weblogic
ErrorPage http://myerrorpage1.mydomain.com
</Location>
<Location /servletimages>
WLSRequest On
PathTrim /something
ErrorPage http://myerrorpage1.mydomain.com
</Location>
<IfModule mod_weblogic.c>
MatchExpression *.jsp
WebLogicCluster w1s1.com:7001,w1s2.com:7001,w1s3.com:7001
ErrorPage http://myerrorpage.mydomain.com
</IfModule>
To enable plug-in logs, set LogLevel to debug. The logs will be included in the file
pointed to by ErrorLog.
This chapter describes how to install and configure the WLS Web Server Proxy Plug-In
12.1.2 for iPlanet Web Server. In previous releases, this plug-in was referred to as the
Netscape Enterprise Server plug-in.
This chapter contains the following sections:
■ Section 4.1, "Overview of the WLS Web Sever Proxy Plug-In 12.1.2 for iPlanet"
■ Section 4.2, "Installing and Configuring the WLS Web Sever Proxy Plug-In 12.1.2
for iPlanet"
■ Section 4.3, "Deprecated Directives for iPlanet Web Server"
4.1 Overview of the WLS Web Sever Proxy Plug-In 12.1.2 for iPlanet
The WLS Web Sever Proxy Plug-In 12.1.2 for iPlanet Web Server enables requests to be
proxied from Oracle iPlanet Web Server to Oracle WebLogic Server. The plug-in
enhances a Oracle iPlanet Web Server installation by allowing WebLogic Server to
handle those requests that require the dynamic functionality of WebLogic Server.
The WLS Web Sever Proxy Plug-In 12.1.2 for iPlanet Web Server is designed for an
environment where Oracle iPlanet Web Server serves static pages, and an Oracle
WebLogic Server instance (operating in a different process, possibly on a different
machine) is delegated to serve dynamic pages, such as JSPs or pages generated by
HTTP Servlets. The connection between WebLogic Server and the WLS Web Sever
Proxy Plug-In 12.1.2 for iPlanet Web Server is made using clear text or Secure Sockets
Layer (SSL). To the end user—the browser—the HTTP requests delegated to WebLogic
Server appear to come from the same source as the static pages. Additionally, the
HTTP-tunneling facility of WebLogic Server can operate through the WLS Web Sever
Proxy Plug-In 12.1.2 for iPlanet Web Server, providing access to all WebLogic Server
services (not just dynamic pages).
The WLS Web Sever Proxy Plug-In 12.1.2 for iPlanet Web Server operates as a module
within a Oracle iPlanet Web Server. The module is loaded at startup and later based on
the configuration, certain HTTP requests are delegated to it.
For more information about Oracle iPlanet Web Server see,
http://download.oracle.com/docs/cd/E18958_01/doc.70/e18789/chapter.htm
Configuring the WLS Web Server Proxy Plug-In 12.1.2 for iPlanet Web Server 4-1
Installing and Configuring the WLS Web Sever Proxy Plug-In 12.1.2 for iPlanet
4.2 Installing and Configuring the WLS Web Sever Proxy Plug-In 12.1.2
for iPlanet
The following sections provide information pertaining to the installation prerequisites
and configuring the WLS Web Sever Proxy Plug-In 12.1.2 for iPlanet Web Server.
Table 4–1 Files Included in the Oracle iPlanet Web Server Plug-in Zip
(path)/filename Description
README.txt information specific to the distribution, late-breaking updates,
and other errata.
bin/orapki (.bat on orapki tool for configuring Oracle wallets
Windows)
jlib/*.jar orapki helper Java libraries
lib/mod_wl.so (.dll on WebLogic proxy module
Windows)
lib/*.so(.dll on Windows) Helper libraries
■ Installed JDK 6 if you want to use SSL. You must have a JDK 6 installation if you
want to use the orapki utility. The orapki utility manages public key infrastructure
(PKI) elements, such as wallets and certificate revocation lists, for use with SSL.
■ Created a supported WLS Web Sever Proxy Plug-In 12.1.2 for iPlanet Web Server
installation (7.0.9 or later) installed on IPLANET_HOME; that is, iPlanet server
listening on iplanet-host:iplanet-port.
The version 12.1.2 plug-in is supported on the WLS Web Sever Proxy Plug-In
12.1.2 for iPlanet Web Server platforms described in:
http://www.oracle.com/technology/software/products/ias/files/fusion_
certification.html
■ Created an iPlanet instance location (INSTANCE-DIR; for example, ${IPLANET_
HOME}/https-foo.
■ Created a supported version of WebLogic Server is configured and running on a
target system. Note that this server does not need to run on the system to which
you extracted the plug-in zip distribution. For the supported WebLogic Server
versions, see:
http://www.oracle.com/technology/software/products/ias/files/fusion_
certification.html
4.2.2 Installing the WLS Web Server Proxy Plug-In 12.1.2 for iPlanet Web Server
The WLS Web Server Proxy Plug-In 12.1.2 for iPlanet Web Server is distributed as a
shared object (.so) for Unix platforms and as a DLL (.dll) for Windows.
To instruct Oracle iPlanet Web Server to load the native library (mod_wl.so on Unix) as
a module, add the following line to the magnus.conf file.
Init fn="load-modules" shlib="mod_wl.so"
4.2.3 Configuring the WLS Web Sever Proxy Plug-In 12.1.2 for iPlanet Web Server
This section provides information about configuring the WLS Web Sever Proxy
Plug-In 12.1.2 for iPlanet Web Server.
Locate and open the obj.conf file
The default obj.conf file is located in the INSTANCE-DIR/config directory. Where
INSTANCE-DIR is the web server instance directory.
For more information, see
http://download.oracle.com/docs/cd/E19146-01/821-1827/821-1827.pdf
There are different ways to configure obj.conf file.
Read guidelines for Section 4.2.5, "Guidelines for Modifying the obj.conf File". The
obj.conf file defines which requests are proxied to WebLogic Server and other
configuration information.
Here is an example of the object definitions for two separate ppaths that identify
requests to be sent to different instances of WebLogic Server:
<Object ppath="*/weblogic/*">
Service fn=wl-proxy WebLogicHost=myserver.com WebLogicPort=7001
PathTrim="/weblogic"
</Object>
<Object name="si" ppath="*/servletimages/*">
Service fn=wl-proxy WebLogicHost=otherserver.com WebLogicPort=7008
</Object>
Configuring the WLS Web Server Proxy Plug-In 12.1.2 for iPlanet Web Server 4-3
Installing and Configuring the WLS Web Sever Proxy Plug-In 12.1.2 for iPlanet
Note: iPlanet Web Server 7.0.9 and above already defines the MIME
type for JSPs. Change the existing MIME type from
magnus-internal/jsp to text/jsp.
All requests with a designated MIME type extension (for example, .jsp) can be proxied
to the WebLogic Server, regardless of the URL.
For example, to proxy all JSPs to a WebLogic Server, the following Service directive
should be added:
Service method="(GET|HEAD|POST|PUT)" type=text/jsp fn=wl-proxy
WebLogicHost=myserver.com WebLogicPort=7001 PathPrepend=/jspfiles
This Service directive proxies all files with the .jsp extension to the designated
WebLogic Server, where they are served with a URL like this:
http://myserver.com:7001/jspfiles/myfile.jsp
The value of the PathPrepend parameter should correspond to the context root of a
Web Application that is deployed on the WebLogic Server or cluster to which requests
are proxied.
After adding entries for the WLS Web Server Proxy Plug-In 12.1.2 for iPlanet Web
Server, the default <Object> definition will be similar to the following example:
<Object name="default">
AuthTrans fn="match-browser" browser="*MSIE*" ssl-unclean-shutdown="true"
NameTrans fn="pfx2dir" from="/mc-icons" dir="/export/home/ws/lib/icons"
name="es-internal"
PathCheck fn="uri-clean"
PathCheck fn="check-acl" acl="default"
PathCheck fn="find-pathinfo"
PathCheck fn="find-index" index-names="index.html,home.html
ObjectType fn="type-by-extension"
ObjectType fn="force-type" type="text/plain"
Service method="(GET|HEAD|POST|PUT)" type="text/jsp" fn="wl-proxy"
WebLogicHost="myweblogic.server.com" WebLogicPort="7100"
Service method="(GET|HEAD)" type="magnus-internal/directory" fn="index-common"
You can add a similar Service statement to the default object definition for all other
MIME types that you want to proxy to WebLogic Server.
For proxy-by-MIME to work properly you need to disable Java from the WLS Web
Server Proxy Plug-In 12.1.2 for iPlanet Web Server otherwise, SUN One will try to
serve all requests that end in *.jsp and will return a 404 error as it will fail to locate the
resource under $doc_root.
To disable Java from the Oracle iPlanet Web Server, comment out the following in the
obj.conf file under the name="default"
#NameTrans fn="ntrans-j2ee" name="j2ee" and restart the web server. Optionally,
■ If you are proxying by path, enable HTTP-tunneling.
If you are using weblogic.jar and tunneling the t3 protocol, add the following
object definition to the obj.conf file, substituting the WebLogic Server host name
and the WebLogic Server port number, or the name of a WebLogic Cluster that you
want to handle HTTP tunneling requests.
<Object name="tunnel" ppath="*/HTTPClnt*"
Service fn=wl-proxy WebLogicHost=myserver.com WebLogicPort=7001
</Object>
■ If you are tunneling IIOP, which is the only protocol used by the WebLogic Server
thin client, wlclient.jar, add the following object definition to the obj.conf file,
substituting the WebLogic Server host name and the WebLogic Server port
number, or the name of a WebLogic Cluster that you want to handle HTTP
tunneling requests.
<Object name="tunnel" ppath="*/iiop*">
Service fn=wl-proxy WebLogicHost=myserver.com WebLogicPort=7001
</Object>
For information on how to create a default Web Application, see Developing Web
Applications, Servlets, and JSPs for Oracle WebLogic Server
Configuring the WLS Web Server Proxy Plug-In 12.1.2 for iPlanet Web Server 4-5
Installing and Configuring the WLS Web Sever Proxy Plug-In 12.1.2 for iPlanet
For more information on configuring the contents of obj.conf, see Section 4.2.6,
"Sample obj.conf File (Not Using a WebLogic Cluster)" and Section 4.2.7, "Sample
obj.conf File (Using a WebLogic Cluster)".
3. At the prompt, include the %PLUGIN_HOME%\lib in the PATH by entering:
set PATH=C:\myhome\weblogic-plugin-12.1.2\lib:...
Note:You can also update the PATH by copying the 'lib' contents to
IPLANET_HOME\lib or editing the IPLANET_INSTANCE_
HOME\bin\startserv.
Configuring the WLS Web Server Proxy Plug-In 12.1.2 for iPlanet Web Server 4-7
Installing and Configuring the WLS Web Sever Proxy Plug-In 12.1.2 for iPlanet
Configuring the WLS Web Server Proxy Plug-In 12.1.2 for iPlanet Web Server 4-9
Deprecated Directives for iPlanet Web Server
The following sections describe how to install and configure the WLS Web Server
Proxy Plug-In 12.1.2 for Microsoft IIS Web Server:
■ Section 5.1, "Installing and Configuring the WLS Web Server Proxy Plug-In 12.1.2
for Microsoft IIS"
■ Section 5.2, "Installing and Configuring the Microsoft IIS Plug-In for IIS 7.0"
■ Section 5.3, "Serving Static Files from the Web Server"
■ Section 5.4, "Using Wildcard Application Mappings to Proxy by Path"
■ Section 5.5, "Proxying Requests from Multiple Virtual Web Sites to WebLogic
Server"
■ Section 5.6, "Creating ACLs Through IIS"
■ Section 5.7, "Testing the Installation"
5.1 Installing and Configuring the WLS Web Server Proxy Plug-In 12.1.2
for Microsoft IIS
To install the WLS Web Server Proxy Plug-In 12.1.2 for Microsoft IIS Web Server:
1. Download the WLS Web Server Proxy Plug-In for IIS Web Server, as described in
Section 1.2, "Availability of WLS Web Server Proxy Plug-In 12.1.2." The zip file
contains these files:
2. Copy the iisproxy.dll file into a convenient directory that is accessible to IIS. This
directory must also contain the iisproxy.ini file that you will create in step 6.
Configuring the WLS Web Server Proxy Plug-In 12.1.2 for Microsoft IIS Web Server 5-1
Installing and Configuring the WLS Web Server Proxy Plug-In 12.1.2 for Microsoft IIS
3. Set the user permissions for the iisproxy.dll file to include the name of the user
who will be running IIS. One way to do this is by right clicking on the iisproxy.dll
file and selecting Permissions, then adding the username of the person who will
be running IIS.
4. If you want to configure proxying by file extension (MIME type) complete this
step. (You can configure proxying by path in addition to or instead of configuring
by MIME type. See step 5.)
a. Start the Internet Information Service Manager by selecting it from the Start
menu.
b. In the left panel of the Service Manager, select your Web site (the default is
Default Web Site).
e. In the Properties panel, select the Home Directory tab, and click
Configuration in the Applications Settings section.
f. On the Mappings tab, click Add to add file types and configure them to be
proxied to WebLogic Server.
Configuring the WLS Web Server Proxy Plug-In 12.1.2 for Microsoft IIS Web Server 5-3
Installing and Configuring the WLS Web Server Proxy Plug-In 12.1.2 for Microsoft IIS
check does not find the files there, the iisproxy.dll file will not be allowed to
proxy requests to the WebLogic Server.
j. In the Directory Security tab, set the Method exclusions as needed to create a
secure installation.
k. When you finish, click OK to save the configuration. Repeat this process for
each file type you want to proxy to WebLogic.
l. When you finish configuring file types, click OK to close the Properties panel.
Note: In the URL, any path information you add after the server and
port is passed directly to WebLogic Server. For example, if you request
a file from IIS with the URL:
http://myiis.com/jspfiles/myfile.jsp
it is proxied to WebLogic Server with a URL such as
http://mywebLogic:7001/jspfiles/myfile.jsp
5. If you want to configure proxying by path, see Section 5.4, "Using Wildcard
Application Mappings to Proxy by Path".
6. In the directory used in Step 2, create the iisproxy.ini file.
The iisproxy.ini file contains name=value pairs that define configuration
parameters for the plug-in. The parameters are listed in Section 7–1, " General
Parameters for Web Server Plug-Ins".
Use the example iisproxy.ini file in Section 5.5.1, "Sample iisproxy.ini File" as a
template for your iisproxy.ini file.
Note: Changes in the parameters will not go into effect until you
restart the "IIS Admin Service" (under services, in the control panel).
Oracle recommends that you locate the iisproxy.ini file in the same directory that
contains the iisproxy.dll file. You can also use other locations. If you place the file
elsewhere, note that WebLogic Server searches for iisproxy.ini in the following
directories, in the following order:
a. In the same directory where iisproxy.dll is located.
b. In the home directory of the most recent version of WebLogic Server that is
referenced in the Windows Registry. (If WebLogic Server does not find the
iisproxy.ini file in the home directory, it continues looking in the Windows
Registry for older versions of WebLogic Server and looks for the iisproxy.ini
file in the home directories of those installations.)
c. In the directory c:\weblogic, if it exists.
7. Define the Oracle WebLogic Server host and port number to which the Microsoft
Internet Information Server plug-in proxies requests. Depending on your
configuration, there are two ways to define the host and port:
Configuring the WLS Web Server Proxy Plug-In 12.1.2 for Microsoft IIS Web Server 5-5
Installing and Configuring the Microsoft IIS Plug-In for IIS 7.0
5.2 Installing and Configuring the Microsoft IIS Plug-In for IIS 7.0
This section describes differences in how you set up the Microsoft Internet Information
Server plug-in for IIS 7.0.
To set up the Microsoft Internet Information Server plug-in for IIS 7.0, follow these
steps:
1. Create a web application in IIS Manager by right clicking on Web Sites > Add
Web Site.
Fill in the Web Site Name with the name you want to give to your web
application; for example, MyApp. Select the physical path of your web application
Port (any valid port number not currently in use).
Click OK to create the web application.
If you can see the name of your application under Web Sites it means that your
application has been created and started running. Click the MyApp node under
Web Sites to see all of the settings related to the MyApp application, which you
can change, as shown in Figure 5–5.
2. Click Handler Mappings to set the mappings to the handler for a particular MIME
type.
3. Click the StaticFile and change the Request path from * to *.*. Click OK.
4. Click MyApp and then click Add Script Map on the right-hand side menu
options. Enter * for the Request path.
Browse to the iisproxy.dll file and add it as the executable. Name it proxy.
Configuring the WLS Web Server Proxy Plug-In 12.1.2 for Microsoft IIS Web Server 5-7
Installing and Configuring the Microsoft IIS Plug-In for IIS 7.0
5. Click Request Restrictions and deselect Invoke handler only if the request is
mapped to.
6. Click OK to add this Handler mapping. Click Yes on the Add Script Map dialog
box.
7. If you want to configure proxying by path, see Section 5.4, "Using Wildcard
Application Mappings to Proxy by Path".
8. Click the Root node of the IIS Manager tree and click the ISAPI and CGI
Restrictions. Make sure to check Allow unspecified ISAPI modules.
9. Create a file called iisproxy.ini with the following contents and place it in the
directory with the plug-in:
WebLogicHost= @hostname@
WebLogicPort= @port@
ConnectRetrySecs=5
ConnectTimeoutSecs=25
Debug=ALL
Configuring the WLS Web Server Proxy Plug-In 12.1.2 for Microsoft IIS Web Server 5-9
Serving Static Files from the Web Server
DebugConfigInfo=ON
KeepAliveEnabled=true
10. Open the Internet Explorer browser and enter http://<hostname>:<port>. You
should be able to see the Medrec Sample Application from your Oracle WebLogic
Server.
If you want to run the plug-in SSL mode, change the value of WeblogicPort to the
SSL port of your application, change the SecureProxy value to ON, and set
WLSSLWallet to the location of the wallet. For more information on SSL
parameters, see Section 7.2, "SSL Parameters for Web Server Plug-Ins".
2. On IIS Manager, display the home page by clicking the Virtual Directory or
Application created on step 1.
3. Double-click the Handling Mappers and then click View Ordered List on the right
side pane. An ordered list of Handler Mappings appears.
4. Select proxy and drag it below StaticFile handler mapping (in other words the
StaticFile handler mapping should be above the proxy handler mapping.)
5. Edit the Static File and change the request path to: *.jpg. Save the file.
6. To have IIS 7.5 to serve types of static files, for example, PNGs, GIFs, or CSS, do
the following:
a. On IIS Manager, display the home page by clicking the Virtual Directory or
Application created on step 1.
b. Double click the Handling Mappers and then click Add Module Mapping on
the right side pane.
c. Choose a Request Path of desired type: for PNGs use *.png, for GIFs use *.gif
and so on. For Module, choose StaticFileModule, enter a name, and click OK.
d. Ensure that as stated on step 4, the newly created HandlerMapping is ordered
before the proxy Handler Mapping defined on step 1.
Configuring the WLS Web Server Proxy Plug-In 12.1.2 for Microsoft IIS Web Server 5-11
Proxying Requests from Multiple Virtual Web Sites to WebLogic Server
http://technet.microsoft.com/en-us/library/cc770472(WS.10).aspx. For
information about navigating to locations in the UI, see "Navigation in IIS
Manager" at
http://technet.microsoft.com/en-us/library/cc732920(WS.10).aspx.
2. In Features View, on the server, site, or application Home page, double-click
Handler Mappings.
3. On the Handler Mappings page, in the Actions pane, click Add Wildcard Script
Map.
4. In the Executable box, type the full path or browse to the iisproxy.dll that
processes the request. For example, type
systemroot\system32\inetsrv\iisproxy.dll.
5. In the Name box, type a friendly name for the handler mapping.
6. Click OK.
7. Optionally, on the Handler Mappings page, select a handler to lock or unlock it.
When you lock a handler mapping, it cannot be overridden at lower levels in the
configuration. Select a handler mapping in the list, and then in the Actions pane,
click Lock or Unlock.
8. After you add a wildcard script map, you must add the executable to the ISAPI
and CGI Restrictions list to enable it to run. For more information about ISAPI and
CGI restrictions, see "Configuring ISAPI and CGI Restrictions in IIS 7" at
http://technet.microsoft.com/en-us/library/cc730912(WS.10).aspx.
different Web applications or Web sites in pools, which are called application
pools. In an application pool, process boundaries separate each worker process
from other worker processes so that when an application is routed to one
application pool, applications in other application pools do not affect that
application.
Here is a sample iisproxy.ini file with clustered WebLogic Servers. Comment lines are
denoted with the "#" character.
# This file contains initialization name/value pairs
# for the IIS/WebLogic plug-in.
WebLogicCluster=myweblogic.com:7001,yourweblogic.com:7001
ConnectTimeoutSecs=20
ConnectRetrySecs=2
Note: If you are using SSL between the plug-in and WebLogic Server,
the port number should be defined as the SSL listen port.
Configuring the WLS Web Server Proxy Plug-In 12.1.2 for Microsoft IIS Web Server 5-13
Testing the Installation
To enable Basic Authentication, in the Directory Security tab of the console, ensure that
the Allow Anonymous option is "on" and all other options are "off".
This chapter describes tasks that are common across all the web servers for
configuring the plug-ins provided by Oracle. It contains the following sections:
■ Section 6.1, "Use SSL with Plug-Ins"
■ Section 6.2, "Use IPv6 With Plug-Ins"
■ Section 6.3, "Set Up Perimeter Authentication"
■ Section 6.4, "Understanding Connection Errors and Clustering Failover"
In the case of two-way SSL, the plug-in (the SSL client) automatically uses two-way
SSL when Oracle WebLogic Server is configured for two-way SSL and requests a client
certificate.
If a client certificate is not requested, the plug-ins default to one-way SSL.
Note: The examples in this section use the WebLogic Server demo
CA. If you are using the plug-in a production environment, make sure
that trusted CAs are properly configured for the plug-in as well as for
Oracle WebLogic Server.
1. Configure Oracle WebLogic Server for SSL. For more information, see
"Configuring SSL" in Securing Oracle WebLogic Server.
2. Create an Oracle Wallet, by using the orapki utility.
For more information, see "Using the orapki Utility for Certificate Validation and
CRL Management" in the Oracle Fusion Middleware Administrator's Guide.
Note: Only the user who creates the wallet (or for Windows, the
account SYSTEM) has access to the wallet.
This is typically sufficient for the WLS Web Server Proxy Plug-In for
Apache HTTP Server because Apache runs as the account SYSTEM on
Windows, and as the user who creates it on UNIX. However, for IIS
the wallet will not work because the default user is IUSR_<Machine_
Name>(IIS6.0 and below) or IUSR (IIS7.0 and above).
If the user who runs the WLS Web Server Proxy Plug-In for Apache
HTTP Server or WLS Web Server Proxy Plug-In 12.1.2 for Microsoft IIS
Web Server is not the same user who creates the wallet (or for
Windows, the account SYSTEM), you need to grant the user access to
the wallet by running the command cacls (Windows) or chmod
(UNIX) after you create the wallet. For example:
IIS 6.0:
cacls <wallet_path>\cwallet.sso /e /g IUSR_<Machine_Name>:R
IIS 7.5:
cacls <wallet_path>\cwallet.sso /e /g IUSR:R
For more information about the parameters in these examples, see Chapter 7,
"Parameters for Web Server Plug-Ins."
5. If the version of the Oracle WebLogic Server instances in the back end is 10.3.4 (or
a later release), do the following:
a. Log in to the Oracle WebLogic Server administration console.
b. In the Domain Structure pane, expand the Environment node.
– If the server instances to which you want to proxy requests from Oracle
HTTP Server are in a cluster, select Clusters.
– Otherwise, select Servers.
c. Select the server or cluster to which you want to proxy requests from Oracle
HTTP Server.
The Configuration: General tab is displayed.
d. Scroll down to the Advanced section, expand it.
e. Do one of the following:
To... Select...
Enable one-way SSL WebLogic Plug-In Enabled
Enable two-way SSL where client certificates are used to Client Cert Proxy Enabled
authenticate
Enable two-way SSL with client certificates. Both
6.1.3 Configure Two-Way SSL Between the Plug-In and Oracle WebLogic Server
When Oracle WebLogic Server is configured for two-way SSL, the plug-in forwards
the user certificate to WebLogic Server. As long as WebLogic Server can validate the
user certificate, two-way SSL can be established.
In addition to the steps described in Section 6.1.2, "Configuring a Plug-In for One-Way
SSL", perform the following steps:
In these steps, you run the keytool commands on the system on which WebLogic
Server is installed. You run the orapki commands on the system on which the version
12.1.2 plug-ins are installed.
1. From the Oracle wallet, generate a certificate request.
2. Use this certificate request to create a certificate via a CA or some other
mechanism.
3. Import the user certificate as a trusted certificate in the WebLogic trust store.
Oracle WebLogic Server needs to trust the certificate.
keytool -file user.crt -importcert -trustcacerts -keystore DemoTrust.jks
-storepass <passphrase>
4. Set the WebLogic Server SSL configuration options that require the presentation of
client certificates (for two-way SSL). For more information, see "Configure
two-way SSL" in the Oracle WebLogic Server Administration Console Help.
....
</IfModule>
You can also use the IPv6 address mapped host name.
Note: As of Windows 2008, the DNS server returns the IPv6 address
in preference to the IPv4 address. If you are connecting to a Windows
2008 (or later) system using IPv4, the link-local IPv6 address format is
tried first, which may result in a noticeable delay and reduced
performance. To use the IPv4 address format, configure your system
to instead use IP addresses in the configuration files or add the IPv4
addresses to the etc/hosts file.
In addition, you may find that setting the DynamicServerList
property to OFF in the mod_wl_ohs.conf/mod_wl.conf/iisproxy.ini
file also improves performance with IPv6. When set to OFF, the
plug-in ignores the dynamic cluster list used for load balancing
requests proxied from the plug-in and uses the static list specified
with the WebLogicCluster parameter.
If this key does not exist you can create it as a DWORD value. The numeric
value is the number of seconds to wait and may be set to any value between
30 and 240. If not set, Windows NT defaults to 240 seconds for TIME_WAIT.
– On Windows 2000, lower the value of the TcpTimedWaitDelay by editing the
registry key under HKEY_LOCAL_MACHINE:
SYSTEM\CurrentControlSet\Services\Tcpip\Parameters
■ Increase the open file descriptor limit on your machine. This limit varies by
operating system. Using the limit (.csh) or ulimit (.sh) directives, you can make a
script to increase the limit. For example:
#!/bin/sh
ulimit -S -n 100
exec httpd
■ On Solaris, increase the values of the following tunables on the WebLogic Server
machine:
tcp_conn_req_max_q
tcp_conn_req_max_q0
In the case of proxying to clustered managed servers, when you use the
WebLogicCluster parameter to specify a list of WebLogic Servers, the plug-in uses that
list as a starting point for load balancing among the members of the cluster. After the
first request is routed to one of these servers, a dynamic server list is returned
containing an updated list of servers in the cluster. The updated list adds any new
servers in the cluster and deletes any that are no longer part of the cluster or that have
failed to respond to requests. This feature can be controlled by using
DynamicServerList. For example, to disable this feature, set DynamicServerList to
OFF.
Note: If the POST data is larger than 64K, the plug-in will not parse
the POST data to obtain the session ID. Therefore, if you store the
session ID in the POST data, the plug-in cannot route the request to
the correct primary or secondary server, resulting in possible loss of
session data.
In this figure, the Maximum number of retries allowed in the red loop is equal to
ConnectTimeoutSecs/ConnectRetrySecs.
6.4.6 Using SSL with the WLS Web Sever Proxy Plug-In 12.1.2 for iPlanet Web Server
You can use the Secure Sockets Layer (SSL) protocol to protect the connection between
the WLS Web Sever Proxy Plug-In 12.1.2 for iPlanet Web Server plug-in and Oracle
WebLogic Server. The SSL protocol provides confidentiality and integrity to the data
passed between the Oracle iPlanet Web Server plug-in and Oracle WebLogic Server.
The WLS Web Sever Proxy Plug-In 12.1.2 for iPlanet Web Server plug-in does not use
the transport protocol (http or https) specified in the HTTP request (usually by the
browser) to determine whether or not the SSL protocol will be used to protect the
connection between the WLS Web Sever Proxy Plug-In 12.1.2 for iPlanet Web Server
and Oracle WebLogic Server.
To use the SSL protocol between Oracle iPlanet Web Server plug-in and Oracle
WebLogic Server:
1. Configure Oracle WebLogic Server for SSL. For more information, see
"Configuring SSL" in Securing Oracle WebLogic Server.
2. Set the WebLogicPort parameter in the Service directive in the obj.conf file to the
listen port configured in step 1.
3. Set the SecureProxy parameter in the Service directive in the obj.conf file file to
ON.
4. Set additional parameters, as required, in the Service directive in the obj.conf file
that define information about the SSL connection. For the list of parameters, see
Section 7.2, "SSL Parameters for Web Server Plug-Ins."
This chapter describes the parameters that you can use to configure the Oracle HTTP
Server, Apache HTTP Server, Microsoft IIS, and Oracle iPlanet Web Server plug-ins. It
contains the following sections:
■ Section 7.1, "General Parameters for Web Server Plug-Ins"
■ Section 7.2, "SSL Parameters for Web Server Plug-Ins"
WebLogicHost none WebLogic Server host (or virtual host name Oracle HTTP Server
as defined in WebLogic Server) to which
(Required when proxying Oracle iPlanet Web Server
HTTP requests should be forwarded. If you
to a single WebLogic are using a WebLogic cluster, use the Apache HTTP Server
Server.) WebLogicCluster parameter instead of
Microsoft IIS
WebLogicHost.
WebLogicPort none Port at which the WebLogic Server host is Oracle HTTP Server
listening for connection requests from the
(Required when proxying Oracle iPlanet Web Server
plug-in (or from other servers). (If you are
to a single WebLogic using SSL between the plug-in and Apache HTTP Server
Server.) WebLogic Server, set this parameter to the
Microsoft IIS
SSL listen port and set the SecureProxy
parameter to ON).
If you are using a WebLogic Cluster, use the
WebLogicCluster parameter instead of
WebLogicPort.
WLCookieName JSESSIONID If you change the name of the WebLogic Oracle HTTP Server
Server session cookie in the WebLogic
(CookieName is Oracle iPlanet Web Server
Server Web application, you must change
deprecated.)
the WLCookieName parameter in the plug-in Apache HTTP Server
to the same value. The name of the
Microsoft IIS
WebLogic session cookie is set in the
WebLogic-specific deployment descriptor,
in the <session-descriptor> element.
ConnectRetrySecs 2 Interval in seconds that the plug-in should Oracle HTTP Server
sleep between attempts to connect to the
Oracle iPlanet Web Server
WebLogic Server host (or all of the servers
in a cluster). Make this number less than Apache HTTP Server
the ConnectTimeoutSecs. The number of
Microsoft IIS
times the plug-in tries to connect before
returning an HTTP 503/Service
Unavailable response to the client is
calculated by dividing
ConnectTimeoutSecs by ConnectRetrySecs.
To specify no retries, set ConnectRetrySecs
equal to ConnectTimeoutSecs. However,
the plug-in attempts to connect at least
twice.
You can customize the error response by
using the ErrorPage parameter.
ConnectTimeoutSecs 10 Maximum time in seconds that the plug-in Oracle HTTP Server
should attempt to connect to the WebLogic
Oracle iPlanet Web Server
Server host. Make the value greater than
ConnectRetrySecs. If ConnectTimeoutSecs Apache HTTP Server
expires without a successful connection,
Microsoft IIS
even after the appropriate retries (see
ConnectRetrySecs), an HTTP 503/Service
Unavailable response is sent to the client.
You can customize the error response by
using the ErrorPage parameter.
The SSL parameters for Web Server plug-ins are shown in Table 7–2. Parameters are
case sensitive.