X

Deep dive into various configurations with Oracle Weblogic Server

  • November 3, 2017

Configuring WLS Web Server Proxy Plug-In for Apache HTTP Server

Puneeth Prakash
Principal Software Engineer

I will be covering the following topics in the blog post :

 

 

Before we Begin :

Download the Supported Configuration matrix from the following link and verify that you are using a supported version of Apache, WLS plugin and Weblogic Server in your environment.

Link: http://www.oracle.com/technetwork/middleware/ias/downloads/fusion-certification-100350.html

Download the xls file and then click on the "WebServer" tab to get a list of supported Web Servers and their compatible versions.

Pre-Requisites :

1) Install Apache and Weblogic Server

2) Create a Weblogic domain with two managed servers in a cluster. 

3) Download Oracle WebLogic Server Proxy Plugins from the following link :

Link: http://www.oracle.com/technetwork/middleware/webtier/downloads/index-jsp-156711.html

 

 

 

Steps to configure Apache 2.x with Weblogic Server using WLS Plugin :

Click here to go Back to Index

Request Flow :

Client ----HTTP---> Apache ---HTTP---> Weblogic

Weblogic ----HTTP----> Apache -----HTTP-----> Client 

For this sample configuration I am using Apache 2.4, Weblogic Server 12.2.1.3 and WLS plugin version 12.2.1.3

Step 1 :

Unzip the downloaded WLS Plugin zip file to any location, say "ApachePlugin12.2.1.3.0".

WLSPlugin folder

Step 2 :

Take a backup of httpd.conf file located in  "<Apache_home>/conf"  and make the following changes to it :

  •  Add an entry for LoadModule as follows :

LoadModule weblogic_module  /refresh/home/ApachePlugin12.2.1.3.0/lib/mod_wl.so

LoadModule

NOTE: Make sure that all the other .so files are present in the same location where "mod_wl.so" is located.

  • Add the following IfModule :

<IfModule mod_weblogic.c>
WebLogicHost xx.xx.xxx.xxx
WeblogicPort 7001
</IfModule>

<Location />
SetHandler weblogic-handler
</Location>

IfModule

NOTE: Here we are forwarding the request to a single WLS server running on port 7001.

If you want to forward the request to a cluster you can use the following :

<IfModule mod_weblogic.c>
WebLogicCluster xx.xx.xxx.xxx:7003,xx.xx.xxx.xxx:7005
</IfModule>

<Location />
SetHandler weblogic-handler
</Location>

Here Weblogic server with port 7003 and 7005 are part of a cluster in Weblogic Server domain.

Step 3:

Ensure that the ${PLUGIN_HOME}/lib is included in the LD_LIBRARY_PATH:

$ export LD_LIBRARY_PATH=/refersh/home/ApachePlugin12.2.1.3.0/lib

LD_Library path

Alternatively, you can copy the content of "/refersh/home/ApachePlugin12.2.1.3.0/lib" to APACHE_HOME/lib

OR

You can also edit APACHE_HOME/bin/apachectl to update the LD_LIBRARY_PATH

 

 

 

Steps to configure Apache 2.x with Weblogic Server using WLS Plugin  over one-way SSL

Click here to go Back to Index

Request Flow :

Client ----HTTP---> Apache ---HTTPS---> Weblogic

Weblogic ----HTTPS----> Apache -----HTTP-----> Client 

Here SSL is configured on Weblogic Server.

Weblogic Server acts as an SSL Server and Apache acts as an SSL client.

Pre-Requisites :

1) Enable SSL on Weblogic domain. By default DemoIdentity and DemoTrust will be configured. You need to trust the root certificate of WLS in WLSPlugin.

2) Make sure that you are able to access the application deployed on Weblogic over SSL.

Step 1:

  • Create and configure wallet in Apache using the following commands :

Commandorapki wallet create -wallet my-wallet -auto_login_only

wallet

  • Import the root certificate of Weblogic in wallet using the following command :

Commandorapki wallet add -wallet my-wallet -trusted_cert -cert /referesh/home/Oracle/Middleware/Oracle_Home/wlserver/server/lib/CertGenCA.der -auto_login_only

Trust root cert in wallet

Step 2:

Modify the IfModule in httpd.conf file as follows :

<IfModule mod_weblogic.c>
WebLogicHost xx.xx.xxx.xxx
WeblogicPort 7002
SecureProxy ON
WLSSLWallet /refresh/home/ApachePlugin12.2.1.3.0/bin/my-wallet”
</IfModule>

<Location />
SetHandler weblogic-handler
</Location>

oneway ssl

Step 3:

Ensure that the ${PLUGIN_HOME}/lib is included in the LD_LIBRARY_PATH:

$ export LD_LIBRARY_PATH=/refersh/home/ApachePlugin12.2.1.3.0/lib

LD_Library path

Alternatively, you can copy the content of "/refersh/home/ApachePlugin12.2.1.3.0/lib" to APACHE_HOME/lib

OR

You can also edit APACHE_HOME/bin/apachectl to update the LD_LIBRARY_PATH

 

 

 

Steps to configure Apache 2.x with Weblogic Server using WLS Plugin  over two-way SSL 

Click here to go Back to Index

Request Flow :

Client ----HTTP---> Apache ---HTTPS---> Weblogic

Weblogic ----HTTPS----> Apache -----HTTP-----> Client 

Here SSL is configured on Weblogic Server.

Weblogic Server acts as an SSL Server and Apache acts as an SSL client.

Pre-Requisites :

1) Create a self-signed certificate. You can refer to the following link for more details on the same :

Link: https://blogs.oracle.com/blogbypuneeth/steps-to-create-a-self-signed-certificate-and-configure-custom-identity-and-custom-trust-with-weblogic-server-using-keytool

2) Now lets enable two-way SSL :

Login to console -> +Environment -> Servers -> <Server_name> -> SSL -> +Advanced -> Select "Client-Cert Requested and Enforced" from the drop-down.

Step 1:

  • Create and configure wallet in Apache using the following commands :

Commandorapki wallet create -wallet my-wallet -auto_login_only 

wallet

  • Import the root certificate of Weblogic in wallet using the following command :

Commandorapki wallet add -wallet my-wallet -trusted_cert -cert /referesh/home/Oracle/Middleware/Oracle_Home/wlserver/server/lib/CertGenCA.der -auto_login_only 

Trust root cert in wallet

  • Create a self-signed certificate with wallet using the following commands :

Command: orapki wallet add -wallet "/refresh/home/ApachePlugin12.2.1.3.0/bin/my-wallet" -auto_login_only -dn "CN=celvpvm09188.us.oracle.com,OU=wls,O=wls,L=Bangalore,ST=Karnataka,C=IN" -keysize 2048 -self_signed -validity 2048

wallet self signed

  • Export the root certificate of the self-signed certificate we created in the previous step.

wallet root

  • List the contents of wallet :

list wallet

 

Step 2:

Modify the IfModule in httpd.conf file as follows :

<IfModule mod_weblogic.c>
WebLogicHost xx.xx.xxx.xxx
WeblogicPort 7002
SecureProxy ON
WLSSLWallet /refresh/home/ApachePlugin12.2.1.3.0/bin/my-wallet”
</IfModule>

<Location />
SetHandler weblogic-handler
</Location>

oneway ssl

Step 3:

Ensure that the ${PLUGIN_HOME}/lib is included in the LD_LIBRARY_PATH:

$ export LD_LIBRARY_PATH=/refersh/home/ApachePlugin12.2.1.3.0/lib

LD_Library path

Alternatively, you can copy the content of "/refersh/home/ApachePlugin12.2.1.3.0/lib" to APACHE_HOME/lib

OR

You can also edit APACHE_HOME/bin/apachectl to update the LD_LIBRARY_PATH

Step 4:

Import the root certificate of Apache in Weblogic trust store :

import wallet root to wls

 

  • NOTE : We are configuring SSL between Apache and WLS and not between the client and Apache.
  • So the URL you access will be http://<apache_hostname>:<apache_port>/console

 

console

 

Click here to go Back to Index

Be the first to comment

Comments ( 0 )
Please enter your name.Please provide a valid email address.Please enter a comment.CAPTCHA challenge response provided was incorrect. Please try again.Captcha