Saturday, December 29, 2018

Configure Apache 2.x with Weblogic Server12c using WLS Plugin 12.c


Pre-Requisites

1.       Install Apache and Weblogic Server
2.       Create a Weblogic domain with two managed servers in a cluster.
3.       Make sure that you are able to access the application deployed on Weblogic from the Apache Installed Servers.
4.       Download Oracle WebLogic Server Proxy Plugins from the following link :

Configure Apache 2.x with Weblogic Server12.2.1.1.0 using WLS Plugin 12.2.1.1.0

1.       Unzip the downloaded WLS Plugin zip file to any location.
2.       Take a backup of httpd.conf file located in "<Apache_home>/conf" and make the following changes to it :
2.1   Add an entry for LoadModule as follows :
2.2   LoadModule weblogic_module /home/ApachePlugin12.2.1.3.0/lib/mod_wl.so
NOTE: Make sure that all the other .so files are present in the same location where "mod_wl.so" is located.
2.3   Add the following IfModule :
<IfModule mod_weblogic.c>
WebLogicHost xx.xx.xxx.xxx
WeblogicPort 7001
</IfModule>
<Location />
SetHandler weblogic-handler
</Location>
NOTE: Here we are forwarding the request to a single WLS server running on port 7001.
2.4   If you want to forward the request to a cluster you can use the following :
<IfModule mod_weblogic.c>
WebLogicCluster xx.xx.xxx.xxx:7003,xx.xx.xxx.xxx:7005
</IfModule>
<Location />
SetHandler weblogic-handler
</Location>
Here Weblogic server with port 7003 and 7005 are part of a cluster in Weblogic Server domain.
3.       Add the ${PLUGIN_HOME}/lib is included in the LD_LIBRARY_PATH:
$ export LD_LIBRARY_PATH=/home/ApachePlugin12.2.1.3.0/lib
(OR)
Alternatively, you can copy the content of "/home/ApachePlugin12.2.1.3.0/lib" to $APACHE_HOME/lib
OR
You can also edit $APACHE_HOME/bin/apachectl to update the LD_LIBRARY_PATH

Configure Apache 2.4 with Weblogic Server12.2.1.1.0 using WLS Plugin12.2.1.1.0  over one-way SSL

Request Flow

Client ----HTTP---> Apache ---HTTPS---> Weblogic
Weblogic ----HTTPS----> Apache -----HTTP-----> Client
Here Weblogic Server acts as an SSL Server and Apache acts as an SSL client.

Pre-Requisites

1.       Enable SSL on Weblogic domain. By default DemoIdentity and DemoTrust will be configured. You need to trust the root certificate of WLS in WLSPlugin.
2.       Make sure that you are able to access the application deployed on Weblogic over SSL from the Apache Installed Servers.

Steps to configure the SSL in Apache

1.       Create and configure wallet in Apache using the following commands.
Syntax: orapki wallet create -wallet my-wallet -auto_login_only
2.       Import the root certificate of Weblogic in wallet using the following command.
Syntax: orapki wallet add -wallet my-wallet -trusted_cert -cert /home/Oracle/Middleware/Oracle_Home/wlserver/server/lib/CertGenCA.der -auto_login_only
3.       Modify the IfModule in httpd.conf file as follows :
<IfModule mod_weblogic.c>
WebLogicCluster xx.xx.xxx.xxx:7003,xx.xx.xxx.xxx:7005
SecureProxy ON
WLSSLWallet /home/ApachePlugin12.2.1.3.0/bin/my-wallet”
</IfModule>
<Location />
SetHandler weblogic-handler
</Location>
4.       Restart the Apache WebServer
$ ./apachectl restart

Configure Apache 2.4 with Weblogic Server12.2.1.1.0 using WLS Plugin12.2.1.1.0  over two-way SSL

Request Flow

Client ----HTTP---> Apache ---HTTPS---> Weblogic
Weblogic ----HTTPS----> Apache -----HTTP-----> Client
Here Weblogic Server acts as an SSL Server and Apache acts as an SSL client.

Pre-Requisites

Create a self-signed certificate or Third Party CA Signed certs. You can refer to the following link for more details on the same

Steps to configure the 2 way SSL

1.       Enable two-way SSL :
Login to console -> +Environment -> Servers -> <Server_name> -> SSL -> +Advanced -> Select "Client-Cert Requested and Enforced" from the drop-down.
2.       Create and configure wallet in Apache using the following commands.
Syntax: orapki wallet create -wallet my-wallet -auto_login_only
3.       Import the root certificate of Weblogic in wallet using the following command.
Syntax: orapki wallet add -wallet my-wallet -trusted_cert -cert /home/Oracle/Middleware/Oracle_Home/wlserver/server/lib/CertGenCA.der -auto_login_only
4.       Create a self-signed certificate or Third Party CA Signed Certificates with wallet using the following commands.
Syntax: orapki wallet add -wallet "/home/ApachePlugin12.2.1.3.0/bin/my-wallet" -auto_login_only -dn "CN=celvpvm09188.us.oracle.com,OU=wls,O=wls,L=Bangalore,ST=Karnataka,C=IN" -keysize 2048 -self_signed -validity 2048
5.       Export the root certificate of the self-signed certificates or Third Party CA Signed Certificates we created in the previous step.
6.       List the contents of wallet.
7.       Modify the IfModule in httpd.conf file as follows.
<IfModule mod_weblogic.c>
WebLogicCluster xx.xx.xxx.xxx:7003,xx.xx.xxx.xxx:7005
SecureProxy ON
WLSSLWallet /home/ApachePlugin12.2.1.3.0/bin/my-wallet”
</IfModule>
<Location />
SetHandler weblogic-handler
</Location>
8.       Import the root certificate of Apache in Weblogic trust store.
Note: We are configuring SSL between Apache and WLS and not between the client and Apache.
The URL you access will be http://<apache_hostname>:<apache_port>/console.

No comments:

Post a Comment