Pre-Requisites
1.
Install Apache and Weblogic Server
2.
Create a Weblogic domain with two managed servers in a cluster.
3.
Make sure that you are able to access the application deployed on
Weblogic from the Apache Installed Servers.
4.
Download Oracle WebLogic Server Proxy Plugins from the following
link :
Configure Apache 2.x with Weblogic
Server12.2.1.1.0 using WLS Plugin 12.2.1.1.0
1.
Unzip the downloaded WLS Plugin zip file to any location.
2.
Take a backup of httpd.conf file located in
"<Apache_home>/conf" and make the following changes to it :
2.1
Add an entry for LoadModule as follows :
2.2
LoadModule weblogic_module
/home/ApachePlugin12.2.1.3.0/lib/mod_wl.so
NOTE: Make sure that all the other .so files are present in the same
location where "mod_wl.so" is located.
2.3
Add the following IfModule :
<IfModule
mod_weblogic.c>
WebLogicHost
xx.xx.xxx.xxx
WeblogicPort
7001
</IfModule>
<Location
/>
SetHandler
weblogic-handler
</Location>
NOTE:
Here we are forwarding the request to a single WLS server running on port 7001.
2.4
If you want to forward the request to a cluster you can use the
following :
<IfModule
mod_weblogic.c>
WebLogicCluster
xx.xx.xxx.xxx:7003,xx.xx.xxx.xxx:7005
</IfModule>
<Location
/>
SetHandler
weblogic-handler
</Location>
Here
Weblogic server with port 7003 and 7005 are part of a cluster in Weblogic
Server domain.
3.
Add the ${PLUGIN_HOME}/lib is included in the LD_LIBRARY_PATH:
$ export LD_LIBRARY_PATH=/home/ApachePlugin12.2.1.3.0/lib
(OR)
Alternatively, you can copy the content of "/home/ApachePlugin12.2.1.3.0/lib"
to $APACHE_HOME/lib
OR
You can also edit $APACHE_HOME/bin/apachectl to update the
LD_LIBRARY_PATH
Configure Apache 2.4 with Weblogic
Server12.2.1.1.0 using WLS Plugin12.2.1.1.0
over one-way SSL
Request Flow
Client ----HTTP---> Apache ---HTTPS---> Weblogic
Weblogic ----HTTPS----> Apache -----HTTP-----> Client
Here Weblogic Server acts as an SSL Server and Apache acts as an
SSL client.
Pre-Requisites
1.
Enable SSL on Weblogic domain. By default DemoIdentity and
DemoTrust will be configured. You need to trust the root certificate of WLS in
WLSPlugin.
2.
Make sure that you are able to access the application deployed on
Weblogic over SSL from the Apache Installed Servers.
Steps to configure
the SSL in Apache
1.
Create and configure wallet in Apache using the following
commands.
Syntax: orapki wallet create -wallet my-wallet -auto_login_only
2.
Import the root certificate of Weblogic in wallet using the
following command.
Syntax: orapki wallet add -wallet my-wallet -trusted_cert -cert /home/Oracle/Middleware/Oracle_Home/wlserver/server/lib/CertGenCA.der
-auto_login_only
3.
Modify the IfModule in httpd.conf file as follows :
<IfModule mod_weblogic.c>
WebLogicCluster
xx.xx.xxx.xxx:7003,xx.xx.xxx.xxx:7005
SecureProxy ON
WLSSLWallet /home/ApachePlugin12.2.1.3.0/bin/my-wallet”
</IfModule>
<Location />
SetHandler weblogic-handler
</Location>
4.
Restart the Apache WebServer
$ ./apachectl restart
Configure Apache 2.4 with Weblogic
Server12.2.1.1.0 using WLS Plugin12.2.1.1.0
over two-way SSL
Request Flow
Client ----HTTP---> Apache ---HTTPS---> Weblogic
Weblogic ----HTTPS----> Apache -----HTTP-----> Client
Here Weblogic Server acts as an SSL Server and Apache acts as an
SSL client.
Pre-Requisites
Create a self-signed certificate or Third Party CA Signed certs.
You can refer to the following link for more details on the same
Steps to configure
the 2 way SSL
1.
Enable two-way SSL :
Login to console -> +Environment -> Servers ->
<Server_name> -> SSL -> +Advanced -> Select "Client-Cert
Requested and Enforced" from the drop-down.
2.
Create and configure wallet in Apache using the following
commands.
Syntax: orapki wallet create -wallet my-wallet -auto_login_only
3.
Import the root certificate of Weblogic in wallet using the
following command.
Syntax: orapki wallet add -wallet my-wallet -trusted_cert -cert
/home/Oracle/Middleware/Oracle_Home/wlserver/server/lib/CertGenCA.der
-auto_login_only
4.
Create a self-signed certificate or Third Party CA Signed
Certificates with wallet using the following commands.
Syntax: orapki wallet add -wallet
"/home/ApachePlugin12.2.1.3.0/bin/my-wallet" -auto_login_only -dn
"CN=celvpvm09188.us.oracle.com,OU=wls,O=wls,L=Bangalore,ST=Karnataka,C=IN"
-keysize 2048 -self_signed -validity 2048
5.
Export the root certificate of the self-signed certificates or
Third Party CA Signed Certificates we created in the previous step.
6.
List the contents of wallet.
7.
Modify the IfModule in httpd.conf file as follows.
<IfModule mod_weblogic.c>
WebLogicCluster
xx.xx.xxx.xxx:7003,xx.xx.xxx.xxx:7005
SecureProxy ON
WLSSLWallet /home/ApachePlugin12.2.1.3.0/bin/my-wallet”
</IfModule>
<Location />
SetHandler weblogic-handler
</Location>
8.
Import the root certificate of Apache in Weblogic trust store.
Note: We are configuring SSL between Apache and WLS and not
between the client and Apache.
The URL you access will be
http://<apache_hostname>:<apache_port>/console.
No comments:
Post a Comment