Situation:
In the DMZ we have a machine with WebLogic 9.2 MP2 on Windows 2003.
There are 2 domains on it. Each have one Administrative server with one
application on in.
For example, the first is available on http://hostname:7011/app1
(https://hostname:7012/app1 - SSL) and the second on
http://hostname:6011/app2 (https://hostname:6012/app2 -- SSL).
Server is available from outside on 80 and 443 ports.
Applications may connect to the other services in local lan on 80 and other
ports.
We need next:
If we type links such as - http://domain.ru/app1 (https://domain.ru/app1),
http://app1.domain.ru (https://app1.domain.ru) – we can use any variant
(similar for other application), we may connect on these applications.
We need to have the following configuration:
User ------------------------------------- Apache
-------------------------------WLS-------------------------APP
SSL SSL
SSL
Redirecting don‘t satisfy us, work with applications for the end-user should
be transparent, he should not see the real location of applications + other
ports, because access them from outside is closed.
At first, one Administrative server for each application will be used, later
some more additional managed servers for load balance on cluster will be
added. We decided to use Apache 2.2.8 with a plug-in for WebLogic.
Here are WLS Settings:
Domain 1:
Administrative server:
Listen Address: 192.168.0.1
Listen Port Enabled - Enabled
Listen Port: 7001
SSL Listen Port Enabled - Enabled
SSL Listen Port: 7002
Future managed servers:
Listen Address: 192.168.0.1
Listen Port Enabled - Enabled
Listen Port: 7003 (7005, 7007…)
SSL Listen Port Enabled - Enabled
SSL Listen Port: 7004 (7006, 7008…)
Domain 2:
Administrative server:
Listen Address: 192.168.0.1
Listen Port Enabled - Enabled
Listen Port: 8001
SSL Listen Port Enabled - Enabled
SSL Listen Port: 8002
Future managed servers:
Listen Address: 192.168.0.1
Listen Port Enabled - Enabled
Listen Port: 8003 (8005, 8007…)
SSL Listen Port Enabled - Enabled
SSL Listen Port: 8004 (8006, 8008…)
For Trust and Identity keystore we use the same repository -
FMTNfrontofficekeystore.jks.
Storepass - FMTNfrontofficestorepass
Alias - FMTNfrontofficeidentityalias
In this way we generate certificate:
keytool –export -file trustedcafmtn.der -keystore
FMTNfrontofficekeystore.jks -alias FMTNfrontofficeidentityalias
Then we convert it to trustedcafmtn.pem:
java utils.der2pem trustedcafmtn.der
Apache will be listening on 80 and 443 ports.
Applications should be available for requests at the following addresses
http://app1.domain.ru (https://app1.domain.ru) and http://app2.domain.ru
(https://app2.domain.ru)
When requesting address http://app1.domain.ru application automatically
redirects the request at https://app1.domain.ru, the second application acts
in the same way.
Here is a sample configuration file settings httpd.config for Apache:
LoadModule weblogic_module modules/mod_wl_22.so
Listen 80
NameVirtualHost *:80
<VirtualHost *:80>
ServerAdmin aaa@xxxxxx
DocumentRoot "C:/Program Files/Apache Software
Foundation/Apache2.2/htdocs"
ServerName fmtn.brr.ru
ErrorLog logs/fmtn.brr.ru-error.log
CustomLog logs/fmtn.brr.ru-access.log common
<Location />
SetHandler weblogic-handler
</Location>
<IfModule Mod_weblogic.c>
WebLogicHost 192.168.0.1
WebLogicPort 7002
SecureProxy ON
TrustedCAFile "C:/bea/weblogic92/server/lib/trustedcafmtn.pem"
EnforceBasicConstraints OFF
RequireSSLHostMatch false
# SSLHostMatchOID 30
Debug ALL
DebugConfigInfo ON
ErrorPage http://www.err.ru
WLLogFile "C:/Program Files/Apache Software
Foundation/Apache2.2/logs/wl_proxy.log"
# Idempotent ON
# WLIOTimeoutSecs 100
</IfModule>
</VirtualHost>
<VirtualHost *:80>
ServerAdmin aaa@xxxxxx
DocumentRoot "C:/Program Files/Apache Software
Foundation/Apache2.2/htdocs"
ServerName fmtn.brr.ru
ErrorLog logs/fmtn.brr.ru-error.log
CustomLog logs/fmtn.brr.ru-access.log common
<Location />
SetHandler weblogic-handler
</Location>
<IfModule Mod_weblogic.c>
WebLogicHost 192.168.0.1
WebLogicPort 7001
SecureProxy OFF
TrustedCAFile "C:/bea/weblogic92/server/lib/trustedcafmtn.pem"
#EnforceBasicConstraints OFF
#RequireSSLHostMatch false
# SSLHostMatchOID 30
Debug ALL
DebugConfigInfo ON
ErrorPage http://www.err.ru
WLLogFile "C:/Program Files/Apache Software
Foundation/Apache2.2/logs/wl_proxy.log"
# Idempotent ON
# WLIOTimeoutSecs 100
</IfModule>
</VirtualHost>
When we didn’t use SSL (SecureProxy OFF) everything work properly with 7001
port, but application redirects requests to https://fmtn.brr.ru:7002/, when
SecureProxy ON – didn’t work.
Please, help us to understand what the problem, and how to configure this
section of request with our keystore and keys in Apache.
User ------------------------------------- Apache
SSL
It’ll be good if that you show an example of httpd.config for the cluster of
managed servers too.
--
View this message in context: http://www.nabble.com/Apache-%2B-weblogic-integration-issue-tp17424735p17424735.html
Sent from the Apache HTTP Server - Users mailing list archive at Nabble.com.
---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx
" from the digest: users-digest-unsubscribe@xxxxxxxxxxxxxxxx
For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx
|