mod_wl_24.so

=============================================================================== Oracle WebLogic Server Proxy Plug-In 12c for Apache HTTP Server =============================================================================== This plug-in allows Apache HTTP server to proxy the incoming HTTP requests to the back-end WebLogic Managed Server(s)/Cluster(s). This README contains basic instructions for quickly setting up this plug-in. For detailed information on the plug-in please refer to the online documentation for the plug-in available at http://docs.oracle.com/middleware/1212/webtier/webtier-plugins.htm Contents of the zip =================== The plug-in zip distribution contains the following files: README.txt (this file) bin\orapki.bat (orapki tool for configuring Oracle wallets) jlib\*.jar (orapki helper java libraries) lib\mod_wl.so (weblogic proxy module for Apache httpd 2.2) lib\mod_wl_24.so (weblogic proxy module for Apache httpd 2.4) lib\*.dll (helper libraries) What's New? =========== 1. WebLogic Web Server Plug-In 12c supports Apache HTTP Server 2.4.x Web Server through a new plug-in module (mod_wl_24.so). You will need to load the WebLogic Web Server plug-in module 'mod_wl.so' with Apache HTTP Server 2.2.x and the WebLogic Web Server Plug-In module 'mod_wl_24.so' with Apache HTTP Server 2.4.x. This is typically done by editing the Apache HTTP Server configuration files(s). 2. WebLogic Server 12.1.2 support deploying WebSocket applications. WebLogic Web Server Plug-In 12.1.3 for Oracle HTTP Server 12.1.3 and Apache HTTP Server 2.2.x and 2.4.x can now handle such 'WebSocket connection upgrade' requests and effectively proxy to WebSocket applications hosted within WebLogic Server 12.1.2 and later. Please refer to the "Notes on WebSocket Proxy Configurations", below. 3. Following WebLogic Web Server Plug-In configuration parameters are now introduced: a) 'WLMaxWebSocketClients' -> Limits the number of active WebSocket connections at any instant of time. Default: Half of ThreadsPerChild. b) 'WebLogicSSLVersion' -> Chooses the SSL Protocol version to use while communicating HTTP(s) between Web Server and WebLogic Managed Server(s) / Cluster(s). (Applicable to Oracle HTTP Server and Apache HTTP Server(s) only) 4. WebLogic Web Server Plug-In for Apache HTTP Server and Oracle iPlanet Web Server can now log the debug information to the respective Web Server error log files. Hence the plug-in parameters specific to the debug logs (Debug and WLLogFile) have been deprecated. Notes on WebSocket Proxy Configurations ======================================= 1. If 'mod_reqtimeout' module is used within the Apache HTTP Server, then the configured 'client time-out' value needs to be set appropriately to consider for the WebSocket connections. 2. The default timeout value for HTTP requests in 'mod_reqtimeout' module has changed between Apache HTTP Server 2.2 and 2.4. This can cause the 'WebSocket' connections to break. So, you will need to use an appropriate 'client timeout' value. 3. You should configure the appropriate 'client timeout' values for the WebSocket connections to avoid malicious attacks, like Denial Of Service attack. Prerequisites ============= 1. JDK6 - JAVA_HOME (required for orapki tool usage only) 2. Apache HTTP Server 2.2.x - APACHE_HOME (apache listening on apache-host:apache-port) OR Apache HTTP Server 2.4.x - APACHE_HOME (apache listening on apache-host:apache-port) 3. Plug-in zip extract location - PLUGIN_HOME (eg. C:\myhome\weblogic-plugins-12.1.3\) 4. WLS installation, (could be on a different machine) - WL_HOME (listening on wls-host:wls-port,wls-secure-port) with some application deployed on the WLS instance. (eg. mywebapp with my.jsp). Please ensure you have WLS 12.1.2 if you are using WebSocket connections. Configuring the apache plug-in (for demo purposes only) ======================================================= 1. Make a copy of %APACHE_HOME%\conf\httpd.conf file 2. Load the plug-in module A) With Apache HTTP Server 2.2.x: ================================ Edit the file and, add the following: ... LoadModule weblogic_module C:\myhome\weblogic-plugins-12.1.3\lib\mod_wl.so <IfModule mod_weblogic.c> WebLogicHost wls-host WebLogicPort wls-port </IfModule> <Location /mywebapp> SetHandler weblogic-handler </Location> ... B) With Apache HTTP Server 2.4.x: ================================ Edit the file and, add the following: ... LoadModule weblogic_module C:\myhome\weblogic-plugins-12.1.3\lib\mod_wl_24.so <IfModule mod_weblogic.c> WebLogicHost wls-host WebLogicPort wls-port </IfModule> <Location /mywebapp> SetHandler weblogic-handler </Location> ... 3. Ensure that the %PLUGIN_HOME%\lib is included in the PATH: > set PATH=C:\myhome\weblogic-plugin-12.1.3\lib:... (Other options include copying the 'lib' contents to APACHE_HOME\lib or editing the APACHE_HOME\bin\apachectl to update the PATH) 4. Start Apache HTTP Server: > %APACHE_HOME%\bin\httpd.exe 5. Send a request to http://apache-host:apache-port/mywebapp/my.jsp from the browser. Validate the response. Configuring SSL with WebLogic Server demo trust CA ================================================== NOTE that this is for demo purposes only. When used in production, ensure that trusted CAs are properly configured on the plug-in as well as on WebLogic Server side. The following steps will enable SSL between the plug-in and WLS: 1. Create an Oracle Wallet with orapki utility: (run this command on the system where the plug-in is being configured) > %PLUGIN_HOME%\bin\orapki wallet create -wallet my-wallet -auto_login_only 2. If the user who runs the Apache plug-in is not the same user who created the wallet (or has SYSTEM account access), the wallet creator would needs to grant access to the wallet by running the command cacls (Windows) after creating the wallet. For example: @ cacls <wallet_path>\cwallet.sso /e /g IUSR:R 3. Import the CA into the Oracle Wallet: Locate the Demo CA in WLS installation at %WL_HOME%\server\lib\CertGenCA.der > %PLUGIN_HOME%\bin\orapki wallet add -wallet my-wallet -trusted_cert -cert CertGenCA.der -auto_login_only 4. Enable SSL on the plug-in: Edit/Add the plug-in configuration in %APACHE_HOME%\conf\httpd.conf as follows: ... WebLogicHost my-wls-ip WebLogicPort secure-port SecureProxy ON WLSSLWallet C:\myhome\mywallet ... 5. Send a request to http://apache-host:apache-port/mywebapp/my.jsp from the browser. Validate the response. Two-way SSL =========== There is no configuration on the plug-in to enable two-way SSL. The plug-in will send a user certificate (if it exists in the wallet) when WLS asks for a user certificate. Use the following additional steps to setup two-way SSL: 1. Create a CSR (Certificate Signing Request) with the wallet. 2. Use the CSR to obtain a user certificate (self-signed or real CA signed) 3. Import the user certificate into the wallet. 4. Ensure that the CA (used to sign the user certificate) exists in the WLS trust store. 5. Enable WLS for two-way SSL. Refer to online documentation for help on these steps. Support and Patching ==================== When you encounter issues with the plug-in, ensure that you report the version of the plug-in