httpd-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Alec C4 <alec...@gmail.com>
Subject [users@httpd] Apache + weblogic integration issue
Date Fri, 23 May 2008 12:41:51 GMT

Situation:
In the DMZ we have a machine with WebLogic 9.2 MP2 on Windows 2003.
There are 2 domains on it. Each have one Administrative server with one
application on in.
For example, the first is available on http://hostname:7011/app1
(https://hostname:7012/app1 - SSL) and the second on
http://hostname:6011/app2 (https://hostname:6012/app2 -- SSL). 
Server is available from outside on 80 and 443 ports. 
Applications may connect to the other services in local lan on 80 and other
ports. 
We need next:
If we type links such as - http://domain.ru/app1 (https://domain.ru/app1),
http://app1.domain.ru (https://app1.domain.ru) – we can use any variant
(similar for other application), we may connect on these applications. 
We need to have the following configuration:
User ------------------------------------- Apache
-------------------------------WLS-------------------------APP
                      SSL                            
             SSL
                             SSL 
 
Redirecting don‘t satisfy us, work with applications for the end-user should
be transparent, he should not see the real location of applications + other
ports, because access them from outside is closed.
At first, one Administrative server for each application will be used, later
some more additional managed servers for load balance on cluster will be
added. We decided to use Apache 2.2.8 with a plug-in for WebLogic. 

Here are WLS Settings:
Domain 1: 
Administrative server: 
Listen Address: 192.168.0.1 
Listen Port Enabled - Enabled 
Listen Port: 7001 
SSL Listen Port Enabled - Enabled 
SSL Listen Port: 7002 
Future managed servers: 
Listen Address: 192.168.0.1
Listen Port Enabled - Enabled 
Listen Port: 7003 (7005, 7007…) 
SSL Listen Port Enabled - Enabled 
SSL Listen Port: 7004 (7006, 7008…) 
Domain 2: 
Administrative server: 
Listen Address: 192.168.0.1
Listen Port Enabled - Enabled 
Listen Port: 8001 
SSL Listen Port Enabled - Enabled 
SSL Listen Port: 8002 
Future managed servers: 
Listen Address: 192.168.0.1
Listen Port Enabled - Enabled 
Listen Port: 8003 (8005, 8007…) 
SSL Listen Port Enabled - Enabled 
SSL Listen Port: 8004 (8006, 8008…) 

For Trust and Identity keystore we use the same repository -
FMTNfrontofficekeystore.jks. 
Storepass - FMTNfrontofficestorepass 
Alias - FMTNfrontofficeidentityalias 
In this way we generate certificate: 
keytool –export -file trustedcafmtn.der -keystore
FMTNfrontofficekeystore.jks -alias FMTNfrontofficeidentityalias 
Then we convert it to trustedcafmtn.pem: 
java utils.der2pem trustedcafmtn.der 

Apache will be listening on 80 and 443 ports. 
Applications should be available for requests at the following addresses
http://app1.domain.ru (https://app1.domain.ru) and http://app2.domain.ru
(https://app2.domain.ru) 
When requesting address http://app1.domain.ru application automatically
redirects the request at https://app1.domain.ru, the second application acts
in the same way. 

Here is a sample configuration file settings httpd.config for Apache: 

LoadModule weblogic_module modules/mod_wl_22.so 
Listen 80 

NameVirtualHost *:80 

<VirtualHost *:80> 
     ServerAdmin aaa@aaa.ru 
     DocumentRoot "C:/Program Files/Apache Software
Foundation/Apache2.2/htdocs" 
     ServerName fmtn.brr.ru 
     ErrorLog logs/fmtn.brr.ru-error.log 
     CustomLog logs/fmtn.brr.ru-access.log common 
<Location /> 
   SetHandler weblogic-handler 
</Location> 
<IfModule Mod_weblogic.c> 
         WebLogicHost 192.168.0.1 
         WebLogicPort 7002 
         SecureProxy ON 
         TrustedCAFile "C:/bea/weblogic92/server/lib/trustedcafmtn.pem" 
         EnforceBasicConstraints OFF 
         RequireSSLHostMatch false 
         # SSLHostMatchOID 30 
         Debug ALL 
         DebugConfigInfo ON 
         ErrorPage http://www.err.ru 
         WLLogFile "C:/Program Files/Apache Software
Foundation/Apache2.2/logs/wl_proxy.log" 
         # Idempotent ON 
         # WLIOTimeoutSecs 100 
</IfModule> 

</VirtualHost> 
<VirtualHost *:80> 
     ServerAdmin aaa@aaa.ru 
     DocumentRoot "C:/Program Files/Apache Software
Foundation/Apache2.2/htdocs" 
     ServerName fmtn.brr.ru 
     ErrorLog logs/fmtn.brr.ru-error.log 
     CustomLog logs/fmtn.brr.ru-access.log common 
<Location /> 
   SetHandler weblogic-handler 
</Location> 
<IfModule Mod_weblogic.c> 
         WebLogicHost 192.168.0.1 
         WebLogicPort 7001 
         SecureProxy OFF 
         TrustedCAFile "C:/bea/weblogic92/server/lib/trustedcafmtn.pem" 
         #EnforceBasicConstraints OFF 
         #RequireSSLHostMatch false 
         # SSLHostMatchOID 30 
         Debug ALL 
         DebugConfigInfo ON 
         ErrorPage http://www.err.ru 
         WLLogFile "C:/Program Files/Apache Software
Foundation/Apache2.2/logs/wl_proxy.log" 
         # Idempotent ON 
         # WLIOTimeoutSecs 100 
</IfModule> 
</VirtualHost>
When we didn’t use SSL (SecureProxy OFF) everything work properly with 7001
port, but application redirects requests to https://fmtn.brr.ru:7002/, when
SecureProxy ON – didn’t work.
Please, help us to understand what the problem, and how to configure this
section of request with our keystore and keys in Apache.
User ------------------------------------- Apache
                       SSL                        
It’ll be good if that you show an example of httpd.config for the cluster of
managed servers too.
-- 
View this message in context: http://www.nabble.com/Apache-%2B-weblogic-integration-issue-tp17424735p17424735.html
Sent from the Apache HTTP Server - Users mailing list archive at Nabble.com.


---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
   "   from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org


Mime
View raw message