httpd-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Tamer Embaby <Tamer.Emb...@itworx.com>
Subject RE: [users@httpd] Apache + weblogic integration issue
Date Mon, 26 May 2008 08:26:18 GMT
Alec,

Why do you need WL 9.2 to talk HTTPS? Why don't you offload HTTPS
traffic from WL to Apache frontend only, and not between Apache
WL path.  Like:

User -> HTTPS -> Apache -> HTTP -> WL

Meaning make the traffic clear text between Apache and WL, especially if
they are on the same host.

So for HTTP port 80 (this is not tested, but for you to get the idea):

LoadModule weblogic_module modules/mod_wl_22.so
Listen 80

NameVirtualHost *:80

RewriteEngine on
#RewriteLogLevel 9
#RewriteLog YourRewrite.log

<VirtualHost *:80>
        ServerAdmin aaa@aaa.ru
        ServerName domain.ru

        # This will redirect to one of the virtual hosts
        # app1.domain.ru or app2.domain.ru below
        RewriteRule ^/(app[12])(.*) http://$1.domain.ru/$1$2 [P]
</VirtualHost>

<VirtualHost *:80>
        ServerAdmin aaa@aaa.ru
        DocumentRoot "C:/Program Files/Apache Software Foundation/Apache2.2/htdocs"
        ServerName app1.domain.ru

        ErrorLog logs/fmtn.brr.ru-error.log
        CustomLog logs/fmtn.brr.ru-access.log common

        # This will handle if we got called:
        # http://app1.domain.ru or
        # http://domain.ru/app1
        RewriteCond %{REQUEST_URI} !^/app1
        RewriteRule ^/(.*)$ /app1/$1 [PT]

        <Location /app1>
                <IfModule Mod_weblogic.c>
                        SetHandler weblogic-handler
                        WebLogicHost 192.168.0.1
                        WebLogicPort 7002
                        #SecureProxy ON
                        #TrustedCAFile "C:/bea/weblogic92/server/lib/trustedcafmtn.pem"
                        EnforceBasicConstraints OFF
                        #RequireSSLHostMatch false
                        # SSLHostMatchOID 30
                        Debug ALL
                        DebugConfigInfo ON
                        ErrorPage http://www.err.ru
                        WLLogFile "C:/Program Files/Apache Software Foundation/Apache2.2/logs/wl_proxy.log"
                        # Idempotent ON
                        # WLIOTimeoutSecs 100
                </IfModule>
        </Location>

</VirtualHost>
<VirtualHost *:80>
        ServerAdmin aaa@aaa.ru
        DocumentRoot "C:/Program Files/Apache Software Foundation/Apache2.2/htdocs"
        ServerName app2.domain.ru

        ErrorLog logs/app2.brr.ru-error.log
        CustomLog logs/app2.brr.ru-access.log common

        RewriteCond %{REQUEST_URI} !^/app1
        RewriteRule ^/(.*)$ /app2/$1 [PT]

        <Location /app2>
                <IfModule Mod_weblogic.c>
                        SetHandler weblogic-handler
                        WebLogicHost 192.168.0.1
                        WebLogicPort 8002
                        #SecureProxy ON
                        #TrustedCAFile "C:/bea/weblogic92/server/lib/trustedcafmtn.pem"
                        EnforceBasicConstraints OFF
                        #RequireSSLHostMatch false
                        # SSLHostMatchOID 30
                        Debug ALL
                        DebugConfigInfo ON
                        ErrorPage http://www.err.ru
                        WLLogFile "C:/Program Files/Apache Software Foundation/Apache2.2/logs/wl_proxy.log"
                        # Idempotent ON
                        # WLIOTimeoutSecs 100
                </IfModule>
        </Location>
</VirtualHost>

You need the same for the HTTPS virtual hosts.

To proxy a WebLogic cluster use the WL directive WebLogicCluster
instead of WebLogicHost and WebLogicPort as:
WebLogicCluster 192.168.0.1:7001, 192.168.0.2:7001, 192.168.0.3:7001

Hope this helps.

Tamer

-----Original Message-----
From: Alec C4 [mailto:alec.c4@gmail.com]
Sent: Friday, May 23, 2008 3:42 PM
To: users@httpd.apache.org
Subject: [users@httpd] Apache + weblogic integration issue


Situation:
In the DMZ we have a machine with WebLogic 9.2 MP2 on Windows 2003.
There are 2 domains on it. Each have one Administrative server with one
application on in.
For example, the first is available on http://hostname:7011/app1
(https://hostname:7012/app1 - SSL) and the second on
http://hostname:6011/app2 (https://hostname:6012/app2 -- SSL).
Server is available from outside on 80 and 443 ports.
Applications may connect to the other services in local lan on 80 and other
ports.
We need next:
If we type links such as - http://domain.ru/app1 (https://domain.ru/app1),
http://app1.domain.ru (https://app1.domain.ru) - we can use any variant
(similar for other application), we may connect on these applications.
We need to have the following configuration:
User ------------------------------------- Apache
-------------------------------WLS-------------------------APP
                      SSL                                          SSL
                             SSL

Redirecting don't satisfy us, work with applications for the end-user should
be transparent, he should not see the real location of applications + other
ports, because access them from outside is closed.
At first, one Administrative server for each application will be used, later
some more additional managed servers for load balance on cluster will be
added. We decided to use Apache 2.2.8 with a plug-in for WebLogic.

Here are WLS Settings:
Domain 1:
Administrative server:
Listen Address: 192.168.0.1
Listen Port Enabled - Enabled
Listen Port: 7001
SSL Listen Port Enabled - Enabled
SSL Listen Port: 7002
Future managed servers:
Listen Address: 192.168.0.1
Listen Port Enabled - Enabled
Listen Port: 7003 (7005, 7007...)
SSL Listen Port Enabled - Enabled
SSL Listen Port: 7004 (7006, 7008...)
Domain 2:
Administrative server:
Listen Address: 192.168.0.1
Listen Port Enabled - Enabled
Listen Port: 8001
SSL Listen Port Enabled - Enabled
SSL Listen Port: 8002
Future managed servers:
Listen Address: 192.168.0.1
Listen Port Enabled - Enabled
Listen Port: 8003 (8005, 8007...)
SSL Listen Port Enabled - Enabled
SSL Listen Port: 8004 (8006, 8008...)

For Trust and Identity keystore we use the same repository -
FMTNfrontofficekeystore.jks.
Storepass - FMTNfrontofficestorepass
Alias - FMTNfrontofficeidentityalias
In this way we generate certificate:
keytool -export -file trustedcafmtn.der -keystore
FMTNfrontofficekeystore.jks -alias FMTNfrontofficeidentityalias
Then we convert it to trustedcafmtn.pem:
java utils.der2pem trustedcafmtn.der

Apache will be listening on 80 and 443 ports.
Applications should be available for requests at the following addresses
http://app1.domain.ru (https://app1.domain.ru) and http://app2.domain.ru
(https://app2.domain.ru)
When requesting address http://app1.domain.ru application automatically
redirects the request at https://app1.domain.ru, the second application acts
in the same way.

Here is a sample configuration file settings httpd.config for Apache:

LoadModule weblogic_module modules/mod_wl_22.so
Listen 80

NameVirtualHost *:80

<VirtualHost *:80>
     ServerAdmin aaa@aaa.ru
     DocumentRoot "C:/Program Files/Apache Software
Foundation/Apache2.2/htdocs"
     ServerName fmtn.brr.ru
     ErrorLog logs/fmtn.brr.ru-error.log
     CustomLog logs/fmtn.brr.ru-access.log common
<Location />
   SetHandler weblogic-handler
</Location>
<IfModule Mod_weblogic.c>
         WebLogicHost 192.168.0.1
         WebLogicPort 7002
         SecureProxy ON
         TrustedCAFile "C:/bea/weblogic92/server/lib/trustedcafmtn.pem"
         EnforceBasicConstraints OFF
         RequireSSLHostMatch false
         # SSLHostMatchOID 30
         Debug ALL
         DebugConfigInfo ON
         ErrorPage http://www.err.ru
         WLLogFile "C:/Program Files/Apache Software
Foundation/Apache2.2/logs/wl_proxy.log"
         # Idempotent ON
         # WLIOTimeoutSecs 100
</IfModule>

</VirtualHost>
<VirtualHost *:80>
     ServerAdmin aaa@aaa.ru
     DocumentRoot "C:/Program Files/Apache Software
Foundation/Apache2.2/htdocs"
     ServerName fmtn.brr.ru
     ErrorLog logs/fmtn.brr.ru-error.log
     CustomLog logs/fmtn.brr.ru-access.log common
<Location />
   SetHandler weblogic-handler
</Location>
<IfModule Mod_weblogic.c>
         WebLogicHost 192.168.0.1
         WebLogicPort 7001
         SecureProxy OFF
         TrustedCAFile "C:/bea/weblogic92/server/lib/trustedcafmtn.pem"
         #EnforceBasicConstraints OFF
         #RequireSSLHostMatch false
         # SSLHostMatchOID 30
         Debug ALL
         DebugConfigInfo ON
         ErrorPage http://www.err.ru
         WLLogFile "C:/Program Files/Apache Software
Foundation/Apache2.2/logs/wl_proxy.log"
         # Idempotent ON
         # WLIOTimeoutSecs 100
</IfModule>
</VirtualHost>
When we didn't use SSL (SecureProxy OFF) everything work properly with 7001
port, but application redirects requests to https://fmtn.brr.ru:7002/, when
SecureProxy ON - didn't work.
Please, help us to understand what the problem, and how to configure this
section of request with our keystore and keys in Apache.
User ------------------------------------- Apache
                       SSL
It'll be good if that you show an example of httpd.config for the cluster of
managed servers too.
--
View this message in context: http://www.nabble.com/Apache-%2B-weblogic-integration-issue-tp17424735p17424735.html
Sent from the Apache HTTP Server - Users mailing list archive at Nabble.com.


---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
   "   from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org


---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
   "   from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org


Mime
View raw message