Showing posts with label Web Server. Show all posts
Showing posts with label Web Server. Show all posts

How To Migrate Oracle iPlanet Web Server Weblogic Proxy Plugin Configuration To Oracle HTTP Server 11g

This document is provided as a guideline for migrating the Weblogic Proxy Plugin configuration from Oracle iPlanet Web Server (iWS), 6.1.x and 7.0.x, to Oracle HTTP Server 11g (OHS). 

iPlanet 6.1.x and 7.0.x Configuration

The configuration for the Weblogic Proxy Plugin is contained in two files within iWS.

1] The plugin is loaded in the Web Server magnus.conf file (/<Server_Root>/<instance>/config/magnus.conf).
Init fn="load-modules" shlib="/<path_to>/"
2] Requests can be processed in two ways in the obj.conf file (/<Server_Root>/<instance>/config/obj.conf), either by URL or by MIME type. Both the PathTrim and PathPrepend directives are optional and may not be present.
Example proxy by URL:
<Object ppath="*/weblogic/*">>
Service fn=wl-proxy WebLogicPort=1234 PathTrim="/weblogic"
Example proxy by MIME type:
Service method="(GET|HEAD|POST|PUT)" type=text/jsp fn=wl-proxy WebLogicPort=1234 PathPrepend=/jspfiles

Note - with iWS 7.0 the obj.conf file may be prepended with the name of the Virtual Server - <vs>-obj.conf. The correct obj.conf file can be found in the <object-file> tag of the server.xml file for each Virtual Server.

OHS 11g Configuration

The configuration for OHS should be in the directory $ORACLE_INSTANCE/config/OHS/ohs1 for an initial install. The instance name, ohs1, may be different if there are multiple instances installed.

OHS installs the Weblogic module by default. The main OHS configuration file, httpd.conf, should already have an entry to include the configuration file for the module:
# Include the configuration files needed for mod_weblogic
include "${ORACLE_INSTANCE}/config/${COMPONENT_TYPE}/${COMPONENT_NAME}/mod_wl_ohs.conf"
The mod_wl_ohs.conf file should already exist, and will contain commented sample entries, but will have nothing actually configured initially.

The documentation for the Weblogic module provides clear details on how to configure it.

Following the configuration of the Weblogic module, the URL example from the iWS configuration above would be:
<IfModule weblogic_module>

<Location /weblogic>
SetHandler weblogic-handler
WeblogicPort 1234
PathTrim /weblogic

The MIME type example would be:

<IfModule weblogic_module>

WeblogicPort 1234
MatchExpression *.jsp
PathPrepend /jspfiles


How To Migrate Oracle iPlanet Web Server Virtual Server Settings To Oracle HTTP Server 11g

The iPlanet logo
The iPlanet logo (Photo credit: Wikipedia)

This document is provided as a guideline for migrating Virtual Server settings from Oracle iPlanet Web Server (iWS) to Oracle HTTP Server 11g (OHS).

 iPlanet Web Server 7.0.x Configuration
 iWS configuration always contains a least one single default Virtual Server.  A Virtual Server settings can be found in the following ways,
A] The Admin CLI (wadm)
 The Virtual Server properties can be found by running the following wadm command:
/<server_root>/bin/wadm get-virtual-server-prop --user=<admin_user> --host=<serverhost> --port=<port> --ssl=true --config=<config> --vs=<vs>

For example:
#/opt/iplanet/bin wadm get-virtual-server-prop --user=admin --host=localhost --port=8989 --ssl=true --config=config1 --vs=virtual1
Please enter admin-user-password>

In order to get a list of all Configurations and Virtual Servers use the following wadm command: 
# /opt/iplanet/bin/wadm list-configs --user=admin --host=localhost --port=8989 --ssl=true
Please enter admin-user-password>

# /opt/iplanet/bin/wadm list-virtual-servers --user=admin --host=localhost --port=8989 --ssl=true --config=config1
Please enter admin-user-password>

2] You can examine the server.xml file directly, each Virtual Server is defined inside a block of <virtual-server></virtual-server> xml.

iPlanet Web Server 6.1.x Configuration
With iWS 6.1 the Virtual server configuration is stored directly in the server.xml. As it possible to have multiple Virtual Server Classes make sure the file is checked carefully.
<VS id="" connections="ls1" mime="mime1" aclids="acl1" urlhosts="">
            <PROPERTY name="docroot" value="/opt/iplanet/docs"/>
            <USERDB id="default"/>
                <WEBAPP uri="/search" path="/opt/iplanet/bin/https/webapps/search"/>
OHS 11g Configuration
OHS uses the standard Apache Virtual Host configuration.  
Virtual Server configurations are referred to as "Virtual Hosts" with OHS. By default OHS does not require a virtual host configuration to work as it will use the configuration wide settings.

1] To configure a Virtual Host edit the httpd.conf at a suitable location. Alternatively create a separate file and load it using an "Include" directive.  It is worth noting that the SSLrelated virtual hosts are usually placed within the ssl.conf file.
 An example of a name based Virtual Host.
NameVirtualHost *:80

<VirtualHost *:80>
    DocumentRoot "${ORACLE_INSTANCE}/config/${COMPONENT_TYPE}/${COMPONENT_NAME}/htdocs_virtual1"
An simple IP based Virtual Host.
DocumentRoot ${ORACLE_INSTANCE}/config/${COMPONENT_TYPE}/${COMPONENT_NAME}/htdocs_virtual2"
2] Restart ohs
# opmnctl restartproc process-type=OHS

HTTP 500 Errors From WLS Within the Apache Proxy Log for a HTTP Proxy Service

Using Oracle Service Bus user faces HTTP 500 internal server errors intermittently in access.log for OSB http proxy requests.

By enabling pipeline debug getting the following exceptions :
<[ACTIVE] ExecuteThread: '8' for queue: 'weblogic.kernel.Default (self-tuning)'> <> <> <> <1294866198373> error handler OSB Assign action failed updating variable "body": Could not load the translet class 'transformXMLtoICONHTML'.
at stages.transform.runtime.AssignRuntimeStep.processMessage(


This issue is caused by a known apache XLSTC issue. For details see .


To fix this, use another xslt library by using the standard system property i.e.


For example, to use the weblogic implementation, you can specify this as a system property in setdomainenv script:

Oracle WebLogic Server - Apache Proxy log Throws READ_ERROR_FROM_FILE

There are reports of requests failing and the Apache Proxy log throwing "READ_ERROR_FROM_FILE" and "Cannot read 0 bytes of postData from tmp file" exceptions in WebLogic Server.
Below is the exception in Apache proxy logs at the time of the issue:
READ_ERROR_FROM_FILE [os error=0, line 144 of ap_proxy.cpp]: Cannot read 0 bytes of postData from tmp file '/tmp/_wl_proxy/_post_916_xxx


The problem is related to network latency and file caching. When the POST data in a request is greater than 2048 bytes and when FileCaching is set to ON, the POST data is first read into a temporary file on disk and then forwarded to the WebLogic Server in chunks of 8192 bytes.


To resolve this issue disable File Caching on the Apache web server.
To disable File Caching, in the Apache configuration under <IfModule mod_weblogic.c>, add the setting below:
FileCaching OFF

CONNECTION_REFUSED when accessing WLS via Apache plugin on Linux

You have successfully installed the Apache 2.2 proxy plugin on your WebLogic Server, but you cannot connect to the WLS servers via the proxy. Errors similar to the following are seen in the proxy log file:
Tue Mar 6 20:19:43 2012 <1959713310867732> INFO: New NON-SSL URL
Tue Mar 6 20:19:43 2012 <1959713310867732> Connect returns -1, and error no set to 13, msg 'Permission denied'
Tue Mar 6 20:19:43 2012 <1959713310867732> Error connecting to host
Tue Mar 6 20:19:43 2012 <1959713310867732> *******Exception type [CONNECTION_REFUSED] (Error connecting to host errno = 13) raised at line 1723 of ../nsapi/URL.cpp


Error 13 (Permission denied) is a low-level OS error. Outbound TCP connections are required for the proxy to work, but Apache was unable to achieve such connections. There are two possible root causes:
  1. There is a firewall between the WLS servers and the proxy host which is filtering connections to the WLS servers. You can test this by running a simple telnet command on the Apache box to any WLS server:
    telnet 7010
    Replace and 7010 with the actual IP address and port of your WLS Admin Server.

Apache plugin got error: could not resolve hostname

When using proxy plugin, it can not send request to backend server and shows error:
No backend server available for connection: timed out after 10 seconds or idempotent set to OFF

 Check plugin log, it shows error:

Mon Oct 15 19:39:21 2012 <610013502903531> parseJVMID: Parsing JVMID '2032779470!ede-dev-app!7813!7713'
Mon Oct 15 19:39:21 2012 <610013502903531> parseJVMID: Actually parsing '2032779470!ede-dev-app!7813!7713'
Mon Oct 15 19:39:21 2012 <610013502903531> parseJVMID: could not resolve hostname 'ede-dev-app'. Returning NULL from parseJVMID
Mon Oct 15 19:39:21 2012 <610013502903531> ### Got a new Server List of length 0 ###
Mon Oct 15 19:39:21 2012 <610013502903531> canRecycle: conn=1 status=200 isKA=1 clen=356 isCTE=0
Mon Oct 15 19:39:21 2012 <610013502903531> closeConn: pooling for ''
Mon Oct 15 19:39:21 2012 <610013502903531> closeConn: cannot recycle connection to '', no matching entry in list!

In config.xml, it defines listen address as DNSname, like:

 Or it defines cluster address as comma-separated list of DNS names of the cluster members, like:

Apache Cannot Connect to WebLogic Server with SSL Communication

Trying to configure Apache web servers in front of a cluster WLS server, but can't get the Apache working with SSL communication. In the wl_proxy log it shows:

Fri Nov 19 18:10:29 2010 <3058212901614292> *******Exception type [READ_ERROR_FROM_SERVER] (socket read failure) raised at line 251 of ../nsapi/Reader.cpp
Fri Nov 19 18:10:29 2010 <3058212901614292> caught exception in readStatus: READ_ERROR_FROM_SERVER [os error=104, line 251 of ../nsapi/Reader.cpp]: socket read failure at line 963
Fri Nov 19 18:10:29 2010 <3058212901614292> PROTOCOL_ERROR: Backend Server not responding - isRecycled:0
Fri Nov 19 18:10:29 2010 <3058212901614292> Marking as bad
Fri Nov 19 18:10:29 2010 <3058212901614292> got exception in sendRequest phase: Backend Server not responding at line 3702
Fri Nov 19 18:10:29 2010 <3058212901614292> Failing over after sendRequest() exception: PROTOCOL_ERROR as Idempotent is set to ON
Fri Nov 19 18:10:29 2010 <3058212901614292> attempt #2 out of a max of 5
Fri Nov 19 18:10:29 2010 <3058212901614292> general list: trying connect to ''/7102/7102 at line 3188 for '/GiftCard_106_UAT/'
Fri Nov 19 18:10:29 2010 <3058212901614292> SSL is not configured for this connection
Fri Nov 19 18:10:29 2010 <3058212901614292> Local Port of the socket is 35895
Fri Nov 19 18:10:29 2010 <3058212901614292> Remote Host Remote Port 7102
Fri Nov 19 18:10:29 2010 <3058212901614292> URL::connect SSLConn for reader is not set as it is NULL


The SSL configuration is wrong. You need to add the needed SSL libraries to LD_LIBRARY_PATH into the file /etc/profile. For example, add the following lines at the bottom. You may already have the LD_LIBRARY_PATH variable defined. If so, simply add this path to it.

For instance:


The SSL libraries are missing in LD_LIBRARY_PATH. LD_LIBRARY_PATH MUST be set and MUST have a pointer to the directory where the SSL .so modules are.

Issues about KeepAlive between Apache Plug-In and WebLogic Server

Sometime after WebLogic Server is running for a while, the network administrator will see there are many connections staying in FIN_WAIT2 state on the WLS side and CLOSE_WAIT state on the Apache side.
Customer environment includes 50+ WLS instances and several Apache servers, as well as some F5 load balancers between WLS and Apache.
The Apache httpd.conf include the following lines:

KeepAlive On
MaxKeepAliveRequests 100
KeepAliveTimeout 30
<IfModule mod_weblogic.c>
WebLogicHost aa.b.c.ddd
WebLogicPort 80
MatchExpression *
KeepAliveEnabled ON
KeepAliveSecs 30

Oracle Weblogic Server: Configure Apache With SSL Certificates To Forward Requests To WebLogic Server Environment

This article provides detailed steps to configure Apache with SSL in a WLS environment.
This process will successfully setup SSL communication between the client (browser) and the Apache Web Server as well as SSL (https) communication between the Apache Web Server and the WebLogic Server.
At a high level, the following steps are implemented:
  1. Create a valid certificate from Verisign.
  2. Configure Apache plugin to use SSL using the new certificate.
  3. Configure WLS to use the new certificate.
  4. Test SSL proxy request to WLS.


Apache configuration

  1. Install Apache 2.2.
  2. Include the following in httpd.conf file:
    LoadModule weblogic_module modules/
    Note that this filename is different in different versions of the WebLogic plug-in: change the filename as needed for your version.
  3. Copy the from the folder: <WebLogic_Home>\server\plugin\win\32 to <Apache_Home>\modules. Note that this filename is different in different versions of the WebLogic plug-in: change the filename as needed for your version.
  4. Uncomment LoadModule ssl_module modules/ in httpd.conf
  5. Uncomment include conf/extra/httpd-ssl.conf in httpd.conf.
  6. Now run the following commands in apache:
    set OPENSSL_CONF=F:\apache2.2\conf\openssl.cnf
    > />openssl genrsa -des3 -out localhost.key 1024
    Enter pass phrase:
    > />openssl req -new -key localhost.key -out localhost.csr> />> />
    It will generate the CSR file. Place the CSR file in a particular folder.

Oracle Weblogic Server: Apache 2.4 Crash When WLS Plugin 12c Is Loaded

As soon as the weblogic 12c plugin is loaded (using LoadModule weblogic_module /opt/apache/wl_12c_plugin/lib/, Apache throws a core dump on startup.
With the equivalent configuration (and switching to, Apache 2.2.x works ok.

In order to determine the cause of the crash, run a debugger such as dbx or gdb on the core file.

The following shows the commands to be executed for dbx 

(dbx) threads ("shows the state of the existing threads")
o>    t@1  a  l@1   ?()   signal SIGSEGV in  strcmp()
(dbx) where -l ("shows a summary of the stack including the library name with function name")

current thread: t@1
=>[1], 0x44000000, 0xbc319048, 0x2f73746174696300, 0x8080808080808080, 0x101010101010101), at 0xffffffff7d63c130
[2], 0x100313028, 0x100319048, 0x100313028, 0x12b644, 0xffffffff7cc8d638), at 0xffffffff7cc64270
[3] httpd:invoke_cmd(0xffffffff7cd9a4c0, 0xffffffff7ffff640, 0x1002cd568, 0x0, 0xffffffff7cd9a4c0, 0xa030), at 0x100058284
[4] httpd:ap_walk_config_sub(0xffffffff7cd99c10, 0xffffffff7ffff640, 0x10029db28, 0x1002cbdf0, 0x1002cd568, 0x0), at 0x1000590a8
[5] httpd:ap_process_config_tree(0x10028afd8, 0x1002cf940, 0x1002577e8, 0x10028bbc8, 0x230, 0xffffffff7e824e40), at 0x10005a4bc
[6] httpd:main(0x1002577e8, 0x1002558c8, 0x9de8, 0x100248878, 0x100248850, 0x6), at 0x100032158
(dbx) dis strcmp
dbx: warning: unknown language, 'c' assumed
0xffffffff7d63c060: strcmp       :      subcc    %o0, %o1, %o2
0xffffffff7d63c064: strcmp+0x0004:      be,pn    %xcc,strcmp+0xf4       ! 0xffffffff7d63c154
0xffffffff7d63c068: strcmp+0x0008:      sethi    %hi(0x1010000), %o5
0xffffffff7d63c06c: strcmp+0x000c:      andcc    %o0, 7, %o3
0xffffffff7d63c070: strcmp+0x0010:      bset     257, %o5
0xffffffff7d63c074: strcmp+0x0014:      be,pn    %xcc,strcmp+0x44       ! 0xffffffff7d63c0a4
0xffffffff7d63c078: strcmp+0x0018:      sllx     %o5, 32, %o4
0xffffffff7d63c07c: strcmp+0x001c:      dec      8, %o3
0xffffffff7d63c080: strcmp+0x0020:      ldub     [%o1 + %o2], %o0
0xffffffff7d63c084: strcmp+0x0024:      ldub     [%o1], %g1
(dbx) frame 1
0xffffffff7d63c130: strcmp+0x00d0:      ldx      [%o1], %g1
(dbx) regs
current thread: t@1
current frame:  [1]
g0-g1    0x0000000000000000 0xffffffff7d63c060
g2-g3    0x0000000100313028 0x000000000000b350
g4-g5    0x000000000000b000 0x00000000829c3c00
g6-g7    0x0000000000000000 0xffffffff7da00200
o0-o1    0x0000000100319048 0x0000000044000000
o2-o3    0x00000000bc319048 0x2f73746174696300
o4-o5    0x8080808080808080 0x0101010101010101
o6-o7    0xffffffff7fffe921 0xffffffff7cc64270
l0-l1    0x0000000000000000 0xffffffff7cd8f7c8
l2-l3    0x0000000100319050 0x0000000000000010
l4-l5    0x0000000000000020 0xffffffff7cd99c10
l6-l7    0x0000000000004608 0x000000010022c770
i0-i1    0xffffffff7ffff640 0x0000000100313028
i2-i3    0x0000000100319048 0x0000000100313028
i4-i5    0x000000000012b644 0xffffffff7cc8d638
i6-i7    0xffffffff7fffe9d1 0x0000000100058284
y        0x0000000000000000
ccr      0x0000000000000044
pc       0xffffffff7d63c130:strcmp+0xd0    ldx      [%o1], %g1
npc      0xffffffff7d63c134:strcmp+0xd4    cmp      %o3, %g1

Oracle WebLogic Server Plug-Ins and SSL


This document was created to help users understand their needs when using the WebLogic plugin and SSL. It describes in detail questions to ask when setting up the architecture of the environment. The three web servers that will be used as examples are: Apache, iPlanet (SunOne), and Microsoft IIS.


Before you start, it is important to understand the handshake process. Refer to the Understanding and Investigating SSL Issues  for information.
Before you start, ask yourself the following questions:
  1. Will I have SSL set up between the client and the web server hosting the proxy (Apache, Sun One. IIS)?

    If the answer is yes, will it need to be 2-way SSL? This design has the advantage of offering the possibility to propagate client certificates to the back-end WebLogic Server (e.g., for authentication).
  2. Will I have SSL set up between the plugin and the WebLogic Server?

    If the answer is yes, will I need to "intercept" a client certificate from the first front-end handshake?
  3. Is it only 1-way SSL that I need? Is it only to encrypt the data between the plugin and the WebLogic Server?

Oracle WebLogic Server: Common Diagnostic Process for Proxy Plug-In Problems

Enable proxy debug

Turn on proxy debug by setting Debug="ALL" in the proxy configuration file.

Enable proxy bridge

Set DebugConfigInfo="ON" in the proxy configuration file.
Refer to General Parameters for Web Server Plug-Ins for details about these configuration parameters.
Both the above settings require restart of the web server.

Example configuration for the Sun Java System Web Server Plug-In (previously called the Netscape Enterprise Server plug-in or iPlanet/SunOne plug-in) (obj.conf):
<Object name="weblogic" ppath="*/mywebapp/*">
Service fn=wl-proxy\
For configuration details, refer to Installing and Configuring the Sun Java System Web Server Plug-In.
Example configuration for Apache plug-in (httpd.conf):
<Location /mywebapp>
WebLogicCluster sol1:8001,sol2:8001,sol3:8003
Debug ALL
DebugConfigInfo ON
WLLogFile /tmp/wlproxy.log
For configuration details, refer to Installing and Configuring the Apache HTTP Server Plug-In.
Example configuration for IIS plug-in (iisproxy.ini):
WebLogicCluster sol1:8001,sol2:8001,sol3:8003
Debug ALL
DebugConfigInfo ON
WLLogFile C:\temp\wlproxy.log
For configuration details, refer to Installing and Configuring the Microsoft IIS Plug-In

Configuring Mod_wl_ohs to use SSL between Oracle HTTP Server and Weblogic Server in ORACLE FUSION MIDDLEWARE 11g

Following this note will result in the following architecture:

Browser --> https --> OHS --> https --> WebLogic Server

There are three steps needed to configure mod_wl_ohs in this setup:
Step I:  Configure OHS for SSL
Step II: Configure Weblogic for SSL
Step III: Configure mod_wl_ohs

Step I: Configure OHS for SSL
1. Configure Oracle HTTP Server so your browser can connect to OHS via SSL. See the following article to accomplish this:  Configuring Oracle HTTP Server to use SSL in Fusion Middleware 11g (11.1.1.X)

Step II: Configure Weblogic for SSL

1. Configure Weblogic so your browser can connect via SSL. See the following article to accomplish this:  Configuring Oracle WebLogic Server (10.3.X) to use SSL in Fusion Middleware 11g (11.1.1.X)

Step III: Configure mod_wl_ohs

This step assumes you have deployed an application to the WebLogic Managed Server where SSL is configured. In this example an application is deployed whose root context is /helloWorld. See  How To Configure mod_wl_ohs with Oracle HTTP Server and Oracle WebLogic Server, to make sure this works via HTTP before attempting the SSL setup

Oracle Weblogic Server: How To Configure mod_wl_ohs with Oracle HTTP Server and Oracle WebLogic Server

Configure mod_wl_ohs with Oracle HTTP Server and Oracle WebLogic Server

Oracle HTTP Server  (or any http web servers like apache , IIS)  can be used in front of Oracle WebLogic Server (WLS) or Weblogic Cluster  with the use of the Oracle Fusion Middleware 11g/12c installed mod_wl_ohs.

How To Configure mod_wl_ohs with Oracle HTTP Server and Oracle WebLogic Server

1. Check for the following configuration with WLS 10.3.4 and newer, where the first one is required for this basic setup and the second one for more advanced configurations using SSL:
  • Weblogic Plug-In Enabled
  • Client Cert Proxy Enabled
Steps to configure:
  • Login to WLS Console
  • In the Environment tab, click 'Servers'
  • Click on Adminserver - in the Configuration, General - go to Advanced section
  • Check the checkbox with the text 'WebLogic Plug-In Enabled'
  • Check the checkbox with the text 'Client Cert Proxy Enabled' if using two-way SSL
  • Save the changes and restart WebLogic Serve
2. Become familiar with your Oracle HTTP Server environment on the file system:
The module library file and configuration file is located at the following locations:
To set the environment before administering with opmnctl, use the following examples:
ORACLE_HOME=/space/oracle/Middleware/Oracle_WT1; export ORACLE_HOME

set ORACLE_HOME=C:\oracle\Middleware\Oracle_WT1
set ORACLE_INSTANCE=%ORACLE_HOME%\instances\instance1

opmnctl status -l
opmnctl stopall
opmnctl startall