Installing and Configuring Oracle HTTP Server

17 Installing and Configuring Oracle HTTP Server

For an enterprise deployment, Oracle HTTP Server must be installed on each of the web tier hosts and configured as Oracle HTTP standalone domains on each host.

The Oracle HTTP Server instances on the web tier direct HTTP requests from the hardware load balancer to specific Managed Servers in the application tier.

Before you configure Oracle HTTP Server, be sure to review About Web Tier.

This chapter includes the following topics:

Variables Used When Configuring the Oracle HTTP Server
You reference these directory variables as you perform the different tasks explained in this chapter.
About Storage
When you deploy Oracle HTTP Servers, the configuration information is stored locally or on a dedicated NFS volume.
About the Oracle HTTP Server Domains
In an enterprise deployment, each Oracle HTTP Server instance is configured on a separate host and in its own standalone domain. This allows for a simple configuration that requires a minimum amount of configuration and a minimum amount of resources to run and maintain.
Installing a Supported JDK
Oracle Fusion Middleware requires you to install a certified Java Development Kit (JDK) on your system.
Installing Oracle HTTP Server on WEBHOST1
Install the Oracle HTTP Server software on the web tier by using the Oracle Universal Installer. Verify the installation after you complete the procedure.
Creating an Oracle HTTP Server Domain on WEBHOST1
You can create a new Oracle HTTP Server standalone domain on the first web tier host by using the Configuration Wizard.
Installing and Configuring an Oracle HTTP Server Domain on WEBHOST2
After you install Oracle HTTP Server and configure a domain on WEBHOST1, then you must also perform the same tasks on WEBHOST2.
Starting the Node Manager and Oracle HTTP Server Instances on WEBHOST1 and WEBHOST2
Start the Node Manager on both the hosts before starting the Oracle HTTP Server instances.
Creating a Health Check
Create a health check on each Oracle HTTP Server instance. Oracle recommends using a specific page for health checks to avoid failures.
Backing Up the Configuration
As a best practice, Oracle recommends you to back up the configuration after you have successfully extended a domain or at another logical point. Back up only after you have verified that the installation is successful so far. This is a quick backup to enable immediate restoration in case of problems in later steps.
Configuring Oracle HTTP Server to Route Requests to the Application Tier
Update the Oracle HTTP Server configuration files so that the web server instances route requests to the servers in the domain.
Configuring Oracle HTTP Server for Oracle Access Manager
You have to configure Oracle HTTP Server for the Oracle Access Manager Managed Servers to ensure they route requests correctly to the Oracle Access Management cluster.
Configuring Oracle HTTP Server for Oracle Identity Governance
To configure the Oracle HTTP Server instances in the web tier so they route requests correctly to the Oracle SOA Suite cluster, use the following procedure to create an additional Oracle HTTP Server configuration file that creates and defines the parameters of the https://igdinternal.example.com:7777 virtual server.
Configuring Oracle HTTP Server for Oracle Identity Role Intelligence
You should configure Oracle HTTP Server for the Oracle Identity Role Intelligence (OIRI) Servers to ensure that they route requests correctly to the Oracle Role Intelligence cluster.
Configuring Oracle HTTP Server for Oracle Advanced Authentication, Oracle Adaptive Risk Management, and Oracle Universal Authenticator
You should configure Oracle HTTP Server for Oracle Advanced Authentication servers to ensure that they route requests correctly to the OAA microservices.
Restarting the OHS Instances
Ensure that you have copied the configuration files to each WEBHOST, and then restart the Oracle HTTP Service instance on each host.
Validating the Oracle HTTP Server Configuration
To ensure that the Oracle HTTP server is working correctly, you should perform a few validations after configuring the Oracle Identity Management products.
Sample Virtual Host Files
The sample list includes the complete examples of all the virtual host files used in an Oracle Identity and Access Management deployment.

Parent topic: Configuring the Enterprise Deployment

Variables Used When Configuring the Oracle HTTP Server

You reference these directory variables as you perform the different tasks explained in this chapter.

The values for several directory variables are defined in File System and Directory Variables Used in This Guide.

WEB_ORACLE_HOME
WEB_DOMAIN_HOME
JAVA _HOME

Parent topic: Installing and Configuring Oracle HTTP Server

About Storage

When you deploy Oracle HTTP Servers, the configuration information is stored locally or on a dedicated NFS volume.

In the sections below, local refers to either local storage or an NFS volume. If you want to deploy Oracle HTTP Server on OCI, you should create a dedicated NFS volume. Whenever you see the reference /private, it refers to this private storage area – NFS or local.

Parent topic: Installing and Configuring Oracle HTTP Server

About the Oracle HTTP Server Domains

In an enterprise deployment, each Oracle HTTP Server instance is configured on a separate host and in its own standalone domain. This allows for a simple configuration that requires a minimum amount of configuration and a minimum amount of resources to run and maintain.

Note:

Oracle Fusion Middleware requires that a certified Java Development Kit (JDK) is installed on your system and JAVA_HOME is set on the web tier hosts.

For more information about the role and configuration of the Oracle HTTP Server instances in the web tier, see Understanding the Web Tier.

Parent topic: Installing and Configuring Oracle HTTP Server

Installing a Supported JDK

Oracle Fusion Middleware requires you to install a certified Java Development Kit (JDK) on your system.

The installation should be performed by oracle user who has the required permissions to install and configure the software. See Creating a Software Owner Account.

Parent topic: Installing and Configuring Oracle HTTP Server

Locating and Downloading the JDK Software

To find a certified JDK, see the certification document for your release on the Oracle Fusion Middleware Supported System Configurations page.

After you identify the Oracle JDK for the current Oracle Fusion Middleware release, you can download an Oracle JDK from the following location on Oracle Technology Network:

http://www.oracle.com/technetwork/java/index.html

Be sure to navigate to the download for the Java SE JDK.

Parent topic: Installing a Supported JDK

Installing the JDK Software

You must install the JDK in the following locations:

On the local storage device for each of the Web tier host computers. The Web tier host computers, which reside in the DMZ, do not necessarily have access to the shared storage on the application tier.

See the Understanding the Recommended Directory Structure for an Enterprise Deployment.

To install JDK 1.8.0_211:

Change directory to the location where you downloaded the JDK archive file.
```
cd download_dir
```
Unpack the archive into the JDK home directory, and then run the following commands:
```
tar -xzvf jdk-8u201-linux-x64.tar.gz
```
Note that the JDK version listed here was accurate at the time this document was published. For the latest supported JDK, see the Oracle Fusion Middleware System Requirements and Specifications for the current Oracle Fusion Middleware release.
Move the JDK directory to the recommended location in the directory structure.
For example:
```
mv ./jdk1.8.0_211 /u02/oracle/products/jdk
```
See File System and Directory Variables Used in This Guide.
Define the JAVA_HOME and PATH environment variables for running Java on the host computer.
For example:
```
export JAVA_HOME=/u02/oracle/products/jdk
export PATH=$JAVA_HOME/bin:$PATH
```
Run the following command to verify that the appropriate java executable is in the path and your environment variables are set correctly:
```
java -version
```
The Java version in the output should be displayed as 1.8.0_211.

Parent topic: Installing a Supported JDK

Installing Oracle HTTP Server on WEBHOST1

Install the Oracle HTTP Server software on the web tier by using the Oracle Universal Installer. Verify the installation after you complete the procedure.

The installation should be performed by oracle user who has the required permissions to install and configure the software. See Creating a Software Owner Account.

Parent topic: Installing and Configuring Oracle HTTP Server

Starting the Installer on WEBHOST1

To start the installation program, perform the following steps.

Log in to WEBHOST1.
Go to the directory in which you downloaded the installation program.
Enter the following command to launch the installation program:
./fmw_12.2.1.4.0_ohs_linux64.bin
When the installation program appears, you are ready to begin the installation.
Note:
If you are installing on Oracle Linux 8 and the prerequisite checks fail because the following packages do not exist:

compat-libcap1-1.10

compat-libstdc++-33-3.2.3-x86_64
Then, you can ignore them and carry on. These packages do not exist in Oracle Linux 8.
To continue, you can start the installation using the following command:
./fmw_12.2.1.4.0_ohs_linux64.bin -ignoreSysPrereqs

Parent topic: Installing Oracle HTTP Server on WEBHOST1

Navigating the Oracle HTTP Server Installation Screens

The following table lists the screens in the order that the installation program displays them.

If you need additional help with any of the installation screens, click the Help button on the screen.

Table 17-1 Oracle HTTP Server Installation Screens

Screen	Description
Installation Inventory Setup	On UNIX operating systems, this screen appears if you install any Oracle product on this host for the first time. Specify the location where you want to create your central inventory. Ensure that the operating system group name selected on this screen has write permissions to the central inventory location. See Understanding the Oracle Central Inventory in Installing Software with the Oracle Universal Installer. Note: Oracle recommends that you configure the central inventory directory within the products directory. Example: `/u02/oracle/products/oraInventory` You may also need to execute the `createCentralinventory.sh` script as root from the `oraInventory` folder after the installer completes.
Welcome	This screen introduces you to the product installer.
Auto Updates	Use this screen to automatically search My Oracle Support for available patches or automatically search the local directory for patches that you have already downloaded for your organization.
Installation Location	Use this screen to specify the location of your Oracle home directory. For the purposes of an enterprise deployment, enter the value of the WEB_ORACLE_HOME variable listed in Table 4-5.
Installation Type	Select Standalone HTTP Server (Managed independently of WebLogic server). This installation type allows you to configure the Oracle HTTP Server instances independently from any other existing Oracle WebLogic Server domains.
JDK Selection	For the value of JDK Home, enter the value of JAVA_HOME that you set when installing the JDK software.
Prerequisite Checks	This screen verifies that your system meets the minimum necessary requirements. If there are any warning or error messages, verify that your host computers and the required software meet the system requirements and certification information described in Host Computer Hardware Requirements and Operating System Requirements for the Enterprise Deployment Topology.
Installation Summary	Use this screen to verify the installation options that you selected. If you want to save these options to a response file, click Save Response File and provide the location and name of the response file. Response files can be used later in a silent installation situation. See Using the Oracle Universal Installer in Silent Mode in Installing Software with the Oracle Universal Installer.
Installation Progress	This screen allows you to see the progress of the installation.
Installation Complete	This screen appears when the installation is complete. Review the information on this screen, then click Finish to close the installer.

Parent topic: Installing Oracle HTTP Server on WEBHOST1

Verifying the Oracle HTTP Server Installation

Verify that the Oracle HTTP Server installation completed successfully by validating the WEB_ORACLE_HOME folder contents.

Run the following command to compare the installed folder structure with the following list:

ls --format=single-column WEB_ORACLE_HOME

The following files and directories are listed in theOracle HTTP Server Oracle Home:

bin
cdata
cfgtoollogs
crs
css
cv
has
install
inventory
jlib
ldap
lib
network
nls
ohs
OPatch
oracle_common
oracore
oraInst.loc
oui
perl
plsql
plugins
precomp
QOpatch
racg
rdbms
slax
sqlplus
srvm
webgate
wlserver
xdk

Parent topic: Installing Oracle HTTP Server on WEBHOST1

Creating an Oracle HTTP Server Domain on WEBHOST1

You can create a new Oracle HTTP Server standalone domain on the first web tier host by using the Configuration Wizard.

Parent topic: Installing and Configuring Oracle HTTP Server

Starting the Configuration Wizard on WEBHOST1

To start the Configuration Wizard, navigate to the following directory and start the WebLogic Server Configuration Wizard, as follows:

cd WEB_ORACLE_HOME/oracle_common/common/bin
./config.sh

Parent topic: Creating an Oracle HTTP Server Domain on WEBHOST1

Navigating the Configuration Wizard Screens for an Oracle HTTP Server Domain

Oracle recommends that you create a standalone domain for the Oracle HTTP Server instances on each web tier host.

The following topics describe how to create a new standalone Oracle HTTP Server domain:

Task 1 Selecting the Domain Type and Domain Home Location

On the Configuration Type screen, select Create a new domain.

In the Domain Location field, enter the value assigned to the WEB_DOMAIN_HOME variable.

Note the following:

The Configuration Wizard creates the new directory that you specify here.
Create the directory on local storage, so the web servers do not have any dependencies on storage devices outside the DMZ.

Note:

More information about the Domain home directory can be found in About the Domain Home Directory in Planning an Installation of Oracle Fusion Middleware.
More information about the other options on this screen can be found in Configuration Type in Oracle Fusion Middleware Creating WebLogic Domains Using the Configuration Wizard.
For more information about the web tier and the DMZ, see Understanding the Firewalls and Zones of a Typical Enterprise Deployment.
For more information about the WEB_DOMAIN_HOME directory variable, see File System and Directory Variables Used in This Guide.

Task 2 Selecting the Configuration Templates

On the Templates screen, select Oracle HTTP Server (Standalone) - 12.2.1.4.0 [ohs].

Tip:

More information about the options on this screen can be found in Templates in Oracle Fusion Middleware Creating WebLogic Domains Using the Configuration Wizard.

Task 3 Selecting the JDK for the Web Tier Domain.

Select the Oracle HotSpot JDK installed in the /u02/oracle/products/jdk directory prior to the Oracle HTTP Server installation.

Task 4 Configuring System Components

On the System Components screen, configure one Oracle HTTP Server instance. The screen should, by default, have a single instance defined. This is the only instance that you need to create.

The default instance name in the System Component field is ohs1. Use this default name when you configure WEBHOST1.
Make sure that OHS is selected in the Component Type field.
If an application is not responding, use the Restart Interval Seconds field to specify the number of seconds to wait before you attempt a restart if an application is not responding.
Use the Restart Delay Seconds field to specify the number of seconds to wait between restart attempts.

Task 5 Configuring OHS Server

Use the OHS Server screen to configure the OHS servers in your domain:

Select ohs1 from the System Component drop-down menu.
In the Listen Address field, enter WEBHOST1.

All the remaining fields are prepopulated, but you can change the values as required for your organization. See OHS Server in Oracle Fusion Middleware Creating WebLogic Domains Using the Configuration Wizard.
In the Server Name field, verify the value of the listen address and listen port.

It should appear as follows:
```
http://WEBHOST1:7777
```

Task 6 Configuring Node Manager

Select Per Domain Default Location as the Node Manager type, and specify the user name and password for the Node Manager.

Note:

For more information about the options on this screen, see Node Manager in Creating WebLogic Domains Using the Configuration Wizard.

For information about Node Manager configuration, see Configuring Node Manager on Multiple Machines in Administering Node Manager for Oracle WebLogic Server.

Task 7 Reviewing Your Configuration Specifications and Configuring the Domain

The Configuration Summary screen contains detailed configuration information for the domain that you are about to create. Review the details of each item on the screen and verify that the information is correct.

If you need to make any changes, you can go back to any previous screen either by using the Back button or by selecting the screen in the navigation pane.

Domain creation does not begin until you click Create.

In the Configuration Progress screen, click Next when it finishes.

Tip:

More information about the options on this screen can be found in Configuration Summary in Creating WebLogic Domains Using the Configuration Wizard.

Task 8 Writing Down Your Domain Home

The Configuration Success screen shows the domain home location.

Make a note of the information provided here, as you need it to start the servers and access the Administration Server.

Click Finish to close the Configuration Wizard.

Parent topic: Creating an Oracle HTTP Server Domain on WEBHOST1

Installing and Configuring an Oracle HTTP Server Domain on WEBHOST2

After you install Oracle HTTP Server and configure a domain on WEBHOST1, then you must also perform the same tasks on WEBHOST2.

Log in to WEBHOST2 and install Oracle HTTP Server by using the instructions in Installing Oracle HTTP Server on WEBHOST1.
Configure a new standalone domain on WEBHOST2 by using the instructions in Creating a Web Tier Domain on WEBHOST1.

Use the name ohs2 for the instance on WEBHOST2, and be sure to replace all occurrences of WEBHOST1 with WEBHOST2 and all occurrences of ohs1 with ohs2 in each of the examples.

Parent topic: Installing and Configuring Oracle HTTP Server

Starting the Node Manager and Oracle HTTP Server Instances on WEBHOST1 and WEBHOST2

Start the Node Manager on both the hosts before starting the Oracle HTTP Server instances.

Parent topic: Installing and Configuring Oracle HTTP Server

Starting the Node Manager on WEBHOST1 and WEBHOST2

Before you can start the Oracle HTTP Server instances, you must start the Node Manager on WEBHOST1 and WEBHOST2:

Log in to WEBHOST1 and navigate to the following directory:
```
WEB_DOMAIN_HOME/bin
```
Start the Node Manager as shown in the following sections by using nohup and nodemanager.out as an example output file:
```
nohup WEB_DOMAIN_HOME/bin/startNodeManager.sh > WEB_DOMAIN_HOME/nodemanager/nodemanager.out 2>&1 &
```
Log in to WEBHOST2 and perform steps 1 and 2.

See Advanced Node Manager Configuration in Administering Node Manager for Oracle WebLogic Server.

Parent topic: Starting the Node Manager and Oracle HTTP Server Instances on WEBHOST1 and WEBHOST2

Starting the Oracle HTTP Server Instances

To start the Oracle HTTP Server instances:

Navigate to the following directory on WEBHOST1:
```
WEB_DOMAIN_HOME/bin
```
For more information about the location of the WEB_DOMAIN_HOME directory, see File System and Directory Variables Used in This Guide.
Enter the following command:
```
./startComponent.sh ohs1
```
Note:

Every time you start the Oracle HTTP server, you will be asked for the Node Manager password. If you do not wish this behaviour, then use the following command the first time you start the Oracle HTTP server:
```
./startComponent.sh ohs1 storeUserConfig
```
This time when you enter the Node Manager password, it will be encrypted and stored. Future start and stop of the Oracle HTTP server will not require you to enter the Node Manager password.
Note:
For more information, see Storing Your Node Manager Password.
When prompted, enter the Node Manager password.
Repeat steps 1 through 3 to start the ohs2 instance on WEBHOST2. See Starting Oracle HTTP Server Instances in Administering Oracle HTTP Server.

Parent topic: Starting the Node Manager and Oracle HTTP Server Instances on WEBHOST1 and WEBHOST2

Creating a Health Check

Create a health check on each Oracle HTTP Server instance. Oracle recommends using a specific page for health checks to avoid failures.

When an Oracle HTTP Server is accessed via a load balancer, the load balancer periodically checks if the Oracle HTTP Server is alive by requesting a page from the Oracle HTTP server. The default health check tries to access the root page from the server. If a WebGate is used, you need to ensure that this page is not intercepted as it can cause the health check to fail.

It is not recommended to open the root page for the purpose of a health check because this can cause a security risk. It is recommended to use a specific page that is used only for the health check.

You can also enable the server status page and check the page. However, the server status page contains lot of information when exposed can pose a security risk that can be avoided by creating a dedicated page (excluding any sensitive information) in the HTTP server for the purpose of a health check.

When the WebGate bypass is created it should be locked down so that health check requests can only come from certain sources (not from the internet).

Perform the following steps on each Oracle HTTP Server instance to create a simple health check page:

Create a file named health-check.html in the directory WEB_DOMAIN_HOME/config/fmwconfig/components/OHS/<OHS_NAME>/htpdocs with the following:
```
<!DOCTYPE html>
<html>
<body> 

<h1>OK</h1> 
 
</body>
</html>
```
Verify whether you can view the page by accessing http://WEBHOST1.example.com:7777/health-check.html.

A page is displayed with the message OK.

Note:
Ensure that you are checking /health-check.html when configuring your load balancer.

Parent topic: Installing and Configuring Oracle HTTP Server

Backing Up the Configuration

As a best practice, Oracle recommends you to back up the configuration after you have successfully extended a domain or at another logical point. Back up only after you have verified that the installation is successful so far. This is a quick backup to enable immediate restoration in case of problems in later steps.

In a Kubernetes environment, it is sufficient to back up the persistent volume and the database.

The backup destination is the local disk. You can discard this backup when the enterprise deployment setup is complete. After the enterprise deployment setup is complete, you can initiate the regular deployment-specific Backup and Recovery process.

For information about backing up your configuration, see Performing Backups and Recoveries for an Enterprise Deployment.

Parent topic: Installing and Configuring Oracle HTTP Server

Configuring Oracle HTTP Server to Route Requests to the Application Tier

Update the Oracle HTTP Server configuration files so that the web server instances route requests to the servers in the domain.

Parent topic: Installing and Configuring Oracle HTTP Server

About the Oracle HTTP Server Configuration for an Enterprise Deployment

The following topics provide an overview about the changes that are required to the Oracle HTTP Server configuration files on each WEBHOST, in an enterprise deployment.

Parent topic: Configuring Oracle HTTP Server to Route Requests to the Application Tier

Purpose of the Oracle HTTP Server Virtual Hosts

The reference topologies in this guide require that you define a set of virtual servers on the hardware load balancer. You can then configure Oracle HTTP Server to recognize requests to specific virtual hosts (that map to the load balancer virtual servers) by adding <VirtualHost> directives to the Oracle HTTP Server instance configuration files.

For each Oracle HTTP Server virtual host, you define a set of specific URLs (or context strings) that route requests from the load balancer through the Oracle HTTP Server instances to the appropriate Administration Server or Managed Server in the Oracle WebLogic Server domain.

Parent topic: About the Oracle HTTP Server Configuration for an Enterprise Deployment

About the WebLogicCluster Parameter of the <VirtualHost> Directive

A key parameter of the Oracle HTTP Server <VirtualHost> directive is the WebLogicCluster parameter, which is part of the WebLogic Proxy Plug-in for Oracle HTTP Server. When you configure Oracle HTTP Server for an enterprise deployment, consider the following information when you add this parameter to the Oracle HTTP Server configuration files.

In a Kubernetes environment, the WebLogic servers are deployed in pods and these pods use internal Kubernetes host names. These host names are not resolvable outside of the Kubernetes cluster. Kubernetes interacts with the WebLogic server pods using a Kubernetes service. This service expands and contracts dynamically as WebLogic Managed Server pods are added and taken away.

The servers specified in the WebLogicCluster parameter in a Kubernetes environment cannot reference the WebLogic Managed Server pods directly. They must interact by using a Kubernetes service. Kubernetes services are exposed on Kubernetes worker hosts through a mapped Kubernetes port. If you are using NodePort Services, there will be a unique port for each service. If you are using an ingress controller, you will use a single port for all services.

In a traditional on-premise deployment, the WebLogicCluster directive will reference the WebLogic server hosts and corresponding ports. In a Kubernetes environment, the WebLogicCluster directive must reference the Kubernetes worker nodes and the exposed Kubernetes service mapped port. If you have created a network load balancer to route requests to the worker nodes, you can specify this as the host name.

Because a Kubernetes service expands and contracts dynamically as WebLogic pods are added/removed, pointing the WeblogicCluster parameter at a Kubernetes worker node and the exposed port is sufficient to ensure that you are load balancing across all the WebLogic Managed Servers in the cluster.

However, including only one worker node in the WeblogicCluster directive means that if that worker node fails, but the cluster survives, the system will cease to work. To mitigate the impact of this failure, be sure to include several worker nodes (not necessarily all) or the network load balancer in the WebLogicCluster directive.

Associated with the WebLogicCluster directive it the DynamicServerList directive. If enabled (the default option), when new Managed Servers are added to a cluster, the server it is running on is published to the Oracle WebLogicCluster directive so that you do not need to change the Oracle HTTP Server configuration when the cluster changes. This option works well in a traditional deployment. However, in a Kubernetes deployment, where the internal host names are unresolvable outside the cluster, it will cause issues. It is also unnecessary because the Kubernetes service provides the same functionality. Therefore, in an Oracle HTTP server, which directs a request to a Kubernetes cluster, the WebLogic directive DynamicServerList should be set to false.

Parent topic: About the Oracle HTTP Server Configuration for an Enterprise Deployment

Recommended Structure of the Oracle HTTP Server Configuration Files

Rather than adding multiple virtual host definitions to the httpd.conf file, Oracle recommends that you create separate, smaller, and more specific configuration files for each of the virtual servers required for the products that you are deploying. This avoids populating an already large httpd.conf file with additional content, and it can make troubleshooting configuration problems easier.

For example, in a typical Oracle Fusion Middleware Infrastructure domain, you can add a specific configuration file called admin_vh.conf that contains the virtual host definition for the Administration Server virtual host (ADMINVHN).

Parent topic: About the Oracle HTTP Server Configuration for an Enterprise Deployment

Modifying the httpd.conf File to Include Virtual Host Configuration Files

Perform the following tasks to prepare the httpd.conf file for the additional virtual hosts required for an enterprise topology:

Log in to WEBHOST1.
Locate the httpd.conf file for the first Oracle HTTP Server instance (ohs1) in the domain directory:
```
cd WEB_DOMAIN_HOME/config/fmwconfig/components/OHS/ohs1/
```

Verify if the httpd.conf file has the appropriate configuration as follows:

Run the following command to verify the ServerName parameter, be sure that it is set correctly, substituting the correct value for the current WEBHOSTn:
```
grep "ServerName http" httpd.conf   
ServerName http://WEBHOST1:7777 
```
Run the following command to verify there is an include statement that includes all *.conf files from the moduleconf subdirectory:
```
grep moduleconf httpd.conf   
IncludeOptional "moduleconf/*.conf"
```

If either validation fails to return results, or returns results that are commented out, open the httpd.conf file in a text editor and make the required changes in the appropriate locations.

# 
# ServerName gives the name and port that the server uses to identify itself. 
# This can often be determined automatically, but we recommend you specify 
# it explicitly to prevent problems during startup. 
# 
# If your host doesn't have a registered DNS name, enter its IP address here. 
# 
ServerName http://WEBHOST1:7777 
#  and at the end of the file:  
# Include the admin virtual host (Proxy Virtual Host) related configuration 
include "admin.conf"  
IncludeOptional "moduleconf/*.conf"

Save the httpd.conf file.

Log in to WEBHOST2 and perform steps 2 and 3 for the httpd.conf file, replacing any occurrences of WEBHOST1 or ohs1 with WEBHOST2 or ohs2 in the instructions as necessary.

Parent topic: Configuring Oracle HTTP Server to Route Requests to the Application Tier

Modifying the httpd.conf File to Set Server Runtime Parameters

Out of the box, the Oracle HTTP Server comes configured with a number of values which effect how the server behaves when it is running. For most of the deployments, these values are sufficient. However, in an Oracle Identity and Access Management deployment, it is recommended that you update these values by doing the following:

Log in to WEBHOST1.
Locate the httpd.conf file for the first Oracle HTTP Server instance (ohs1) in the domain directory:
```
cd WEB_DOMAIN_HOME/config/fmwconfig/components/OHS/ohs1/
```
Locate the section of the file with the following line:

<IfModule mpm_worker_module>

Update the entries in this section to reflect the following:

<IfModule mpm_worker_module>
  ServerLimit             20
  StartServers            10
  MaxClients              1500
  MinSpareThreads         200
  MaxSpareThreads         800
  ThreadsPerChild         250
  ThreadLimit             250
  MaxRequestsPerChild     1000  
  MaxRequestWorkers       400 
  MaxConnectionsPerChild  0
 </IfModule>

Update the following values:
- MaxKeepAliveRequests 0
- Timeout 300
- KeepAliveTimeout 10
Save the httpd.conf file.

Update the file mod_wl_ohs.conf to reflect the following:


<IfModule weblogic_module>
   WLDNSRefreshInterval 10
</IfModule>

Save the file.
Log in to WEBHOST2 and perform steps 2 and 3 for the httpd.conf and mod_wl_ohs.conf files, replacing any occurrences of WEBHOST1 or ohs1 with WEBHOST2 or ohs2 in the instructions as necessary.

Parent topic: Configuring Oracle HTTP Server to Route Requests to the Application Tier

Creating an Oracle HTTP Server Wallet

If the back-end application is SSL enabled, such as Oracle Advanced Authentication, you should enable Oracle HTTP Server to trust the back end's SSL certificate. For establishing this trust, you should create a wallet in Oracle HTTP Server and store the trusted certificates.

Note:

A wallet is not required if you are using Ingress.

To create the OHS wallet, perform the following steps on each web server - WEBHOST1 and WEBHOST2. The wallet is created in the OHS Domain folder and is called ohswallet. Further sections of the guide assumes this location. However, you can place the wallet in any location.

Set the environment variables.

ORACLE_HOME, OHS_DOMAIN_HOME and add ORACLE_HOME/bin and ORACLE_HOME/oracle_common/bin to the PATH:

For example:

export ORACLE_HOME=/u02/private/oracle/products/ohs/
export OHS_DOMAIN_HOME=/u02/private/oracle/config/domains/ohsDomain
export PATH=$ORACLE_HOME/bin:$ORACLE_HOME/oracle_common/bin:$PATH

Create the wallet using the following command:

orapki wallet create -wallet $OHS_DOMAIN_HOME/ohswallet -auto_login_only

Repeat on each webhost.

Adding Certificates to the Wallet

Parent topic: Configuring Oracle HTTP Server to Route Requests to the Application Tier

Adding Certificates to the Wallet

Add certificates to the wallet by using the following command:

orapki wallet add -wallet $OHS_DOMAIN_HOME /ohswallet -trusted_cert -cert <CERTIFICATE_FILE> -auto_login_only

Repeat on each webhost.

Parent topic: Creating an Oracle HTTP Server Wallet

Obtaining the Port for the Kubernetes Node Port Service

Each of the configuration procedures explained in this chapter directs Oracle HTTP to send requests to the Kubernetes Node Port service for the cluster of Managed Servers/instances or micro services. These procedures use sample ports for illustration.

To obtain the port that is actually being used, run the following command:

kubectl get service -n <NAMESPACE> | grep NodePort | grep <SERVICE_NAME> | awk '{ print $5 }'

If you are using an Ingress controller instead of individual node port services, you should use the Ingress NodePort Service for each entry. To obtain the Ingress NodePort, use the following command:

kubectl get service -n <INGRESSNS> | grep NodePort | awk '{ print $5 }'

For example:

kubectl get service -n ingressns | grep NodePort | awk '{ print $5 }'

Parent topic: Configuring Oracle HTTP Server to Route Requests to the Application Tier

Routing Requests

In the examples below, you will see routing rules which are of the form:

WeblogicCluster K8worker1.example.com:Port, K8Worker2.example.com:port

If you have defined a network load balancer, use the following:

WeblogicCluster K8workers.example.com:Port, K8Workers.example.com:port

Here, K8workers.example.com is the name of your network load balancer.

If you are using an Ingress controller, the port will always be the port that is assigned to the Ingress controller.

If you are using the NodePort Services, the port will depend on the NodePort Services you create.

Parent topic: Configuring Oracle HTTP Server to Route Requests to the Application Tier

Creating the Virtual Host Configuration Files

To create the virtual host configuration files:

Note:

Before you create the virtual host configuration files, be sure that you have configured the virtual servers on the load balancer, as described in Purpose of the Oracle HTTP Server Virtual Hosts.

Log in to WEBHOST1 and change directory to the configuration directory for the first Oracle HTTP Server instance (ohs1):
```
cd WEB_DOMAIN_HOME/config/fmwconfig/components/OHS/ohs1/moduleconf
```

If you are configuring Oracle Access Management, create the iadadmin_vh.conf file and add the following directive:

<VirtualHost WEBHOST1.example.com:7777>
    ServerName http://iadadmin.example.com:80
    ServerAdmin you@your.address
    RewriteEngine On
    RewriteOptions inherit
    UseCanonicalName On
    RequestHeader set "X-Forwarded-Host" "iadadmin.example.com"
</VirtualHost>

Note:

"X-Forwarded-Host" is required only if you use an Ingress controller.

If you are configuring Oracle Access Management, create the login_vh.conf file and add the following directive:

<VirtualHost WEBHOST1.example.com:7777>
    ServerName https://login.example.com:443
    ServerAdmin you@your.address
    RewriteEngine On
    RewriteOptions inherit
    UseCanonicalName On
    RequestHeader set "X-Forwarded-Host" "login.example.com"
</VirtualHost>

Note:

"X-Forwarded-Host" is required only if you use an Ingress controller.

If you are using Oracle Advanced Authentication as well as OAM, add the following entries to the login_vh.conf file:

<VirtualHost WEBHOST1.example.com:7777>
    ServerName https://login.example.com:443
    ServerAdmin you@your.address
    RewriteEngine On
    RewriteOptions inherit
    UseCanonicalName On
    RequestHeader set "X-Forwarded-Host" "iadadmin.example.com"
    RequestHeader set X-OAUTH-IDENTITY-DOMAIN-NAME "OAADomain"
    RewriteRule ^/oauth2/rest/authorize? /oauth2/rest/authorize?domain=OAADomain [PT,QSA,L]
    RewriteRule ^/oauth2/rest/token? /oauth2/rest/token?domain=OAADomain [PT,QSA,L]
    RewriteRule ^/oauth2/rest/token/info? /oauth2/rest/token/info?domain=OAADomain [PT,QSA,L]
    RewriteRule ^/oauth2/rest/authz? /oauth2/rest/authz?domain=OAADomain [PT,QSA,L]
    RewriteRule ^/oauth2/rest/userinfo? /oauth2/rest/userinfo?domain=OAADomain [PT,QSA,L]
    RewriteRule ^/oauth2/rest/security? /oauth2/rest/security?domain=OAADomain [PT,QSA,L]
    RewriteRule ^/oauth2/rest/userlogout? /oauth2/rest/userlogout?domain=OAADomain [PT,QSA,L]
</VirtualHost>

Where OAADomain can be any value you prefer, as long as it is consistent with the value you use when deploying OAA.

If you are configuring Oracle Identity Governance, create the igdadmin_vh.conf file, and add the following directive:

<VirtualHost WEBHOST1.example.com:7777>
    ServerName http://igdadmin.example.com:80
    ServerAdmin you@your.address
    RewriteEngine On
    RewriteOptions inherit
    UseCanonicalName On
    RequestHeader set "X-Forwarded-Host" "igdadmin.example.com"
</VirtualHost>

Note:

"X-Forwarded-Host" is required only if you use an Ingress controller.

If you are configuring Oracle Identity Governance, create the prov_vh.conf file, and add the following directive:

<VirtualHost WEBHOST1.example.com:7777>
    ServerName https://prov.example.com:443
    ServerAdmin you@your.address
    RewriteEngine On
    RewriteOptions inherit
    UseCanonicalName On
    RequestHeader set "X-Forwarded-Host" "prov.example.com"
</VirtualHost>

Note:

"X-Forwarded-Host" is required only if you use an Ingress controller.

If you are configuring Oracle Identity Governance, create the igdinternal_vh.conf file, and add the following directive:

<VirtualHost WEBHOST1.example.com:7777>
    ServerName http://igdinternal.example.com:7777
    ServerAdmin you@your.address
    RewriteEngine On
    RewriteOptions inherit
    RequestHeader set "X-Forwarded-Host" "igdinternal.example.com"
</VirtualHost>

Note:

"X-Forwarded-Host" is required only if you use an Ingress controller.

Parent topic: Configuring Oracle HTTP Server to Route Requests to the Application Tier

Configuring Oracle HTTP Server for Oracle Access Manager

You have to configure Oracle HTTP Server for the Oracle Access Manager Managed Servers to ensure they route requests correctly to the Oracle Access Management cluster.

The following variables are used in this section:

Table 17-2 List of Variables and Their Values

Variable	Value
<OAM_OAM_K8>	The Kubernetes service port of OAM. For example: `30410`. If you are using an Ingress controller, this value will be the Kubernetes service port of the Kubernetes controller.
<OAM_ADMIN_K8>	The Kubernetes service port of the OAM Administration Server. For example: `30701`. If you are using an Ingress controller, this value will be the Kubernetes service port of the Kubernetes controller.
<OAM_POLICY_K8>	The Kubernetes service port of the OAM Policy Service. For example: `30510`. If you are using an Ingress controller, this value will be the Kubernetes service port of the Kubernetes controller.

To configure the Oracle HTTP Server instances in the web tier so they route requests correctly to the Oracle Access Management cluster, use the following procedure to create an additional Oracle HTTP Server configuration file that creates and defines the parameters of the login.example.com virtual server. To configure Oracle HTTP Server for the oam_server Managed Servers:

Log in to WEBHOST1 and change directory to the configuration directory for the first Oracle HTTP Server instance (ohs1).
```
cd WEB_DOMAIN_HOME/config/fmwconfig/components/OHS/ohs1/moduleconf/
```
Note:

There are separate directories for configuration and runtime instance files. The runtime files under the .../OHS/instances/ohsn/* folder should not be edited directly. Edit only the .../OHS/ohsn/* configuration files.

In the login_vh.conf file, add the following lines between the <VirtualHost> and </VirtualHost> tags:

#OAM Entries
<Location /oam>
    WLSRequest ON
    DynamicServerList OFF
    WLProxySSL ON
    WLProxySSLPassThrough ON
    WLCookieName OAMJSESSIONID
    WebLogicCluster K8_WORKER_HOST1.example.com:<OAM_OAM_K8>,K8_WORKER_HOST2.example.com:<OAM_OAM_K8> 
</Location>

<Location /oam/services/rest/auth>
    WLSRequest ON
    DynamicServerList OFF
    WLProxySSL ON
    WLProxySSLPassThrough ON
    WLCookieName OAMJSESSIONID
    WebLogicCluster K8_WORKER_HOST1.example.com:<OAM_OAM_K8>,K8_WORKER_HOST2.example.com:<OAM_OAM_K8>
</Location>

<Location /oam/services/rest/access>
    WLSRequest ON
    DynamicServerList OFF
    WLProxySSL ON
    WLProxySSLPassThrough ON
    WLCookieName OAMJSESSIONID
    WebLogicCluster K8_WORKER_HOST1.example.com:<OAM_OAM_K8>,K8_WORKER_HOST2.example.com:<OAM_OAM_K8>
</Location>

<Location /oamfed>
    WLSRequest ON
    DynamicServerList OFF
    WebLogicCluster K8_WORKER_HOST1.example.com:<OAM_OAM_K8>,K8_WORKER_HOST2.example.com:<OAM_OAM_K8>
    WLCookieName OAMJSESSIONID
    WLProxySSL ON
    WLProxySSLPassThrough ON
</Location>

# OAM Forgotten Password Page 
<Location /otpfp/>   
    WLSRequest ON
    DynamicServerList OFF   
    WebLogicCluster K8_WORKER_HOST.example.com:<OAM_OAM_K8>,K8_WORKER_HOST2.example.com:<OAM_OAM_K8>  
    WLCookieName OAMJSESSIONID   
    WLProxySSL ON   
    WLProxySSLPassThrough ON 
</Location>

<Location /ms_oauth>
    WLSRequest ON
    DynamicServerList OFF
    WebLogicCluster K8_WORKER_HOST1.example.com:<OAM_OAM_K8>,K8_WORKER_HOST2.example.com:<OAM_OAM_K8>
    WLCookieName OAMJSESSIONID
    WLProxySSL ON
    WLProxySSLPassThrough ON
</Location>

<Location /oauth2>
    WLSRequest ON
    DynamicServerList OFF
    WebLogicCluster K8_WORKER_HOST1.example.com:<OAM_OAM_K8>,K8_WORKER_HOST2.example.com:<OAM_OAM_K8>
    WLCookieName OAMJSESSIONID
    WLProxySSL ON
    WLProxySSLPassThrough ON
</Location>

<Location /.well-known/openid-configuration>
    WLSRequest ON
    DynamicServerList OFF
    WebLogicCluster K8_WORKER_HOST1.example.com:<OAM_OAM_K8>,K8_WORKER_HOST2.example.com:<OAM_OAM_K8>
    PathTrim /.well-known
    PathPrepend /oauth2/rest
    WLCookieName OAMJSESSIONID
    WLProxySSL ON
    WLProxySSLPassThrough ON
</Location>

<Location /.well-known/oidc-configuration>
    WLSRequest ON
    DynamicServerList OFF
    WebLogicCluster K8_WORKER_HOST1.example.com:<OAM_OAM_K8>,K8_WORKER_HOST2.example.com:<OAM_OAM_K8>
    PathTrim /.well-known
    PathPrepend /oauth2/rest
    WLCookieName OAMJSESSIONID
    WLProxySSL ON
    WLProxySSLPassThrough ON
</Location>

<Location /CustomConsent>
    WLSRequest ON
    DynamicServerList OFF
    WebLogicCluster K8_WORKER_HOST1.example.com:<OAM_OAM_K8>,K8_WORKER_HOST2.example.com:<OAM_OAM_K8>
    WLCookieName OAMJSESSIONID
    WLProxySSL ON
    WLProxySSLPassThrough ON
</Location>

<Location /iam/access>
    WLSRequest ON
    DynamicServerList OFF
    WebLogicCluster K8_WORKER_HOST1.example.com:<OAM_OAM_K8>,K8_WORKER_HOST2.example.com:<OAM_OAM_K8>
    WLCookieName OAMJSESSIONID
    WLProxySSL ON
    WLProxySSLPassThrough ON
</Location>

In the iadadmin_vh.conf file, add the following lines between the <VirtualHost> and </VirtualHost> tags:

<Location /console>
    WLSRequest ON
    DynamicServerList OFF
    WeblogicCluster K8_WORKER_HOST1.example.com:<OAM_ADMIN_K8>,K8_WORKER_HOST2.example.com:<OAM_ADMIN_K8>
</Location>

# WebLogic Remote Console Access
#
<Location /management>
    WLSRequest ON
    DynamicServerList OFF
    WebLogicCluster K8_WORKER_HOST1.example.com:<OAM_ADMIN_K8>,K8_WORKER_HOST2.example.com:<OAM_ADMIN_K8>
</Location>

<Location /consolehelp>
    WLSRequest ON
    DynamicServerList OFF
    WebLogicCluster K8_WORKER_HOST1.example.com:<OAM_ADMIN_K8>,K8_WORKER_HOST2.example.com:<OAM_ADMIN_K8>
</Location>

<Location /em>
    WLSRequest ON
    DynamicServerList OFF
    WebLogicCluster K8_WORKER_HOST1.example.com:<OAM_ADMIN_K8>,K8_WORKER_HOST2.example.com:<OAM_ADMIN_K8>
</Location>

<Location /oamconsole>
    WLSRequest ON
    DynamicServerList OFF
    WeblogicCluster K8_WORKER_HOST1.example.com:<OAM_ADMIN_K8>,K8_WORKER_HOST2.example.com:<OAM_ADMIN_K8>
</Location>

<Location /access>
    WLSRequest ON
    DynamicServerList OFF
    WebLogicCluster K8_WORKER_HOST1.example.com:<OAM_POLICY_K8>,K8_WORKER_HOST2.example.com:<OAM_POLICY_K8>
    WLCookieName OAMJSESSIONID
</Location>

<Location /iam/admin>
    WLSRequest ON
    DynamicServerList OFF
    WeblogicCluster K8_WORKER_HOST1.example.com:<OAM_ADMIN_K8>,K8_WORKER_HOST2.example.com:<OAM_ADMIN_K8>
</Location>

<Location /oam/services/rest/11.1.2.0.0>
    WLSRequest ON
    DynamicServerList OFF
    WeblogicCluster K8_WORKER_HOST1.example.com:<OAM_ADMIN_K8>,K8_WORKER_HOST2.example.com:<OAM_ADMIN_K8>                
    WLCookieName OAMJSESSIONID
</Location>

<Location /oam/services/rest/ssa>
    WLSRequest ON 
    DynamicServerList OFF
    WeblogicCluster K8_WORKER_HOST1.example.com:<OAM_ADMIN_K8>,K8_WORKER_HOST2.example.com:<OAM_ADMIN_K8>
    WLCookieName OAMJSESSIONID
</Location>

<Location /oam/services>
    WLSRequest ON
    DynamicServerList OFF
    WeblogicCluster K8_WORKER_HOST1.example.com:<OAM_ADMIN_K8>,K8_WORKER_HOST2.example.com:<OAM_ADMIN_K8> 
    WLCookieName OAMJSESSIONID
</Location>

<Location /dms>
    WLSRequest ON
    DynamicServerList OFF
    WeblogicCluster K8_WORKER_HOST1.example.com:<OAM_ADMIN_K8>,K8_WORKER_HOST2.example.com:<OAM_ADMIN_K8>
</Location>

Copy the iadadmin_vh.conf file and login_vh.conf to the configuration directory for the second Oracle HTTP Server instance (ohs2):
```
WEB_DOMAIN_HOME/config/fmwconfig/components/ohs2/moduleconf/
```
Edit the login_vh.conf and iadadmin_vh.conf files to change references of WEBHOST1 to WEBHOST2 in the <VirtualHost> directives.

Parent topic: Installing and Configuring Oracle HTTP Server

Configuring Oracle HTTP Server for Oracle Identity Governance

To configure the Oracle HTTP Server instances in the web tier so they route requests correctly to the Oracle SOA Suite cluster, use the following procedure to create an additional Oracle HTTP Server configuration file that creates and defines the parameters of the https://igdinternal.example.com:7777 virtual server.

This procedure assumes that you have performed the Oracle HTTP Server configuration tasks described in Configuring Oracle HTTP Server to Route Requests to the Application Tier.

The following variables are used in this section:

Table 17-3 List of Variables and Their Values

Variable	Value
<OIG_OIM_PORT_K8>	The Kubernetes service port of the OIG OIM Service. For example: `30140`. If you are using an Ingress controller, this value will be the Kubernetes service port of the Kubernetes controller.
<OIG_ADMIN_K8>	The Kubernetes service port of the OIG Administration Server service. For example: `30711`. If you are using an Ingress controller, this value will be the Kubernetes service port of the Kubernetes controller.
<OIG_SOA_PORT_K8>	The Kubernetes service port of the OIG SOA service. For example: `30801`. If you are using an Ingress controller, this value will be the Kubernetes service port of the Kubernetes controller.

To create the virtual host configuration file so requests are routed properly to the Oracle Identity Governance clusters:

Log in to WEBHOST1 and change directory to the configuration directory for the first Oracle HTTP Server instance (OHS1):
```
cd WEB_DOMAIN_HOME/config/fmwconfig/components/OHS/ohs1/moduleconf/
```

Edit the file prov_vh.conf and add the following directives inside the <VirtualHost> tags:

Note:

The URL entry for /workflow is optional. It is for workflow tasks associated with Oracle ADF task forms. The /workflow URL itself can be a different value, depending on the form.
Configure the port numbers appropriately, as assigned for your static or dynamic cluster. Dynamic clusters with the Calculate Listen Port option selected will have incremental port numbers for each dynamic managed server that you create.

The WebLogicCluster directive needs only a sufficient number of redundant server:port combinations to guarantee an initial contact in case of a partial outage. The actual total list of cluster members is retrieved automatically on the first contact with any given node.

<Location /identity>
    WLSRequest ON
    DynamicServerList OFF
    WLCookieName oimjsessionid 
    WebLogicCluster K8_WORKER_HOST1.example.com:<OIG_OIM_PORT_K8>,K8_WORKER_HOST2.example.com:<OIG_OIM_PORT_K8>
    WLLogFile "${ORACLE_INSTANCE}/diagnostics/logs/mod_wl/oim_component.log"
    WLProxySSL ON
    WLProxySSLPassThrough ON
</Location>

<Location /HTTPClnt>
    WLSRequest ON
    DynamicServerList OFF
    WLCookieName oimjsessionid
    WebLogicCluster K8_WORKER_HOST1.example.com:<OIG_OIM_PORT_K8>,K8_WORKER_HOST2.example.com:<OIG_OIM_PORT_K8>
    WLLogFile "${ORACLE_INSTANCE}/diagnostics/logs/mod_wl/oim_component.log"
    WLProxySSL ON
    WLProxySSLPassThrough ON
</Location>

# Requests webservice URL
<Location /reqsvc>
    WLCookieName oimjsessionid
    WebLogicCluster K8_WORKER_HOST1.example.com:<OIG_OIM_PORT_K8>,K8_WORKER_HOST2.example.com:<OIG_OIM_PORT_K8>
    WLProxySSL ON
    WLProxySSLPassThrough ON
    WLLogFile "${ORACLE_INSTANCE}/diagnostics/logs/mod_wl/oim_component.log"
</Location>

<Location /FacadeWebApp>
    SetHandler weblogic-handler
    WLCookieName oimjsessionid
    WebLogicCluster K8_WORKER_HOST1.example.com:<OIG_OIM_PORT_K8>,K8_WORKER_HOST2.example.com:<OIG_OIM_PORT_K8>
    WLLogFile "${ORACLE_INSTANCE}/diagnostics/logs/mod_wl/oim_component.log"
    WLProxySSL ON
    WLProxySSLPassThrough ON 
</Location>

<Location /iam>
    SetHandler weblogic-handler
    WLCookieName oimjsessionid
    WebLogicCluster K8_WORKER_HOST1.example.com:<OIG_OIM_PORT_K8>,K8_WORKER_HOST2.example.com:<OIG_OIM_PORT_K8>
    WLLogFile "${ORACLE_INSTANCE}/diagnostics/logs/mod_wl/oim_component.log"
    WLProxySSL ON
    WLProxySSLPassThrough ON 
</Location>

<Location /OIGUI>
    SetHandler weblogic-handler
    WLCookieName oimjsessionid
    WebLogicCluster K8_WORKER_HOST1.example.com:<OIG_OIM_PORT_K8>,K8_WORKER_HOST2.example.com:<OIG_OIM_PORT_K8>
    WLLogFile "${ORACLE_INSTANCE}/diagnostics/logs/mod_wl/oim_component.log"
    WLProxySSL ON
    WLProxySSLPassThrough ON
</Location>

The prov_vh.conf file will appear as it does in Step 2.

In the igdadmin_vh.conf file, add the following lines between <VirtualHost> and </VirtualHost> tags:

## Entries Required by Oracle Identity Governance
<Location /console>
    WLSRequest ON
    DynamicServerList OFF
    WeblogicCluster K8_WORKER_HOST1.example.com:<OIG_ADMIN_K8>,K8_WORKER_HOST2.example.com:<OIG_ADMIN_K8>
</Location>

# WebLogic Remote Console Access
#
<Location /management>
    WLSRequest ON
    DynamicServerList OFF
    WebLogicCluster K8_WORKER_HOST1.example.com:<OIG_ADMIN_K8>,K8_WORKER_HOST2.example.com:<OIG_ADMIN_K8>
</Location>

<Location /consolehelp>
    WLSRequest ON
    DynamicServerList OFF
    WebLogicCluster K8_WORKER_HOST1.example.com:<OIG_ADMIN_K8>,K8_WORKER_HOST2.example.com:<OIG_ADMIN_K8>
</Location>

<Location /em>
    WLSRequest ON
    DynamicServerList OFF
    WebLogicCluster K8_WORKER_HOST1.example.com:<OIG_ADMIN_K8>,K8_WORKER_HOST2.example.com:<OIG_ADMIN_K8>
</Location>

<Location /oim>
    WLSRequest ON
    DynamicServerList OFF
    WLCookieName oimjsessionid
    WebLogicCluster K8_WORKER_HOST1.example.com:<OIG_OIM_PORT_K8>,K8_WORKER_HOST2.example.com:<OIG_OIM_PORT_K8>
    WLLogFile "${ORACLE_INSTANCE}/diagnostics/logs/mod_wl/oim_component.log"
</Location>

<Location /iam>
    WLSRequest ON
    DynamicServerList OFF
    WLCookieName oimjsessionid
    WebLogicCluster K8_WORKER_HOST1.example.com:<OIG_OIM_PORT_K8>,K8_WORKER_HOST2.example.com:<OIG_OIM_PORT_K8>
    WLLogFile "${ORACLE_INSTANCE}/diagnostics/logs/mod_wl/oim_component.log"
</Location>

<Location /sysadmin>
    WLSRequest ON
    DynamicServerList OFF
    WLCookieName oimjsessionid
    WebLogicCluster K8_WORKER_HOST1.example.com:<OIG_OIM_PORT_K8>,K8_WORKER_HOST2.example.com:<OIG_OIM_PORT_K8>
    WLLogFile "${ORACLE_INSTANCE}/diagnostics/logs/mod_wl/oim_component.log"
</Location>

<Location /admin>
    WLSRequest ON
    DynamicServerList OFF
    WLCookieName oimjsessionid
    WebLogicCluster K8_WORKER_HOST1.example.com:<OIG_OIM_PORT_K8>,K8_WORKER_HOST2.example.com:<OIG_OIM_PORT_K8>
    WLLogFile "${ORACLE_INSTANCE}/diagnostics/logs/mod_wl/oim_component.log"
</Location>

# OIM self service console
<Location /identity>
    WLSRequest ON
    DynamicServerList OFF
    WLCookieName oimjsessionid
    WebLogicCluster K8_WORKER_HOST1.example.com:<OIG_OIM_PORT_K8>,K8_WORKER_HOST2.example.com:<OIG_OIM_PORT_K8>
    WLLogFile "${ORACLE_INSTANCE}/diagnostics/logs/mod_wl/oim_component.log"
</Location>

<Location /OIGUI>
    WLSRequest ON
    DynamicServerList OFF
    WLCookieName oimjsessionid
    WebLogicCluster K8_WORKER_HOST1.example.com:<OIG_OIM_PORT_K8>,K8_WORKER_HOST2.example.com:<OIG_OIM_PORT_K8>
    WLLogFile "${ORACLE_INSTANCE}/diagnostics/logs/mod_wl/oim_component.log"
</Location>

<Location /FacadeWebApp>
    SetHandler weblogic-handler
    WLCookieName oimjsessionid
    WebLogicCluster K8_WORKER_HOST1.example.com:<OIG_OIM_PORT_K8>,K8_WORKER_HOST2.example.com:<OIG_OIM_PORT_K8>
    WLLogFile "${ORACLE_INSTANCE}/diagnostics/logs/mod_wl/oim_component.log"
</Location>

# Scheduler webservice URL
<Location /SchedulerService-web>
    WLSRequest ON
    DynamicServerList OFF
    WLCookieName oimjsessionid
    WebLogicCluster K8_WORKER_HOST1.example.com:<OIG_OIM_PORT_K8>,K8_WORKER_HOST2.example.com:<OIG_OIM_PORT_K8>
    WLLogFile "${ORACLE_INSTANCE}/diagnostics/logs/mod_wl/oim_component.log"
</Location>

<Location /dms>
    WLSRequest ON
    DynamicServerList OFF
    WeblogicCluster K8_WORKER_HOST1.example.com:<OIG_ADMIN_K8>,K8_WORKER_HOST2.example.com:<OIG_ADMIN_K8>
</Location>

In the igdinternal_vh.conf file, add the following lines between the <VirtualHost> and </VirtualHost> tags:

## Entries Required by Oracle Identity Governance
#SOA Callback webservice for SOD - Provide the SOA Managed Server Ports

<Location /sodcheck>
    WLSRequest ON
    DynamicServerList OFF
    WLCookieName oimjsessionid
    WebLogicCluster K8_WORKER_HOST1.example.com:<OIG_SOA_PORT_K8>,K8_WORKER_HOST2.example.com:<OIG_SOA_PORT_K8>
    WLLogFile "${ORACLE_INSTANCE}/diagnostics/logs/mod_wl/soa_component.log"
</Location>

# OIM, role-sod profile
<Location /role-sod>
    WLSRequest ON
    DynamicServerList OFF
    WLCookieName oimjsessionid
    WebLogicCluster K8_WORKER_HOST1.example.com:<OIG_OIM_PORT_K8>,K8_WORKER_HOST2.example.com:<OIG_OIM_PORT_K8>
    WLLogFile "${ORACLE_INSTANCE}/diagnostics/logs/mod_wl/oim_component.log"
</Location>

# Callback webservice for SOA. SOA calls this when a request is approved/rejected
# Provide the SOA Managed Server Port
<Location /workflowservice>
    WLSRequest ON
    DynamicServerList OFF
    WLCookieName oimjsessionid
    WebLogicCluster K8_WORKER_HOST1.example.com:<OIG_OIM_PORT_K8>,K8_WORKER_HOST2.example.com:<OIG_OIM_PORT_K8>
    WLLogFile "${ORACLE_INSTANCE}/diagnostics/logs/mod_wl/soa_component.log"
</Location>

# used for FA Callback service.
<Location /callbackResponseService>
    WLSRequest ON
    DynamicServerList OFF
    WLCookieName    oimjsessionid
    WebLogicCluster K8_WORKER_HOST1.example.com:<OIG_OIM_PORT_K8>,K8_WORKER_HOST2.example.com:<OIG_OIM_PORT_K8>
    WLLogFile "${ORACLE_INSTANCE}/diagnostics/logs/mod_wl/oim_component.log"
</Location>

# spml xsd profile
<Location /spml-xsd>
    WLSRequest ON
    DynamicServerList OFF
    WLCookieName oimjsessionid
    WebLogicCluster K8_WORKER_HOST1.example.com:<OIG_OIM_PORT_K8>,K8_WORKER_HOST2.example.com:<OIG_OIM_PORT_K8>
    WLLogFile "${ORACLE_INSTANCE}/diagnostics/logs/mod_wl/oim_component.log"
</Location>

# OIM, spml dsml profile
<Location /spmlws>
    WLSRequest ON
    DynamicServerList OFF
    PathTrim /weblogic
    WLCookieName oimjsessionid
    WebLogicCluster K8_WORKER_HOST1.example.com:<OIG_OIM_PORT_K8>,K8_WORKER_HOST2.example.com:<OIG_OIM_PORT_K8>
    WLLogFile "${ORACLE_INSTANCE}/diagnostics/logs/mod_wl/oim_component.log"
</Location>

<Location /reqsvc>
    WLSRequest ON
    DynamicServerList OFF
    WLCookieName oimjsessionid
    WebLogicCluster K8_WORKER_HOST1.example.com:<OIG_OIM_PORT_K8>,K8_WORKER_HOST2.example.com:<OIG_OIM_PORT_K8>
    WLLogFile "${ORACLE_INSTANCE}/diagnostics/logs/mod_wl/soa_component.log"
</Location>

# SOA Infra
<Location /soa-infra>
    WLSRequest ON
    DynamicServerList OFF
    WLCookieName oimjsessionid
    WebLogicCluster K8_WORKER_HOST1.example.com:<OIG_SOA_PORT_K8>,K8_WORKER_HOST2.example.com:<OIG_SOA_PORT_K8>
    WLLogFile "${ORACLE_INSTANCE}/diagnostics/logs/OHS/component/oim_component.log"
</Location>

# UMS Email Support
<Location /ucs>
    WLSRequest ON
    DynamicServerList OFF
    WLCookieName oimjsessionid
    WebLogicCluster K8_WORKER_HOST1.example.com:<OIG_SOA_PORT_K8>,K8_WORKER_HOST2.example.com:<OIG_SOA_PORT_K8>
    WLLogFile "${ORACLE_INSTANCE}/diagnostics/logs/OHS/component/oim_component.log"
</Location>

<Location /provisioning-callback>
    WLSRequest ON
    DynamicServerList 
    WLCookieName oimjsessionid
    WebLogicCluster K8_WORKER_HOST1.example.com:<OIG_OIM_PORT_K8>,K8_WORKER_HOST2.example.com:<OIG_OIM_PORT_K8>
    WLLogFile "${ORACLE_INSTANCE}/diagnostics/logs/mod_wl/oim_component.log"
</Location>

<Location /CertificationCallbackService>
   WLSRequest ON
   DynamicServerList OFF
   WLCookieName oimjsessionid
   WebLogicCluster K8_WORKER_HOST1.example.com:<OIG_OIM_PORT_K8>,K8_WORKER_HOST2.example.com:<OIG_OIM_PORT_K8>
   WLLogFile "${ORACLE_INSTANCE}/diagnostics/logs/mod_wl/oim_component.log"
</Location>

<Location /IdentityAuditCallbackService>
   WLSRequest ON
   DynamicServerList OFF
   WLCookieName oimjsessionid
   WebLogicCluster K8_WORKER_HOST1.example.com:<OIG_OIM_PORT_K8>,K8_WORKER_HOST2.example.com:<OIG_OIM_PORT_K8>
   WLLogFile "${ORACLE_INSTANCE}/diagnostics/logs/mod_wl/oim_component.log"
</Location>

# SOA Callback webservice for SOD - Provide the SOA Managed Server Ports
<Location /soa/composer>
    SetHandler weblogic-handler
    WLCookieName oimjsessionid
    WebLogicCluster K8_WORKER_HOST1.example.com:<OIG_SOA_PORT_K8>,K8_WORKER_HOST2.example.com:<OIG_SOA_PORT_K8>
    WLLogFile "${ORACLE_INSTANCE}/diagnostics/logs/mod_wl/soa_component.log"
</Location>

<Location /integration>
    SetHandler weblogic-handler
    WebLogicCluster K8_WORKER_HOST1.example.com:<OIG_SOA_PORT_K8>,K8_WORKER_HOST2.example.com:<OIG_SOA_PORT_K8>
    WLCookieName oimjsessionid
</Location>

<Location /sdpmessaging/userprefs-ui>
    SetHandler weblogic-handler
    WLCookieName oimjsessionid
    WebLogicCluster K8_WORKER_HOST1.example.com:<OIG_SOA_PORT_K8>,K8_WORKER_HOST2.example.com:<OIG_SOA_PORT_K8>
    WLLogFile "${ORACLE_INSTANCE}/diagnostics/logs/mod_wl/soa_component.log"
</Location>

<Location /iam>
    SetHandler weblogic-handler
    WLCookieName oimjsessionid
    WebLogicCluster K8_WORKER_HOST1.example.com:<OIG_OIM_PORT_K8>,K8_WORKER_HOST2.example.com:<OIG_OIM_PORT_K8>
    WLLogFile "${ORACLE_INSTANCE}/diagnostics/logs/mod_wl/oim_component.log"
</Location>

<Location /ws_utc>
    SetHandler weblogic-handler
    WLCookieName oimjsessionid
    WebLogicCluster K8_WORKER_HOST1:<OIG_SOA_PORT_K8>,K8_WORKER_HOST2:<OIG_SOA_PORT_K8>
    WLLogFile "${ORACLE_INSTANCE}/diagnostics/logs/mod_wl/oim_component.log"
</Location>

Copy the igdadmin_vh.conf, igdinternal_vh.conf, and prov_vh.conf files to the configuration directory for the second Oracle HTTP Server instance (ohs2):
```
WEB_DOMAIN_HOME/config/fmwconfig/components/OHS/ohs2/moduleconf/
```
Edit the igdadmin_vh.conf, prov_vh.conf, and igdinternal_vh.conf files and change any references to WEBHOST1 to WEBHOST2 in the <VirtualHost> directives.

Note:

If internal invocations are going to be used in the system, add the appropriate locations to the soainternal virtual host.

Parent topic: Installing and Configuring Oracle HTTP Server

Configuring Oracle HTTP Server for Oracle Identity Role Intelligence

You should configure Oracle HTTP Server for the Oracle Identity Role Intelligence (OIRI) Servers to ensure that they route requests correctly to the Oracle Role Intelligence cluster.

The following variables are used in this section:

Table 17-4 List of Variables and Their Values

Variable	Value
<OIRI_UI_K8>	The Kubernetes service port of the OIRI UI service. For example: `30306`. If you are using an Ingress controller, this value will be the Kubernetes service port of the Kubernetes controller.
<OIRI_K8>	The Kubernetes service port of the OIRI service. For example: `30305`. If you are using an Ingress controller, this value will be the Kubernetes service port of the Kubernetes controller.

To configure Oracle HTTP Server:

Log in to WEBHOST1 and change directory to the configuration directory for the first Oracle HTTP Server instance (OHS1):
```
cd WEB_DOMAIN_HOME/config/fmwconfig/components/OHS/ohs1/moduleconf/
```

Edit the igdadmin_vh.conf file and add the following directives inside the <VirtualHost> tags:

# OIRI UI
# <Location /oiri/ui>
     WLSRequest ON
     DynamicServerList OFF
     WLCookieName oimjsessionid
     DynamicServerList OFF
     WebLogicCluster K8_WORKER_HOST1.example.com:<OIRI_UI_K8>,K8_WORKER_HOST2.example.com:<OIRI_UI_K8>
</Location>

In the igdinternal_vh.conf file, add the following lines between the <VirtualHost> and </VirtualHost> tags:

# OIRI API
# <Location /oiri/api>
     WLSRequest ON
     DynamicServerList OFF
     WLCookieName oimjsessionid
     DynamicServerList OFF
     WebLogicCluster K8_WORKER_HOST1.example.com:<OIRI_K8>,K8_WORKER_HOST2.example.com:<OIRI_K8>
</Location>

Copy the igdadmin_vh.conf and igdinternal_vh.conf files to the configuration directory for the second Oracle HTTP Server instance (ohs2): WEB_DOMAIN_HOME/config/fmwconfig/components/OHS/ohs2/moduleconf/

Parent topic: Installing and Configuring Oracle HTTP Server

Configuring Oracle HTTP Server for Oracle Advanced Authentication, Oracle Adaptive Risk Management, and Oracle Universal Authenticator

You should configure Oracle HTTP Server for Oracle Advanced Authentication servers to ensure that they route requests correctly to the OAA microservices.

The following variables are used in this section:

Table 17-5 List of Variables and Their Values

Variable	Value
<K8_WORKER_HOST1>	The name of one of the Kubernetes worker hosts.
<K8_WORKER_HOST2>	The name of a different Kubernetes worker host.
<OAA_ADMIN_K8>	The node port for the `oaa-admin` Kubernetes service. For example: `31338`.
<OAA_K8>	The node port for the `oaa-svc` Kubernetes service. For example: `31047`.
<OAA_POLICY_K8>	The node port for the `oaa-policy` Kubernetes service. For example: `31957`.
<OAA_SPUI_K8>	The node port for the `oaa-spui` Kubernetes service. For example: `30532`.
<OAA_FIDO_K8>	The node port for the `oaa-factor-fido` Kubernetes service. For example: `32438`.
<OAA_EMAIL_K8>	The node port for the `oaa-factor-email` Kubernetes service. For example: `30614`.
<OAA_SMS_K8>	The node port for the `oaa-factor-sms` Kubernetes service. For example: `31930`.
<OAA_TOTP_K8>	The node port for the `oaa-factor-totp` Kubernetes service. For example: `31950`.
<OAA_YOTP_K8>	The node port for the `oaa-factor-yotp` Kubernetes service. For example: `31946`.
<OAA_PUSH_K8>	The node port for the `oaa-factor-push` Kubernetes service. For example: `31166`.
<OAA_KBA_K8>	The node port for the `oaa-factor-kba` Kubernetes service. For example: `31147`.
<OAA_RISK_ANAL_K8>	The node port for the `risk-analysis` Kubernetes service. For example `30507`.
<OAA_RISKCC_K8>	The node port for the `risk-cc` Kubernetes service. For example: `30981`.
<OAA_OUA_K8>	The node port for the `oua` Kubernetes service. For example: `30520`.
<OAA_OUAUI_K8>	The node port for the `oua-ui` Kubernetes service. For example: `30525`.
<OAA_DRSS>	The node port for the `oaa-drss` service. For example, `30580`.

Note:

The actual node port values in this table will be determined after you have deployed OAA.

To configure Oracle HTTP Server:

Log in to WEBHOST1 and change the directory to the configuration directory of the first Oracle HTTP Server instance (OHS1):
```
cd WEB_DOMAIN_HOME/config/fmwconfig/components/OHS/ohs1/moduleconf/
```

Edit the iadadmin_vh.conf file and add the following directives inside the <VirtualHost> tags:

    # OAA
    #
    <Location /oaa-admin>
        WLSRequest ON
        WLCookieName OAMJSESSIONID
        DynamicServerList OFF
        SecureProxy ON
        WLSSLWallet   "${ORACLE_INSTANCE}/ohswallet"
        WebLogicCluster <K8_WORKER_HOST1>:<OAA_ADMIN_K8>,<K8_WORKER_HOST2>:<OAA_ADMIN_K8>
    </Location>

    <Location /admin-ui>
        WLSRequest ON
        WLCookieName OAMJSESSIONID
        DynamicServerList OFF
        SecureProxy ON
        WLSSLWallet   "${ORACLE_INSTANCE}/ohswallet"
        WebLogicCluster <K8_WORKER_HOST1>:<OAA_ADMIN_K8>,<K8_WORKER_HOST2>:<OAA_ADMIN_K8>
    </Location>

    <Location /oaa-policy>
        WLSRequest ON
        WLCookieName OAMJSESSIONID
        WLProxySSL ON
        WLProxySSLPassThrough ON
        DynamicServerList OFF
        SecureProxy ON
        WLSSLWallet   "${ORACLE_INSTANCE}/ohswallet"
        WebLogicCluster <K8_WORKER_HOST1>:<OAA_POLICY_K8>,<K8_WORKER_HOST2>:<OAA_POLICY_K8>
    </Location>

    <Location /policy>
        WLSRequest ON
        WLCookieName OAMJSESSIONID
        WLProxySSL ON
        WLProxySSLPassThrough ON
        DynamicServerList OFF
        SecureProxy ON
        WLSSLWallet   "${ORACLE_INSTANCE}/ohswallet"
        WebLogicCluster <K8_WORKER_HOST1>:<OAA_POLICY_K8>,<K8_WORKER_HOST2>:<OAA_POLICY_K8>
    </Location>

    <Location /risk-cc>
        WLSRequest ON
        WLCookieName OAMJSESSIONID
        WLProxySSL ON
        WLProxySSLPassThrough ON
        DynamicServerList OFF
        SecureProxy ON
        WLSSLWallet   "${ORACLE_INSTANCE}/ohswallet"
        WebLogicCluster <K8_WORKER_HOST1>:<OAA_RISKCC_K8>,<K8_WORKER_HOST2>:<OAA_RISKCC_K8>
    </Location>

    <Location /oua-admin-ui>
        WLSRequest ON
        WLCookieName OAMJSESSIONID
        WLProxySSL ON
        WLProxySSLPassThrough ON
        DynamicServerList OFF
        SecureProxy ON
        WLSSLWallet "${ORACLE_INSTANCE}/ohswallet"
        WebLogicCluster <K8_WORKER_HOST1>:<OAA_OUAUI_K8>,<K8_WORKER_HOST2>:<OAA_OUAUI_K8>
    </Location>

Edit the login_vh.conf file and add the following directives inside the <VirtualHost> tags:

    # OAA
    #
    <Location /oaa/runtime>
        WLSRequest ON
        WLProxySSL ON
        WLCookieName OAMJSESSIONID
        WLProxySSLPassThrough ON
        DynamicServerList OFF
        SecureProxy ON
        WLSSLWallet   "${ORACLE_INSTANCE}/ohswallet"
        WebLogicCluster <K8_WORKER_HOST1>:<OAA_K8>,<K8_WORKER_HOST2>:<OAA_K8>
    </Location>    

    <Location /oaa-policyi>
        WLSRequest ON
        WLProxySSL ON
        WLProxySSLPassThrough ON
        DynamicServerList OFF
        SecureProxy ON
        WLSSLWallet "${ORACLE_INSTANCE}/ohswallet"
        WebLogicCluster <K8_WORKER_HOST1>:<OAA_POLICY_K8>,<K8_WORKER_HOST2>:<OAA_POLICYI_K8>
    </Location>

    <Location /policyi>
        WLSRequest ON
        WLProxySSL ON
        WLProxySSLPassThrough ON
        DynamicServerList OFF
        SecureProxy ON
        WLSSLWallet "${ORACLE_INSTANCE}/ohswallet"
        WebLogicCluster <K8_WORKER_HOST1>:<OAA_POLICY_K8>,<K8_WORKER_HOST2>:<OAA_POLICYI_K8>
    </Location>

    <Location /oaa/rui>
        WLSRequest ON
        WLProxySSL ON
        WLCookieName OAMJSESSIONID
        WLProxySSLPassThrough ON
        DynamicServerList OFF
        SecureProxy ON
        WLSSLWallet   "${ORACLE_INSTANCE}/ohswallet"
        WebLogicCluster <K8_WORKER_HOST1>:<OAA_SPUI_K8>,<K8_WORKER_HOST2>:<OAA_SPUI_K8>
    </Location>

    <Location /oaa/authnui>
        WLSRequest ON
        WLProxySSL ON
        WLProxySSLPassThrough ON
        WLCookieName OAMJSESSIONID
        DynamicServerList OFF
        SecureProxy ON
        WLSSLWallet   "${ORACLE_INSTANCE}/ohswallet"
        WebLogicCluster <K8_WORKER_HOST1>:<OAA_SPUI_K8>,<K8_WORKER_HOST2>:<OAA_SPUI_K8>
    </Location>

    <Location /fido>
        WLSRequest ON
        WLProxySSL ON
        WLProxySSLPassThrough ON
        WLCookieName OAMJSESSIONID
        DynamicServerList OFF
        SecureProxy ON
        WLSSLWallet   "${ORACLE_INSTANCE}/ohswallet"
        WebLogicCluster <K8_WORKER_HOST1>:<OAA_FIDO_K8>,<K8_WORKER_HOST2>:<OAA_FIDO_K8>
    </Location>

    <Location /oaa-email-factor>
        WLSRequest ON
        WLProxySSL ON
        WLProxySSLPassThrough ON
        WLCookieName OAMJSESSIONID
        DynamicServerList OFF
        SecureProxy ON
        WLSSLWallet   "${ORACLE_INSTANCE}/ohswallet"
        WebLogicCluster <K8_WORKER_HOST1>:<OAA_EMAIL_K8>,<K8_WORKER_HOST2>:<OAA_EMAIL_K8>
    </Location>

    <Location /oaa-sms-factor>
        WLSRequest ON
        WLProxySSL ON
        WLProxySSLPassThrough ON
        WLCookieName OAMJSESSIONID
        DynamicServerList OFF
        SecureProxy ON
        WLSSLWallet   "${ORACLE_INSTANCE}/ohswallet"
        WebLogicCluster <K8_WORKER_HOST1>:<OAA_SMS_K8>,<K8_WORKER_HOST2>:<OAA_SMS_K8>
    </Location>

    <Location /oaa-totp-factor>
        WLSRequest ON
        WLProxySSL ON
        WLProxySSLPassThrough ON
        WLCookieName OAMJSESSIONID
        DynamicServerList OFF
        SecureProxy ON
        WLSSLWallet   "${ORACLE_INSTANCE}/ohswallet"
        WebLogicCluster <K8_WORKER_HOST1>:<OAA_TOTP_K8>,<K8_WORKER_HOST2>:<OAA_TOTP_K8>
    </Location>

    <Location /oaa-push-factor>
        WLSRequest ON
        WLProxySSL ON
        WLProxySSLPassThrough ON
        WLCookieName OAMJSESSIONID
        DynamicServerList OFF
        SecureProxy ON
        WLSSLWallet   "${ORACLE_INSTANCE}/ohswallet"
        WebLogicCluster <K8_WORKER_HOST1>:<OAA_PUSH_K8>,<K8_WORKER_HOST2>:<OAA_PUSH_K8>
    </Location>

    <Location /oaa-yotp-factor>
        WLSRequest ON
        WLProxySSL ON
        WLProxySSLPassThrough ON
        WLCookieName OAMJSESSIONID
        DynamicServerList OFF
        SecureProxy ON
        WLSSLWallet   "${ORACLE_INSTANCE}/ohswallet"
        WebLogicCluster <K8_WORKER_HOST1>:<OAA_YOTP_K8>,<K8_WORKER_HOST2>:<OAA_YOTP_K8>
    </Location>

    <Location /oaa-kba>
        WLSRequest ON
        WLProxySSL ON
        WLProxySSLPassThrough ON
        WLCookieName OAMJSESSIONID
        DynamicServerList OFF
        SecureProxy ON
        WLSSLWallet   "${ORACLE_INSTANCE}/ohswallet"
        WebLogicCluster <K8_WORKER_HOST1>:<OAA_KBA_K8>,<K8_WORKER_HOST2>:<OAA_KBA_K8>
    </Location>

    <Location /risk-analyzer>
        WLSRequest ON
        WLProxySSL ON
        WLProxySSLPassThrough ON
        WLCookieName OAMJSESSIONID
        DynamicServerList OFF
        SecureProxy ON
        WLSSLWallet   "${ORACLE_INSTANCE}/ohswallet"
        WebLogicCluster <K8_WORKER_HOST1>:<OAA_RISK_ANAL_K8>,<K8_WORKER_HOST2>:<OAA_RISK_ANAL_K8>
    </Location>

    <Location /risk-cc>
        WLSRequest ON
        WLProxySSL ON
        WLProxySSLPassThrough ON
        DynamicServerList OFF
        SecureProxy ON
        WLSSLWallet "${ORACLE_INSTANCE}/ohswallet"
        WebLogicCluster <K8_WORKER_HOST1>:<OAA_RISKL_K8>,<K8_WORKER_HOST2>:<OAA_RISKL_K8>
    </Location>

    <Location /oua>
        WLSRequest ON
        WLProxySSL ON
        WLProxySSLPassThrough ON
        WLCookieName OAMJSESSIONID
        DynamicServerList OFF
        SecureProxy ON
        WLSSLWallet "${ORACLE_INSTANCE}/ohswallet"
        WebLogicCluster <K8_WORKER_HOST1>:<OAA_OUA_K8>,<K8_WORKER_HOST2>:<OAA_OUA_K8>
    </Location>

    <Location /oaa-drss>
        WLSRequest ON
        WLProxySSL ON
        WLProxySSLPassThrough ON
        WLCookieName OAMJSESSIONID
        DynamicServerList OFF
        SecureProxy ON
        WLSSLWallet "${ORACLE_INSTANCE}/ohswallet"
        WebLogicCluster <K8_WORKER_HOST1>:<OAA_DRSS_K8>,<K8_WORKER_HOST2>:<OAA_DRSS_K8>
    </Location>

Edit the login_vh.conf file and add the following after the RewriteEngine On tag:

    RequestHeader set X-OAUTH-IDENTITY-DOMAIN-NAME "OAADomain"
    RewriteRule ^/oauth2/rest/authorize? /oauth2/rest/authorize?domain=OAADomain [PT,QSA,L]
    RewriteRule ^/oauth2/rest/token? /oauth2/rest/token?domain=OAADomain [PT,QSA,L]
    RewriteRule ^/oauth2/rest/token/info? /oauth2/rest/token/info?domain=OAADomain [PT,QSA,L]
    RewriteRule ^/oauth2/rest/authz? /oauth2/rest/authz?domain=OAADomain [PT,QSA,L]
    RewriteRule ^/oauth2/rest/userinfo? /oauth2/rest/userinfo?domain=OAADomain [PT,QSA,L]
    RewriteRule ^/oauth2/rest/security? /oauth2/rest/security?domain=OAADomain [PT,QSA,L]
    RewriteRule ^/oauth2/rest/userlogout? /oauth2/rest/userlogout?domain=OAADomain [PT,QSA,L]

Where OAADomain is the name of the OAA domain. Ensure that this value is consistent with the value you use when you install OAA. See Installing and Configuring Oracle Advanced Authentication, Oracle Adaptive Risk Management, and Oracle Universal Authenticator.

Copy the iadadmin_vh.conf and login_vh.conf files to the configuration directory of the second Oracle HTTP Server instance (OHS2):
```
WEB_DOMAIN_HOME/config/fmwconfig/components/OHS/ohs2/moduleconf/
```

Parent topic: Installing and Configuring Oracle HTTP Server

Restarting the OHS Instances

Ensure that you have copied the configuration files to each WEBHOST, and then restart the Oracle HTTP Service instance on each host.

To do this:

Restart the ohs1 instance by doing the following:
1. Change directory to the following location:
```
cd WEB_DOMAIN_HOME/bin
```
2. Enter the following commands to stop and start the instance:
```
./stopComponent.sh ohs1
```
```
./startComponent.sh ohs1
```
Restart the ohs2 instance by doing the following:
1. Change directory to the following location:
```
cd WEB_DOMAIN_HOME/bin
```
2. Enter the following commands to stop and start the instance:
```
./stopComponent.sh ohs2
```
```
./startComponent.sh ohs2
```

Parent topic: Installing and Configuring Oracle HTTP Server

Validating the Oracle HTTP Server Configuration

To ensure that the Oracle HTTP server is working correctly, you should perform a few validations after configuring the Oracle Identity Management products.

Parent topic: Installing and Configuring Oracle HTTP Server

Validating Access Through the Load Balancer

You should verify URLs to ensure that appropriate routing and failover is working from Oracle HTTP Server to OAM_Cluster.

Verifying the URLs

Parent topic: Validating the Oracle HTTP Server Configuration

Verifying the URLs

To verify the URLs:

While oam_server2 is running, stop oam_server1 using the WebLogic Server Administration Console.
Access https://login.example.com/oam/server/logout.
Start oam_server1 from the WebLogic Server Administration Console.
Stop oam_server2 from the WebLogic Server Administration Console.
Access http://login.example.com/oam/server/logout.

You can verify the cluster node to which you were directed after the traffic balancing provided through your load balancer and then again through the web tier.

Parent topic: Validating Access Through the Load Balancer

Validating the Virtual Server Configuration and Access to the Consoles

Validate the virtual server configuration on the load balancer, and the access to the management console and the Administration Server.

From the load balancer, access the following URLs to ensure that the load balancer and Oracle HTTP Server are configured properly. These URLs should show the initial Oracle HTTP Server 12c web page.

https://login.example.com/index.html
https://prov.example.com/index.html
http://iadadmin.example.com/index.html
http://igdadmin.example.com/index.html

Use the following URLs to the hardware load balancer to display the Oracle WebLogic Server Administration Console, and log in using the Oracle WebLogic Server iadadmin credentials:

http://iadadmin.example.com/console
http://iadadmin.example.com/em

This validates that the iadadmin.example.com virtual host on the load balancer is able to route requests to the Oracle HTTP Server instances on the web tier, which in turn can route requests for the Oracle WebLogic Server Administration Console to the Administration Server in the application tier.

Similarly, you should be able to access the WebLogic Server Administration Console and Fusion Middleware Control for the igdadmin virtual host using the following URLs:

http://igdadmin.example.com/console
http://igdadmin.example.com/em

Parent topic: Validating the Oracle HTTP Server Configuration

Sample Virtual Host Files

The sample list includes the complete examples of all the virtual host files used in an Oracle Identity and Access Management deployment.

Example 1 login_vh.conf

<VirtualHost WEBHOST1.example.com:7777>
    ServerName https://login.example.com:443
    ServerAdmin you@your.address
    RewriteEngine On
    RequestHeader set X-OAUTH-IDENTITY-DOMAIN-NAME "OAADomain"
    RewriteOptions inherit
    UseCanonicalName On
    RequestHeader set "X-Forwarded-Host" "login.example.com"
    RequestHeader set X-OAUTH-IDENTITY-DOMAIN-NAME "OAADomain"
    RewriteRule ^/oauth2/rest/authorize? /oauth2/rest/authorize?domain=OAADomain [PT,QSA,L]
    RewriteRule ^/oauth2/rest/token? /oauth2/rest/token?domain=OAADomain [PT,QSA,L]
    RewriteRule ^/oauth2/rest/token/info? /oauth2/rest/token/info?domain=OAADomain [PT,QSA,L]
    RewriteRule ^/oauth2/rest/authz? /oauth2/rest/authz?domain=OAADomain [PT,QSA,L]
    RewriteRule ^/oauth2/rest/userinfo? /oauth2/rest/userinfo?domain=OAADomain [PT,QSA,L]
    RewriteRule ^/oauth2/rest/security? /oauth2/rest/security?domain=OAADomain [PT,QSA,L]
    RewriteRule ^/oauth2/rest/userlogout? /oauth2/rest/userlogout?domain=OAADomain [PT,QSA,L]

    #OAM Entries
    <Location /oam>
      WLSRequest ON
      DynamicServerList OFF
      WLProxySSL ON
      WLProxySSLPassThrough ON
      WLCookieName OAMJSESSIONID
      WebLogicCluster k8workerhost1.example.com:30410,k8workerhost2.example.com:30410 
    </Location>

    <Location /oam/services/rest/auth>
      WLSRequest ON
      DynamicServerList OFF
      WLProxySSL ON
      WLProxySSLPassThrough ON
      WLCookieName OAMJSESSIONID
      WebLogicCluster k8workerhost1.example.com:30410,k8workerhost2.example.com:30410
    </Location>

    <Location /oam/services/rest/access>
      WLSRequest ON
      DynamicServerList OFF
      WLProxySSL ON
      WLProxySSLPassThrough ON
      WLCookieName OAMJSESSIONID
      WebLogicCluster k8workerhost1.example.com:30410,k8workerhost2.example.com:30410
    </Location>

    <Location /oamfed>
      WLSRequest ON
      DynamicServerList OFF
      WebLogicCluster k8workerhost1.example.com:30410,k8workerhost2.example.com:30410
      WLCookieName OAMJSESSIONID
      WLProxySSL ON
      WLProxySSLPassThrough ON
    </Location>

    # OAM Forgotten Password Page 
    <Location /otpfp/>   
      WLSRequest ON
      DynamicServerList OFF
      WebLogicCluster k8workerhost1.example.com:30410,k8workerhost2.example.com:30410  
      WLCookieName OAMJSESSIONID   
      WLProxySSL ON   
      WLProxySSLPassThrough ON 
    </Location>

    <Location /ms_oauth>
      WLSRequest ON
      DynamicServerList OFF
      WebLogicCluster k8workerhost1.example.com:30410,k8workerhost2.example.com:30410
      WLCookieName OAMJSESSIONID
      WLProxySSL ON
      WLProxySSLPassThrough ON
    </Location>

    <Location /oauth2>
      WLSRequest ON
      DynamicServerList OFF
      WebLogicCluster k8workerhost1.example.com:30410,k8workerhost2.example.com:30410
      WLCookieName OAMJSESSIONID
      WLProxySSL ON
      WLProxySSLPassThrough ON
    </Location>
    
    <Location /.well-known/openid-configuration>
      WLSRequest ON
      DynamicServerList OFF
      WebLogicCluster k8workerhost1.example.com:30410,k8workerhost2.example.com:30410
      PathTrim /.well-known
      PathPrepend /oauth2/rest
      WLCookieName OAMJSESSIONID
      WLProxySSL ON
      WLProxySSLPassThrough ON
    </Location>

    <Location /.well-known/oidc-configuration>
      WLSRequest ON
      DynamicServerList OFF
      WebLogicCluster k8workerhost1.example.com:30410,k8workerhost2.example.com:30410
      PathTrim /.well-known
      PathPrepend /oauth2/rest
      WLCookieName OAMJSESSIONID
      WLProxySSL ON
      WLProxySSLPassThrough ON
    </Location>

    <Location /CustomConsent>
      WLSRequest ON
      DynamicServerList OFF
      WebLogicCluster k8workerhost1.example.com:30410,k8workerhost2.example.com:30410
      WLCookieName OAMJSESSIONID
      WLProxySSL ON
      WLProxySSLPassThrough ON
    </Location>

    <Location /iam/access>
      WLSRequest ON
      DynamicServerList OFF
      WebLogicCluster k8workerhost1.example.com:30410,k8workerhost2.example.com:30410
      WLCookieName OAMJSESSIONID
      WLProxySSL ON
      WLProxySSLPassThrough ON    
    </Location>

    # OAA
    #
    <Location /oaa/runtime>
        WLSRequest ON
        WLProxySSL ON
        WLProxySSLPassThrough ON
        DynamicServerList OFF
        SecureProxy ON
        WLSSLWallet   "${ORACLE_INSTANCE}/ohswallet"
        WebLogicCluster k8workerhost1.example.com:31047,k8workerhost2.example.com:31047
        WLCookieName OAMJSESSIONID
    </Location>

    <Location /oaa-policy>
        WLSRequest ON
        WLProxySSL ON
        WLProxySSLPassThrough ON
        WLCookieName OAMJSESSIONID
        DynamicServerList OFF
        SecureProxy ON
        WLSSLWallet   "${ORACLE_INSTANCE}/ohswallet"
        WebLogicCluster k8workerhost1.example.com:31957,k8workerhost2.example.com:31957
    </Location>

    <Location /policy>
        WLSRequest ON
        WLProxySSL ON
        WLProxySSLPassThrough ON
        DynamicServerList OFF
        SecureProxy ON
        WLSSLWallet   "${ORACLE_INSTANCE}/ohswallet"
        WebLogicCluster k8workerhost1.example.com:31957,k8workerhost2.example.com:31957
        WLCookieName OAMJSESSIONID
    </Location>

    <Location /oaa/rui>
        WLSRequest ON
        WLProxySSL ON
        WLProxySSLPassThrough ON
        DynamicServerList OFF
        SecureProxy ON
        WLSSLWallet   "${ORACLE_INSTANCE}/ohswallet"
        WebLogicCluster k8workerhost1.example.com:30532,k8workerhost2.example.com:30532
        WLCookieName OAMJSESSIONID
    </Location>

    <Location /oaa/authnui>
        WLSRequest ON
        WLProxySSL ON
        WLProxySSLPassThrough ON
        DynamicServerList OFF
        SecureProxy ON
        WLSSLWallet   "${ORACLE_INSTANCE}/ohswallet"
        WebLogicCluster k8workerhost1.example.com:30532,k8workerhost2.example.com:30532
        WLCookieName OAMJSESSIONID
    </Location>

    <Location /fido>
        WLSRequest ON
        WLProxySSL ON
        WLProxySSLPassThrough ON
        DynamicServerList OFF
        SecureProxy ON
        WLSSLWallet   "${ORACLE_INSTANCE}/ohswallet"
        WebLogicCluster k8workerhost1.example.com:32438,k8workerhost2.example.com:32438
        WLCookieName OAMJSESSIONID
    </Location>

    <Location /oaa-email-factor>
        WLSRequest ON
        WLProxySSL ON
        WLProxySSLPassThrough ON
        DynamicServerList OFF
        SecureProxy ON
        WLSSLWallet   "${ORACLE_INSTANCE}/ohswallet"
        WebLogicCluster k8workerhost1.example.com:30614,k8workerhost2.example.com:30614
        WLCookieName OAMJSESSIONID
    </Location>

    <Location /oaa-sms-factor>
        WLSRequest ON
        WLProxySSL ON
        WLProxySSLPassThrough ON
        DynamicServerList OFF
        SecureProxy ON
        WLSSLWallet   "${ORACLE_INSTANCE}/ohswallet"
        WebLogicCluster k8workerhost1.example.com:31930,k8workerhost1.example.com:31930
        WLCookieName OAMJSESSIONID
    </Location>

    <Location /oaa-totp-factor>
        WLSRequest ON
        WLProxySSL ON
        WLProxySSLPassThrough ON
        DynamicServerList OFF
        SecureProxy ON
        WLSSLWallet   "${ORACLE_INSTANCE}/ohswallet"
        WebLogicCluster k8workerhost1.example.com:31950,k8workerhost1.example.com:31950
        WLCookieName OAMJSESSIONID
    </Location>

    <Location /oaa-push-factor>
        WLSRequest ON
        WLProxySSL ON
        WLProxySSLPassThrough ON
        DynamicServerList OFF
        SecureProxy ON
        WLSSLWallet   "${ORACLE_INSTANCE}/ohswallet"
        WebLogicCluster k8workerhost1.example.com:31166,k8workerhost2.example.com:31166
        WLCookieName OAMJSESSIONID
    </Location>

    <Location /oaa-yotp-factor>
        WLSRequest ON
        WLProxySSL ON
        WLProxySSLPassThrough ON
        DynamicServerList OFF
        SecureProxy ON
        WLSSLWallet   "${ORACLE_INSTANCE}/ohswallet"
        WebLogicCluster k8workerhost1.example.com:31946,k8workerhost2.example.com:31946
        WLCookieName OAMJSESSIONID
    </Location>

    <Location /oaa/kba>
        WLSRequest ON
        WLProxySSL ON
        WLProxySSLPassThrough ON
        DynamicServerList OFF
        SecureProxy ON
        WLSSLWallet   "${ORACLE_INSTANCE}/ohswallet"
        WebLogicCluster k8workerhost1.example.com:31147,k8workerhost2.example.com:31147
        WLCookieName OAMJSESSIONID
    </Location>

    <Location /risk-analyzer>
        WLSRequest ON
        WLProxySSL ON
        WLProxySSLPassThrough ON
        DynamicServerList OFF
        SecureProxy ON
        WLSSLWallet   "${ORACLE_INSTANCE}/ohswallet"
        WebLogicCluster k8workerhost1.example.com:30507,k8workerhost2.example.com:30507
        WLCookieName OAMJSESSIONID
    </Location>

    <Location /risk-cc>
        WLSRequest ON
        WLProxySSL ON
        WLProxySSLPassThrough ON
        DynamicServerList OFF
        SecureProxy ON
        WLSSLWallet   "${ORACLE_INSTANCE}/ohswallet"
        WebLogicCluster k8workerhost1.example.com:30981,k8workerhost2.example.com:30981
        WLCookieName OAMJSESSIONID
    </Location>

    <Location /oua>
        WLSRequest ON
        WLProxySSL ON
        WLProxySSLPassThrough ON
        DynamicServerList OFF
        SecureProxy ON
        WLSSLWallet "${ORACLE_INSTANCE}/ohswallet"
        WebLogicCluster k8workerhost1.example.com:30520,k8workerhost2.example.com:30520
        WLCookieName OAMJSESSIONID
    </Location>

    <Location /oaa-drss>
        WLSRequest ON
        WLProxySSL ON
        WLProxySSLPassThrough ON
        DynamicServerList OFF
        SecureProxy ON
        WLSSLWallet "${ORACLE_INSTANCE}/ohswallet"
        WebLogicCluster k8workerhost1.example.com:30580,k8workerhost2.example.com:30580
        WLCookieName OAMJSESSIONID
    </Location>

    <Location /oua/rui>
        WLSRequest ON
        WLProxySSL ON
        WLProxySSLPassThrough ON
        DynamicServerList OFF
        SecureProxy ON
        WLSSLWallet "${ORACLE_INSTANCE}/ohswallet"
        WebLogicCluster k8workerhost1.example.com:30580,k8workerhost2.example.com:30580
        WLCookieName OAMJSESSIONID
    </Location>
</VirtualHost>

Example 2 prov_vh.conf

<VirtualHost WEBHOST1.example.com:7777>
    ServerName https://prov.example.com:443
    ServerAdmin you@your.address
    RewriteEngine On
    RewriteOptions inherit
    UseCanonicalName On
    RequestHeader set "X-Forwarded-Host" "prov.example.com"

    <Location /identity>
      WLSRequest ON
      DynamicServerList OFF
      WLCookieName oimjsessionid
      DynamicServerList OFF
      WebLogicCluster k8workerhost1.example.com:30140,k8workerhost2.example.com:30140
      WLLogFile "${ORACLE_INSTANCE}/diagnostics/logs/mod_wl/oim_component.log"
      WLProxySSL ON
      WLProxySSLPassThrough ON
    </Location>		

    <Location /HTTPClnt>
      WLSRequest ON
      DynamicServerList OFF
      WLCookieName oimjsessionid
      DynamicServerList OFF
      WebLogicCluster k8workerhost1.example.com:30140,k8workerhost2.example.com:30140
      WLLogFile "${ORACLE_INSTANCE}/diagnostics/logs/mod_wl/oim_component.log"
      WLProxySSL ON
      WLProxySSLPassThrough ON
    </Location>		

    # Requests webservice URL
    <Location /reqsvc>
      WLCookieName oimjsessionid
      DynamicServerList OFF
      WebLogicCluster k8workerhost1.example.com:30140,k8workerhost2.example.com:30140
      WLProxySSL ON
      WLProxySSLPassThrough ON
      WLLogFile "${ORACLE_INSTANCE}/diagnostics/logs/mod_wl/oim_component.log"
    </Location>

    <Location /FacadeWebApp>
      SetHandler weblogic-handler
      WLCookieName oimjsessionid
      DynamicServerList OFF
      WebLogicCluster k8workerhost1.example.com:30140,k8workerhost2.example.com:30140
      WLLogFile "${ORACLE_INSTANCE}/diagnostics/logs/mod_wl/oim_component.log"
      WLProxySSL ON
      WLProxySSLPassThrough ON 
    </Location>

    <Location /iam>
      SetHandler weblogic-handler
      WLCookieName oimjsessionid
      DynamicServerList OFF
      WebLogicCluster k8workerhost1.example.com:30140,k8workerhost2.example.com:30140
      WLLogFile "${ORACLE_INSTANCE}/diagnostics/logs/mod_wl/oim_component.log"
      WLProxySSL ON
      WLProxySSLPassThrough ON 
    </Location>

    <Location /OIGUI>
      SetHandler weblogic-handler
      WLCookieName oimjsessionid
      DynamicServerList OFF
      WebLogicCluster k8workerhost1.example.com:30140,k8workerhost2.example.com:30140
      WLLogFile "${ORACLE_INSTANCE}/diagnostics/logs/mod_wl/oim_component.log"
      WLProxySSL ON
      WLProxySSLPassThrough ON
    </Location>
</VirtualHost>

Example 3 iadadmin_vh.conf

<VirtualHost WEBHOST1.example.com:7777>
    ServerName iadadmin.example.com:80
    ServerAdmin you@your.address
    RewriteEngine On
    RewriteOptions inherit
    UseCanonicalName On
    RequestHeader set "X-Forwarded-Host" "iadadmin.example.com"

    # Admin Server and EM
    <Location /console>
       WLSRequest ON
       DynamicServerList OFF
       WebLogicCluster k8workerhost1.example.com:30701,k8workerhost2.example.com:30701
    </Location>

    # WebLogic Remote Console Access 
    #  
    <Location /management>
       WLSRequest ON
       DynamicServerList OFF
       WebLogicCluster k8workerhost1.example.com:30711,k8workerhost2.example.com:30711
    </Location>

    <Location /consolehelp>
       WLSRequest ON
       DynamicServerList OFF
       WebLogicCluster k8workerhost1.example.com:30701,k8workerhost2.example.com:30701
    </Location>

    <Location /em>
      WLSRequest ON
      DynamicServerList OFF
      WebLogicCluster k8workerhost1.example.com:30701,k8workerhost2.example.com:30701
    </Location>

    <Location /oamconsole>
      WLSRequest ON
      DynamicServerList OFF
      WebLogicCluster k8workerhost1.example.com:30701,k8workerhost2.example.com:30701
    </Location>

    <Location /access>
      WLSRequest ON
      DynamicServerList OFF
      DynamicServerList OFF
      WebLogicCluster k8workerhost1.example.com:30510,k8workerhost2.example.com:30510
      WLCookieName OAMJSESSIONID
    </Location>

    <Location /iam/admin>
      WLSRequest ON
      DynamicServerList OFF
      DynamicServerList OFF
      WebLogicCluster k8workerhost1.example.com: 30701,k8workerhost2.example.com:30701
      WLCookieName OAMJSESSIONID
    </Location>

    <Location /oam/services/rest/11.1.2.0.0>
      WLSRequest ON
      DynamicServerList OFF
      DynamicServerList OFF
      WebLogicCluster k8workerhost1.example.com: 30701,k8workerhost2.example.com:30701
      WLCookieName OAMJSESSIONID
    </Location>

    <Location /oam/services/rest/ssa>
      WLSRequest ON
      DynamicServerList OFF
      DynamicServerList OFF
      WebLogicCluster k8workerhost1.example.com: 30701,k8workerhost2.example.com: 30701
      WLCookieName OAMJSESSIONID
    </Location>

    # Required for Multi-Datacenter 
    <Location /oam/services>
      WLSRequest ON
      DynamicServerList OFF
      WebLogicCluster k8workerhost1.example.com:30701,k8workerhost2.example.com:30701 
    </Location>
    # OAA
    #
    <Location /oaa-admin>
        WLSRequest ON
        WLCookieName OAMJSESSIONID
        DynamicServerList OFF
        SecureProxy ON
        WLSSLWallet   "${ORACLE_INSTANCE}/ohswallet"
        WebLogicCluster k8workerhost1.example.com:31338,k8workerhost2.example.com:31338
    </Location>

    <Location /admin-ui>
        WLSRequest ON
        WLCookieName OAMJSESSIONID
        DynamicServerList OFF
        SecureProxy ON
        WLSSLWallet   "${ORACLE_INSTANCE}/ohswallet"
        WebLogicCluster k8workerhost1.example.com:31338,k8workerhost2.example.com:31338
    </Location>

    <Location /oua-admin-ui>
        WLSRequest ON
        WLCookieName OAMJSESSIONID
        DynamicServerList OFF
        SecureProxy ON
        WLSSLWallet "${ORACLE_INSTANCE}/ohswallet"
        WebLogicCluster k8workerhost1.example.com:30525,k8workerhost2.example.com:30525
    </Location>

    <Location /dms>
       WLSRequest ON
       DynamicServerList OFF
       WebLogicCluster k8workerhost1.example.com:30701,k8workerhost2.example.com:30701
    </Location>

</VirtualHost>

Example 4 igdadmin_vh.conf

<VirtualHost WEBHOST1.example.com:7777>
    ServerName igdadmin.example.com:80
    ServerAdmin you@your.address
    RewriteEngine On
    RewriteOptions inherit
    UseCanonicalName On
    RequestHeader set "X-Forwarded-Host" "igdadmin.example.com"

    # Admin Server and EM
    <Location /console>
      WLSRequest ON
      DynamicServerList OFF
      WebLogicCluster k8workerhost1.example.com:30711,k8workerhost2.example.com:30711
    </Location>

    # WebLogic Remote Console Access
    #
    <Location /management>
       WLSRequest ON
       DynamicServerList OFF
       WebLogicCluster k8workerhost1.example.com:30711,k8workerhost2.example.com:30711  
    </Location>

    <Location /consolehelp>
      WLSRequest ON
      DynamicServerList OFF
      WebLogicCluster k8workerhost1.example.com:30711,k8workerhost2.example.com:30711
    </Location>

    <Location /em>
      WLSRequest ON
      DynamicServerList OFF
      WebLogicCluster k8workerhost.example.com:30711,k8workerhost.example.com:30711
    </Location>

    <Location /oim>
      WLSRequest ON
      DynamicServerList OFF
      WLCookieName oimjsessionid
      DynamicServerList OFF
      WebLogicCluster k8workerhost1.example.com:30140,k8workerhost2.example.com:30140
      WLLogFile "${ORACLE_INSTANCE}/diagnostics/logs/mod_wl/oim_component.log"
    </Location>

    <Location /iam>
      WLSRequest ON
      DynamicServerList OFF
      WLCookieName oimjsessionid
      DynamicServerList OFF
      WebLogicCluster k8workerhost1.example.com:30140,k8workerhost2.example.com:30140
      WLLogFile "${ORACLE_INSTANCE}/diagnostics/logs/mod_wl/oim_component.log"
    </Location>

    <Location /sysadmin>
      WLSRequest ON
      DynamicServerList OFF
      WLCookieName oimjsessionid
      DynamicServerList OFF
      WebLogicCluster k8workerhost1.example.com:30140,k8workerhost2.example.com:30140
      WLLogFile "${ORACLE_INSTANCE}/diagnostics/logs/mod_wl/oim_component.log"
    </Location>

    <Location /admin>
      WLSRequest ON
      DynamicServerList OFF
      WLCookieName oimjsessionid
      DynamicServerList OFF
      WebLogicCluster k8workerhost1.example.com:30140,k8workerhost2.example.com:30140
      WLLogFile "${ORACLE_INSTANCE}/diagnostics/logs/mod_wl/oim_component.log"
    </Location>

    # OIM self service console
    <Location /identity>
      WLSRequest ON
      DynamicServerList OFF
      WLCookieName oimjsessionid
      DynamicServerList OFF
      WebLogicCluster k8workerhost1.example.com:30140,k8workerhost2.example.com:30140
      WLLogFile "${ORACLE_INSTANCE}/diagnostics/logs/mod_wl/oim_component.log"
    </Location>

    <Location /OIGUI>
      WLSRequest ON
      DynamicServerList OFF
      WLCookieName oimjsessionid
      DynamicServerList OFF
      WebLogicCluster k8workerhost1.example.com:30140,k8workerhost2.example.com:30140
      WLLogFile "${ORACLE_INSTANCE}/diagnostics/logs/mod_wl/oim_component.log"
    </Location>

    <Location /FacadeWebApp>
      SetHandler weblogic-handler
      WLCookieName oimjsessionid    
      DynamicServerList OFF
      WebLogicCluster k8workerhost1.example.com:30140,k8workerhost2.example.com:30140
      WLLogFile "${ORACLE_INSTANCE}/diagnostics/logs/mod_wl/oim_component.log"
    </Location>

    # Scheduler webservice URL
    <Location /SchedulerService-web>
      WLSRequest ON
      DynamicServerList OFF
      WLCookieName oimjsessionid
      DynamicServerList OFF
      WebLogicCluster k8workerhost1.example.com:30140,k8workerhost2.example.com:30140
      WLLogFile "${ORACLE_INSTANCE}/diagnostics/logs/mod_wl/oim_component.log"
    </Location>

    # OIRI UI
    # <Location /oiri/ui>
        WLSRequest ON
        DynamicServerList OFF
        WLCookieName oimjsessionid
        DynamicServerList OFF
        WebLogicCluster k8workerhost1.example.com:30306,k8workerhost2.example.com:30306
     </Location>

    # OIRI API
    # <Location /oiri/api>
        WLSRequest ON
        DynamicServerList OFF
        WLCookieName oimjsessionid
        DynamicServerList OFF
        WebLogicCluster k8workerhost1.example.com:30305,k8workerhost2.example.com:30305
     </Location>

    <Location /dms>
      WLSRequest ON
      DynamicServerList OFF
      WebLogicCluster k8workerhost1.example.com:30711,k8workerhost2.example.com:30711
    </Location>

</VirtualHost>

Example 5 igdinternal_vh.conf

<VirtualHost WEBHOST1.example.com:7777>
    ServerName igdinternal.example.com:7777
    ServerAdmin you@your.address
    RewriteEngine On
    RewriteOptions inherit
    UseCanonicalName On
    RequestHeader set "X-Forwarded-Host" "igdinternal.example.com"

    # WSM-PM
    <Location /wsm-pm>
      WLSRequest ON
      DynamicServerList OFF
      DynamicServerList OFF
      WebLogicCluster k8workerhost1.example.com:7010,k8workerhost2.example.com:7010
      WLProxySSL OFF   
      WLProxySSLPassThrough OFF
    </Location>

    <Location /sodcheck>
      WLSRequest ON
      DynamicServerList OFF
      WLCookieName oimjsessionid
      DynamicServerList OFF
      WebLogicCluster k8workerhost1.example.com:30801,k8workerhost2.example.com:30801
      WLLogFile "${ORACLE_INSTANCE}/diagnostics/logs/mod_wl/soa_component.log"
    </Location>

    # OIM, role-sod profile
    <Location /role-sod>
      WLSRequest ON
      DynamicServerList OFF
      WLCookieName oimjsessionid
      DynamicServerList OFF
      WebLogicCluster k8workerhost1.example.com:30140,k8workerhost2.example.com:30140
      WLLogFile "${ORACLE_INSTANCE}/diagnostics/logs/mod_wl/oim_component.log"
    </Location>

    # Callback webservice for SOA. SOA calls this when a request is approved/rejected
    # Provide the SOA Managed Server Port
    <Location /workflowservice>
      WLSRequest ON
      DynamicServerList OFF
      WLCookieName oimjsessionid
      DynamicServerList OFF
      WebLogicCluster k8workerhost1.example.com:30140,k8workerhost2.example.com:30140
      WLLogFile "${ORACLE_INSTANCE}/diagnostics/logs/mod_wl/soa_component.log"
    </Location>

    # used for FA Callback service.
    <Location /callbackResponseService>
      WLSRequest ON
      DynamicServerList OFF
      WLCookieName oimjsessionid
      DynamicServerList OFF
      WebLogicCluster k8workerhost1.example.com:30140,k8workerhost2.example.com:30140
      WLLogFile "${ORACLE_INSTANCE}/diagnostics/logs/mod_wl/oim_component.log"
    </Location>

    # spml xsd profile
    <Location /spml-xsd>
      WLSRequest ON
      DynamicServerList OFF
      WLCookieName oimjsessionid
      DynamicServerList OFF
      WebLogicCluster k8workerhost1.example.com:30140,k8workerhost2.example.com:30140
      WLLogFile "${ORACLE_INSTANCE}/diagnostics/logs/mod_wl/oim_component.log"
    </Location>

    # OIM, spml dsml profile
    <Location /spmlws>
      WLSRequest ON
      DynamicServerList OFF
      PathTrim /weblogic
      WLCookieName oimjsessionid
      DynamicServerList OFF
      WebLogicCluster k8workerhost1.example.com:30140,k8workerhost2.example.com:30140
      WLLogFile "${ORACLE_INSTANCE}/diagnostics/logs/mod_wl/oim_component.log"
    </Location>

    <Location /reqsvc>
      WLSRequest ON
      DynamicServerList OFF
      WLCookieName oimjsessionid
      DynamicServerList OFF
      WebLogicCluster k8workerhost1.example.com:30140,k8workerhost2.example.com:30140
      WLLogFile "${ORACLE_INSTANCE}/diagnostics/logs/mod_wl/soa_component.log"
    </Location>

    # SOA Infra
    <Location /soa-infra>
      WLSRequest ON
      DynamicServerList OFF
      WLCookieName oimjsessionid
      DynamicServerList OFF
      WebLogicCluster k8workerhost1.example.com:30801,k8workerhost2.example.com:30801
      WLLogFile "${ORACLE_INSTANCE}/diagnostics/logs/OHS/component/oim_component.log"
    </Location>

    # UMS Email Support
    <Location /ucs>
      WLSRequest ON
      DynamicServerList OFF
      WLCookieName oimjsessionid
      DynamicServerList OFF
      WebLogicCluster k8workerhost1.example.com:30801,k8workerhost2.example.com:30801
      WLLogFile "${ORACLE_INSTANCE}/diagnostics/logs/OHS/component/oim_component.log"
    </Location>

    <Location /provisioning-callback>
      WLSRequest ON
      DynamicServerList OFF
      WLCookieName oimjsessionid
      DynamicServerList OFF
      WebLogicCluster k8workerhost1.example.com:30140,k8workerhost2.example.com:30140
      WLLogFile "${ORACLE_INSTANCE}/diagnostics/logs/mod_wl/oim_component.log"
    </Location>

    <Location /CertificationCallbackService>
      WLSRequest ON
      DynamicServerList OFF
      WLCookieName oimjsessionid
      DynamicServerList OFF
      WebLogicCluster k8workerhost1.example.com:30140,k8workerhost2.example.com:30140
      WLLogFile "${ORACLE_INSTANCE}/diagnostics/logs/mod_wl/oim_component.log"
    </Location>

    <Location /IdentityAuditCallbackService>
      WLSRequest ON
      DynamicServerList OFF
      WLCookieName oimjsessionid
      DynamicServerList OFF
      WebLogicCluster k8workerhost1.example.com:30140,k8workerhost2.example.com:30140
      WLLogFile "${ORACLE_INSTANCE}/diagnostics/logs/mod_wl/oim_component.log"
    </Location>
  
    # SOA Callback webservice for SOD - Provide the SOA Managed Server Ports
    <Location /soa/composer>
      SetHandler weblogic-handler
      WLCookieName oimjsessionid
      DynamicServerList OFF
      WebLogicCluster k8workerhost1.example.com:30801,k8workerhost2.example.com:30801
      WLLogFile "${ORACLE_INSTANCE}/diagnostics/logs/mod_wl/soa_component.log"
    </Location>

    <Location /integration>
      SetHandler weblogic-handler
      DynamicServerList OFF
      WebLogicCluster k8workerhost1.example.com:30801,k8workerhost2.example.com:30801
      WLCookieName oimjsessionid
    </Location>

    <Location /sdpmessaging/userprefs-ui>
      SetHandler weblogic-handler
      WLCookieName oimjsessionid
      DynamicServerList OFF
      WebLogicCluster k8workerhost1.example.com:30801,k8workerhost2.example.com:30801
      WLLogFile "${ORACLE_INSTANCE}/diagnostics/logs/mod_wl/soa_component.log"
    </Location>
		
    <Location /iam>
      SetHandler weblogic-handler
      WLCookieName oimjsessionid
      DynamicServerList OFF
      WebLogicCluster k8workerhost1.example.com:30140,k8workerhost2.example.com:30140
      WLLogFile "${ORACLE_INSTANCE}/diagnostics/logs/mod_wl/oim_component.log"
    </Location>

    # OIRI API
    # <Location /oiri/api>
        WLSRequest ON
        DynamicServerList OFF
        WLCookieName oimjsessionid
        DynamicServerList OFF
        WebLogicCluster k8workerhost1.example.com:30305,k8workerhost2.example.com:30305
     </Location>
</VirtualHost>

Parent topic: Installing and Configuring Oracle HTTP Server