17 Installing and Configuring Oracle HTTP Server
For an enterprise deployment, Oracle HTTP Server must be installed on each of the web tier hosts and configured as Oracle HTTP standalone domains on each host.
The Oracle HTTP Server instances on the web tier direct HTTP requests from the hardware load balancer to specific Managed Servers in the application tier.
Before you configure Oracle HTTP Server, be sure to review About Web Tier.
This chapter includes the following topics:
- Variables Used When Configuring the Oracle HTTP Server
You reference these directory variables as you perform the different tasks explained in this chapter. - About Storage
When you deploy Oracle HTTP Servers, the configuration information is stored locally or on a dedicated NFS volume. - About the Oracle HTTP Server Domains
In an enterprise deployment, each Oracle HTTP Server instance is configured on a separate host and in its own standalone domain. This allows for a simple configuration that requires a minimum amount of configuration and a minimum amount of resources to run and maintain. - Installing a Supported JDK
Oracle Fusion Middleware requires you to install a certified Java Development Kit (JDK) on your system. - Installing Oracle HTTP Server on WEBHOST1
Install the Oracle HTTP Server software on the web tier by using the Oracle Universal Installer. Verify the installation after you complete the procedure. - Creating an Oracle HTTP Server Domain on WEBHOST1
You can create a new Oracle HTTP Server standalone domain on the first web tier host by using the Configuration Wizard. - Installing and Configuring an Oracle HTTP Server Domain on WEBHOST2
After you install Oracle HTTP Server and configure a domain on WEBHOST1, then you must also perform the same tasks on WEBHOST2. - Starting the Node Manager and Oracle HTTP Server Instances on WEBHOST1 and WEBHOST2
Start the Node Manager on both the hosts before starting the Oracle HTTP Server instances. - Creating a Health Check
Create a health check on each Oracle HTTP Server instance. Oracle recommends using a specific page for health checks to avoid failures. - Backing Up the Configuration
As a best practice, Oracle recommends you to back up the configuration after you have successfully extended a domain or at another logical point. Back up only after you have verified that the installation is successful so far. This is a quick backup to enable immediate restoration in case of problems in later steps. - Configuring Oracle HTTP Server to Route Requests to the Application Tier
Update the Oracle HTTP Server configuration files so that the web server instances route requests to the servers in the domain. - Configuring Oracle HTTP Server for Oracle Access Manager
You have to configure Oracle HTTP Server for the Oracle Access Manager Managed Servers to ensure they route requests correctly to the Oracle Access Management cluster. - Configuring Oracle HTTP Server for Oracle Identity Governance
To configure the Oracle HTTP Server instances in the web tier so they route requests correctly to the Oracle SOA Suite cluster, use the following procedure to create an additional Oracle HTTP Server configuration file that creates and defines the parameters of thehttps://igdinternal.example.com:7777
virtual server. - Configuring Oracle HTTP Server for Oracle Identity Role Intelligence
You should configure Oracle HTTP Server for the Oracle Identity Role Intelligence (OIRI) Servers to ensure that they route requests correctly to the Oracle Role Intelligence cluster. - Configuring Oracle HTTP Server for Oracle Advanced Authentication, Oracle Adaptive Risk Management, and Oracle Universal Authenticator
You should configure Oracle HTTP Server for Oracle Advanced Authentication servers to ensure that they route requests correctly to the OAA microservices. - Restarting the OHS Instances
Ensure that you have copied the configuration files to each WEBHOST, and then restart the Oracle HTTP Service instance on each host. - Validating the Oracle HTTP Server Configuration
To ensure that the Oracle HTTP server is working correctly, you should perform a few validations after configuring the Oracle Identity Management products. - Sample Virtual Host Files
The sample list includes the complete examples of all the virtual host files used in an Oracle Identity and Access Management deployment.
Parent topic: Configuring the Enterprise Deployment
Variables Used When Configuring the Oracle HTTP Server
You reference these directory variables as you perform the different tasks explained in this chapter.
The values for several directory variables are defined in File System and Directory Variables Used in This Guide.
- WEB_ORACLE_HOME
- WEB_DOMAIN_HOME
- JAVA _HOME
Parent topic: Installing and Configuring Oracle HTTP Server
About Storage
When you deploy Oracle HTTP Servers, the configuration information is stored locally or on a dedicated NFS volume.
In the sections below, local refers to either local storage or an NFS volume. If you
want to deploy Oracle HTTP Server on OCI, you should create a dedicated NFS volume.
Whenever you see the reference /private
, it refers to this private
storage area – NFS or local.
Parent topic: Installing and Configuring Oracle HTTP Server
About the Oracle HTTP Server Domains
In an enterprise deployment, each Oracle HTTP Server instance is configured on a separate host and in its own standalone domain. This allows for a simple configuration that requires a minimum amount of configuration and a minimum amount of resources to run and maintain.
Note:
Oracle Fusion Middleware requires that a certified Java Development Kit (JDK) is installed on your system and JAVA_HOME is set on the web tier hosts.
For more information about the role and configuration of the Oracle HTTP Server instances in the web tier, see Understanding the Web Tier.
Parent topic: Installing and Configuring Oracle HTTP Server
Installing a Supported JDK
Oracle Fusion Middleware requires you to install a certified Java Development Kit (JDK) on your system.
The installation should be performed by oracle user
who has the
required permissions to install and configure the software. See Creating a Software Owner Account.
Parent topic: Installing and Configuring Oracle HTTP Server
Locating and Downloading the JDK Software
To find a certified JDK, see the certification document for your release on the Oracle Fusion Middleware Supported System Configurations page.
After you identify the Oracle JDK for the current Oracle Fusion Middleware release, you can download an Oracle JDK from the following location on Oracle Technology Network:
http://www.oracle.com/technetwork/java/index.html
Be sure to navigate to the download for the Java SE JDK.
Parent topic: Installing a Supported JDK
Installing the JDK Software
You must install the JDK in the following locations:
On the local storage device for each of the Web tier host computers. The Web tier host computers, which reside in the DMZ, do not necessarily have access to the shared storage on the application tier.
Parent topic: Installing a Supported JDK
Installing Oracle HTTP Server on WEBHOST1
Install the Oracle HTTP Server software on the web tier by using the Oracle Universal Installer. Verify the installation after you complete the procedure.
The installation should be performed by oracle user
who has the
required permissions to install and configure the software. See Creating a Software Owner Account.
The installation should be performed by oracle user
who has the
required permissions to install and configure the software. See Creating a Software Owner Account.
- Starting the Installer on WEBHOST1
- Navigating the Oracle HTTP Server Installation Screens
- Verifying the Oracle HTTP Server Installation
Parent topic: Installing and Configuring Oracle HTTP Server
Starting the Installer on WEBHOST1
To start the installation program, perform the following steps.
Parent topic: Installing Oracle HTTP Server on WEBHOST1
Navigating the Oracle HTTP Server Installation Screens
The following table lists the screens in the order that the installation program displays them.
If you need additional help with any of the installation screens, click the Help button on the screen.
Table 17-1 Oracle HTTP Server Installation Screens
Screen | Description |
---|---|
On UNIX operating systems, this screen appears if you install any Oracle product on this host for the first time. Specify the location where you want to create your central inventory. Ensure that the operating system group name selected on this screen has write permissions to the central inventory location. See Understanding the Oracle Central Inventory in Installing Software with the Oracle Universal Installer. Note: Oracle recommends that you configure the central inventory directory within the products directory. Example: You may also need to execute the |
|
This screen introduces you to the product installer. |
|
Use this screen to automatically search My Oracle Support for available patches or automatically search the local directory for patches that you have already downloaded for your organization. |
|
Use this screen to specify the location of your Oracle home directory. For the purposes of an enterprise deployment, enter the value of the WEB_ORACLE_HOME variable listed in Table 4-5. |
|
Select Standalone HTTP Server (Managed independently of WebLogic server). This installation type allows you to configure the Oracle HTTP Server instances independently from any other existing Oracle WebLogic Server domains. |
|
For the value of JDK Home, enter the value of JAVA_HOME that you set when installing the JDK software. |
|
This screen verifies that your system meets the minimum necessary requirements. If there are any warning or error messages, verify that your host computers and the required software meet the system requirements and certification information described in Host Computer Hardware Requirements and Operating System Requirements for the Enterprise Deployment Topology. |
|
Use this screen to verify the installation options that you selected. If you want to save these options to a response file, click Save Response File and provide the location and name of the response file. Response files can be used later in a silent installation situation. See Using the Oracle Universal Installer in Silent Mode in Installing Software with the Oracle Universal Installer. |
|
This screen allows you to see the progress of the installation. |
|
This screen appears when the installation is complete. Review the information on this screen, then click Finish to close the installer. |
Parent topic: Installing Oracle HTTP Server on WEBHOST1
Verifying the Oracle HTTP Server Installation
Verify that the Oracle HTTP Server installation completed successfully by validating the WEB_ORACLE_HOME
folder contents.
Run the following command to compare the installed folder structure with the following list:
ls --format=single-column WEB_ORACLE_HOME
The following files and directories are listed in theOracle HTTP Server Oracle Home:
bin
cdata
cfgtoollogs
crs
css
cv
has
install
inventory
jlib
ldap
lib
network
nls
ohs
OPatch
oracle_common
oracore
oraInst.loc
oui
perl
plsql
plugins
precomp
QOpatch
racg
rdbms
slax
sqlplus
srvm
webgate
wlserver
xdk
Parent topic: Installing Oracle HTTP Server on WEBHOST1
Creating an Oracle HTTP Server Domain on WEBHOST1
You can create a new Oracle HTTP Server standalone domain on the first web tier host by using the Configuration Wizard.
- Starting the Configuration Wizard on WEBHOST1
- Navigating the Configuration Wizard Screens for an Oracle HTTP Server Domain
Parent topic: Installing and Configuring Oracle HTTP Server
Starting the Configuration Wizard on WEBHOST1
To start the Configuration Wizard, navigate to the following directory and start the WebLogic Server Configuration Wizard, as follows:
cdWEB_ORACLE_HOME
/oracle_common/common/bin
./config.sh
Parent topic: Creating an Oracle HTTP Server Domain on WEBHOST1
Navigating the Configuration Wizard Screens for an Oracle HTTP Server Domain
Oracle recommends that you create a standalone domain for the Oracle HTTP Server instances on each web tier host.
The following topics describe how to create a new standalone Oracle HTTP Server domain:
-
Task 1, "Selecting the Domain Type and Domain Home Location"
-
Task 7, "Reviewing Your Configuration Specifications and Configuring the Domain"
- Task 1 Selecting the Domain Type and Domain Home Location
-
On the Configuration Type screen, select Create a new domain.
In the Domain Location field, enter the value assigned to the WEB_DOMAIN_HOME variable.
Note the following:
-
The Configuration Wizard creates the new directory that you specify here.
-
Create the directory on local storage, so the web servers do not have any dependencies on storage devices outside the DMZ.
Note:
-
More information about the Domain home directory can be found in About the Domain Home Directory in Planning an Installation of Oracle Fusion Middleware.
-
More information about the other options on this screen can be found in Configuration Type in Oracle Fusion Middleware Creating WebLogic Domains Using the Configuration Wizard.
-
For more information about the web tier and the DMZ, see Understanding the Firewalls and Zones of a Typical Enterprise Deployment.
-
For more information about the WEB_DOMAIN_HOME directory variable, see File System and Directory Variables Used in This Guide.
-
- Task 2 Selecting the Configuration Templates
-
On the Templates screen, select Oracle HTTP Server (Standalone) - 12.2.1.4.0 [ohs].
Tip:
More information about the options on this screen can be found in Templates in Oracle Fusion Middleware Creating WebLogic Domains Using the Configuration Wizard.
- Task 3 Selecting the JDK for the Web Tier Domain.
-
Select the Oracle HotSpot JDK installed in the
/u02/oracle/products/jdk
directory prior to the Oracle HTTP Server installation. - Task 4 Configuring System Components
-
On the System Components screen, configure one Oracle HTTP Server instance. The screen should, by default, have a single instance defined. This is the only instance that you need to create.
-
The default instance name in the System Component field is
ohs1
. Use this default name when you configureWEBHOST1
. -
Make sure that
OHS
is selected in the Component Type field. -
If an application is not responding, use the Restart Interval Seconds field to specify the number of seconds to wait before you attempt a restart if an application is not responding.
-
Use the Restart Delay Seconds field to specify the number of seconds to wait between restart attempts.
-
- Task 5 Configuring OHS Server
-
Use the OHS Server screen to configure the OHS servers in your domain:
-
Select ohs1 from the System Component drop-down menu.
-
In the Listen Address field, enter
WEBHOST1
.All the remaining fields are prepopulated, but you can change the values as required for your organization. See OHS Server in Oracle Fusion Middleware Creating WebLogic Domains Using the Configuration Wizard.
-
In the Server Name field, verify the value of the listen address and listen port.
It should appear as follows:
http://WEBHOST1:7777
-
- Task 6 Configuring Node Manager
-
Select Per Domain Default Location as the Node Manager type, and specify the user name and password for the Node Manager.
Note:
For more information about the options on this screen, see Node Manager in Creating WebLogic Domains Using the Configuration Wizard.
For information about Node Manager configuration, see Configuring Node Manager on Multiple Machines in Administering Node Manager for Oracle WebLogic Server.
- Task 7 Reviewing Your Configuration Specifications and Configuring the Domain
-
The Configuration Summary screen contains detailed configuration information for the domain that you are about to create. Review the details of each item on the screen and verify that the information is correct.
If you need to make any changes, you can go back to any previous screen either by using the Back button or by selecting the screen in the navigation pane.
Domain creation does not begin until you click Create.
In the Configuration Progress screen, click Next when it finishes.
Tip:
More information about the options on this screen can be found in Configuration Summary in Creating WebLogic Domains Using the Configuration Wizard.
- Task 8 Writing Down Your Domain Home
-
The Configuration Success screen shows the domain home location.
Make a note of the information provided here, as you need it to start the servers and access the Administration Server.
Click Finish to close the Configuration Wizard.
Parent topic: Creating an Oracle HTTP Server Domain on WEBHOST1
Installing and Configuring an Oracle HTTP Server Domain on WEBHOST2
After you install Oracle HTTP Server and configure a domain on WEBHOST1, then you must also perform the same tasks on WEBHOST2.
-
Log in to WEBHOST2 and install Oracle HTTP Server by using the instructions in Installing Oracle HTTP Server on WEBHOST1.
-
Configure a new standalone domain on WEBHOST2 by using the instructions in Creating a Web Tier Domain on WEBHOST1.
Use the name
ohs2
for the instance on WEBHOST2, and be sure to replace all occurrences of WEBHOST1 with WEBHOST2 and all occurrences ofohs1
withohs2
in each of the examples.
Parent topic: Installing and Configuring Oracle HTTP Server
Starting the Node Manager and Oracle HTTP Server Instances on WEBHOST1 and WEBHOST2
Start the Node Manager on both the hosts before starting the Oracle HTTP Server instances.
Parent topic: Installing and Configuring Oracle HTTP Server
Starting the Node Manager on WEBHOST1 and WEBHOST2
Before you can start the Oracle HTTP Server instances, you must start the Node Manager on WEBHOST1 and WEBHOST2:
See Advanced Node Manager Configuration in Administering Node Manager for Oracle WebLogic Server.
Creating a Health Check
Create a health check on each Oracle HTTP Server instance. Oracle recommends using a specific page for health checks to avoid failures.
When an Oracle HTTP Server is accessed via a load balancer, the load balancer periodically checks if the Oracle HTTP Server is alive by requesting a page from the Oracle HTTP server. The default health check tries to access the root page from the server. If a WebGate is used, you need to ensure that this page is not intercepted as it can cause the health check to fail.
It is not recommended to open the root page for the purpose of a health check because this can cause a security risk. It is recommended to use a specific page that is used only for the health check.
You can also enable the server status page and check the page. However, the server status page contains lot of information when exposed can pose a security risk that can be avoided by creating a dedicated page (excluding any sensitive information) in the HTTP server for the purpose of a health check.
When the WebGate bypass is created it should be locked down so that health check requests can only come from certain sources (not from the internet).
Perform the following steps on each Oracle HTTP Server instance to create a simple health check page:
- Create a file named
health-check.html
in the directoryWEB_DOMAIN_HOME/config/fmwconfig/components/OHS/<OHS_NAME>/htpdocs
with the following:<!DOCTYPE html> <html> <body> <h1>OK</h1> </body> </html>
-
Verify whether you can view the page by accessing http://WEBHOST1.example.com:7777/health-check.html.
A page is displayed with the message OK.
Note:
Ensure that you are checking/health-check.html
when configuring your load balancer.
Parent topic: Installing and Configuring Oracle HTTP Server
Backing Up the Configuration
As a best practice, Oracle recommends you to back up the configuration after you have successfully extended a domain or at another logical point. Back up only after you have verified that the installation is successful so far. This is a quick backup to enable immediate restoration in case of problems in later steps.
In a Kubernetes environment, it is sufficient to back up the persistent volume and the database.
The backup destination is the local disk. You can discard this backup when the enterprise deployment setup is complete. After the enterprise deployment setup is complete, you can initiate the regular deployment-specific Backup and Recovery process.
For information about backing up your configuration, see Performing Backups and Recoveries for an Enterprise Deployment.
Parent topic: Installing and Configuring Oracle HTTP Server
Configuring Oracle HTTP Server to Route Requests to the Application Tier
Update the Oracle HTTP Server configuration files so that the web server instances route requests to the servers in the domain.
- About the Oracle HTTP Server Configuration for an Enterprise Deployment
- Modifying the httpd.conf File to Include Virtual Host Configuration Files
- Modifying the httpd.conf File to Set Server Runtime Parameters
- Creating an Oracle HTTP Server Wallet
- Obtaining the Port for the Kubernetes Node Port Service
- Routing Requests
- Creating the Virtual Host Configuration Files
Parent topic: Installing and Configuring Oracle HTTP Server
About the Oracle HTTP Server Configuration for an Enterprise Deployment
The following topics provide an overview about the changes that are required to the Oracle HTTP Server configuration files on each WEBHOST, in an enterprise deployment.
Purpose of the Oracle HTTP Server Virtual Hosts
The reference topologies in this guide require that you define a set of virtual servers on the hardware load balancer. You can then configure Oracle HTTP Server to recognize requests to specific virtual hosts (that map to the load balancer virtual servers) by adding <VirtualHost>
directives to the Oracle HTTP Server instance configuration files.
For each Oracle HTTP Server virtual host, you define a set of specific URLs (or context strings) that route requests from the load balancer through the Oracle HTTP Server instances to the appropriate Administration Server or Managed Server in the Oracle WebLogic Server domain.
About the WebLogicCluster Parameter of the <VirtualHost> Directive
A key parameter of the Oracle HTTP Server <VirtualHost>
directive is the WebLogicCluster parameter, which is
part of the WebLogic Proxy Plug-in for Oracle HTTP Server. When you configure Oracle
HTTP Server for an enterprise deployment, consider the following information when you
add this parameter to the Oracle HTTP Server configuration files.
In a Kubernetes environment, the WebLogic servers are deployed in pods and these pods use internal Kubernetes host names. These host names are not resolvable outside of the Kubernetes cluster. Kubernetes interacts with the WebLogic server pods using a Kubernetes service. This service expands and contracts dynamically as WebLogic Managed Server pods are added and taken away.
The servers specified in the WebLogicCluster parameter in a Kubernetes environment cannot reference the WebLogic Managed Server pods directly. They must interact by using a Kubernetes service. Kubernetes services are exposed on Kubernetes worker hosts through a mapped Kubernetes port. If you are using NodePort Services, there will be a unique port for each service. If you are using an ingress controller, you will use a single port for all services.
In a traditional on-premise deployment, the WebLogicCluster directive will reference the WebLogic server hosts and corresponding ports. In a Kubernetes environment, the WebLogicCluster directive must reference the Kubernetes worker nodes and the exposed Kubernetes service mapped port. If you have created a network load balancer to route requests to the worker nodes, you can specify this as the host name.
Because a Kubernetes service expands and contracts dynamically as WebLogic pods are added/removed, pointing the WeblogicCluster parameter at a Kubernetes worker node and the exposed port is sufficient to ensure that you are load balancing across all the WebLogic Managed Servers in the cluster.
However, including only one worker node in the WeblogicCluster directive means that if that worker node fails, but the cluster survives, the system will cease to work. To mitigate the impact of this failure, be sure to include several worker nodes (not necessarily all) or the network load balancer in the WebLogicCluster directive.
Associated with the WebLogicCluster directive it the DynamicServerList directive. If enabled (the default option), when new Managed Servers are added to a cluster, the server it is running on is published to the Oracle WebLogicCluster directive so that you do not need to change the Oracle HTTP Server configuration when the cluster changes. This option works well in a traditional deployment. However, in a Kubernetes deployment, where the internal host names are unresolvable outside the cluster, it will cause issues. It is also unnecessary because the Kubernetes service provides the same functionality. Therefore, in an Oracle HTTP server, which directs a request to a Kubernetes cluster, the WebLogic directive DynamicServerList should be set to false.
Recommended Structure of the Oracle HTTP Server Configuration Files
Rather than adding multiple virtual host definitions to the httpd.conf
file, Oracle recommends that you create separate, smaller, and more specific configuration files for each of the virtual servers required for the products that you are deploying. This avoids populating an already large httpd.conf
file with additional content, and it can make troubleshooting configuration problems easier.
For example, in a typical Oracle Fusion Middleware Infrastructure domain, you can add a specific configuration file called admin_vh.conf
that contains the virtual host definition for the Administration Server virtual host (ADMINVHN).
Modifying the httpd.conf File to Include Virtual Host Configuration Files
Perform the following tasks to prepare the httpd.conf
file for the additional virtual hosts required for an enterprise topology:
-
Log in to WEBHOST1.
-
Locate the
httpd.conf
file for the first Oracle HTTP Server instance (ohs1
) in the domain directory:cd WEB_DOMAIN_HOME/config/fmwconfig/components/OHS/ohs1/
-
Verify if the
httpd.conf
file has the appropriate configuration as follows:-
Run the following command to verify the
ServerName
parameter, be sure that it is set correctly, substituting the correct value for the current WEBHOSTn:grep "ServerName http" httpd.conf ServerName http://WEBHOST1:7777
-
Run the following command to verify there is an include statement that includes all
*.conf
files from the moduleconf subdirectory:grep moduleconf httpd.conf IncludeOptional "moduleconf/*.conf"
-
If either validation fails to return results, or returns results that are commented out, open the
httpd.conf
file in a text editor and make the required changes in the appropriate locations.# # ServerName gives the name and port that the server uses to identify itself. # This can often be determined automatically, but we recommend you specify # it explicitly to prevent problems during startup. # # If your host doesn't have a registered DNS name, enter its IP address here. # ServerName http://WEBHOST1:7777 # and at the end of the file: # Include the admin virtual host (Proxy Virtual Host) related configuration include "admin.conf" IncludeOptional "moduleconf/*.conf"
-
Save the
httpd.conf
file.
-
-
Log in to
WEBHOST2
and perform steps 2 and 3 for thehttpd.conf
file, replacing any occurrences ofWEBHOST1
orohs1
withWEBHOST2
orohs2
in the instructions as necessary.
Modifying the httpd.conf File to Set Server Runtime Parameters
Out of the box, the Oracle HTTP Server comes configured with a number of values which effect how the server behaves when it is running. For most of the deployments, these values are sufficient. However, in an Oracle Identity and Access Management deployment, it is recommended that you update these values by doing the following:
-
Log in to WEBHOST1.
-
Locate the
httpd.conf
file for the first Oracle HTTP Server instance (ohs1
) in the domain directory:cd WEB_DOMAIN_HOME/config/fmwconfig/components/OHS/ohs1/
-
Locate the section of the file with the following line:
<IfModule mpm_worker_module>
-
Update the entries in this section to reflect the following:
<IfModule mpm_worker_module> ServerLimit 20 StartServers 10 MaxClients 1500 MinSpareThreads 200 MaxSpareThreads 800 ThreadsPerChild 250 ThreadLimit 250 MaxRequestsPerChild 1000 MaxRequestWorkers 400 MaxConnectionsPerChild 0 </IfModule>
- Update the following values:
MaxKeepAliveRequests 0
Timeout 300
KeepAliveTimeout 10
-
Save the
httpd.conf
file. -
Update the file
mod_wl_ohs.conf
to reflect the following:<IfModule weblogic_module> WLDNSRefreshInterval 10 </IfModule>
-
Save the file.
-
Log in to
WEBHOST2
and perform steps 2 and 3 for thehttpd.conf
andmod_wl_ohs.conf
files, replacing any occurrences ofWEBHOST1
orohs1
withWEBHOST2
orohs2
in the instructions as necessary.
Creating an Oracle HTTP Server Wallet
Note:
A wallet is not required if you are using Ingress.To create the OHS wallet, perform the following steps on each web server
- WEBHOST1 and WEBHOST2. The wallet is created in the OHS
Domain
folder and is called ohswallet
. Further
sections of the guide assumes this location. However, you can place the wallet in
any location.
Obtaining the Port for the Kubernetes Node Port Service
Each of the configuration procedures explained in this chapter directs Oracle HTTP to send requests to the Kubernetes Node Port service for the cluster of Managed Servers/instances or micro services. These procedures use sample ports for illustration.
To obtain the port that is actually being used, run the following command:
kubectl get service -n <NAMESPACE> | grep NodePort | grep <SERVICE_NAME> | awk '{ print $5 }'
kubectl get service -n <INGRESSNS> | grep NodePort | awk '{ print $5 }'
kubectl get service -n ingressns | grep NodePort | awk '{ print $5 }'
Routing Requests
WeblogicCluster K8worker1.example.com:Port, K8Worker2.example.com:port
WeblogicCluster K8workers.example.com:Port, K8Workers.example.com:port
Here, K8workers.example.com
is the name of your network load
balancer.
If you are using an Ingress controller, the port will always be the port that is assigned to the Ingress controller.
If you are using the NodePort Services, the port will depend on the NodePort Services you create.
Creating the Virtual Host Configuration Files
To create the virtual host configuration files:
Note:
Before you create the virtual host configuration files, be sure that you have configured the virtual servers on the load balancer, as described in Purpose of the Oracle HTTP Server Virtual Hosts.Configuring Oracle HTTP Server for Oracle Access Manager
You have to configure Oracle HTTP Server for the Oracle Access Manager Managed Servers to ensure they route requests correctly to the Oracle Access Management cluster.
Table 17-2 List of Variables and Their Values
Variable | Value |
---|---|
<OAM_OAM_K8> |
The Kubernetes service port of OAM. For
example: |
<OAM_ADMIN_K8> |
The Kubernetes service port of the OAM
Administration Server. For example:
|
<OAM_POLICY_K8> |
The Kubernetes service port of the OAM Policy
Service. For example: |
To configure the Oracle HTTP Server instances in the web tier so they
route requests correctly to the Oracle Access Management cluster,
use the following procedure to create an additional Oracle HTTP
Server configuration file that creates and defines the parameters of
the login.example.com
virtual server. To configure
Oracle HTTP Server for the oam_server
Managed
Servers:
Parent topic: Installing and Configuring Oracle HTTP Server
Configuring Oracle HTTP Server for Oracle Identity Governance
To configure the Oracle HTTP Server instances in the web tier so they route requests
correctly to the Oracle SOA Suite cluster, use the following procedure to create an
additional Oracle HTTP Server configuration file that creates and defines the parameters of
the https://igdinternal.example.com:7777
virtual server.
This procedure assumes that you have performed the Oracle HTTP Server configuration tasks described in Configuring Oracle HTTP Server to Route Requests to the Application Tier.
Table 17-3 List of Variables and Their Values
Variable | Value |
---|---|
<OIG_OIM_PORT_K8> |
The Kubernetes service port of the OIG OIM Service. For
example: |
<OIG_ADMIN_K8> |
The Kubernetes service port of the OIG Administration Server
service. For example: |
<OIG_SOA_PORT_K8> |
The Kubernetes service port of the OIG SOA service. For
example: |
To create the virtual host configuration file so requests are routed properly to the Oracle Identity Governance clusters:
Note:
If internal invocations are going to be used in the system, add the appropriate locations to the soainternal virtual host.Parent topic: Installing and Configuring Oracle HTTP Server
Configuring Oracle HTTP Server for Oracle Identity Role Intelligence
You should configure Oracle HTTP Server for the Oracle Identity Role Intelligence (OIRI) Servers to ensure that they route requests correctly to the Oracle Role Intelligence cluster.
Table 17-4 List of Variables and Their Values
Variable | Value |
---|---|
<OIRI_UI_K8> |
The Kubernetes service port of the OIRI UI service. For
example: |
<OIRI_K8> |
The Kubernetes service port of the OIRI service. For example:
|
To configure Oracle HTTP Server:
Parent topic: Installing and Configuring Oracle HTTP Server
Configuring Oracle HTTP Server for Oracle Advanced Authentication, Oracle Adaptive Risk Management, and Oracle Universal Authenticator
You should configure Oracle HTTP Server for Oracle Advanced Authentication servers to ensure that they route requests correctly to the OAA microservices.
Table 17-5 List of Variables and Their Values
Variable | Value |
---|---|
<K8_WORKER_HOST1> |
The name of one of the Kubernetes worker hosts. |
<K8_WORKER_HOST2> |
The name of a different Kubernetes worker host. |
<OAA_ADMIN_K8> |
The node port for the |
<OAA_K8> |
The node port for the |
<OAA_POLICY_K8> |
The node port for the |
<OAA_SPUI_K8> |
The node port for the |
<OAA_FIDO_K8> |
The node port for the
|
<OAA_EMAIL_K8> |
The node port for the
|
<OAA_SMS_K8> |
The node port for the
|
<OAA_TOTP_K8> |
The node port for the
|
<OAA_YOTP_K8> |
The node port for the
|
<OAA_PUSH_K8> |
The node port for the
|
<OAA_KBA_K8> |
The node port for the
|
<OAA_RISK_ANAL_K8> |
The node port for the
|
<OAA_RISKCC_K8> |
The node port for the |
<OAA_OUA_K8> |
The node port for the |
<OAA_OUAUI_K8> |
The node port for the |
<OAA_DRSS> |
The node port for the |
Note:
The actual node port values in this table will be determined after you have deployed OAA.To configure Oracle HTTP Server:
Parent topic: Installing and Configuring Oracle HTTP Server
Restarting the OHS Instances
Ensure that you have copied the configuration files to each WEBHOST, and then restart the Oracle HTTP Service instance on each host.
- Restart the ohs1 instance by doing the following:
- Restart the ohs2 instance by doing the following:
Parent topic: Installing and Configuring Oracle HTTP Server
Validating the Oracle HTTP Server Configuration
To ensure that the Oracle HTTP server is working correctly, you should perform a few validations after configuring the Oracle Identity Management products.
- Validating Access Through the Load Balancer
- Validating the Virtual Server Configuration and Access to the Consoles
Parent topic: Installing and Configuring Oracle HTTP Server
Validating Access Through the Load Balancer
Verifying the URLs
- While
oam_server2
is running, stopoam_server1
using the WebLogic Server Administration Console. - Access
https://login.example.com/oam/server/logout
. - Start
oam_server1
from the WebLogic Server Administration Console. - Stop
oam_server2
from the WebLogic Server Administration Console. - Access
http://login.example.com/oam/server/logout
.
Parent topic: Validating Access Through the Load Balancer
Validating the Virtual Server Configuration and Access to the Consoles
Validate the virtual server configuration on the load balancer, and the access to the management console and the Administration Server.
From the load balancer, access the following URLs to ensure that the load balancer and Oracle HTTP Server are configured properly. These URLs should show the initial Oracle HTTP Server 12c web page.
https://login.example.com/index.html
https://prov.example.com/index.html
http://iadadmin.example.com/index.html
http://igdadmin.example.com/index.html
Use the following URLs to the hardware load balancer to display the Oracle WebLogic Server Administration Console, and log in using the Oracle WebLogic Server iadadmin
credentials:
http://iadadmin.example.com/console
http://iadadmin.example.com/em
This validates that the iadadmin.example.com
virtual host on the load balancer is able to route requests to the Oracle HTTP Server instances on the web tier, which in turn can route requests for the Oracle WebLogic Server Administration Console to the Administration Server in the application tier.
Similarly, you should be able to access the WebLogic Server Administration Console
and Fusion Middleware Control for the igdadmin
virtual host using
the following URLs:
http://igdadmin.example.com/console
http://igdadmin.example.com/em
Parent topic: Validating the Oracle HTTP Server Configuration
Sample Virtual Host Files
The sample list includes the complete examples of all the virtual host files used in an Oracle Identity and Access Management deployment.
-
Example 1
login_vh.conf
-
<VirtualHost WEBHOST1.example.com:7777> ServerName https://login.example.com:443 ServerAdmin you@your.address RewriteEngine On RequestHeader set X-OAUTH-IDENTITY-DOMAIN-NAME "OAADomain" RewriteOptions inherit UseCanonicalName On RequestHeader set "X-Forwarded-Host" "login.example.com" RequestHeader set X-OAUTH-IDENTITY-DOMAIN-NAME "OAADomain" RewriteRule ^/oauth2/rest/authorize? /oauth2/rest/authorize?domain=OAADomain [PT,QSA,L] RewriteRule ^/oauth2/rest/token? /oauth2/rest/token?domain=OAADomain [PT,QSA,L] RewriteRule ^/oauth2/rest/token/info? /oauth2/rest/token/info?domain=OAADomain [PT,QSA,L] RewriteRule ^/oauth2/rest/authz? /oauth2/rest/authz?domain=OAADomain [PT,QSA,L] RewriteRule ^/oauth2/rest/userinfo? /oauth2/rest/userinfo?domain=OAADomain [PT,QSA,L] RewriteRule ^/oauth2/rest/security? /oauth2/rest/security?domain=OAADomain [PT,QSA,L] RewriteRule ^/oauth2/rest/userlogout? /oauth2/rest/userlogout?domain=OAADomain [PT,QSA,L] #OAM Entries <Location /oam> WLSRequest ON DynamicServerList OFF WLProxySSL ON WLProxySSLPassThrough ON WLCookieName OAMJSESSIONID WebLogicCluster k8workerhost1.example.com:30410,k8workerhost2.example.com:30410 </Location> <Location /oam/services/rest/auth> WLSRequest ON DynamicServerList OFF WLProxySSL ON WLProxySSLPassThrough ON WLCookieName OAMJSESSIONID WebLogicCluster k8workerhost1.example.com:30410,k8workerhost2.example.com:30410 </Location> <Location /oam/services/rest/access> WLSRequest ON DynamicServerList OFF WLProxySSL ON WLProxySSLPassThrough ON WLCookieName OAMJSESSIONID WebLogicCluster k8workerhost1.example.com:30410,k8workerhost2.example.com:30410 </Location> <Location /oamfed> WLSRequest ON DynamicServerList OFF WebLogicCluster k8workerhost1.example.com:30410,k8workerhost2.example.com:30410 WLCookieName OAMJSESSIONID WLProxySSL ON WLProxySSLPassThrough ON </Location> # OAM Forgotten Password Page <Location /otpfp/> WLSRequest ON DynamicServerList OFF WebLogicCluster k8workerhost1.example.com:30410,k8workerhost2.example.com:30410 WLCookieName OAMJSESSIONID WLProxySSL ON WLProxySSLPassThrough ON </Location> <Location /ms_oauth> WLSRequest ON DynamicServerList OFF WebLogicCluster k8workerhost1.example.com:30410,k8workerhost2.example.com:30410 WLCookieName OAMJSESSIONID WLProxySSL ON WLProxySSLPassThrough ON </Location> <Location /oauth2> WLSRequest ON DynamicServerList OFF WebLogicCluster k8workerhost1.example.com:30410,k8workerhost2.example.com:30410 WLCookieName OAMJSESSIONID WLProxySSL ON WLProxySSLPassThrough ON </Location> <Location /.well-known/openid-configuration> WLSRequest ON DynamicServerList OFF WebLogicCluster k8workerhost1.example.com:30410,k8workerhost2.example.com:30410 PathTrim /.well-known PathPrepend /oauth2/rest WLCookieName OAMJSESSIONID WLProxySSL ON WLProxySSLPassThrough ON </Location> <Location /.well-known/oidc-configuration> WLSRequest ON DynamicServerList OFF WebLogicCluster k8workerhost1.example.com:30410,k8workerhost2.example.com:30410 PathTrim /.well-known PathPrepend /oauth2/rest WLCookieName OAMJSESSIONID WLProxySSL ON WLProxySSLPassThrough ON </Location> <Location /CustomConsent> WLSRequest ON DynamicServerList OFF WebLogicCluster k8workerhost1.example.com:30410,k8workerhost2.example.com:30410 WLCookieName OAMJSESSIONID WLProxySSL ON WLProxySSLPassThrough ON </Location> <Location /iam/access> WLSRequest ON DynamicServerList OFF WebLogicCluster k8workerhost1.example.com:30410,k8workerhost2.example.com:30410 WLCookieName OAMJSESSIONID WLProxySSL ON WLProxySSLPassThrough ON </Location> # OAA # <Location /oaa/runtime> WLSRequest ON WLProxySSL ON WLProxySSLPassThrough ON DynamicServerList OFF SecureProxy ON WLSSLWallet "${ORACLE_INSTANCE}/ohswallet" WebLogicCluster k8workerhost1.example.com:31047,k8workerhost2.example.com:31047 WLCookieName OAMJSESSIONID </Location> <Location /oaa-policy> WLSRequest ON WLProxySSL ON WLProxySSLPassThrough ON WLCookieName OAMJSESSIONID DynamicServerList OFF SecureProxy ON WLSSLWallet "${ORACLE_INSTANCE}/ohswallet" WebLogicCluster k8workerhost1.example.com:31957,k8workerhost2.example.com:31957 </Location> <Location /policy> WLSRequest ON WLProxySSL ON WLProxySSLPassThrough ON DynamicServerList OFF SecureProxy ON WLSSLWallet "${ORACLE_INSTANCE}/ohswallet" WebLogicCluster k8workerhost1.example.com:31957,k8workerhost2.example.com:31957 WLCookieName OAMJSESSIONID </Location> <Location /oaa/rui> WLSRequest ON WLProxySSL ON WLProxySSLPassThrough ON DynamicServerList OFF SecureProxy ON WLSSLWallet "${ORACLE_INSTANCE}/ohswallet" WebLogicCluster k8workerhost1.example.com:30532,k8workerhost2.example.com:30532 WLCookieName OAMJSESSIONID </Location> <Location /oaa/authnui> WLSRequest ON WLProxySSL ON WLProxySSLPassThrough ON DynamicServerList OFF SecureProxy ON WLSSLWallet "${ORACLE_INSTANCE}/ohswallet" WebLogicCluster k8workerhost1.example.com:30532,k8workerhost2.example.com:30532 WLCookieName OAMJSESSIONID </Location> <Location /fido> WLSRequest ON WLProxySSL ON WLProxySSLPassThrough ON DynamicServerList OFF SecureProxy ON WLSSLWallet "${ORACLE_INSTANCE}/ohswallet" WebLogicCluster k8workerhost1.example.com:32438,k8workerhost2.example.com:32438 WLCookieName OAMJSESSIONID </Location> <Location /oaa-email-factor> WLSRequest ON WLProxySSL ON WLProxySSLPassThrough ON DynamicServerList OFF SecureProxy ON WLSSLWallet "${ORACLE_INSTANCE}/ohswallet" WebLogicCluster k8workerhost1.example.com:30614,k8workerhost2.example.com:30614 WLCookieName OAMJSESSIONID </Location> <Location /oaa-sms-factor> WLSRequest ON WLProxySSL ON WLProxySSLPassThrough ON DynamicServerList OFF SecureProxy ON WLSSLWallet "${ORACLE_INSTANCE}/ohswallet" WebLogicCluster k8workerhost1.example.com:31930,k8workerhost1.example.com:31930 WLCookieName OAMJSESSIONID </Location> <Location /oaa-totp-factor> WLSRequest ON WLProxySSL ON WLProxySSLPassThrough ON DynamicServerList OFF SecureProxy ON WLSSLWallet "${ORACLE_INSTANCE}/ohswallet" WebLogicCluster k8workerhost1.example.com:31950,k8workerhost1.example.com:31950 WLCookieName OAMJSESSIONID </Location> <Location /oaa-push-factor> WLSRequest ON WLProxySSL ON WLProxySSLPassThrough ON DynamicServerList OFF SecureProxy ON WLSSLWallet "${ORACLE_INSTANCE}/ohswallet" WebLogicCluster k8workerhost1.example.com:31166,k8workerhost2.example.com:31166 WLCookieName OAMJSESSIONID </Location> <Location /oaa-yotp-factor> WLSRequest ON WLProxySSL ON WLProxySSLPassThrough ON DynamicServerList OFF SecureProxy ON WLSSLWallet "${ORACLE_INSTANCE}/ohswallet" WebLogicCluster k8workerhost1.example.com:31946,k8workerhost2.example.com:31946 WLCookieName OAMJSESSIONID </Location> <Location /oaa/kba> WLSRequest ON WLProxySSL ON WLProxySSLPassThrough ON DynamicServerList OFF SecureProxy ON WLSSLWallet "${ORACLE_INSTANCE}/ohswallet" WebLogicCluster k8workerhost1.example.com:31147,k8workerhost2.example.com:31147 WLCookieName OAMJSESSIONID </Location> <Location /risk-analyzer> WLSRequest ON WLProxySSL ON WLProxySSLPassThrough ON DynamicServerList OFF SecureProxy ON WLSSLWallet "${ORACLE_INSTANCE}/ohswallet" WebLogicCluster k8workerhost1.example.com:30507,k8workerhost2.example.com:30507 WLCookieName OAMJSESSIONID </Location> <Location /risk-cc> WLSRequest ON WLProxySSL ON WLProxySSLPassThrough ON DynamicServerList OFF SecureProxy ON WLSSLWallet "${ORACLE_INSTANCE}/ohswallet" WebLogicCluster k8workerhost1.example.com:30981,k8workerhost2.example.com:30981 WLCookieName OAMJSESSIONID </Location> <Location /oua> WLSRequest ON WLProxySSL ON WLProxySSLPassThrough ON DynamicServerList OFF SecureProxy ON WLSSLWallet "${ORACLE_INSTANCE}/ohswallet" WebLogicCluster k8workerhost1.example.com:30520,k8workerhost2.example.com:30520 WLCookieName OAMJSESSIONID </Location> <Location /oaa-drss> WLSRequest ON WLProxySSL ON WLProxySSLPassThrough ON DynamicServerList OFF SecureProxy ON WLSSLWallet "${ORACLE_INSTANCE}/ohswallet" WebLogicCluster k8workerhost1.example.com:30580,k8workerhost2.example.com:30580 WLCookieName OAMJSESSIONID </Location> <Location /oua/rui> WLSRequest ON WLProxySSL ON WLProxySSLPassThrough ON DynamicServerList OFF SecureProxy ON WLSSLWallet "${ORACLE_INSTANCE}/ohswallet" WebLogicCluster k8workerhost1.example.com:30580,k8workerhost2.example.com:30580 WLCookieName OAMJSESSIONID </Location> </VirtualHost>
-
Example 2
prov_vh.conf
-
<VirtualHost WEBHOST1.example.com:7777> ServerName https://prov.example.com:443 ServerAdmin you@your.address RewriteEngine On RewriteOptions inherit UseCanonicalName On RequestHeader set "X-Forwarded-Host" "prov.example.com" <Location /identity> WLSRequest ON DynamicServerList OFF WLCookieName oimjsessionid DynamicServerList OFF WebLogicCluster k8workerhost1.example.com:30140,k8workerhost2.example.com:30140 WLLogFile "${ORACLE_INSTANCE}/diagnostics/logs/mod_wl/oim_component.log" WLProxySSL ON WLProxySSLPassThrough ON </Location> <Location /HTTPClnt> WLSRequest ON DynamicServerList OFF WLCookieName oimjsessionid DynamicServerList OFF WebLogicCluster k8workerhost1.example.com:30140,k8workerhost2.example.com:30140 WLLogFile "${ORACLE_INSTANCE}/diagnostics/logs/mod_wl/oim_component.log" WLProxySSL ON WLProxySSLPassThrough ON </Location> # Requests webservice URL <Location /reqsvc> WLCookieName oimjsessionid DynamicServerList OFF WebLogicCluster k8workerhost1.example.com:30140,k8workerhost2.example.com:30140 WLProxySSL ON WLProxySSLPassThrough ON WLLogFile "${ORACLE_INSTANCE}/diagnostics/logs/mod_wl/oim_component.log" </Location> <Location /FacadeWebApp> SetHandler weblogic-handler WLCookieName oimjsessionid DynamicServerList OFF WebLogicCluster k8workerhost1.example.com:30140,k8workerhost2.example.com:30140 WLLogFile "${ORACLE_INSTANCE}/diagnostics/logs/mod_wl/oim_component.log" WLProxySSL ON WLProxySSLPassThrough ON </Location> <Location /iam> SetHandler weblogic-handler WLCookieName oimjsessionid DynamicServerList OFF WebLogicCluster k8workerhost1.example.com:30140,k8workerhost2.example.com:30140 WLLogFile "${ORACLE_INSTANCE}/diagnostics/logs/mod_wl/oim_component.log" WLProxySSL ON WLProxySSLPassThrough ON </Location> <Location /OIGUI> SetHandler weblogic-handler WLCookieName oimjsessionid DynamicServerList OFF WebLogicCluster k8workerhost1.example.com:30140,k8workerhost2.example.com:30140 WLLogFile "${ORACLE_INSTANCE}/diagnostics/logs/mod_wl/oim_component.log" WLProxySSL ON WLProxySSLPassThrough ON </Location> </VirtualHost>
-
Example 3
iadadmin_vh.conf
-
<VirtualHost WEBHOST1.example.com:7777> ServerName iadadmin.example.com:80 ServerAdmin you@your.address RewriteEngine On RewriteOptions inherit UseCanonicalName On RequestHeader set "X-Forwarded-Host" "iadadmin.example.com" # Admin Server and EM <Location /console> WLSRequest ON DynamicServerList OFF WebLogicCluster k8workerhost1.example.com:30701,k8workerhost2.example.com:30701 </Location> # WebLogic Remote Console Access # <Location /management> WLSRequest ON DynamicServerList OFF WebLogicCluster k8workerhost1.example.com:30711,k8workerhost2.example.com:30711 </Location> <Location /consolehelp> WLSRequest ON DynamicServerList OFF WebLogicCluster k8workerhost1.example.com:30701,k8workerhost2.example.com:30701 </Location> <Location /em> WLSRequest ON DynamicServerList OFF WebLogicCluster k8workerhost1.example.com:30701,k8workerhost2.example.com:30701 </Location> <Location /oamconsole> WLSRequest ON DynamicServerList OFF WebLogicCluster k8workerhost1.example.com:30701,k8workerhost2.example.com:30701 </Location> <Location /access> WLSRequest ON DynamicServerList OFF DynamicServerList OFF WebLogicCluster k8workerhost1.example.com:30510,k8workerhost2.example.com:30510 WLCookieName OAMJSESSIONID </Location> <Location /iam/admin> WLSRequest ON DynamicServerList OFF DynamicServerList OFF WebLogicCluster k8workerhost1.example.com: 30701,k8workerhost2.example.com:30701 WLCookieName OAMJSESSIONID </Location> <Location /oam/services/rest/11.1.2.0.0> WLSRequest ON DynamicServerList OFF DynamicServerList OFF WebLogicCluster k8workerhost1.example.com: 30701,k8workerhost2.example.com:30701 WLCookieName OAMJSESSIONID </Location> <Location /oam/services/rest/ssa> WLSRequest ON DynamicServerList OFF DynamicServerList OFF WebLogicCluster k8workerhost1.example.com: 30701,k8workerhost2.example.com: 30701 WLCookieName OAMJSESSIONID </Location> # Required for Multi-Datacenter <Location /oam/services> WLSRequest ON DynamicServerList OFF WebLogicCluster k8workerhost1.example.com:30701,k8workerhost2.example.com:30701 </Location> # OAA # <Location /oaa-admin> WLSRequest ON WLCookieName OAMJSESSIONID DynamicServerList OFF SecureProxy ON WLSSLWallet "${ORACLE_INSTANCE}/ohswallet" WebLogicCluster k8workerhost1.example.com:31338,k8workerhost2.example.com:31338 </Location> <Location /admin-ui> WLSRequest ON WLCookieName OAMJSESSIONID DynamicServerList OFF SecureProxy ON WLSSLWallet "${ORACLE_INSTANCE}/ohswallet" WebLogicCluster k8workerhost1.example.com:31338,k8workerhost2.example.com:31338 </Location> <Location /oua-admin-ui> WLSRequest ON WLCookieName OAMJSESSIONID DynamicServerList OFF SecureProxy ON WLSSLWallet "${ORACLE_INSTANCE}/ohswallet" WebLogicCluster k8workerhost1.example.com:30525,k8workerhost2.example.com:30525 </Location> <Location /dms> WLSRequest ON DynamicServerList OFF WebLogicCluster k8workerhost1.example.com:30701,k8workerhost2.example.com:30701 </Location> </VirtualHost>
-
Example 4
igdadmin_vh.conf
-
<VirtualHost WEBHOST1.example.com:7777> ServerName igdadmin.example.com:80 ServerAdmin you@your.address RewriteEngine On RewriteOptions inherit UseCanonicalName On RequestHeader set "X-Forwarded-Host" "igdadmin.example.com" # Admin Server and EM <Location /console> WLSRequest ON DynamicServerList OFF WebLogicCluster k8workerhost1.example.com:30711,k8workerhost2.example.com:30711 </Location> # WebLogic Remote Console Access # <Location /management> WLSRequest ON DynamicServerList OFF WebLogicCluster k8workerhost1.example.com:30711,k8workerhost2.example.com:30711 </Location> <Location /consolehelp> WLSRequest ON DynamicServerList OFF WebLogicCluster k8workerhost1.example.com:30711,k8workerhost2.example.com:30711 </Location> <Location /em> WLSRequest ON DynamicServerList OFF WebLogicCluster k8workerhost.example.com:30711,k8workerhost.example.com:30711 </Location> <Location /oim> WLSRequest ON DynamicServerList OFF WLCookieName oimjsessionid DynamicServerList OFF WebLogicCluster k8workerhost1.example.com:30140,k8workerhost2.example.com:30140 WLLogFile "${ORACLE_INSTANCE}/diagnostics/logs/mod_wl/oim_component.log" </Location> <Location /iam> WLSRequest ON DynamicServerList OFF WLCookieName oimjsessionid DynamicServerList OFF WebLogicCluster k8workerhost1.example.com:30140,k8workerhost2.example.com:30140 WLLogFile "${ORACLE_INSTANCE}/diagnostics/logs/mod_wl/oim_component.log" </Location> <Location /sysadmin> WLSRequest ON DynamicServerList OFF WLCookieName oimjsessionid DynamicServerList OFF WebLogicCluster k8workerhost1.example.com:30140,k8workerhost2.example.com:30140 WLLogFile "${ORACLE_INSTANCE}/diagnostics/logs/mod_wl/oim_component.log" </Location> <Location /admin> WLSRequest ON DynamicServerList OFF WLCookieName oimjsessionid DynamicServerList OFF WebLogicCluster k8workerhost1.example.com:30140,k8workerhost2.example.com:30140 WLLogFile "${ORACLE_INSTANCE}/diagnostics/logs/mod_wl/oim_component.log" </Location> # OIM self service console <Location /identity> WLSRequest ON DynamicServerList OFF WLCookieName oimjsessionid DynamicServerList OFF WebLogicCluster k8workerhost1.example.com:30140,k8workerhost2.example.com:30140 WLLogFile "${ORACLE_INSTANCE}/diagnostics/logs/mod_wl/oim_component.log" </Location> <Location /OIGUI> WLSRequest ON DynamicServerList OFF WLCookieName oimjsessionid DynamicServerList OFF WebLogicCluster k8workerhost1.example.com:30140,k8workerhost2.example.com:30140 WLLogFile "${ORACLE_INSTANCE}/diagnostics/logs/mod_wl/oim_component.log" </Location> <Location /FacadeWebApp> SetHandler weblogic-handler WLCookieName oimjsessionid DynamicServerList OFF WebLogicCluster k8workerhost1.example.com:30140,k8workerhost2.example.com:30140 WLLogFile "${ORACLE_INSTANCE}/diagnostics/logs/mod_wl/oim_component.log" </Location> # Scheduler webservice URL <Location /SchedulerService-web> WLSRequest ON DynamicServerList OFF WLCookieName oimjsessionid DynamicServerList OFF WebLogicCluster k8workerhost1.example.com:30140,k8workerhost2.example.com:30140 WLLogFile "${ORACLE_INSTANCE}/diagnostics/logs/mod_wl/oim_component.log" </Location> # OIRI UI # <Location /oiri/ui> WLSRequest ON DynamicServerList OFF WLCookieName oimjsessionid DynamicServerList OFF WebLogicCluster k8workerhost1.example.com:30306,k8workerhost2.example.com:30306 </Location> # OIRI API # <Location /oiri/api> WLSRequest ON DynamicServerList OFF WLCookieName oimjsessionid DynamicServerList OFF WebLogicCluster k8workerhost1.example.com:30305,k8workerhost2.example.com:30305 </Location> <Location /dms> WLSRequest ON DynamicServerList OFF WebLogicCluster k8workerhost1.example.com:30711,k8workerhost2.example.com:30711 </Location> </VirtualHost>
-
Example 5
igdinternal_vh.conf
-
<VirtualHost WEBHOST1.example.com:7777> ServerName
igdinternal.example.com
:7777 ServerAdmin you@your.address RewriteEngine On RewriteOptions inherit UseCanonicalName On RequestHeader set "X-Forwarded-Host" "igdinternal.example.com" # WSM-PM <Location /wsm-pm> WLSRequest ON DynamicServerList OFF DynamicServerList OFF WebLogicCluster k8workerhost1.example.com:7010,k8workerhost2.example.com:7010 WLProxySSL OFF WLProxySSLPassThrough OFF </Location> <Location /sodcheck> WLSRequest ON DynamicServerList OFF WLCookieName oimjsessionid DynamicServerList OFF WebLogicCluster k8workerhost1.example.com:30801,k8workerhost2.example.com:30801 WLLogFile "${ORACLE_INSTANCE}/diagnostics/logs/mod_wl/soa_component.log" </Location> # OIM, role-sod profile <Location /role-sod> WLSRequest ON DynamicServerList OFF WLCookieName oimjsessionid DynamicServerList OFF WebLogicCluster k8workerhost1.example.com:30140,k8workerhost2.example.com:30140 WLLogFile "${ORACLE_INSTANCE}/diagnostics/logs/mod_wl/oim_component.log" </Location> # Callback webservice for SOA. SOA calls this when a request is approved/rejected # Provide the SOA Managed Server Port <Location /workflowservice> WLSRequest ON DynamicServerList OFF WLCookieName oimjsessionid DynamicServerList OFF WebLogicCluster k8workerhost1.example.com:30140,k8workerhost2.example.com:30140 WLLogFile "${ORACLE_INSTANCE}/diagnostics/logs/mod_wl/soa_component.log" </Location> # used for FA Callback service. <Location /callbackResponseService> WLSRequest ON DynamicServerList OFF WLCookieName oimjsessionid DynamicServerList OFF WebLogicCluster k8workerhost1.example.com:30140,k8workerhost2.example.com:30140 WLLogFile "${ORACLE_INSTANCE}/diagnostics/logs/mod_wl/oim_component.log" </Location> # spml xsd profile <Location /spml-xsd> WLSRequest ON DynamicServerList OFF WLCookieName oimjsessionid DynamicServerList OFF WebLogicCluster k8workerhost1.example.com:30140,k8workerhost2.example.com:30140 WLLogFile "${ORACLE_INSTANCE}/diagnostics/logs/mod_wl/oim_component.log" </Location> # OIM, spml dsml profile <Location /spmlws> WLSRequest ON DynamicServerList OFF PathTrim /weblogic WLCookieName oimjsessionid DynamicServerList OFF WebLogicCluster k8workerhost1.example.com:30140,k8workerhost2.example.com:30140 WLLogFile "${ORACLE_INSTANCE}/diagnostics/logs/mod_wl/oim_component.log" </Location> <Location /reqsvc> WLSRequest ON DynamicServerList OFF WLCookieName oimjsessionid DynamicServerList OFF WebLogicCluster k8workerhost1.example.com:30140,k8workerhost2.example.com:30140 WLLogFile "${ORACLE_INSTANCE}/diagnostics/logs/mod_wl/soa_component.log" </Location> # SOA Infra <Location /soa-infra> WLSRequest ON DynamicServerList OFF WLCookieName oimjsessionid DynamicServerList OFF WebLogicCluster k8workerhost1.example.com:30801,k8workerhost2.example.com:30801 WLLogFile "${ORACLE_INSTANCE}/diagnostics/logs/OHS/component/oim_component.log" </Location> # UMS Email Support <Location /ucs> WLSRequest ON DynamicServerList OFF WLCookieName oimjsessionid DynamicServerList OFF WebLogicCluster k8workerhost1.example.com:30801,k8workerhost2.example.com:30801 WLLogFile "${ORACLE_INSTANCE}/diagnostics/logs/OHS/component/oim_component.log" </Location> <Location /provisioning-callback> WLSRequest ON DynamicServerList OFF WLCookieName oimjsessionid DynamicServerList OFF WebLogicCluster k8workerhost1.example.com:30140,k8workerhost2.example.com:30140 WLLogFile "${ORACLE_INSTANCE}/diagnostics/logs/mod_wl/oim_component.log" </Location> <Location /CertificationCallbackService> WLSRequest ON DynamicServerList OFF WLCookieName oimjsessionid DynamicServerList OFF WebLogicCluster k8workerhost1.example.com:30140,k8workerhost2.example.com:30140 WLLogFile "${ORACLE_INSTANCE}/diagnostics/logs/mod_wl/oim_component.log" </Location> <Location /IdentityAuditCallbackService> WLSRequest ON DynamicServerList OFF WLCookieName oimjsessionid DynamicServerList OFF WebLogicCluster k8workerhost1.example.com:30140,k8workerhost2.example.com:30140 WLLogFile "${ORACLE_INSTANCE}/diagnostics/logs/mod_wl/oim_component.log" </Location> # SOA Callback webservice for SOD - Provide the SOA Managed Server Ports <Location /soa/composer> SetHandler weblogic-handler WLCookieName oimjsessionid DynamicServerList OFF WebLogicCluster k8workerhost1.example.com:30801,k8workerhost2.example.com:30801 WLLogFile "${ORACLE_INSTANCE}/diagnostics/logs/mod_wl/soa_component.log" </Location> <Location /integration> SetHandler weblogic-handler DynamicServerList OFF WebLogicCluster k8workerhost1.example.com:30801,k8workerhost2.example.com:30801 WLCookieName oimjsessionid </Location> <Location /sdpmessaging/userprefs-ui> SetHandler weblogic-handler WLCookieName oimjsessionid DynamicServerList OFF WebLogicCluster k8workerhost1.example.com:30801,k8workerhost2.example.com:30801 WLLogFile "${ORACLE_INSTANCE}/diagnostics/logs/mod_wl/soa_component.log" </Location> <Location /iam> SetHandler weblogic-handler WLCookieName oimjsessionid DynamicServerList OFF WebLogicCluster k8workerhost1.example.com:30140,k8workerhost2.example.com:30140 WLLogFile "${ORACLE_INSTANCE}/diagnostics/logs/mod_wl/oim_component.log" </Location> # OIRI API # <Location /oiri/api> WLSRequest ON DynamicServerList OFF WLCookieName oimjsessionid DynamicServerList OFF WebLogicCluster k8workerhost1.example.com:30305,k8workerhost2.example.com:30305 </Location> </VirtualHost>
Parent topic: Installing and Configuring Oracle HTTP Server