Introduction to Oracle HTTP Server

1 Introduction to Oracle HTTP Server

Oracle HTTP Server is the web server component for Oracle Fusion Middleware, and provides a listener for Oracle WebLogic Server and the framework for hosting static pages, dynamic pages, and applications over the web.

This chapter introduces the Oracle HTTP Server (OHS). It describes key features of Oracle HTTP Server, and its place within the Oracle Fusion Middleware Web Tier and also provides information about the Oracle HTTP Server directory structure, the Oracle HTTP Server configuration files, and how to obtain Oracle HTTP Server support.

This chapter includes the following sections:

What is Oracle HTTP Server?
Oracle HTTP Server is a web server based on Apache HTTP Server infrastructure and includes additional modules developed specifically by Oracle. Oracle HTTP Server can also be a proxy server. The features of single sign-on, clustered deployment, and high availability enhance the operation of the Oracle HTTP Server.
Accessibility Tips for Oracle HTTP Server
Oracle HTTP Server can be managed using the Oracle Fusion Middlware Control in collocated mode. Oracle HTTP Server uses Fusion Middleware Control as its graphical user interface.
Oracle HTTP Server Topologies
Oracle HTTP Server leverages the WebLogic Management Framework to provide a simple, consistent, and distributed environment for administering Oracle HTTP Server, Oracle WebLogic Server, and other Fusion Middleware components. It acts as the HTTP front end by hosting the static content from within and by leveraging its built-in Oracle WebLogic Server Proxy Plug-Ins to route dynamic content requests to Managed Server instances.
Key Features of Oracle HTTP Server
Oracle HTTP Server includes a web server proxy plug-in for Oracle WebLogic Server, components for boosting web application performance, an installation mode that does not require a database connection, multiple security configuration options, and more.
Domain Types
You can install Oracle HTTP Server on two types of domains: WebLogic Server domain and standalone domain. In the WebLogic Server domain, Oracle HTTP Server can be collocated with Oracle WebLogic Server in full or Restricted-JRF mode.
Understanding Oracle HTTP Server Directory Structure
When Oracle HTTP Server is installed in a domain, a directory tree is created that contains the files that are required by Oracle HTTP server to support that domain type.
Understanding Configuration Files
Oracle HTTP Server contains several configuration files that are similar to those used in Apache HTTP Server. Most of these files end with the .conf file type.
Upgrading from Earlier Releases of Oracle HTTP Server
You can use the Upgrade Assistant and reconfig wizard to upgrade and configure supported Fusion Middleware and Oracle HTTP Server domains from an earlier release to 14c (14.1.2.0.0) and perform a readiness check prior to an upgrade.
Oracle HTTP Server Support
Oracle provides technical support for Oracle HTTP Server features.

Parent topic: Understanding Oracle HTTP Server

What is Oracle HTTP Server?

Oracle HTTP Server is a web server based on Apache HTTP Server infrastructure and includes additional modules developed specifically by Oracle. Oracle HTTP Server can also be a proxy server. The features of single sign-on, clustered deployment, and high availability enhance the operation of the Oracle HTTP Server.

Oracle HTTP Server has the following components to handle client requests

HTTP listener, to handle incoming requests and route them to the appropriate processing utility.
Modules (mods), to implement and extend the basic functionality of Oracle HTTP Server. Many of the standard Apache HTTP Server modules are included with Oracle HTTP Server. Oracle also includes several modules that are specific to Oracle Fusion Middleware to support integration between Oracle HTTP Server and other Oracle Fusion Middleware components.
Perl interpreter, which allows Oracle HTTP Server to be set up as a reverse proxy through the fcgi protocol to a persistent Perl runtime environment using mod_proxy_fcgi.

Although Oracle HTTP Server contains a Perl interpreter, it is internal to the product. You cannot use this interpreter for hosting Perl under a FastCGI environment. You must provide your own Perl environment.
Oracle WebLogic Server Proxy Plug-In, which enables Oracle HTTP Server to front-end WebLogic Servers and other Fusion Middleware-based applications.

Oracle HTTP Server enables developers to program their site in a variety of languages and technologies, such as:

Perl (through mod_proxy_fcgi, CGI and FastCGI)
C and C++ (through mod_proxy_fcgi, CGI and FastCGI)
Java, Ruby and Python (through mod_proxy_fcgi, CGI and FastCGI)

Oracle HTTP Server can also be a proxy server, both forward and reverse. A reverse proxy enables content served by different servers to appear as if coming from one server.

Note:

For more information about Oracle Fusion Middleware concepts, see Understanding Oracle Fusion Middleware.

Parent topic: Introduction to Oracle HTTP Server

Accessibility Tips for Oracle HTTP Server

Oracle HTTP Server can be managed using the Oracle Fusion Middlware Control in collocated mode. Oracle HTTP Server uses Fusion Middleware Control as its graphical user interface.

See Accessibility Features and Tips for Fusion Middleware Control in Accessibility Guide.

Parent topic: Introduction to Oracle HTTP Server

Oracle HTTP Server Topologies

Oracle HTTP Server leverages the WebLogic Management Framework to provide a simple, consistent, and distributed environment for administering Oracle HTTP Server, Oracle WebLogic Server, and other Fusion Middleware components. It acts as the HTTP front end by hosting the static content from within and by leveraging its built-in Oracle WebLogic Server Proxy Plug-Ins to route dynamic content requests to Managed Server instances.

There are multiple ways of implementing Oracle HTTP Server, depending on your requirements. Table 1-1 describes the major implementations, or "topologies."

Table 1-1 Oracle HTTP Server Topologies

Topology	Description	For More Information
Standard Installation Topology for Oracle HTTP Server in a Standalone Domain	This topology is similar to an Oracle WebLogic Server Domain topology, but does not provide an administration server or managed servers. It is useful when you do not need the management functionality provided by Fusion Middleware Control. This topology is depicted in Figure 1-1. To obtain this topology, install Oracle HTTP Server in standalone mode. Can be paired with Oracle HTTP Server Collocated mode by using the pack or unpack commands.	See Standard Installation Topology for Oracle HTTP Server in a Standalone Domain in Installing and Configuring Oracle HTTP Server. See Enterprise Deployment Guide for Oracle SOA Suite for an example configuration where Oracle recommends configuring Oracle HTTP Server in standalone domains.
Standard Installation Topology for Oracle HTTP Server in a WebLogic Server Domain (Restricted-JRF)	This topology is similar to the Full-JRF (Java Required Files) topology, except that it does not require a backing database. The Restricted-JRF mode offers all of the functionality as the Full-JRF mode, except cross component wiring is not available. To obtain this topology, install Oracle HTTP Server in Collocated mode, then choose the Oracle HTTP Server Restricted-JRF domain template for provisioning this domain. This topology handles most use cases except for cross-component wiring.	See Standard Installation Topology for Oracle HTTP Server in a WebLogic Server Domain in Installing and Configuring Oracle HTTP Server
Standard Installation Topology for Oracle HTTP Server in a WebLogic Server Domain (Full-JRF)	This topology provides enhanced management capabilities through the Fusion Middleware Control and WebLogic Management Framework. A WebLogic Server domain can be scaled out to multiple physical machines and be centrally managed by the administration server. This topology is depicted in Figure 1-2. To obtain this topology, install Oracle HTTP Server in Collocated mode, then choose the Oracle HTTP Server Full-JRF domain template. Note that this topology, requires a database in back-end and can support cross-component wiring.	See Standard Installation Topology for Oracle HTTP Server in a WebLogic Server Domain in Installing and Configuring Oracle HTTP Server.

Topology

Description

For More Information

Standard Installation Topology for Oracle HTTP Server in a Standalone Domain

This topology is similar to an Oracle WebLogic Server Domain topology, but does not provide an administration server or managed servers. It is useful when you do not need the management functionality provided by Fusion Middleware Control. This topology is depicted in Figure 1-1.

To obtain this topology, install Oracle HTTP Server in standalone mode. Can be paired with Oracle HTTP Server Collocated mode by using the pack or unpack commands.

See Standard Installation Topology for Oracle HTTP Server in a Standalone Domain in Installing and Configuring Oracle HTTP Server.

See Enterprise Deployment Guide for Oracle SOA Suite for an example configuration where Oracle recommends configuring Oracle HTTP Server in standalone domains.

Standard Installation Topology for Oracle HTTP Server in a WebLogic Server Domain (Restricted-JRF)

This topology is similar to the Full-JRF (Java Required Files) topology, except that it does not require a backing database. The Restricted-JRF mode offers all of the functionality as the Full-JRF mode, except cross component wiring is not available.

To obtain this topology, install Oracle HTTP Server in Collocated mode, then choose the Oracle HTTP Server Restricted-JRF domain template for provisioning this domain. This topology handles most use cases except for cross-component wiring.

See Standard Installation Topology for Oracle HTTP Server in a WebLogic Server Domain in Installing and Configuring Oracle HTTP Server

Standard Installation Topology for Oracle HTTP Server in a WebLogic Server Domain (Full-JRF)

This topology provides enhanced management capabilities through the Fusion Middleware Control and WebLogic Management Framework. A WebLogic Server domain can be scaled out to multiple physical machines and be centrally managed by the administration server. This topology is depicted in Figure 1-2.

To obtain this topology, install Oracle HTTP Server in Collocated mode, then choose the Oracle HTTP Server Full-JRF domain template. Note that this topology, requires a database in back-end and can support cross-component wiring.

See Standard Installation Topology for Oracle HTTP Server in a WebLogic Server Domain in Installing and Configuring Oracle HTTP Server.

Figure 1-1 illustrates the standard installation topology for Oracle HTTP Server in a standalone domain.

Figure 1-1 Standard Installation Topology for Oracle HTTP Server in a Standalone Domain

Description of "Figure 1-1 Standard Installation Topology for Oracle HTTP Server in a Standalone Domain"

Figure 1-2 illustrates the standard installation topology for Oracle HTTP Server in a WebLogic Server domain.

Figure 1-2 Standard Installation Topology for Oracle HTTP Server in a WebLogic Server Domain

Description of "Figure 1-2 Standard Installation Topology for Oracle HTTP Server in a WebLogic Server Domain"

Parent topic: Introduction to Oracle HTTP Server

Key Features of Oracle HTTP Server

Oracle HTTP Server includes a web server proxy plug-in for Oracle WebLogic Server, components for boosting web application performance, an installation mode that does not require a database connection, multiple security configuration options, and more.

The following sections describe some key features of Oracle HTTP Server:

Parent topic: Introduction to Oracle HTTP Server

Oracle WebLogic Server Proxy Plug-In (mod_wl_ohs)

The Oracle WebLogic Server Proxy Plug-In (mod_wl_ohs) enables requests to be proxied from Oracle HTTP Server to Oracle WebLogic Server. This plug-in enhances an Oracle HTTP server installation by allowing Oracle WebLogic Server to handle requests that require dynamic functionality. In other words, you typically use a plug-in where the HTTP server serves static pages such as HTML pages, while Oracle WebLogic Server serves the J2EE dynamic pages such as Servlets, Jakarta Server Pages (JSPs), and Jakarta Enterprise Beans (EJBs).

See Configuring the Plug-In for Oracle HTTP Server.

Parent topic: Key Features of Oracle HTTP Server

CGI and Fast CGI Protocol (mod_proxy_fcgi)

CGI programs are commonly used to program Web applications. Oracle HTTP Server enhances the programs by providing a mechanism to keep them active beyond the request lifecycle by using the mod_proxy_fcgi module.

The mod_proxy_fcgi module is the Oracle replacement for the deprecated mod_fastcgi module. The mod_proxy_fcgi module requires the service of the mod_proxy module and provides support for the FastCGI protocol.

For information on configuring the mod_proxy_fcgi module, see About Configuring mod_proxy_fcgi. For information on migrating from the mod_fastcgi module to mod_proxy_fcgi, see Configuring mod_proxy_fcgi and mod_authnz_fcgi Modules.

Parent topic: Key Features of Oracle HTTP Server

Security Features

Oracle HTTP Server employs many security features. Key among them are:

Parent topic: Key Features of Oracle HTTP Server

Oracle Secure Sockets Layer (mod_ossl)

The mod_ossl module enables strong cryptography for Oracle HTTP Server using OpenSSL as the cryptography engine. It is a plug-in to Oracle HTTP Server that enables the server to use SSL. mod_ossl is the same as Apache mod_ssl with Oracle Wallet support. The mod_ossl module supports TLS versions 1.2 and 1.3.

OHS 14.1.2.0.0 uses OpenSSL library for its TLS implementation. Oracle Wallet to store SSL information such as private key, user certificate chain, and the list of trusted certificates. OpenSSL APIs cannot read the content of such wallets. Therefore, it is necessary to export the content of a user-supplied wallet to a format that OpenSSL APIs can read. The content of the wallet will be exported as PEM formatted files on the file system.

The 'exportwallet' utility has been added in an OHS installation (under $ORACLE_HOME/ohs/bin) which is responsible for exporting the contents of an Oracle wallet to "key.pem", "trusted_certs.crt" and "user.crt" files. The 'exportwallet' utility gets invoked whenever an OHS instance is started or re-started.

For each user-supplied wallet, three files are created in the same file system path where the auto-login-only wallet is present:

key.pem - A pass-phrase protected file containing the private key in PEM format, if a private key is present in the wallet.
user.crt - User certificate in PEM format, if a user certificate is present in the wallet.
trusted_certs.crt - Chain of trusted certificates in PEM format.

Parent topic: Security Features

Security: Encryption with Secure Sockets Layer

Secure Sockets Layer (SSL) is required to run any website securely. Oracle HTTP Server supports SSL encryption based on patented, industry standard, algorithms. SSL works seamlessly with commonly-supported Internet browsers. Security features include the following:

SSL hardware acceleration support uses dedicated hardware for SSL. Hardware encryption is faster than software encryption.
Variable security per directory allows individual directories to be protected by different strength encryption.
Oracle HTTP Server and Oracle WebLogic Server communicate using the HTTPS protocol to provide both encryption and authentication. You can also enable HTTPS tunneling for the T3 or IIOP protocols to provide non-browser clients access to WebLogic Server services.

Security: Single Sign-On with WebGate

WebGate enables single sign-on (SSO) for Oracle HTTP Server. WebGate examines incoming requests and determines whether the requested resource is protected, and if so, retrieves the session information for the user. Through WebGate, Oracle HTTP Server becomes an SSO partner application enabled to use SSO to authenticate users, obtain their identity by using Oracle Single Sign-On, and to make user identities available to web applications accessed through Oracle HTTP Server.

URL Rewriting and Proxy Server Capabilities

Active websites usually update their web pages and directory contents often, and possibly their URLs as well. Oracle HTTP Server makes it easy to accommodate the changes by including an engine that supports URL rewriting so end users do not have to change their bookmarks.

Oracle HTTP Server also supports reverse proxy capabilities, making it easier to make content served by different servers to appear from one single server.

Parent topic: Key Features of Oracle HTTP Server

PHP Support with FastCGI (PHP-FPM)

Oracle HTTP Server supports PHP with fastCGI (PHP-FPM). To work with the PHP fastCGI process manager, Oracle HTTP Server ships mod_proxy_fcgi which is intended specifically for communicating with fastCGI servers. For more information, see Configuring mod_proxy_fcgi and mod_authnz_fcgi Modules.

For more information about installing and configuring of PHP-FPM with mod_proxy_fcgi, see PHP-FPM.

Parent topic: Key Features of Oracle HTTP Server

Domain Types

You can install Oracle HTTP Server on two types of domains: WebLogic Server domain and standalone domain. In the WebLogic Server domain, Oracle HTTP Server can be collocated with Oracle WebLogic Server in full or Restricted-JRF mode.

You can select which environment you want to use during server configuration.

Parent topic: Introduction to Oracle HTTP Server

WebLogic Server Domain (Full-JRF Mode)

A WebLogic Server Domain in Full-JRF mode contains a WebLogic Administration Server, zero or more WebLogic Managed Servers, and zero or more System Component Instances (for example, an Oracle HTTP Server instance). This type of domain provides management capabilities through the Fusion Middleware Control and WebLogic Management Framework present throughout the system. A WebLogic Server Domain can span multiple physical machines, and it is centrally managed by the administration server. A WebLogic Server Domain provide integrated management across System Components and Jakarta EE components running in the domain.

WebLogic Server Domains support all WebLogic Management Framework tools.

For more information about installing a WebLogic Server Domain, see Installing and Configuring the Oracle Fusion Middleware Infrastructure.
For information about installing Oracle HTTP Server either as part of a Oracle Fusion Middleware infrastructure or as standalone component, see Installing and Configuring Oracle HTTP Server.

Parent topic: Domain Types

WebLogic Server Domain (Restricted-JRF Mode)

The Weblogic Server Domain in Restricted-JRF mode is similar in architecture and functionality to Weblogic Server Domain in Full mode, except it does not define a connection to an external database. There are no database dependencies in Restricted-JRF mode.

This lack of a backing database means that cross component wiring is not supported by Oracle HTTP Server in a Restricted-JRF domain; this is the major differentiating factor between a Full JRF- and a Restricted-JRF-based domain.

Like the Full -JRF domain, the management of keys and certificates of an Oracle HTTP Server instance in a Restricted-JRF domain continues to be keystore service (KSS). In a Restricted-JRF domain, the database persistency of KSS is replaced with file persistency, although to an end user there is no visible change in basic KSS APIs to manage keys and certificates.

Like the Full -JRF domain, Oracle HTTP Server in a Restricted-JRF domain supports multiple Oracle wallets for complex virtual server configurations.

Parent topic: Domain Types

Standalone Domain

A standalone domain is a container for system components, such as Oracle HTTP Server. It has a directory structure similar to an Oracle WebLogic Server Domain, but it does not contain an Administration Server or Managed Servers.

For standalone domains, the WebLogic Management Framework supports the following tools:

Node Manager
The WebLogic Scripting Tool (WLST) commands, including:
- nmStart(), nmKill(), and nmSoftRestart() that start, stop, and restart Oracle HTTP Server instance using Node Manager.
- nmConnect() to connect to Node Manager.
- nmLog() to get the Node Manager log information.
For a complete list of supported WLST Node Manager commands, see Node Manager Commands in WLST Command Reference for WebLogic Server.

Note:

If you have a remote Oracle HTTP Server in a managed mode and another in standalone with the remote administration mode enabled, you can use WLST to perform management tasks such as SSL configuration.
Configuration Wizard
Pack or Unpack

Generally, you would use a standalone domain when you do not want your Oracle HTTP Server implementation installed with a WebLogic Server domain and do not need the management functionality provided by Oracle Fusion Middleware Control. You would use it when you want to keep Oracle HTTP Server in a "demilitarized zone" (DMZ, that is, the zone between the internal and external firewalls) and you do not want to open management ports used by Node Manager. See Enterprise Deployment Guide for Oracle SOA Suite for an example configuration where Oracle recommends configuring Oracle HTTP Server in standalone domains.

Parent topic: Domain Types

Understanding Oracle HTTP Server Directory Structure

When Oracle HTTP Server is installed in a domain, a directory tree is created that contains the files that are required by Oracle HTTP server to support that domain type.

Oracle HTTP Server domains can be either WebLogic Server or standalone. When installed, each domain has its own directory structure that contains files necessary to implement the domain type. For a complete file structure topology, see Understanding the Directory Structures in Installing and Configuring Oracle HTTP Server.

Parent topic: Introduction to Oracle HTTP Server

Understanding Configuration Files

Oracle HTTP Server contains several configuration files that are similar to those used in Apache HTTP Server. Most of these files end with the .conf file type.

The following topics explain the layout of the configuration file directories, mechanisms for editing the files, and more about the files themselves.

Parent topic: Introduction to Oracle HTTP Server

Staging and Run-time Configuration Directories

Two configuration directories are associated with each Oracle HTTP Server instance: a staging directory and a run-time directory.

Staging directory

DOMAIN_HOME/config/fmwconfig/components/OHS/componentName
Run-time directory

DOMAIN_HOME/config/fmwconfig/components/OHS/instances/componentName

Each of the configuration directories contain the complete Oracle HTTP Server configuration -- httpd.conf, ssl.conf, admin.conf, auditconfig.xml, and so on.

Note:

Run-time artifacts like htdocs, error, wallets, and cgi-bin are present only in run-time directory for some types of installations.

Modifications to the configuration are made in the staging directory. These modifications are automatically propagated to the run-time directory during the following operations:

Note:

Before making any changes to the files in the staging directory manually (that is, without using Fusion Middleware Control or WLST), stop the Administration Server.

Oracle HTTP Server instances which are part of a WebLogic Server Domain

Modifications are replicated to the run-time directory on the node with the managed Oracle HTTP Server instance after changes are activated from within Fusion Middleware Control, or when the administration server initializes and prior changes need to be replicated. If communication with Node Manager is broken at the time of the action, replication will occur at a later time when communication has been restored.
Standalone Oracle HTTP Server instances

Modifications are synchronized with the run-time directory when a start, restart, or stop action is initiated. Some changes might be written to the run-time directory during domain update, but the changes will be finalized during synchronization.

Any modifications to the configuration within the run-time directory may be lost during replication or synchronization.

Note:

When a standalone instance is created, the keystores directory containing a demo wallet is created only in the run-time directory.

Before creating the first new wallet for the instance, the user must create a keystores directory within the staging directory.

DOMAIN_HOME/config/fmwconfig/components/OHS/componentName/keystores

Wallets must then be created within that keystores directory.

Parent topic: Understanding Configuration Files

Oracle HTTP Server Configuration Files

The default Oracle HTTP Server configuration contains the files described in Configuration Files.

Additional files can be added to the configuration and included in the top-level .conf file httpd.conf using the Include directive. For information on how to use this directive, see the Include directive documentation, at:

http://httpd.apache.org/docs/2.4/mod/core.html#include

The default configuration provides an Include directive which includes all .conf files in the moduleconf/ directory within the configuration.

An Include directive should be added to an existing .conf file, usually httpd.conf, for .conf files which are not stored in the moduleconf/ directory. This may be required if the new .conf file must be included at a different configuration scope, such as within an existing virtual host definition.

Parent topic: Understanding Configuration Files

Modifying an Oracle HTTP Server Configuration File

For instances that are part of a WebLogic Server Domain, Fusion Middleware Control and the management infrastructure manages the Oracle HTTP Server configuration. Direct editing of the configuration in the staging directory is subject to being overwritten after subsequent management operations, including modifying the configuration in Fusion Middleware Control. For such instances, direct editing should only be performed when the administration server is stopped. When the administration server is subsequently started (with start or restart), the results of any manual edits will be replicated to the run-time directory on the node of the managed instance. See About Editing Configuration Files.

Note:

Fusion Middleware Control and other Oracle software that manage the Oracle HTTP Server configuration might save these files in a different, equivalent format. After using the software to make a configuration change, multiple configuration files might be rewritten.

Parent topic: Understanding Configuration Files

Default Configuration File Settings

The Header setifempty Pragma "no-cache" "expr=resp('cache-control') =~ /no-store|no-cache/" is a default Oracle HTTP Server configuration file setting present in the httpd.conf file. This setting is backword compatible and hence there is no damage to the existing setup.

The setting adds Pragma header to the response header, only where Cache-Control value is set to no-cache or no-store by the backend application. As pragma header is a deprecated header it was assumed that it will not be processed by a client implementing HTTP/1.1 protocol. However, there are still some browsers which expect presence of Pragma header to make caching decision.

Parent topic: Understanding Configuration Files

Upgrading from Earlier Releases of Oracle HTTP Server

You can use the Upgrade Assistant and reconfig wizard to upgrade and configure supported Fusion Middleware and Oracle HTTP Server domains from an earlier release to 14c (14.1.2.0.0) and perform a readiness check prior to an upgrade.

To upgrade Oracle HTTP Server, see Upgrading with the Upgrade Assistant.

Parent topic: Introduction to Oracle HTTP Server

Oracle HTTP Server Support

Oracle provides technical support for Oracle HTTP Server features.

The following Oracle HTTP Server features and conditions are supported:

Modules included in the Oracle distribution. Oracle does not support modules obtained from any other source, including the Apache Software Foundation. Oracle HTTP Server will still be supported when non-Oracle-provided modules are included. If non-Oracle-provided modules are suspect of contributing to reported problems, customers may be requested to reproduce the problems without including those modules.
Problems that can be reproduced within an Oracle HTTP Server configuration consisting only of supported Oracle HTTP Server modules.

Parent topic: Introduction to Oracle HTTP Server