Installing and Configuring the Oracle WebLogic Server Proxy Plug-In for Apache HTTP Server

3 Installing and Configuring the Oracle WebLogic Server Proxy Plug-In for Apache HTTP Server

To install and configure the Oracle WebLogic Server Proxy Plug-In for Apache HTTP Server (WLS Apache Plug-In), Oracle recommends that you read the information included in this section.

This section includes the following topics:

Installing the WLS Apache Plug-In
After you download the WLS Apache Plug-In, you can load it as a module in your Apache HTTP Server installation.
Configuring the WLS Apache Plug-In
Edit the httpd.conf file to proxy requests by path or by MIME type, to enable HTTP tunneling and to use the other WLS Apache Plug-In parameters.
Enable and Configure HTTP/2 Support
To leverage the benefits of the HTTP/2 protocol, HTTP/2 must be used for both front-end connections and back-end connections.
Configuring IPv6 with Proxy Plug-Ins
The 14.1.2.0.0 WLS proxy plug-ins support IPv6. Specifically, the WebLogicHost and WebLogicCluster configuration parameters now support IPv6 addresses.
Understanding the DMS Metrics for the WLS Apache Plug-In
The performance metrics for the WLS Apache Plug-In are provided through the Oracle Dynamic Monitoring Service (DMS). For example, it can fetch the number of requests proxied, the number of failed requests, and other specific metrics.
Support and Patching
When you encounter issues with a proxy plug-in, always report the version of the proxy plug-in you are using. You can find this information in the Apache log.
Deprecated Directives for Apache HTTP Server
The WLLogFile and Debug directives are deprecated. If the configuration uses these directives, a note appears during startup.

Installing the WLS Apache Plug-In

After you download the WLS Apache Plug-In, you can load it as a module in your Apache HTTP Server installation.

To download the WLS Apache Plug-In, see Availability of Oracle WebLogic Server Proxy Plug-Ins.

This section includes the following topics:

Installation Prerequisites
Review and ensure that you meet the necessary prerequisites.
Installing the WLS Apache Plug-In
The WLS Apache Plug-In is distributed as a shared object (.so) file.
Next Steps After Installing the WLS Apache Plug-In
After installing the 14.1.2.0.0 WLS Apache Plug-In, to be able to use its new features, complete its configuration as follows.

Parent topic: Installing and Configuring the Oracle WebLogic Server Proxy Plug-In for Apache HTTP Server

Installation Prerequisites

Review and ensure that you meet the necessary prerequisites.

This section includes the following topics:

Parent topic: Installing the WLS Apache Plug-In

Obtaining the WLS Apache Plug-In

To obtain the WLS Apache Plug-In:

Download the WLS Apache Plug-In, as described in Availability of Oracle WebLogic Server Proxy Plug-Ins.
Extract the proxy plug-in ZIP distribution to PLUGINS_HOME. For example, /home/myhome/weblogic-plugins-14.1.2.0.0/. This is the directory to which the proxy plug-in is extracted.

Table 3-1 lists the files included in the distribution.

Table 3-1 Files Included in the WLS Apache Plug-In Zip File for Linux

(Path)/File Name	Description
`README.txt`	The README file for the proxy plug-in.
`THIRD_PARTY_LICENSES.txt`	The file containing the third-party license related information.
`bin/orapki`	The `orapki` tool for configuring Oracle wallets.
`bin/export_wallet`	The executable file for exporting Oracle wallet to PEM formatted files.
`jlib/*.jar`	The helper Java libraries for `orapki` and the `export_wallet` program.
`lib/mod_wl_24.so`	The Oracle WebLogic Server Proxy Plug-In for Apache HTTP Server 2.4.
`lib/*.so`	The helper libraries.
`lib/nghttp2/*`	The HTTP/2 C library for `nghttp2`.

Parent topic: Installation Prerequisites

Java Requirements

Install the required version of Java (JDK). Table 3-2 lists the minimum JDK versions required for certain features when using the 14.1.2.0.0 proxy plug-in for Apache HTTP Server.

Table 3-2 Minimum JDK Requirements

Host on Which JDK Must be Installed	Feature that Requires JDK	Minimum JDK Version Required	Description
Machine on which the Apache HTTP Server is installed.	To use for managing Oracle wallet.	Oracle JDK 17 and 21	JDK is required for using the `orapki` tool (located at `$PLUGINS_HOME/bin`) to work with Oracle wallets configured for the web server. JDK is also required for `export_wallet` program (located at `$PLUGINS_HOME/bin`) that exports the content of the Oracle wallets to PEM formatted files on the file system.

Parent topic: Installation Prerequisites

Apache HTTP Server Installation

Ensure that you have a supported Apache HTTP Server installation. See Oracle Fusion Middleware Supported System Configurations.

Ensure that you are using Apache Portable Runtime 1.7.0 (apr-1.7.0). Add the path of apr-1.7.0 to the LD_LIBRARY_PATH using the following command:

export LD_LIBRARY_PATH=<absolute_path_to_the_directory_containing_apr-1.7.0>/lib:${LD_LIBRARY_PATH}

Note:

The 14.1.2.0.0 WLS Apache Plug-In has been tested with Apache Portable Runtime 1.7.0 (apr-1.7.0). Therefore, it is recommended that you use this version of APR at a minimum. It is not known if using earlier versions of the APR with the proxy plug-in will result in the correct behavior.

You can download the APR from https://apr.apache.org/.

Parent topic: Installation Prerequisites

Oracle WebLogic Server Installation

Ensure that a supported version of Oracle WebLogic Server is configured and running on a target system. This server does not need to be running on the system on which you extracted the proxy plug-in ZIP distribution.

For the list of supported Oracle WebLogic Server versions, see https://www.oracle.com/technetwork/middleware/ias/downloads/fusion-certification-100350.html.

For information about configuring Oracle WebLogic Server, see Planning the Oracle WebLogic Server Installation in Installing and Configuring Oracle WebLogic Server and Coherence.

Parent topic: Installation Prerequisites

Setting the Environment Variables for the WLS Apache Plug-In

Note:

Oracle recommends that you set the environment variables, such as PLUGINS_HOME, JAVA_HOME, and LD_LIBRARY_PATH.

For example:

PLUGINS_HOME=<absolute_path_to_the_directory_where_plugin_zip_is extracted_to>
export PLUGINS_HOME

You can use the variables set at the time of starting the Apache HTTP Server in the httpd.conf file by using the ${VAR_NAME} syntax. For example:

LoadModule weblogic_module ${PLUGINS_HOME}/lib/mod_wl_24.so

Set the following environment variables:

Set PLUGINS_HOME to point to the directory where the proxy plug-ins ZIP file is extracted to, using the following command:
```
export PLUGINS_HOME=<absolute_path_to_the_directory_where_plugin_zip_is extracted_to>
```
For example:
```
export PLUGINS_HOME=/home/myhome/weblogic-plugins-14.1.2.0.0/
```
Set JAVA_HOME to point to the JDK present on the host where Apache HTTP Server is installed, using the following command:

Note:
Relative path is not allowed for JAVA_HOME.
```
export JAVA_HOME=<absolute_path_to_the_JDK_installation_directory>
```
For example:
```
export JAVA_HOME=/home/myhome/JDK_installation_path
```
Note:

JAVA_HOME is required only when implementing SSL for managing the Oracle wallet.

For information about the supported JDK versions, see Table 3-2.
Ensure that $PLUGINS_HOME/lib appears in the LD_LIBRARY_PATH on UNIX systems. To add $PLUGINS_HOME/lib to the LD_LIBRARY_PATH, use the command:
```
export LD_LIBRARY_PATH=$PLUGINS_HOME/lib:$LD_LIBRARY_PATH
```
Review the Third-Party Software Dependencies to determine if additional steps are needed to satisfy the dependency on the nghttp2 library.

Parent topic: Installation Prerequisites

Installing Microsoft Redistributable Package 2015-2022

You must install the Microsoft Redistributable Package 2015-2022 on Windows. For more information, see Microsoft Visual C++ Redistributable latest supported downloads.

Note:

If this package is not installed, the Apache Web Server startup fails on Windows after configuring the mod_wl_24.so module, with the following error:

CANNOT LOAD MODULES/MOD_WL_24.SO

Parent topic: Installation Prerequisites

Installing the WLS Apache Plug-In

The WLS Apache Plug-In is distributed as a shared object (.so) file. You can obtain the proxy plug-in from My Oracle Support (https://support.oracle.com/signin) or the Software Delivery Cloud.

To install the WLS Apache Plug-In:

Verify that the mod_so.c module is enabled.
If you installed Apache HTTP Server using the script supplied by Apache, mod_so.c is already enabled. Verify that mod_so.c is enabled by running the following command:
UNIX/Linux:
```
APACHE_HOME/bin/apachectl -l
```
(APACHE_HOME is the directory that contains the Apache HTTP Server installation.)

This command lists all enabled modules. If mod_so.c is not listed, you must rebuild your Apache HTTP Server, ensuring that the following configuration option is specified:
```
...
--enable-module=so
...
```
The output appears as follows:
```
# apachectl -l
Compiled in modules:
...
  mod_so.c
...
```
Make a copy of the APACHE_HOME/conf/httpd.conf file for backup.
Open the httpd.conf file.
Verify the syntax of the httpd.conf file by running the following command:
UNIX/Linux:
```
> APACHE_HOME/bin/apachectl -t
```
If the httpd.conf file contains any errors, the output of this command shows the errors; ensure that you get a clean output before continuing. If there are no errors, the command returns the following:
```
Syntax OK
```
Note:
Ensure that you have resolved all the configuration errors from Steps 1 through 4 before contacting Oracle Support.
The WLS Apache Plug-In modules for Apache 2.4.x are shipped with the 14.1.2.0.0 proxy plug-in distributions. Apache 2.2.x is no longer supported. Therefore, the WLS Apache Plug-In module for Apache 2.2.x is no longer supported. Use the WLS Apache Plug-In module for Apache 2.4.x which continues to be supported.
Note:
If you are using Apache 2.2.x version of the web server, migrate to the Apache 2.4.x version, and then install the Oracle WebLogic Server Proxy Plug-in module for Apache 2.4.x.

Install the WLS Apache Plug-In module for Apache 2.4.x by adding the following line:
```
LoadModule weblogic_module /home/myhome/weblogic-plugins-14.1.2.0.0/lib/mod_wl_24.so
```
After installing the WLS Apache Plug-In module, verify the syntax of the httpd.conf file by running the following command:
UNIX/Linux:
```
> APACHE_HOME/bin/apachectl -t
```
If the httpd.conf file contains any errors, the output of this command shows the errors. Contact Oracle Support for resolving the errors. If there are no errors, the command returns the following:
```
Syntax OK
```

Parent topic: Installing the WLS Apache Plug-In

Next Steps After Installing the WLS Apache Plug-In

After installing the 14.1.2.0.0 WLS Apache Plug-In, to be able to use its new features, complete its configuration as follows.

Review the minimum JDK requirements and install the supported version of JDK. See Installation Prerequisites.
Set the following environment variables:
- JAVA_HOME
- PLUGINS_HOME
- LD_LIBRARY_PATH
See Installation Prerequisites.

To use the new features of the 14.1.2.0.0 WLS Apache Plug-In, do the following:

Configuring HTTP/2 Support on Back-End Connections.
Review the following directives, if configured, to enable TLSv1.3:
- WebLogicSSLVersion
- WebLogicSSLCiphers

This section includes the following topics:

Parent topic: Installing the WLS Apache Plug-In

Third-Party Software Dependencies

The 14.1.2.0.0 WLS Apache Plug-In depends on the following third-party software:

OpenSSL, version 1.1.1x or 3.0.x
nghttp2, version 1.58.0

Note:

For Windows OpenSSL version, by default, the Windows environment latest Apache 2.4 builds come with OpenSSL version 3.x.

Libraries from the above third-party software must be available on the system where the Apache Web Server process (that loads the 14.1.2.0.0 WLS Apache Plug-In module) runs. These libraries are a prerequisite for the Apache Web Server process to start.

There are two flavors of the 14.1.2.0.0 WLS Apache Plug-In which are supported for both OpenSSL 1.1.1x and OpenSSL 3.0.x. For more information, see the Oracle Fusion Middleware Supported System Configurations page. When the Apache Web Server process loads the 14.1.2.0.0 WLS Apache Plug-In module, the OpenSSL libraries provided by the operating system are also loaded into the process address space.

Parent topic: Next Steps After Installing the WLS Apache Plug-In

About HTTP Header Case Handling

The WLS Apache Plug-In converts the case of HTTP headers based on the HTTP protocol version configured for the front-end and the back-end connections.

Table 2-1 shows how the case of request and response headers are modified based on the HTTP protocol version configured for the front-end and the back-end connections.

Table 3-3 Case of HTTP Request and Response Headers

HTTP Protocol Version for the Front-End Connection	HTTP Protocol Version for the Back-End Connection	Case of Request Header Sent to the Back End by the Oracle WebLogic Server Proxy Plug-In	Case of Response Header Sent to the Client by the Oracle WebLogic Server Proxy Plug-In
HTTP/2	HTTP/2	Lower Case	Lower Case
HTTP/1.1	HTTP/2	Lower Case	Camel Case
HTTP/2	HTTP/1.1	Camel Case	Lower Case
HTTP/1.1	HTTP/1.1	No Conversion	No Conversion

Parent topic: Next Steps After Installing the WLS Apache Plug-In

Unsupported Use Cases

The 14.1.2.0.0 WLS Apache Plug-In is loaded in an Apache Web Server process that loads open source modules such as mod_ssl.so, mod_http2, and so on, so that they depend on OpenSSL libraries. The 14.1.2.0.0 WLS Apache Plug-In also depends on the OpenSSL libraries. There are two flavors of the proxy plug-ins, which are supported for both OpenSSL 1.1.1 and OpenSSL 3.0.X.

To ensure the current functioning of the Apache Web Server process, Oracle recommends that you ensure that the versions of OpenSSL that different modules within an Apache Web Server process use are binary compatible to prevent symbol version conflicts.

The following use cases are not supported because these lead to an incorrect runtime behavior (process crash) that occurs due to symbol conflicts at runtime:

Using the 14.1.2.0.0 WLS Apache Plug-In in an Apache Web Server process that uses open source Apache modules statically linked with a version of OpenSSL that is binary incompatible with OpenSSL version used by the 14.1.2.0.0 WLS Apache Plug-In.
Using the 14.1.2.0.0 WLS Apache Plug-In in an Apache Web Server process that uses the open source Apache modules dynamically linked with a version of OpenSSL that is binary incompatible with OpenSSL version and the OpenSSL library does not support symbol versioning.

Parent topic: Next Steps After Installing the WLS Apache Plug-In

Configuring the WLS Apache Plug-In

Edit the httpd.conf file to proxy requests by path or by MIME type, to enable HTTP tunneling and to use the other WLS Apache Plug-In parameters.

This section includes the following topics:

Parent topic: Installing and Configuring the Oracle WebLogic Server Proxy Plug-In for Apache HTTP Server

Configuring the httpd.conf File

To configure the WLS Apache Plug-In, edit the httpd.conf file in your Apache HTTP Server installation. Complete the following tasks:

Parent topic: Configuring the WLS Apache Plug-In

Task 1: Configure MIME Requests

You can proxy requests by MIME type and/or by path. Open the httpd.conf file in a text editor and complete the following steps:

Note:

If both MIME type and proxying by path are enabled, proxying by path takes precedence over proxying by MIME type.

Parent topic: Configuring the httpd.conf File

Configuring Proxy Requests by MIME Type

To configure MIME requests by MIME type in the httpd.conf file, add a MatchExpression line to the <IfModule> block:

For a non-clustered Oracle WebLogic Server: Define the WebLogicHost and WebLogicPort parameters with the MatchExpression directive.
In the example below, a non-clustered Oracle WebLogic Server specifies that all files with MIME type .jsp are proxied:
```
<IfModule mod_weblogic.c> 
 WebLogicHost my-weblogic.server.com
 WebLogicPort 7001
 MatchExpression *.jsp
</IfModule>
```
You can use multiple MatchExpression as well. For example:
```
<IfModule mod_weblogic.c>
 WebLogicHost my-weblogic.server.com
 WebLogicPort 7001
 MatchExpression *.jsp
 MatchExpression *.xyz
</IfModule>
```
For a cluster of Oracle WebLogic Servers: Define the WebLogicCluster parameter with the MatchExpression directive.
In the example below, a clustered Oracle WebLogic Server specifies that all files with MIME type .jsp are proxied:
```
<IfModule mod_weblogic.c>
 WebLogicCluster w1s1.com:7001,w1s2.com:7001,w1s3.com:7001
 MatchExpression *.jsp
</IfModule>
```
See MatchExpression.

Parent topic: Task 1: Configure MIME Requests

Configuring Proxy Requests by Path

To configure MIME requests by path in the httpd.conf file, configure the PathTrim parameter inside the <Location> tag. The PathTrim parameter specifies a string trimmed from the beginning of the URL before the request is passed to the Oracle WebLogic Server instance. See PathTrim.

For example, the following Location block proxies all requests that contain /weblogic in the URL:

<Location /weblogic>
  WLSRequest On
  PathTrim /weblogic
</Location>

The <Location> directive limits the scope of the enclosed directives by URL. See Apache Location Directive.

Parent topic: Task 1: Configure MIME Requests

Task 2: Define Additional Parameters for the WLS Apache Plug-In

Define any additional parameters for the WLS Apache Plug-In.

The WLS Apache Plug-In recognizes the parameters listed in General Parameters for Oracle WebLogic Server Proxy Plug-Ins. To modify the behavior of your WLS Apache Plug-In, define these parameters either:

In a <Location> block, for parameters that apply to proxying by path, or
At global or virtual host scope, for parameters that apply to proxying by MIME type.

Parent topic: Configuring the httpd.conf File

Task 3: Enable HTTP Tunneling (Optional)

You can enable HTTP tunneling for the T3 protocol by configuring the <Location> blocks.

To enable HTTP tunneling if you are using the T3 protocol and weblogic.jar, add the following <Location> block to the httpd.conf file:

<Location /bea_wls_internal>
 WLSRequest On
</Location>

Parent topic: Configuring the httpd.conf File

Task 4: Enable Web Services Atomic Transaction (Optional)

You can enable Web Services Atomic Transaction (WS-AT) by configuring the <Location> blocks. The <wls-wsat> parameter applies to proxying by path. You can optionally define the parameter to modify the behavior of the Oracle WebLogic Server Proxy Plug-in for Apache HTTP Server.

<Location /wls-wsat>
 WLSRequest On
</Location>

WebLogic web services enable interoperability with other external transaction processing systems, such as IBM WebSphere, JBoss, Microsoft .NET. For more information about Web Services Atomic Transaction (WS-AtomicTransaction), see https://www.oasis-open.org/committees/tc_home.php?wg_abbrev=ws-tx.

Parent topic: Configuring the httpd.conf File

Task 5: Verify and Apply Your Configuration

Follow these steps to verify the httpd.conf configuration and apply it to the Apache HTTP Server.

Verify the syntax of the httpd.conf file by running the following command (UNIX/Linux):
```
> APACHE_HOME/bin/apachectl -t
```
If the httpd.conf file contains any errors, the output of this command shows the errors; otherwise, the command returns the following:
```
Syntax OK
```
Start the Apache HTTP Server (for UNIX/Linux):
```
> APACHE_HOME/bin/apachectl start
```
Send a request to http://apache-host:apache-port/mywebapp/my.jsp from the browser. Validate the response.

Parent topic: Configuring the httpd.conf File

Placing the WebLogic Properties Inside the Location or VirtualHost Blocks

If you choose to not use the <IfModule>, you can instead directly place the WebLogic properties inside the Location or <VirtualHost> blocks. Consider the following examples of the <Location> and <VirtualHost> blocks:

<Location /weblogic>
WLSRequest On
WebLogicHost myweblogic.server.com
WebLogicPort 7001
</Location>

<Location /weblogic>
WLSRequest On
WebLogicCluster w1s1.com:7001,w1s2.com:7001,w1s3.com:7001
</Location>

<VirtualHost apachehost:80>
WLSRequest On
WebLogicServer weblogic.server.com
WebLogicPort 7001
</VirtualHost>

Parent topic: Configuring the WLS Apache Plug-In

Default Apache Web Server and WLS Apache Plug-In HTTP Protocol Configuration

In the default Apache Web Server configuration, Apache Web Server supports HTTP/1.1 protocol (only) for both front-end connections and back-end connections. In this default Apache Web Server configuration:

Clients will create HTTP/1.1 front-end connections to Apache Web Server:
- Clients that support HTTP/1.1 only will create HTTP/1.1 front-end connections.
- Clients that support HTTP/2 will negotiate HTTP/1.1 front-end connections.
WLS Apache Plug-In will create HTTP/1.1 back-end connections to WebLogic Server:
- If WebLogic Server supports HTTP/1.1 only, then Apache Web Server will create HTTP/1.1 back-end connections.
- If WebLogic Server supports HTTP/2, then Apache Web Server will negotiate HTTP/1.1 back-end connections.

Parent topic: Configuring the WLS Apache Plug-In

Example: Configuring the WLS Apache Plug-In

This example demonstrates basic instructions for quickly setting up the WLS Apache Plug-In to proxy requests to a back-end Oracle WebLogic Server.

Make a copy of $APACHE_HOME/conf/httpd.conf file.

Edit the file to add the following code:

... 
LoadModule weblogic_module /home/myhome/weblogic-plugins-14.1.2.0.0/lib/mod_wl_24.so

<IfModule mod_weblogic.c>
  WebLogicHost wls-host
  WebLogicPort wls-port
</IfModule>

<Location /mywebapp>
  WLSRequest On
</Location>
...

Include $PLUGINS_HOME/lib in the LD_LIBRARY_PATH, using the following command:
```
$ export LD_LIBRARY_PATH=/home/myhome/weblogic-plugin-14.1.2.0.0/lib:$LD_LIBRARY_PATH
```
Note:

You can also update the LD_LIBRARY_PATH by copying the 'lib' contents to APACHE_HOME/lib or by editing the APACHE_HOME/bin/apachectl to update the LD_LIBRARY_PATH.
Set PLUGINS_HOME to point to the directory where the proxy plug-ins zip file is extracted to, using the following command:
```
export PLUGINS_HOME=/home/myhome/weblogic-plugins-14.1.2.0.0/
```
Include the path containing the OpenSSL libraries in the LD_LIBRARY_PATH, using the following command:
```
export LD_LIBRARY_PATH=/home/myhome/openssl_installation/lib:$LD_LIBRARY_PATH
```
At the prompt, start the Apache HTTP Server by entering:
```
$ ${APACHE_HOME}/bin/apachectl start
```
Send a request to http://apache-host:apache-port/mywebapp/my.jsp from the browser and validate the response

Parent topic: Configuring the WLS Apache Plug-In

Including a weblogic.conf File in the httpd.conf File

To keep several separate configuration files, you can define parameters in a separate configuration file called weblogic.conf, by using the Apache HTTP Server Include directive in an <IfModule> block in the httpd.conf file.

<IfModule mod_weblogic.c>
 # Config file for Oracle WebLogic Server that defines the parameters
 Include conf/weblogic.conf 
</IfModule>

The syntax of weblogic.conf files is the same as that for the httpd.conf file.

The following sections describe how to create the weblogic.conf files, and include the sample weblogic.conf files:

Parent topic: Configuring the WLS Apache Plug-In

Rules for Creating the weblogic.conf Files

Be aware of the following rules and best practices for constructing a weblogic.conf file.

Enter each parameter on a new line. Do not put "=" between a parameter and its value. For example:
```
PARAM_1 value1
PARAM_2 value2
PARAM_3 value3
```
If a request matches both a MIME type specified in a MatchExpression in an <IfModule> block and a path specified in a Location block, the behavior specified by the <Location> block takes precedence.
If you use an Apache HTTP Server <VirtualHost> block, you must include all configuration parameters (MatchExpression, for example) for the virtual host within the <VirtualHost> block (see Apache Virtual Host documentation at http://httpd.apache.org/docs/vhosts/).
You should use the MatchExpression statement instead of the <Files> block.

Here is sample of the weblogic.conf file:

Global configuration:

<IfModule mod_weblogic.c>
 WebLogicCluster johndoe02:8005,johndoe:8006
 WLTempDir "/tmp"
 DebugConfigInfo ON
 KeepAliveEnabled ON
 KeepAliveSecs 15
</IfModule>

Location configuration:

All the requests that match /jurl/* will have the POST data files in /tmp/jurl and will reverse proxy the request to myCluster and port 7001.
```
<Location /jurl>
 WLSRequest On
 WebLogicCluster myCluster:7001
 WLTempDir "/tmp/jurl"
</Location>
```
All the requests that match /web/* will have the POST data files in /tmp/web and will reverse proxy the request to myhost and port 8001.
```
<Location /web>
 WLSRequest On
 PathTrim /web
 WebLogicHost myhost
 WebLogicPort 8001
 WLTempDir "/tmp/web"
</Location>
```
All the requests that match /foo/* will have the POST data files written to /tmp/foo and will reverse proxy the request to myhost02 and port 8090.
```
<Location /foo>
 WLSRequest On
 WebLogicHost myhost02
 WebLogicPort 8090
 WLTempDir "/tmp/foo"
 PathTrim /foo
</Location>
```

Parent topic: Including a weblogic.conf File in the httpd.conf File

Sample weblogic.conf Configuration Files

These examples of weblogic.conf files may be used as templates that you can modify to suit your environment and server. Lines beginning with # are comments.

Example 3-1 Using WebLogic Clusters

# These parameters are common for all URLs which are 
# directed to the current module. If you want to override
# these parameters for each URL, you can set them again in
# the <Location> or <Files> blocks. 
<IfModule mod_weblogic.c>
 WebLogicCluster w1s1.com:7001,w1s2.com:7001,w1s3.com:7001
 ErrorPage http://myerrorpage.mydomain.com
 MatchExpression *.jsp
</IfModule>
####################################################

In the example, the MatchExpression parameter syntax for expressing the filename pattern, the Oracle WebLogic Server host to which HTTP requests should be forwarded, and various other parameters are as follows:

MatchExpression [filename pattern] [WebLogicHost=host] | [paramName=value]

The first MatchExpression parameter below specifies the filename pattern *.jsp, and then names the single WebLogicHost. The paramName=value combinations following the pipe symbol specify the port at which Oracle WebLogic Server is listening for connection requests, and also activate the Debug option. The second MatchExpression specifies the filename pattern *.html and identifies the WebLogic Cluster hosts and their ports. The paramName=value combination following the pipe symbol specifies the error page for the cluster.

Example 3-2 Using Multiple WebLogic Clusters

# These parameters are common for all URLs which are
# directed to the current module. If you want to override
# these parameters for each URL, you can set them again in
# the <Location> or <Files> blocks.
<IfModule mod_weblogic.c>
 MatchExpression *.jsp WebLogicHost=myHost|WebLogicPort=7001|Debug=ON
 MatchExpression *.html WebLogicCluster=myHost1:7282,myHost2:7283|ErrorPage=
 http://www.xyz.com/error.html
</IfModule>

Example 3-3 Without WebLogic Clusters

# These parameters are common for all URLs which are 
# directed to the current module. If you want to override
# these parameters for each URL, you can set them again in
# the <Location> or <Files> blocks.
<IfModule mod_weblogic.c>
 WebLogicHost myweblogic.server.com
 WebLogicPort 7001
 MatchExpression *.jsp
</IfModule>

Example 3-4 Configuring Multiple Name-Based Virtual Hosts

# VirtualHost1 = localhost:80
<VirtualHost 127.0.0.1:80>
DocumentRoot "/test/VirtualHost1"
ServerName localhost:80
<IfModule mod_weblogic.c> 
#... WLS parameter ...
WebLogicCluster localhost:7101,localhost:7201
# Example: MatchExpression *.jsp <some additional parameter>
MatchExpression *.jsp PathPrepend=/test2
</IfModule>
</VirtualHost>
 
# VirtualHost2 = 127.0.0.2:80
<VirtualHost 127.0.0.2:80>
DocumentRoot "/test/VirtualHost1"
ServerName 127.0.0.2:80
<IfModule mod_weblogic.c> 
#... WLS parameter ...
WebLogicCluster localhost:7101,localhost:7201
# Example: MatchExpression *.jsp <some additional parameter>
MatchExpression *.jsp PathPrepend=/test2
#... WLS parameter ...
</IfModule>
</VirtualHost>

You must define a unique value for ServerName or some proxy plug-in parameters will not work as expected.

Parent topic: Including a weblogic.conf File in the httpd.conf File

Template for the Apache HTTP Server httpd.conf File

This section contains a sample httpd.conf file for Apache HTTP Server. You can use this sample as a template and modify it to suit your environment and server. Lines beginning with # are comments.

Note:

Apache HTTP Server is not case sensitive.

Sample httpd.conf file for Apache HTTP Server

####################################################
# APACHE-HOME/conf/httpd.conf file
####################################################
LoadModule weblogic_module /home/myhome/weblogic-plugins-12.2.1/lib/mod_wl_24.so

<Location /weblogic>
 WLSRequest On
 PathTrim /weblogic
 ErrorPage http://myerrorpage1.mydomain.com
</Location>

<Location /servletimages>
 WLSRequest On
 PathTrim /something
 ErrorPage http://myerrorpage1.mydomain.com
</Location>

<IfModule mod_weblogic.c>
  MatchExpression *.jsp
  WebLogicCluster w1s1.com:7001,w1s2.com:7001,w1s3.com:7001
  ErrorPage http://myerrorpage.mydomain.com
</IfModule>

Parent topic: Including a weblogic.conf File in the httpd.conf File

About WebSocket Proxy Configurations

The 14.1.2.0.0 WLS Apache Plug-In for Apache HTTP Server 2.4.x can handle WebSocket connection upgrade requests and effectively proxy to WebSocket applications hosted within Oracle WebLogic Server 14c (14.1.1.0.0) and later.

Review following timeout setting for the WebSocket connection:

If you use the mod_reqtimeout module within the Apache HTTP Server, then set the configured client timeout value appropriately to consider for the WebSocket connections.
The default timeout value for HTTP requests in the mod_reqtimeout module has changed between Apache HTTP Server 2.2 and 2.4. This change can cause the WebSocket connections to break. Therefore, you will need to use an appropriate client timeout value.
You should configure appropriate client timeout values for the WebSocket connections to avoid malicious attacks such as a Denial of Service attack.

Note:

WebSocket is not supported over HTTP/2.

Parent topic: Configuring the WLS Apache Plug-In

Verifying the Log File

The Oracle WebLogic Server Proxy Plug-in logs are now part of the Apache HTTP Server error log. You can easily identify the references with the prefix weblogic:

[weblogic:debug] [pid 6571:tid 139894556022528] ApacheProxy.cpp(875): [client 10.184.61.77:53634] <657114316705052> =========New Request: [GET /weblogic/index.html HTTP/1.1] ======

To enable the proxy plug-in logs, set the Apache web server directive LogLevel to debug. The logs are included in the file pointed to by the Apache web server ErrorLog directive.

config file name: httpd.conf
setting: LogLevel debug

Additionally, a new log file named wl_exportwallet_log is created in the same file system path where the web server's log file exists. In case of the Apache web server process, this file is located at $SERVER_ROOT/logs/.

The Oracle wallets used in the web server configuration must be exported to PEM formatted files on the file system to enable OpenSSL APIs to access the key and certificates present in the Oracle wallet. This is done by forking a separate process called export_wallet from the main web server process. The export_wallet process writes to the wl_exportwallet_log, and not to the web server's log.

Parent topic: Configuring the WLS Apache Plug-In

Clustering Failover When Using the WLS Apache Plug-In

When using the WLS Apache Plug-In as the front-end for a cluster, the plug-in uses several configuration parameters to determine how long to wait for connections to the WebLogic Server host and, after a connection is established, how long the plug-in waits for a response:

Verify the setting of the Apache idempotent flag. When idempotent is set to ON, and if the servers do not respond within the specified WLIOTimeoutSecs value, the plug-ins fail over. The plug-ins also fail over if idempotent is set to ON and the servers respond with an error such as READ_ERROR_FROM_SERVER. If set to OFF, the plug-ins do not fail over. See Parameters for Web Server Plug-Ins in Using Web Server 1.1 Plug-Ins with Oracle WebLogic Server.
Verify the setting of WebLogic Proxy Plug-in retry mechanism; for example, whether the maximum number of retries allowed is equal to the ConnectTimeoutSecs value divided by the ConnectRetrySecs value. See Failover, Cookies, and HTTP Sessions in Using Web Server 1.1 Plug-Ins with Oracle WebLogic Server.

Parent topic: Configuring the WLS Apache Plug-In

Enable and Configure HTTP/2 Support

To leverage the benefits of the HTTP/2 protocol, HTTP/2 must be used for both front-end connections and back-end connections.

To support the use of the HTTP/2 protocol for both front-end and back-end connections, all the following are required:

Apache Web Server must be configured to support HTTP/2 front-end connections.
WLS Apache Plug-In must be configured to support HTTP/2 back-end connections.
You must use a version of WebLogic Server that supports HTTP/2, and WebLogic Server must be configured to support HTTP/2.

Note:
Both WebLogic Server 14.1.1 and WebLogic Server 14.1.2 support HTTP/2 and are configured, by default, to support HTTP/2.

In HTTP/2 configurations:

Clients will create HTTP/2 front-end connections to Apache Web Server, if possible:
- Clients that support HTTP/1.1 only will negotiate HTTP/1.1 front-end connections.
- Clients that support HTTP/2 will create HTTP/2 front-end connections.
WLS Apache Plug-In will create HTTP/2 back-end connections to WebLogic Server. HTTP/2 back-end connections will be used, regardless of whether HTTP/1.1 or HTTP/2 front-end connections are being used.

When used with clients that support HTTP/2, such configurations support “end to end” use of HTTP/2 – from clients to Apache Web Server to WebLogic Server. Such configurations will also support HTTP/1.1 front-end connections from clients that support HTTP/1.1 only - the use of HTTP/2 back-end connections is transparent to clients using HTTP/1.1 front-end connections.

The following sections describe how to enable and configure Apache Web Server and the WLS Apache Plug-In to support HTTP/2:

Parent topic: Installing and Configuring the Oracle WebLogic Server Proxy Plug-In for Apache HTTP Server

Enabling HTTP2 Support in the Apache Web Server

Use the mod_http2 module to enable HTTP/2 for front-end connections. mod_http2 uses the nghttp2 library (libnghttp2.so) as its implementation base. For more information, see the Apache Web Server guide for the HTTP/2 implementation in Apache httpd.

Parent topic: Enable and Configure HTTP/2 Support

Configuring HTTP/2 Support on Front-End Connections

Use the following steps to configure HTTP/2 support in the Apache Web Server:

Load the http2_mod module:

LoadModule http2_module modules/mod_http2.so

The second directive you need to add to your server configuration is:
```
Protocols h2 http/1.1
```
This allows h2, the secure variant, to be the preferred protocol on your server connections. When you want to enable all HTTP/2 variants, you write:
```
Protocols h2 h2c http/1.1
```

Parent topic: Enable and Configure HTTP/2 Support

Enabling HTTP2 Support in the WebLogic Apache Plug-In

WLS Apache Plug-In requires the nghttp2 library (libnghttp2.so) for HTTP/2 support to back-end connections. For details, see Enabling HTTP2 Support in the Apache Web Server.

Parent topic: Enable and Configure HTTP/2 Support

Configuring HTTP/2 Support on Back-End Connections

To configure HTTP/2 on back-end connections, you must set the WLProtocol directive in the weblogic.conf file.

Example With HTTP/2 Protocol Configured

Copy
LoadModule weblogic_module modules/mod_wl_24.so
Listen 4455
<VirtualHost *:4455>
  ServerName vh1.com
  WLSSLWallet /scratch/user/temp/server
  SecureProxy ON
  WLProtocol http/2
  <Location /myApp>
     WLSRequest On
     WebLogicCluster ns1.example.com:7011,ns2.example.com:7011,ns3.example.com:7011
  </Location>
  <Location /myApp2>
     WebLogicHost example.com
     WLSRequest On
     WebLogicPort 7025
  </Location>
</VirtualHost>

Note:

When the HTTP/2 protocol is configured, the following directives are ignored:

Parent topic: Enable and Configure HTTP/2 Support

Server Push Functionality

The server push functionality is one of the key features of the HTTP/2 protocol.

Accessing websites follows the request and response pattern. A user sends a request to a remote server. The server responds with the requested content with some delay. The initial request to a web server is generally for an HTML document. In this scenario, the server replies with the requested HTML resource. The HTML is then parsed by the browser, where references to other assets are discovered, such as style sheets, scripts, and images. Upon their discovery, the browser makes separate requests for those assets, which are then responded to by the server. The problem with this mechanism is that it forces the user to wait for the browser to discover and retrieve critical assets until after an HTML document has been downloaded. This delays rendering time and increases load time.

The server push functionality is a solution to this problem. It lets the server preemptively push website assets to the client without the user having explicitly asked for them.

For example, consider a website where all pages rely on styles defined in an external style sheet named styles.css. When the user requests index.html from the server, the styles.css is sent to the user just after the server starts sending the response for index.html. Rather than waiting for the server to send index.html and then waiting for the browser to request and receive styles.css, the user only has to wait for the server to respond with both index.html and styles.css on the initial request. This decreases the rendering time of the page.

To enable the server push functionality, configure the H2Push directive and use link headers either in the web server configuration file or in the response. For configuring the H2Push directive, see H2Push Directive in the Apache HTTP Server Documentation.

The WLS Apache Plug-In supports link headers created using the Link.Builder API.

Example of a link header in the web server configuration file:

H2Push on
<Location /xxx.html>
    Header add Link "</xxx.css>;rel=preload"
    Header add Link "</xxx.js>;rel=preload"
</Location>

Example of a link header in the response:

</xxx.css>;rel="preload";type="text/css"

To enable the server push functionality, set H2Push to on in the httpd.conf file if link header is sent in the response, as given below:

-----config section---
H2Push on
----------------------

Note:

PushBuilder from HTTPServeletRequest, and using 103 early hints along with the link headers are NOT supported.

Enabling H2Push on Windows Apache
On the Windows Apache Server, you must ensure that the headers_module is loaded which is required for the H2Push to function correctly.

Parent topic: Enable and Configure HTTP/2 Support

Enabling H2Push on Windows Apache

On the Windows Apache Server, you must ensure that the headers_module is loaded which is required for the H2Push to function correctly.

Perform the following steps to enable H2Push:

Open the httpd.conf file located in your Apache installation. For example, C:\Apache2\conf.
Uncomment the following line in the httpd.conf file by removing #:

#LoadModule headers_module modules/mod_headers.so
Save the httpd.conf file.
Restart the Apache Server.

Parent topic: Server Push Functionality

Configuring IPv6 with Proxy Plug-Ins

The 14.1.2.0.0 WLS proxy plug-ins support IPv6. Specifically, the WebLogicHost and WebLogicCluster configuration parameters now support IPv6 addresses.

See WebLogicCluster and WebLogicHost.

For example:

<IfModule mod_weblogic.c>
 WebLogicHost [a:b:c:d:e:f]
 WebLogicPort 7002
 ...
</IfModule>

<IfModule mod_weblogic.c>
 WebLogicCluster [a:b:c:d:e:f]:<port>, [g:h:i:j:k:l]:<port>
 
 ....
</IfModule>

You can also use the IPv6 address mapped host name.

For example:

<IfModule mod_weblogic.c>  
#hostname1 is mapped to IPv6 address in /etc/hosts file
 WebLogicHost hostname1
 WebLogicPort 7002
 ...
</IfModule>

Sample entry in the /etc/hosts file:

127.0.0.1 localhost localhost.localdomain localhost4 localhost4.localdomain4
::1 localhost localhost.localdomain localhost6 localhost6.localdomain6
::1 hostname1

Note:

As of Windows 2008, the DNS server returns the IPv6 address in preference to the IPv4 address. If you are connecting to a Windows 2008 (or later) system using IPv4, the link-local IPv6 address format is tried first, which may result in a noticeable delay and reduced performance. To use the IPv4 address format, configure your system to instead use IP addresses in the configuration files or add the IPv4 addresses to the etc/hosts file.

In addition, you may find that, setting the DynamicServerList property to OFF in the configuration file also improves performance with IPv6. When set to OFF, the proxy plug-in ignores the dynamic cluster list used for load balancing requests proxied from the proxy plug-in and uses the static list specified with the WebLogicCluster parameter.

Parent topic: Installing and Configuring the Oracle WebLogic Server Proxy Plug-In for Apache HTTP Server

Understanding the DMS Metrics for the WLS Apache Plug-In

The performance metrics for the WLS Apache Plug-In are provided through the Oracle Dynamic Monitoring Service (DMS). For example, it can fetch the number of requests proxied, the number of failed requests, and other specific metrics.

You can configure and view the DMS performance metrics for Oracle WebLogic Server 14.1.2.0.0 Proxy Plug-in.

The DMS metrics that can be returned are described in DMS State Metrics, DMS Event Metrics, and DMS PhaseEvent Metrics.

This section includes the following topics:

Parent topic: Installing and Configuring the Oracle WebLogic Server Proxy Plug-In for Apache HTTP Server

Configuring the DMS Metrics for the WLS Apache Plug-In

To configure the DMS metrics for the WLS Apache Plug-In, add the following code to the httpd.conf file:

# Add the following LoadModule only if it is not already present
# Use mod_wl_24.so for Apache 2.4
LoadModule weblogic_module $PLUGINS_HOME/mod_wl_24.so

<Location /metrics>
    SetHandler dms-handler
</Location>

Parent topic: Understanding the DMS Metrics for the WLS Apache Plug-In

Viewing the Performance Metrics for the WLS Apache Plug-In

You can view the raw metrics using the following URL:

http://apachehost:apacheport/metrics

Where, apachehost is the host name of the Apache server and apacheport is the port number.

The metrics that are coming from the WLS Apache Plug-In can be found under the /WebLogicProxy [type=WebLogicProxy] section.

Parent topic: Understanding the DMS Metrics for the WLS Apache Plug-In

DMS State Metrics

A State metric tracks system status information or to track a metric that is not associated with an event. For a description of the State metrics, see Table 3-4.

Table 3-4 State Metrics for the WLS OHS Plug-In Module

Metric Name	Description
`totalDeclines`	The total number of requests declined (not processed by `mod_wl_24`). This number indicates the requests that are not configured, and/or rejected by the proxy plug-in (for example, custom HTTP methods are always rejected by the proxy plug-in)
`totalErrors`	Number of requests that could not be processed successfully. See Event Metrics for errors.
`totalHandled`	The total number of requests serviced by the `mod_wl_24` proxy plug-in.
`totalRequests`	The total number of requests received by `mod_wl_24`. The number includes all the requests that are targeted to the proxy plug-in, plus the requests that are not targeted to any module (not configured).
`totalRetries`	Number of times a request was retried. Requests are generally retried on failure (depending on configuration). If a request is ever retried, this metric will increment (once per request, irrespective of how many times the request was retried).
`totalSuccess`	The number of requests successfully processed. If the requests are processed successfully (proxied to Oracle WebLogic Server, and sent the response back to client), then this metric will be incremented.
`websocketActive`	Number of WebSocket upgrade requests currently active.
`websocketClose`	Number of WebSocket upgrade requests closed. If the WebSocket session is terminated (for any reason), then this metric is updated.
`websocketMax`	Maximum number of simultaneous WebSocket requests that can be active. If the `WLMaxWebSocketClients` parameter is configured, the value will be the lower of these: The configured value, OR 0.75 of the value of `MaxRequestWorkers` (Apache 2.4) If `WLMaxWebSocketClients` parameter is not configured, the value will be 0.5 of the value of `MaxRequestWorkers` (Apache 2.4). For more information about the `WLMaxWebSocketClients` parameter, see Tuning Oracle HTTP Server for High Throughput for WebSocket Upgrade Requests.
`websocketPercent`	This value is defined by the number of active WebSockets (`websocketActive`) divided by the maximum number of simultaneous WebSocket requests (`websocketMax`) multiplied by 100: (`websocketActive/webocketMax`)`*100`.
`websocketRequests`	The number of WebSocket upgrade requests made. If the request URI is an WebSocket upgrade request, this metric will be incremented.
`websocketSuccess`	Number of WebSocket upgrade requests completed successfully. If Oracle WebLogic Server responds to a WebSocket upgrade request with `101 Switching Protocols`, then this metric is updated.

Parent topic: Understanding the DMS Metrics for the WLS Apache Plug-In

DMS Event Metrics

A DMS Event metric counts system events. A DMS event tracks system events that have a short duration, or where the duration of the event is not of interest but the occurrence of the event is of interest. For a description of the Event metrics, see Table 3-5.

Table 3-5 Event Metrics for the WLS OHS Plug-In.

Metric Name	Description
`errConnRefused`	The number of `CONNECTION_REFUSED` errors. Indicates the number of times the configured `WebLogicHost` and/or `WebLogicPort` is either not reachable or not listening.
`errNoResources`	The number of `NO_RESOURCES` errors. One scenario where this exception can occur is when SSL is configured in the proxy plug-in, but the corresponding SSL configuration is not defined in the managed server.
`errOthers`	The number of any other errors. For example, `POST` data size is greater than the value of `MaxPostSize`.
`errReadClient`	The number of `READ_ERROR_FROM_CLIENT` errors. Indicates the number of times that the proxy plug-in could not read from the client (browser).
`errReadServer`	The number of `READ_ERROR_FROM_SERVER` errors. Indicates the number of times a read operation could not be successfully performed on Oracle WebLogic Server.
`errReadTimeout`	The number of `READ_TIMEOUT` errors. An example is Oracle WebLogic Server not responding within `WLIOTimeoutSecs`.
`errWriteClient`	The number of `WRITE_ERROR_TO_CLIENT` errors. Indicates the number of times that the proxy plug-in could not write to client. This can be seen when the client sends a request but closes the connection before receiving the response.
`errWriteWLS`	The number of `WRITE_ERROR_TO_SERVER` errors. Indicates the number of times that the proxy plug-in could not write to Oracle WebLogic Server.
`wsClientClose`	Number of WebSocket upgrade requests closed by client. If the client sends a WebSocket upgrade request, and client closes the connection, then this metric is updated.
`wsErrorClose`	Number of WebSocket sessions terminated due to error. If there is any error which causes the WebSocket connection to close, then this metric is updated.
`wsNoUpgrade`	The number of times the WebSocket upgrade request was rejected. The response to WebSocket upgrade request is not "`101 Switching Protocols`". This can happen when the upgrade request is sent to Oracle WebLogic Server that does not support WebSockets (Oracle WebLogic Server version 12.1.2 or earlier).
`wsServerClose`	Number of WebSocket upgrade requests closed by server. If Oracle WebLogic Server initiates a close of WebSocket communication, then this metric is updated. For example, timeout or no communication (by default, 5 minutes) after upgrading the request.

Parent topic: Understanding the DMS Metrics for the WLS Apache Plug-In

DMS PhaseEvent Metrics

A DMS PhaseEvent metric measures the time spent in a specific section of code that has a beginning and an end. A PhaseEvent tracks time in a method or in a block of code. For each phase event, an "active count", "completed count", "total time", "min time", "max time", and "average time" value is included. For a description of the PhaseEvent metrics, see Table 3-6.

Table 3-6 PhaseEvent Metrics for the WLS OHS Plug-In

Metric Name	Description
`websocketPhase`	WebSocket communication in progress. The phase (time) between "WebSocket upgrade succeeded" and "WebSocket connection closed"
`wlsWait`	The phase (time) between "the request sent to Oracle WebLogic Server" and "Waiting for response".

Parent topic: Understanding the DMS Metrics for the WLS Apache Plug-In

Support and Patching

When you encounter issues with a proxy plug-in, always report the version of the proxy plug-in you are using. You can find this information in the Apache log.

The version information looks like the following snippet:

WebLogic Server Plugin version 14.1.2.0.0 <WLSPLUGINS_XXXX_XXXX_XXXXX.XXXX>

Note:

On the Apache Web Server for Linux, you can also obtain the proxy plug-in version by issuing the following command:

$ strings ${PLUGINS_HOME}/lib/mod_wl_24.so | grep -i wlsplugins

A patch for a proxy plug-in will typically contain one or more shared objects to be replaced. Ensure to backup your original files as you replace them with those in the patch. Validate that the patch has been correctly updated by checking the version string in the logs.

You can obtain the latest updates for security fixes from the Critical Patch Update (CPU) Patch Advisor for Oracle Fusion Middleware (Doc ID 2806740.2).

Parent topic: Installing and Configuring the Oracle WebLogic Server Proxy Plug-In for Apache HTTP Server

Deprecated Directives for Apache HTTP Server

The WLLogFile and Debug directives are deprecated. If the configuration uses these directives, a note appears during startup.

[Thu May 14 23:22:19 2015] [warn] weblogic: The Debug directive is ignored.  The web server log level is used instead.

For information about log files, see Verifying the Log File.

Parent topic: Installing and Configuring the Oracle WebLogic Server Proxy Plug-In for Apache HTTP Server