Overview of Oracle WebLogic Server Proxy Plug-Ins

1 Overview of Oracle WebLogic Server Proxy Plug-Ins

Oracle provides proxy plug-ins for use with Oracle WebLogic Server.

This chapter includes the following topics:

What are Oracle WebLogic Server Proxy Plug-Ins?
Oracle WebLogic Server proxy plug-ins (WLS proxy plug-ins) allow requests to be proxied from an HTTP web server to Oracle WebLogic Server. In this way, proxy plug-ins enable the HTTP server to communicate with applications deployed on Oracle WebLogic Server.
Availability of Oracle WebLogic Server Proxy Plug-Ins
Oracle WebLogic Server 14.1.2.0.0 proxy plug-ins are available for Oracle HTTP Server and Apache HTTP Server.
New Features of the 14.1.2.0.0 Proxy Plug-Ins
The Oracle WebLogic Server 14.1.2.0.0 proxy plug-ins add support for the following new features.
Features Inherited from Previous 12c Releases
In addition to the new features, WLS proxy plug-ins have also inherited features from the previous 12c releases.

What are Oracle WebLogic Server Proxy Plug-Ins?

Oracle WebLogic Server proxy plug-ins (WLS proxy plug-ins) allow requests to be proxied from an HTTP web server to Oracle WebLogic Server. In this way, proxy plug-ins enable the HTTP server to communicate with applications deployed on Oracle WebLogic Server.

A proxy plug-in enhances an HTTP server installation by allowing Oracle WebLogic Server to handle requests that require dynamic functionality. In other words, you typically use a proxy plug-in where the HTTP server serves static pages such as HTML pages, while Oracle WebLogic Server serves dynamic pages such as HTTP servlets and Jakarta Server Pages (JSPs).

Oracle WebLogic Server may be operating in a different process, possibly on a different host. To the end user—the browser—the HTTP requests delegated to Oracle WebLogic Server still appear to be coming from the HTTP server.

Parent topic: Overview of Oracle WebLogic Server Proxy Plug-Ins

Availability of Oracle WebLogic Server Proxy Plug-Ins

Oracle WebLogic Server 14.1.2.0.0 proxy plug-ins are available for Oracle HTTP Server and Apache HTTP Server.

The WLS proxy plug-ins are the Oracle WebLogic Server Proxy Plug-In for Oracle HTTP Server (WLS OHS Plug-In) and the Oracle WebLogic Server Proxy Plug-In for Apache HTTP Server (WLS Apache Plug-In), respectively.

Table 1-1 Availability of Version 14c (14.1.2.0.0) Plug-Ins

Web Server Plug-In Availability More Information

Web Server	Plug-In Availability	More Information
Oracle HTTP Server 14c	The WLS OHS Plug-In is included in the Oracle HTTP Server installation.	For information about configuring the WLS OHS Plug-In, see Configuring the Plug-In for Oracle HTTP Server.
Apache HTTP Server 2.4.x	The WLS Apache Plug-In is available for download on My Oracle Support (`https://support.oracle.com/signin`) and the Software Delivery Cloud (`http://edelivery.oracle.com`) web sites as ZIP files. Available for download is the WLS Apache Plug-In ZIP file, compiled with OpenSSL 1.1.1x version and OpenSSL 3.0.x. For more information, see the Oracle WebLogic Server (14.1.2.0.0) Certification Matrix.	For information about installing and configuring the WLS Apache Plug-In, see Installing and Configuring the Oracle WebLogic Server Proxy Plug-In for Apache HTTP Server.

Oracle HTTP Server 14c

The WLS OHS Plug-In is included in the Oracle HTTP Server installation.

For information about configuring the WLS OHS Plug-In, see Configuring the Plug-In for Oracle HTTP Server.

Apache HTTP Server 2.4.x

The WLS Apache Plug-In is available for download on My Oracle Support (https://support.oracle.com/signin) and the Software Delivery Cloud (http://edelivery.oracle.com) web sites as ZIP files.

Available for download is the WLS Apache Plug-In ZIP file, compiled with OpenSSL 1.1.1x version and OpenSSL 3.0.x.

For more information, see the Oracle WebLogic Server (14.1.2.0.0) Certification Matrix.

For information about installing and configuring the WLS Apache Plug-In, see Installing and Configuring the Oracle WebLogic Server Proxy Plug-In for Apache HTTP Server.

Parent topic: Overview of Oracle WebLogic Server Proxy Plug-Ins

New Features of the 14.1.2.0.0 Proxy Plug-Ins

The Oracle WebLogic Server 14.1.2.0.0 proxy plug-ins add support for the following new features.

Table 1-2 New Features of the Oracle WebLogic Server Proxy Plug-Ins

Plug-In	Functionality
WLS OHS Plug-In	Support for Intelligent Load Balancing Support for TLSv1.3 Protocol
WLS Apache Plug-In	Support for HTTP/2 Protocol (also provided in 14.1.1.0.0) Support for Intelligent Load Balancing Support for TLSv1.3 Protocol (also provided in 14.1.1.0.0)

Parent topic: Overview of Oracle WebLogic Server Proxy Plug-Ins

Support for HTTP/2 Protocol

Note:

HTTP/2 support is for the WLS Apache Plug-In only.

The HTTP/2 protocol uses a binary framing mechanism to exchange data between the client and the server. All HTTP/2 communication is split into smaller messages and frames, each of which is encoded in a binary format. As a result, both client and server must use the new binary encoding mechanism to understand each other. An HTTP/1.x client will not understand an HTTP/2-only server, and vice versa.

The Apache Web Server supports the HTTP/1.1 and HTTP/2 protocols for both:

Clients connecting to Apache Web Server (front-end connections)
WLS Apache Plug-In connections to WebLogic Server (back-end connections)

Note:

WebSocket is not supported over HTTP/2.

Parent topic: New Features of the 14.1.2.0.0 Proxy Plug-Ins

Support for Intelligent Load Balancing

Intelligent load balancing enables WLS proxy plug-ins to more evenly distribute traffic across a pool of servers according to their actual capacity, for improved reliability.

Note:

For Intelligent Load Balancing, only Oracle WebLogic Server 14.1.2.0.0 back-end servers are supported.

The intelligent load balancing features consists of two parts:

The calculation of the health score of a WebLogic Managed Server (Managed Server)
The selection of a Managed Sever to route the request

Calculating the Health Score

For each Managed Server in a cluster, WebLogic Server provides a default health score calculation. The default health score calculation is based on CPU load, heap usage, Work Manager stuck threads count, and data source pending connection request counts. This health score is calculated individually, by each Managed Server, and then returned to the proxy plug-in when requested. For more information on how the health score is calculated in WebLogic Server, see Health Score-Based Intelligent Routing in Administering Server Environments for Oracle WebLogic Server.

WLS proxy plug-ins request the health scores of Managed Servers through the request header X-WebLogic-Request-Server-Health-Score.

WebLogic Server sends the health score of each Managed Server through the predefined response header X-WebLogic-Server-Health-Score.


<Location /sampleApp>
    WLSRequest On
    WebLogicCluster host1:port1,host2:port2,host3:port3
    RoutingAlgorithm Weighted-Least-Connection
    WeightUpdateInterval 7
</Location>

Selecting a Managed Server

In addition to the health score, WLS proxy plug-ins also use the active connection count parameter to select which Managed Server from the cluster to route the request.

The active connection count is stored at the proxy plug-in level. The active connection count represents how many requests from the proxy plug-in side are currently being served by a Managed Server.

WLS proxy plug-ins use the weighted least connection routing algorithm to select the next server from cluster. The algorithm selects the Managed Server with the lowest ratio of active connection count and Managed Server health score. This ensures that Managed Servers with higher capacities receive a proportionally larger share of the workload, while preventing overloading of less capable servers.

Configuring Intelligent Load Balancing

To enable intelligent load balancing, you must configure settings in both the WLS proxy plug-ins and WebLogic Server. If you do not configure intelligent load balancing, the round-robin routing algorithm is used by default.

In the proxy plug-in, set the RoutingAlgorithm directive to Weighted-Least-Connection. For more information, see RoutingAlgorithm.

By default, WLS proxy plug-ins request the health score of a Managed Server in one second intervals, when the request is selected to be served by a Managed Server. To reduce the frequency, configure the WeightUpdateInterval directive.

The following module needs to be loaded.

LoadModule socache_shmcb_module "${PRODUCT_HOME}/modules/mod_socache_shmcb.so"

Sample Configuration


<Location /sampleApp>
    WLSRequest On
    WebLogicCluster host1:port1,host2:port2,host3:port3
    RoutingAlgorithm Weighted-Least-Connection
    WeightUpdateInterval 7
</Location>

For instructions for configuring WebLogic Server, see Configuring the Health Score in Administering Server Environments for Oracle WebLogic Server.

Parent topic: New Features of the 14.1.2.0.0 Proxy Plug-Ins

Security Improvements

The following security enhancements have been made to the WLS proxy plug-ins.

Support for TLSv1.3 Protocol

WLS proxy plug-ins support the TLSv1.3 protocol.

Use the WebLogicSSLVersion directive to specify the SSL protocol version to be used for communication between the proxy plug-in and Oracle WebLogic Server.

The support for TLSv1.3 protocol includes the following features:

Support for new TLSv1.3 cipher suites. See WebLogicSSLCiphers.
Support for certificates signed with the RSASSA-PSS signature algorithm. See Using Certificates Signed with RSASSA-PSS Signature Algorithm.

TLS Ciphers

A few ciphers were deprecated in previous releases and are removed from the list of supported ciphers. If you want to use the deprecated ciphers for a handshake between the web server and the Oracle WebLogic Server, you must explicitly add them to the configuration using the WebLogicSSLCiphers directive. A warning message is generated if any cipher from the deprecated list is used.

Default list of ciphers for TLSv1.3:
- TLS_AES_256_GCM_SHA384
- TLS_AES_128_GCM_SHA256
- TLS_CHACHA20_POLY1305_SHA256
Default list of ciphers for TLSv1.2:
- ECDHE-RSA-AES256-GCM-SHA384
- ECDHE-RSA-AES128-GCM-SHA256
- ECDHE-ECDSA-AES256-GCM-SHA384
- ECDHE-ECDSA-AES128-GCM-SHA256
Deprecated list of ciphers in 14.1.2.0.0:
- AES128-GCM-SHA256
- AES256-GCM-SHA384
- AES128-SHA256
- AES256-SHA256
- AES256-SHA
- AES128-SHA

Parent topic: New Features of the 14.1.2.0.0 Proxy Plug-Ins

Features Inherited from Previous 12c Releases

In addition to the new features, WLS proxy plug-ins have also inherited features from the previous 12c releases.

The inherited features include the following:

The WLS Apache Plug-In supports Apache HTTP Server 2.4.x Web Server through the mod_wl_24.so proxy plug-in module. So, you will need to load the mod_wl_24.so module with Apache HTTP Server 2.4.x. This is typically done by editing the Apache HTTP Server configuration file(s).
The WLS Apache Plug-In does not support Apache HTTP Server 2.2.x through the mod_wl.so Oracle WebLogic Server module. Hence, this module has been removed from the proxy plug-in distribution.
Oracle WebLogic Server supports deploying WebSocket applications. The WLS OHS Plug-In can now handle WebSocket connection upgrade requests and effectively proxy to WebSocket applications hosted within Oracle WebLogic Server 12.1.2 and later. See About WebSocket Proxy Configurations.
The proxy plug-in now includes the following WLS OHS Plug-In configuration parameters:
- WLMaxWebSocketClients: Limits the number of active WebSocket connections at any instant of time. The default value is Half of MaxClients (or MaxRequestWorkers).
- WebLogicSSLVersion: Chooses the SSL protocol version to use while communicating HTTPS requests between the WLS OHS Plug-In and WebLogic Managed Servers and Clusters.
The WLS proxy plug-ins provide support for monitoring the performance of the WLS proxy plug-ins where a request is proxied to the back-end Oracle WebLogic Server. See Understanding the DMS Metrics for the WLS Apache Plug-In.
The WLS proxy plug-ins now log the debug information to the respective web server error log files. Hence, the proxy plug-in parameters specific to the debug logs (Debug and WLLogFile) have been deprecated.
The WLS proxy plug-ins improve performance using a pool of connections from the plug-in to Oracle WebLogic Server. The proxy plug-in implements HTTP 1.1 keep-alive connections between the proxy plug-in and Oracle WebLogic Server by reusing the same connection for subsequent requests from the same proxy plug-ins. If the connection is inactive for more than 20 seconds, (or a user-defined amount of time), the connection is closed. See KeepAliveEnabled.

Note:
The web server manages client connections.
The WLS proxy plug-ins proxy requests to Oracle WebLogic Server based on a configuration that you specify.
- You can proxy requests based on the URL of the request or a portion of the URL. This is called proxying by path.
- You can also proxy a request based on the MIME type of the requested file, which is called proxying by file extension.
You can also enable both methods. If you enable both methods and a request matches both criteria, the request is proxied by path.

You can also specify additional parameters for each of these types of requests that define additional behavior of the proxy plug-in.

The following features are no longer supported:

The WLS OHS Plug-In has removed support for TLS1.0 SSL protocol. Therefore, the proxy plug-in fails to connect to Oracle WebLogic Server when you configure TLS1.0 SSL protocol for SSL communication.
The WLS OHS Plug-In considers MD5 signed certificates as insecure. Therefore, support for these certificates has been removed. If you are using SSL to connect to Oracle WebLogic Server, and if the wallet contains any certificates signed with MD5, replace them by SHA-2 signed certificates. Otherwise, the server fails to start. For more information about MD5 signed certificates, see Replacing Certificates Signed Using the MD5 Algorithm.

Parent topic: Overview of Oracle WebLogic Server Proxy Plug-Ins