Download all the necessary certificates (your Server Certificate and the Intermediate Certificates).
Let us now get into the details of configuring Apache. We store these Apache directives in a file called /etc/apache2/sites-available/www.example.com-ssl. The file may also contain other directives for proper operating of the web site, but this does not interfere with the SSL configuration. Assuming you have apache and open ssl installed, you would like to generate and setup an SSL certificate for a domain and generate a CSR. First, Generate the RSA & CSR (Signing Request).
This script outputs the google search URL required for search on edocs documentation.Using Web Server Plug-Ins with WebLogic Server
The following sections describe how to install and configure the Apache HTTP Server Plug-In:
The Apache HTTP Server Plug-In proxies requests from an Apache HTTP Server to a WebLogic Server cluster or instance. The plug-in enhances an Apache installation by enabling WebLogic Server to handle load-balancing or requests that require the dynamic functionality of WebLogic Server. You target a WebLogic Server instance using the WebLogicHost and WebLogicPort parameters in the plug-in configuration file. You target a WebLogic Server cluster or group of non-clustered servers using the WebLogicCluster parameter. For information about setting plug-in parameters, see Parameters for Web Server Plug-Ins.
The plug-in is intended for use in an environment where an Apache Server serves static pages, and another part of the document tree (dynamic pages best generated by HTTP Servlets or JavaServer Pages) is delegated to WebLogic Server, which may be operating in a different process, possibly on a different host. To the end user—the browser—the HTTP requests delegated to WebLogic Server still appear to be coming from the same source.
HTTP-tunneling, a technique that gives HTTP requests and responses access through a company's firewall, can operate through the plug-in. See Editing the httpd.conf File.
The Apache HTTP Server Plug-In operates as an Apache module within an Apache HTTP Server. An Apache module is loaded by Apache Server at startup, and then certain HTTP requests are delegated to it. Apache modules are similar to HTTP servlets, except that an Apache module is written in code native to the platform.
Limitations in Apache Version 1.3.x
Version 1.3x of the Apache HTTP Server has several limitations that affect the WebLogic Server plug-in. These limitations do not exist in later versions.
Keep-Alive Connections Not Supported
Version 1.3.x of the Apache HTTP Server Plug-In creates a socket for each request and closes the socket after reading the response. Because Apache HTTP Server is multiprocessed, connection pooling and keep-alive connections between WebLogic Server and the Apache HTTP Server Plug-In cannot be supported.
Inconsistent States
The Apache HTTP Server has a multi-process architecture, and the state of the plug-in cannot be synchronized across multiple child processes. The following types of problems may occur:
- In a clustered environment, a plug-in may dispatch requests to an unavailable WebLogic Server instance because the
DynamicServerList
is not current in all plug-in processes. DynamicServerList=ON
works with a single Apache server (httpd daemon process), but for more than one server, such asStartServers=5
, the dynamic server list will not be updated across all httpd instances until they have all tried to contact a WebLogic Server instance. This is because they are separate processes. This delay in updating the dynamic server list could allow an Apache httpd process to contact a server that another httpd process has marked as dead. Only after such an attempt will the server list will be updated within the proxy. One possible solution if this is undesirable is to set theDynamicServerList
to OFF.- In a non-clustered environment, a plug-in may lose the stickiness of a session created after restarting WebLogic Server instances, because some plug-in processes do not have the new JVMID of those restarted servers, and treat them as unknown JVMIDs.
To temporarily correct inconsistencies of this type, restart or send a HUP signal (kill -HUP
) to the Apache server to refresh all plug-in processes.
To avoid these issues, upgrade to Apache 2.0.x and configure Apache to use the multi-threaded and single-process model, mpm_worker_module
. An example httpd.conf
configuration for this module:
For information about this module, see Apache MPM worker.
Keep-Alive Connections Supported in Apache Version 2.0
Version 2.0 of the Apache HTTP Server Plug-In improves performance by using a reusable pool of connections from the plug-in to WebLogic Server. The plug-in implements HTTP 1.1 keep-alive connections between the plug-in and WebLogic Server by reusing the same connection in the pool for subsequent requests from the same client. If the connection is inactive for more than 30 seconds, (or a user-defined amount of time) the connection is closed and returned to the pool. You can disable this feature if desired.
Certifications
The Apache HTTP Server Plug-In is supported on the Linux, Solaris, AIX, Windows, and HPUX11 platforms. Plug-ins are not supported on all operating systems for all releases. For information on platform support for specific versions of Apache, see Platform Support for WebLogic Server Plug-ins and Web Servers in Supported Configurations for WebLogic Server 8.1.
You install the Apache HTTP Server Plug-In as an Apache module in your Apache HTTP Server installation. There are two ways that this module can be compiled and linked to Apache—as a statically linked module (available only for Apache version 1.3.x), or as a Dynamic Shared Object (DSO).
Keep the following in mind when selecting which type of module to use:
- Statically linking a plug-in module requires recompiling Apache, which may be inconvenient.
- A Dynamic Shared Object is compiled as a library that is dynamically loaded by the server at run time, and can be installed without recompiling Apache.
Installing the Apache HTTP Server Plug-In as a Dynamic Shared Object
The Apache plug-in is distributed as a shared object (.so
) for Solaris, Linux, Windows, AIX and HPUX11 platforms. WebLogic supplies versions of shared object files that vary according to platform, to whether or not SSL is to be used between the client and Apache, and to the SSL encryption strength (128-bit versions are only installed if you install the 128-bit version of WebLogic Server).
Table 2-1 shows the directories of your WebLogic Server installation that contain shared object files for various platforms (where WL_HOME is the top-level installation directory for the WebLogic platform).
Table 2-2 identifies the WebLogic Server Apache Plug-In modules for different versions of Apache HTTP Server and different encryption strengths.
Table 2-1 Locations of Plug-In Shared Object Files
Operating System | Shared Object Location |
---|---|
Solaris |
|
Linux |
|
Windows |
|
AIX |
|
HPUX11 |
Warning: If you are running Apache 2.0.x server on HP-UX11, set the environment variables specified below before you build the Apache server. Because of a problem with the order in which linked libraries are loaded on HP-UX, a core dump can result if the load order is not preset as an environment variable before building. Set the following environment variables before proceeding with the Apache |
Choose the appropriate version of the plug-in shared object from the following table.
Table 2-2 Apache Plug-In Shared Object File Versions
Apache Version | Regular Strength Encryption | 128-bit Encryption |
---|---|---|
Standard Apache Version 1.x |
|
|
Apache w/ SSL/EAPI (Stronghold, |
|
|
Apache + Raven SSL Required because Raven SSL applies frontpage patches that makes the plug-in incompatible with the standard shared object |
|
|
Standard Apache Version 2.0.x |
|
|
To install the Apache HTTP Server Plug-In as a dynamic shared object:
- In your WebLogic Server installation, locate the shared object directory for your platform using Table 2-1.
- Identify the plug-in shared object file for your version of Apache in Table 2-2.
- Verify that the WebLogic Server Apache HTTP Server Plug-In
mod_so.c
module is enabled. The Apache HTTP Server Plug-In will be installed in your Apache HTTP Server installation as an Apache Dynamic Shared Object (DSO). DSO support in Apache is based on a module
mod_so.c
, which must be enabled before mod_wl.so is loaded. If you installed Apache HTTP Server using the script supplied by Apache,mod_so.c
is already enabled. Verify thatmod_so.c
is enabled by executing the following command:(Where
APACHE_HOME
is the directory containing your Apache HTTP Server installation.)This command lists all enabled modules. If
mod_so.c
is not listed, you must rebuild your Apache HTTP Server, making sure that the following options are configured:...
--enable-module=so
--enable-rule=SHARED_CORE
...See Apache 1.3 Shared Object (DSO) Support at http://httpd.apache.org/docs/dso.html.
- For Apache 1.x, use a command shell to navigate to the directory in your WebLogic Server installation that contains the shared object for your platform and activate the
weblogic_module
by issuing this command (note that you must have Perl installed to run this Perl script): This command copies the
mod_wl.so
file to theAPACHE_HOME
libexec
directory. It also adds two lines of instructionsforweblogic_module
to thehttpd.conf
file and activates the module. Make sure that the following lines were added to yourAPACHE_HOME
/conf/httpd.conf file in your Apache 1.x server installation:For information about the Apache utility
apxs
(APache eXtenSion) see http://httpd.apache.org/docs/programs/apxs.html).- For Apache 2.0.x, install the plug-in by copying the
mod_wl_20.so
file to theAPACHE_HOME
modules
directory and adding the following line to yourAPACHE_HOME
/conf/httpd.conf file manually: - In
httpd.conf
, define any additional parameters for the Apache HTTP Server Plug-In as described in Configuring the Apache HTTP Server Plug-In. The Apache HTTP Server Plug-In recognizes the parameters listed in General Parameters for Web Server Plug-Ins.
- Start (or restart if you have changed the configuration) Apache HTTP Server.
- Test the plug-in by opening a browser and setting the URL to the Apache Server + '
/weblogic/
', which should bring up the default WebLogic Server HTML page, welcome file, or default servlet, as defined for the default Web Application on WebLogic Server. For example:
Installing the Apache HTTP Server Plug-In as a Statically Linked Module
To install the Apache HTTP Server Plug-In as a statically linked module:
- Unpack the Apache Plug-In distribution using the following command:
- Within the unpacked distribution switch to the
src/modules
directory. - Locate the linked library file for your platform.
Each library file is distributed as a separate version, depending on the platform and the encryption strength for SSL (128-bit versions are only installed if you install the 128-bit version of WebLogic Server). The library files are located in the following directories of your WebLogic Server installation.
Table 2-3 Locations of Plug-In Files
Operating System
Shared Object Location
Solaris
WL_HOME/Server/lib/solaris
Linux
WL_HOME/Server/lib/linux
Note: You also need to set the following environment variable:
LDFLAGS = '-lpthread'HPUX11
WL_HOME/Server/lib/hpux11
Warning: If you are running Apache 2.0.x server on HP-UX11, set the environment variables specified below before you build the Apache server. Because of a problem with the order in which linked libraries are loaded on HP-UX, a core dump can result if the load order is not preset as an environment variable before building. Set the following environment variables before proceeding with the Apache
configure
,make
, andmake install
steps, (described in Apache HTTP Server documentation at http://httpd.apache.org/docs-2.1/install.html#configure):Choose the appropriate shared object from the following table.
Table 2-4 Statically Linked Modules for Different Levels of Encryption
Apache Version
Regular Strength Encryption
128-bit
EncryptionStandard Apache Version 1.3.x
libweblogic.a
libweblogic128.a
If you are using the Gnu C Compiler (gcc), gcc 2.95.x is the recommended version.
- Copy
Makefile.libdir, Makefile.tmpl
from thelib
directory of your WebLogic Server installation tosrcmodulesweblogic
. - Copy
libweblogic.a
(uselibweblogic128.a
instead, if you are using 128 bit security.) from the same directory containing the linked library file tosrcmodulesweblogic
. - If you are using regular (such as 56-bit or 40-bit) 56-bit or 40-bit, execute the following command from the Apache 1.3 home directory:
If you are using 128-bit encryption, execute the following command (on a single line) from the Apache 1.3 home directory:
- Execute the following command:
- Define parameters for the Apache HTTP Server Plug-In as described in Configuring the Apache HTTP Server Plug-In.
After installing the plug-in in the Apache HTTP Server, configure the WebLogic Server Apache Plug-In and configure the Apache server to use the plug-in. This section explains how to edit the Apache httpd.conf
file to instruct the Apache server to load the WebLogic Server library for the plug-in as an Apache module, and to specify the application requests that should be handled by the module.
Editing the httpd.conf File
Edit the httpd.conf
file in your Apache HTTP server installation to configure the Apache HTTP Server Plug-In.
This section explains how to locate and edit the httpd.conf
file, to configure the Apache server to use the WebLogic Server Apache Plug-In, to proxy requests by path or by MIME type, to enable HTTP tunneling, and to use other WebLogic Server plug-in parameters.
The file is located at APACHE_
HOME
confhttpd.conf
(where APACHE_HOME
is the root directory of your Apache HTTP server installation). See a samplehttpd.conf
file at Template for the Apache HTTP Server httpd.conf File.- Ensure that the WebLogic Server modules are included.
- For Apache 1.x, verify that the following two lines were added to the
httpd.conf
file when you ran theapxs
utility, or add them manually: - For Apache 2.0.x, manually add the following line to the
httpd.conf
file: - Add an
IfModule
block that defines one of the following: For a non-clustered WebLogic Server instance:
The WebLogicHost and WebLogicPort parameters.
For a cluster of WebLogic Servers instances:
The WebLogicCluster parameter.
For example:
- To proxy requests by MIME type, add a
MatchExpression
line to theIfModule
block. Note that if both MIME type and proxying by path are enabled, proxying by path takes precedence over proxying by MIME type. For example, the following
IfModule
block for a non-clustered WebLogic Server specifies that all files with MIME type.jsp
are proxied:You can also use multiple
MatchExpressions
, for example:If you are proxying requests by MIME type to a cluster of WebLogic Servers, use the
WebLogicCluster
parameter instead of the WebLogicHost and WebLogicPort parameters. For example:- To proxy requests by path, use the
Location
block and theSetHandler
statement.SetHandler
specifies the handler for the Apache HTTP Server Plug-In module. For example the following Location block proxies all requests containing/weblogic
in the URL: The PathTrim parameter specifies a string trimmed from the beginning of the URL before the request is passed to the WebLogic Server instance (see General Parameters for Web Server Plug-Ins).
- Optionally, enable HTTP tunneling for t3 or IIOP.
- To enable HTTP tunneling if you are using the t3 protocol and
weblogic.jar
, add the following Location block to thehttpd.conf
file: - To enable HTTP tunneling if you are using IIOP, the only protocol used by the WebLogic Server thin client,
wlclient.jar
, add the following Location block to thehttpd.conf
file: - Define any additional parameters for the Apache HTTP Server Plug-In.
The Apache HTTP Server Plug-In recognizes the parameters listed in General Parameters for Web Server Plug-Ins. To modify the behavior of your Apache HTTP Server Plug-In, define these parameters either:
- In a
Location
block, for parameters that apply to proxying by path, or - In an
IfModule
block, for parameters that apply to proxying by MIME type. - Verify the syntax of the
APACHE_HOME
confhttpd.conf file with the following commands: The output of this command reports any errors in your
httpd.conf
file or returns:- Start (or restart if you have changed the configuration) Apache HTTP Server.
- Test the plug-in by opening a browser and setting the URL to the Apache Server + '
/weblogic/
', which should bring up the default WebLogic Server HTML page, welcome file, or default servlet, as defined for the default Web Application on WebLogic Server. For example:
Including a weblogic.conf File in the httpd.conf File
If you want to keep several separate configuration files so that you can quickly switch among different stored configurations, you can define parameters in a separate configuration file called weblogic.conf
file, and invoke specific weblogic.conf
files by using the Apache Include
directive in an IfModule
block in the httpd.conf
file:
The syntax of weblogic.conf
files is the same as that for the httpd.conf
file.
This section describes how to create weblogic.conf
files, and includes sample weblogic.conf
files.
Creating weblogic.conf Files
Be aware of the following when constructing a weblogic.conf
file.
- If you are using SSL between the Apache HTTP Server Plug-In and WebLogic Server, you cannot define parameters in a file accessed, as the
weblogic.conf
file is, through the ApacheInclude
directive. Thus you can not use both SSL andweblogic.conf
files. - Enter each parameter on a new line. Do not put `=' between a parameter and its value. For example:
- If a request matches both a MIME type specified in a
MatchExpression
in anIfModule
block and a path specified in aLocation
block, the behavior specified by theLocation
block takes precedence. - If you define the
CookieName
parameter , you must define it in anIfModule
block. - If you use an Apache HTTP Server
<VirtualHost>
block, you must include all configuration parameters (MatchExpression
, for example) for the virtual host within the<VirtualHost>
block (see Apache Virtual Host documentation). - If you want to have only one log file for all the virtual hosts configured in your environment, you can achieve it using global properties. Instead of specifying the same Debug, WLLogFile and WLTempDir properties in each virtual host you can specify them just once in the <IfModule> tag
- Sample httpd.conf file:
- All the requests which match /jurl/* will have Debug Level set to ALL and log messages will be logged to c:/tmp/global_proxy.log file. All the requests which match /web/* will have Debug Level set to OFF and no log messages will be logged. All the requests which match /foo/* will have Debug Level set to ERR and log messages will be logged to c:/tmp/foo_proxy.log file
- BEA recommends that you use the
MatchExpression
statement instead of the<files>
block.
Sample weblogic.conf Configuration Files
The following examples of weblogic.conf
files may be used as templates that you can modify to suit your environment and server. Lines beginning with # are comments.
Example Using WebLogic Clusters
Example Using Multiple WebLogic Clusters
In this example, the MatchExpression
parameter syntax for expressing the filename pattern, the WebLogic Server host to which HTTP requests should be forwarded, and various other parameters is as follows:
The first MatchExpression
parameter below specifies the filename pattern *.jsp
, and then names the single WebLogicHost
. The paramName=value
combinations following the pipe symbol specify the port at which WebLogic Server is listening for connection requests, and also activate the Debug option. The second MatchExpression
specifies the filename pattern *.http
and identifies the WebLogicCluster
hosts and their ports. The paramName=value
combination following the pipe symbol specifies the error page for the cluster.
Example Without WebLogic Clusters
Example Configuring Multiple Name-Based Virtual Hosts
You must define a unique value for 'ServerName'or some Plug-In parameters will not work as expected.
Template for the Apache HTTP Server httpd.conf File
This section contains a sample httpd.conf
file for Apache 1.3. You can use this sample as a template and modify it to suit your environment and server. Lines beginning with # are comments.
Note that Apache HTTP Server is not case sensitive.
Use perimeter authentication to secure WebLogic Server applications that are accessed via the Apache Plug-In.
A WebLogic Identity Assertion Provider authenticates tokens from outside systems that access your WebLogic Server application, including users who access your WebLogic Server application through the Apache HTTP Server Plug-In. Create an Identity Assertion Provider that will safely secure your Plug-In as follows:
Apache Httpd Ssl Configuration Linux
- Create a custom Identity Assertion Provider for your WebLogic Server application. See How to Develop a Custom Identity Assertion Provider in Developing Security Providers for WebLogic Server.
- Configure the custom Identity Assertion Provider to support the Cert token type and make Cert the active token type. See How to Create New Token Types in Developing Security Providers for WebLogic Server.
Set clientCertProxy
to True in the web.xml
deployment descriptor file for the Web application (or, if using a cluster, optionally set the Client Cert Proxy Enabled
attribute to true for the whole cluster in the Administration Console). This parameter can be used with a third party proxy server such as a load balancer or an SSL accelerator to enable 2-way SSL authentication. For more information about the clientCertProxy
attribute, see context-param in Developing Web Applications for WebLogic Server.
- Once you have set
clientCertProxy
, be sure to use a connection filter to ensure that WebLogic Server accepts connections only from the machine on which the Apache Plug-In is running. See Using Network Connection Filters in Programming WebLogic Security.
See Identity Assertion Providers in Developing Security Providers for WebLogic Server.
You can use the Secure Sockets Layer (SSL) protocol to protect the connection between the Apache HTTP Server Plug-In and WebLogic Server. The SSL protocol provides confidentiality and integrity to the data passed between the Apache HTTP Server Plug-In and WebLogic Server. If you use weblogic.conf
files, you cannot use SSL (see Including a weblogic.conf File in the httpd.conf File).
The Apache HTTP Server Plug-In does not use the transport protocol (http
or https
) specified in the HTTP request (usually by the browser) to determine whether or not the SSL protocol is used to protect the connection between the Apache HTTP Server Plug-In and WebLogic Server.
Although two-way SSL can be used between the HTTP client and Apache HTTP server, note that one-way SSL is used between Apache HTTP Server and WebLogic Server.
Note: Using the <Location> tag in Red Hat Apache 2.0.x, results in a core dump. Instead, use the MATCH expression to proxy requests by path or MIME type.
Configuring SSL Between the Apache HTTP Server Plug-In and WebLogic Server
To use the SSL protocol between Apache HTTP Server Plug-In and WebLogic Server:
- Configure WebLogic Server for SSL. For more information, see Configuring the SSL Protocol.
- Configure the WebLogic Server SSL listen port. For more information, see Configuring the SSL Protocol.
- In the Apache Server, set the
WebLogicPort
parameter in thehttpd.conf
file to the WebLogic Server SSL listen port configured in step 2. - In the Apache Server, set the
SecureProxy
parameter in thehttpd.conf
file toON
. - Set any additional parameters in the
httpd.conf
file that define information about the SSL connection. For a complete list of the SSL parameters that you can configure for the plug-in, see SSL Parameters for Web Server Plug-Ins. - Web server plug-ins require a trusted Certificate Authority file in order to use SSL between the plug-in and WebLogic Server. Use Sun Microsystems'
keytool
utility to export a trusted Certificate Authority file from theDemoTrust.jks
keystore file that resides inBEA_HOME/weblogic81/server/lib
. - To extract the
wlsdemoca
file, for example, use the command: Change the alias name to obtain a different trusted CA file from the keystore.
To look at all of the keystore's trusted CA files, use:
Press enter if prompted for password.
- To convert the Certificate Authority file to
pem
format:
Issues with SSL-Apache Configuration
The following are known issues that may arise when you configure the Apache plug-in to use SSL.
- To prepare the plugin configuration, double click the lock and go to the certificates path:
* Select the root CA (at the top)
* Display it
* Detail and then copy this certificate to a file using the Coded 'Base
64 X509' option
* Save the file, for example, to
ýMyWeblogicCAToTrust.cerý
(which is also aPEM file)
- The PathTrim parameter (see General Parameters for Web Server Plug-Ins) must be configured inside the
<Location>
tag. The following configuration is incorrect:
The following configuration is the correct setup:
- The
Include
directive does not work with Apache SSL. You must configure all parameters directly in thehttpd.conf
file. Do not use the following configuration when using SSL: - If you use precompiled OpenSSL from Sunfreeware.com, failover may not work properly when the plug-in tries to connect to a backend instance of WebLogic Server. If you encounter such a failure, rebuild OpenSSL and
modssl
and Apache using the following configuration settings. - For building OpenSSL:
- For building
modssl
and Apache: - The current implementation of the WebLogic Server Apache Plug-In does not support the use of multiple certificate files with Apache SSL.
When the Apache HTTP Server Plug-In attempts to connect to WebLogic Server, the plug-in uses several configuration parameters to determine how long to wait for connections to the WebLogic Server host and, after a connection is established, how long the plug-in waits for a response. If the plug-in cannot connect or does not receive a response, the plug-in attempts to connect and send the request to other WebLogic Server instances in the cluster. If the connection fails or there is no response from any WebLogic Server in the cluster, an error message is sent.
Figure 2-1 demonstrates how the plug-in handles failover.
Possible Causes of Connection Failures
Failure of the WebLogic Server host to respond to a connection request could indicate the following problems:
- Physical problems with the host machine
- Network problems
- Other server failures
Failure of all WebLogic Server instances to respond could indicate the following problems:
- WebLogic Server is not running or is unavailable
- A hung server
- A database problem
- An application-specific failure
Tuning to Reduce Connection_Refused Errors
Under load, an Apache plug-in may receive CONNECTION_REFUSED errors from a back-end WebLogic Server instance. Follow these tuning tips to reduce CONNECTION_REFUSED errors:
- Increase the
AcceptBackLog
setting in the configuration of your WebLogic Server domain. See Tuning Connection Backlog Buffering. - On Apache 2.0.x, set the
KeepAlive
directive in thehttpd.conf
file to On. For example: See Apache HTTP Server 2.0 documentation at http://httpd.apache.org/docs-project/.
Apache 1.3.x does not support this feature.
- Decrease the time wait interval. This setting varies according to the operating system you are using. For example:
- On Windows NT, set the
TcpTimedWaitDelay
on the proxy and WebLogic Server servers to a lower value. Set the TIME_WAIT interval in Windows NT by editing the registry key underHKEY_LOCAL_MACHINE
: If this key does not exist you can create it as a DWORD value. The numeric value is the number of seconds to wait and may be set to any value between 30 and 240. If not set, Windows NT defaults to 240 seconds for
TIME_WAIT
.- On Windows 2000, lower the value of the
TcpTimedWaitDelay
by editing the registry key underHKEY_LOCAL_MACHINE
: - On Solaris, reduce the setting
tcp_time_wait_interval
to one second (for both the WebLogic Server machine and the Apache machine, if possible): - Increase the open file descriptor limit on your machine. This limit varies by operating system. Using the
limit
(.csh
) orulimit
(.sh
) directives, you can make a script to increase the limit. For example: - On Solaris, increase the values of the following tunables on the WebLogic Server machine:
- tcp_conn_req_max_q
- tcp_conn_req_max_q0
Apache Http Ssl Configuration Manager
Failover with a Single, Non-Clustered WebLogic Server
If you are running only a single WebLogic Server instance the plug-in only attempts to connect to the server defined with the WebLogicHost parameter. If the attempt fails, an HTTP 503
error message is returned. The plug-in continues trying to connect to that same WebLogic Server instance until ConnectTimeoutSecs is exceeded.
The Dynamic Server List
When you use the WebLogicCluster
parameter in your httpd.conf
or weblogic.conf
file to specify a list of WebLogic Servers, the plug-in uses that list as a starting point for load balancing among the members of the cluster. After the first request is routed to one of these servers, a dynamic server list is returned containing an updated list of servers in the cluster. The updated list adds any new servers in the cluster and deletes any that are no longer part of the cluster or that have failed to respond to requests. This list is updated automatically with the HTTP response when a change in the cluster occurs.
Failover, Cookies, and HTTP Sessions
When a request contains session information stored in a cookie or in the POST data, or encoded in a URL, the session ID contains a reference to the specific server instance in which the session was originally established (called the primary server) and a reference to an additional server where the original session is replicated (called the secondary server). A request containing a cookie attempts to connect to the primary server. If that attempt fails, the request is routed to the secondary server. If both the primary and secondary servers fail, the session is lost and the plug-in attempts to make a fresh connection to another server in the dynamic cluster list. See Figure 2-1Connection Failover.
Note: If the POST data is larger than 64K, the plug-in will not parse the POST data to obtain the session ID. Therefore, if you store the session ID in the POST data, the plug-in cannot route the request to the correct primary or secondary server, resulting in possible loss of session data.
Figure 2-1 Connection Failover
Notes:
The HTTP error code thrown by the plug-in depends on the situation. Plug-in will return the HTTP error code 500 in the following conditions:
- Neither
WebLogicCluster
norWebLogicPort
was specified in thehttpd.conf
file. - Unable to resolve the
WebLogicHost
parameter specified in thehttpd.conf
file. - Port number specified by
WebLogicPort,
in thehttpd.conf
file, exceeds 65535. - Unsuccessful in parsing the request while applying the
PathTrim
property. - The request header is of type Unknown Transfer-Encoding.
- Failed to read the chunked request.
- Encounetered an error reading
POST
data from client. - Failed to open a temporary(temp) file.
- Failed to write
POST
data to the temp file. - Encounetered an error reading
POST
data from the temp file. POST
timed out.- SSL was specified without the parameter
trustedCAFile
.
On the other hand, the HTTP error code 503 is returned when:
- The maximum number of retries is exceeded. This value is computed by dividing
ConnectTimeoutSecs
byConnectRetrySecs
. Idempotent
isOFF
.