{"id":6011,"date":"2016-07-13T11:10:34","date_gmt":"2016-07-13T03:10:34","guid":{"rendered":"http:\/\/rmohan.com\/?p=6011"},"modified":"2016-07-13T11:10:34","modified_gmt":"2016-07-13T03:10:34","slug":"using-the-apache-http-server-mod_proxy-as-a-reverse-proxy-to-a-weblogic-server","status":"publish","type":"post","link":"https:\/\/mohan.sg\/?p=6011","title":{"rendered":"Using the Apache HTTP Server (mod_proxy) as a reverse proxy to a WebLogic Server"},"content":{"rendered":"

get WebLogic working with Apache as reverse proxy (mod_proxy)<\/p>\n

There is Oracle Reports running on a WebLogic Server. I want it to run on https but for some reason I don\u2019t know it wasn\u2019t working for the Internet Explorer 11 (and maybe other versions too). IE11 just timed out and never displayed any html nor could be establish a connection. It worked with Chrome and Firefox.
\nAs a fast workaround I thought, lets install a Apache and make the ssl stuff there and proxy it to the WebLogic http listening address. Both WebLogic and Apache are on the same machine, so no problem with using the http port.<\/p>\n

With the usual Apache config for mod_proxy:<\/p>\n


\nProxyPass \/reports http:\/\/somedomain.tld:7002\/reports
\nProxyPassReverse \/reports http:\/\/somedomain.tld:7002\/reports
\n…
\nThose lines weren\u2019t enough because I could still see links to http:\/\/somedomain.tld:7002\/reports* embedded within the html code.
\nWith enabling additional options and rewriting html I thought it could be managed:<\/p>\n

SetOutputFilter proxy-html
\nProxyHTMLEnable On
\nProxyHTMLExtended On
\nProxyHTMLURLMap http:\/\/somedomain.tld:7002\/reports https:\/\/somedomain.tld\/reports
\nMost of the links worked now but there were still pages not displaying correctly. Those pages just had<\/p>\n

<html>
\n<head>
\n<base href=”https:\/\/somedomain.tld\/reports\/rwservlet\/getfile\/HW-NW8428FX-mIL4832KDA-==\/0jsdfUjid.htm”>
\n<\/head><\/html><\/p>\n

in it.
\nWithout the Apache proxy it was something like:<\/p>\n

<html>
\n<head>
\n<base href=”http:\/\/somedomain.tld:7002\/reports\/rwservlet\/getfile\/HW-NW8428FX-mIL4832KDA-==\/0jsdfUjid.htm”>
\n<\/head><\/html><\/p>\n

<html>
\n…
\nwhole page content
\n…
\n<\/html>
\nAfter googling I finally found a solution\u2026 Simple tell WebLogic that there is a proxy in front of it ????
\nIn short:<\/p>\n

enable \u201eWebLogic Plug-In Enabled\u201c in Domain Structure > Environment > Servers > managed01 > Configuration General > Advanced
\nwrite in your hostname in \u201eFrontend Host:\u201c and set your https port in \u201eFrontend HTTPS Port:\u201c Domain Structure > Environment > Servers > managed01 > Protocols > HTTP
\nsave changes and restart WebLogic
\nset an additional header within your Apache config: <\/p>\n

RequestHeader set WL-Proxy-SSL true
\nrestart Apache
\nit should work now ????<\/p>\n

If you are using a WebLogic Cluster you need a proxy in front of the cluster to provide load balancing. You need either a hardware load balancer or a Web Server with the Oracle Web server plug-in.<\/p>\n

Even if you are not using a Cluster it makes sense to place a proxy in front of your WebLogic server to provide an extra layer of security. You can use the Apache HTTP Server with the mod_proxy module to configure a reverse proxy.<\/p>\n

You can of cause also use the Oracle Web server plug-in but it is a proprietary module that you have to manually download and install. mod_proxy is open source and since I mostly work with Red Hat servers it is available in the standard Red Hat channel. Red Hat provide security updates so \u201call\u201d you have to do is run yum update once in a while to get the latest updates. If you use the Oracle Web server plug-in you have to manually check for updates.<\/p>\n

I often you use a solution where an Apache HTTP Server is placed in a DMZ network segment. SSL is terminated at the Apache server and mod_proxy is used to proxy requests to an WebLogic Server in the production network segment.
\n\"mod_proxy01\"<\/a><\/p>\n

In this example we have an Internet domain called theheat.dk. The public IP 217.116.232.220 is NATed to 10.10.10.1 on winterfell.<\/p>\n

Apache has already been installed on winterfell, the mod_proxy module loaded, SSL configured and WebLogic is running on wintermute.<\/p>\n

In your VirtualHost in the ssl.conf (httpd-ssl.conf on Windows) file you can add something like this:<\/p>\n

ProxyPass \/ http:\/\/10.10.10.10:8001\/
\nProxyPassReverse \/ http:\/\/10.10.10.10:8001\/
\nThe ProxyPass and ProxyPassReverse directives are used to forward all requests to the WebLogic Server running on 10.10.10.10.<\/p>\n

Another example:<\/p>\n

ProxyPass \/service\/ws1 http:\/\/10.10.10.10:8001\/ws1_v101
\nProxyPassReverse \/service\/ws1 http:\/\/10.10.10.10:8001\/ws1_v101<\/p>\n

ProxyPass \/service\/ws2 http:\/\/10.10.10.10:8001\/ws2_v300
\nProxyPassReverse \/service\/ws2 http:\/\/10.10.10.10:8001\/ws2_v300
\nHere only requests matching two specific paths are forwarded to two Web Services.<\/p>\n

If you need more control over what is proxied you can use the ProxyPassMatch directive.<\/p>\n

If you want to prevent a path from being proxied you can use the ! directive.<\/p>\n

Configure the WebLogic Server to use a proxy<\/p>\n

The above will proxy the requests to the WebLogic Server.<\/p>\n

In some situations it will not work though. The WebLogic Server does not know that there is a proxy in front of it and sometimes it will return URLs to the end-user that contains the server name. In this example it will return URLs that contain wintermute. Since wintermute is not known on the Internet it will fail.<\/p>\n

I have experienced this when an ADF application session timeout and asks the user to log in again. The URL returned to the user is wrong.<\/p>\n

Another example is the WSDL for a Web Service. The location of the end-point and references to XML schemas will use the host name.<\/p>\n

To remedy this you can configure WebLogic so I knows that there is a proxy in front of it. WebLogic will use this information and dynamically change the references, so they uses the proxy information.<\/p>\n

First you must enable the WebLogic Plug-In. We are not using the WebLogic Plug-In but we still need to enable it here.<\/p>\n

Domain Structure > Environment > Servers > managed01 > Configuration General > Advanced:
\nNext you must insert the proxy and port.<\/p>\n

Domain Structure > Environment > Servers > managed01 > Protocols > HTTP:<\/p>\n

\"mod_proxy02\"<\/a><\/p>\n

\"mod_proxy03\"<\/a><\/p>\n

The little yellow triangles with the exclamation mark tell us that we need to restart the WebLogic server for the changes to take effect.<\/p>\n

But it will still not work. We have told WebLogic what the frontend HTTPS host and port is, but we have terminated SSL at the Apache proxy and uses HTTP between Apache and WebLogic.
\nWe need to tell WebLogic that the proxy was originally called with HTTPS.<\/p>\n

We do this by inserting an tag in the HTTP header in the Apache configuration:<\/p>\n

RequestHeader set WL-Proxy-SSL true
\nProxyPass \/ http:\/\/10.10.10.10:8001\/
\nProxyPassReverse \/ http:\/\/10.10.10.10:8001\/
\nNow everything should be working.<\/p>\n

If you are using a cluster you should set Frontend Host and Frontend HTTPS Port for the cluster not the individual Managed Server. For more information:
\nhttp:\/\/goo.gl\/k0jUe<\/p>\n

ProxyPreserveHost<\/p>\n

In some situations you need to access your application from both the Internet and from an internal network segment using the internal server names.<\/p>\n

To accomplish this you need to change the Apache configuration:<\/p>\n

ProxyPreserveHost On
\nRequestHeader set WL-Proxy-SSL true
\nProxyPass \/ http:\/\/10.10.10.10:8001\/
\nProxyPassReverse \/ http:\/\/10.10.10.10:8001\/
\nSetting \u201cProxyPreserveHost On\u201d will tell Apache to pass the host used in the request to the WebLogic Server.<\/p>\n

You also need to remove the Frontend HTTPS Host from you WebLogic Server or Cluster.<\/p>\n

Now I can access a Web Service via both:
\nhttps:\/\/theheat.dk\/service\/ws1?WSDL
\nAnd:
\nhttps:\/\/winterfell\/service\/ws1?WSDL<\/p>\n

The WSDL will either contain reference to theheat.dk or winterfell depending of which URL I use to access the WSDL with.<\/p>\n","protected":false},"excerpt":{"rendered":"

get WebLogic working with Apache as reverse proxy (mod_proxy)<\/p>\n

There is Oracle Reports running on a WebLogic Server. I want it to run on https but for some reason I don\u2019t know it wasn\u2019t working for the Internet Explorer 11 (and maybe other versions too). IE11 just timed out and never displayed any html nor […]<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[56],"tags":[],"_links":{"self":[{"href":"https:\/\/mohan.sg\/index.php?rest_route=\/wp\/v2\/posts\/6011"}],"collection":[{"href":"https:\/\/mohan.sg\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/mohan.sg\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/mohan.sg\/index.php?rest_route=\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/mohan.sg\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=6011"}],"version-history":[{"count":1,"href":"https:\/\/mohan.sg\/index.php?rest_route=\/wp\/v2\/posts\/6011\/revisions"}],"predecessor-version":[{"id":6015,"href":"https:\/\/mohan.sg\/index.php?rest_route=\/wp\/v2\/posts\/6011\/revisions\/6015"}],"wp:attachment":[{"href":"https:\/\/mohan.sg\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=6011"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/mohan.sg\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=6011"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/mohan.sg\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=6011"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}