Leave a Comment:
16 comments
very good post
thank you
fadi hasweh
http://oracle-magic.blogspot.com/
Oracle is not Magic, it just takes years of experience
Hi Atul
As promised i am checking your blog ;-)…
Nice post.
cya
Nav
http://practicalappsdba.wordpress.com
Hi Atul,
Am going to implement the HTTP Layer Load Balancer for Oracle Apps HRMS. But am having a doubt about the prereq patch 3209878 which is a Oracle Configurator Patch. Please suggest whether we have to apply this patch even though we are not using the Oracle Configurator.
Thanks
Sudhakar
Hi
For any apps quesries/questions / doubts raise them in forum at http://teachMeOracle.com/forum
Replyhey atul,
i am using balance software from sourcforge.net to balance request between oracle application servers 10.1.3.3.0. so what i want to know is the procedure to route https requests between the 2 nodes. if you have any documents or any links, please forward me the same 🙂
ReplyNaveen,
If I understand your problem, you have two 10.1.3 application server listening on SSL.
You downloaded some load balancer software from sourcforge.net and now you wish to fwd requests via software load balancer to these two 10.1.3 application server .
If this is the case you need to check software load balancer documentation on how to configure 10.1.3 application server as destination server(also called as origin server)
ReplyHi,
· I have followed the enterprise deployment guide 10.1.3.1.0 and have internel load balncer and no external load balancer.
· On accessing em, bpel console and my own application using internal load balancer url, it is redirecting the https request on http protocol, which is wrong, because http traffic with https port number is totally absurd
· Consequently in order to open the em console or any application with load balancer url, I have to force the url by changing http to https without which any of the application will not work.
· One more problem that has been observed is the loadbalncer url is redirected to the url of node in cluster where the load balancer redirects the request to, this should not happen and the url should remain constant with respect to the hostname and it should not share the information as to which node the load balancer sent the request to.
· The load balance software being used is balance software from sourceforge.net
. i am trying to setup ssl between load balancer and webserver
Replyhi,
i am getting this error in apache logs
” mod_ossl: SSL protocol error [Hint: the client probably speaks HTTPS over HTTP protocol]” and looking at the change in URL i can understand that this is happening, any solution to this?
ReplyWhat do you mean by Internel load balncer ?
Is this that you are using balance ..
How and which document you used to configure SSL for 10g R3 (SOA suite) ?
Looking at issues it seems all steps were not followed proprly to configure Load Balancer & SSL
Is SSL terminating at load balancer or you are configuring it all the way till apps server
client load balancer 10.1.3 web server 10.1.3 App server (OC4J)
Replyhi,
http://download-uk.oracle.com/docs/cd/B31017_01/core.1013/b28939/j2ee.htm#sthref127
the above link is 10g relase 3 deployment guide, which i am following. there if you look at it, there is one external load balancer which will listen to internal load balancer and internal load balancer will listen to 2 app servers. but in my case, i am not using the external load balancer , i use only internal load balancer with the https.conf settings mentioned in the document.
i dont think my load balancer has ssl accelarator to decrypt https traffic and send plain http to web server. instead i believe my http server is doing all decrytion and sending http traffic to appserver.
i have not configured ssl in app layer though.
Reply@ Naveen,
Issue is that document mentioned in
http://download-uk.oracle.com/docs/cd/B31017_01/core.1013/b28939/j2ee.htm#sthref127
is based on assumption that load balancer is listening on port 443 and doing ssl encryption and decryption.
so communication from client to load balancer is ssl and from load balancer to web server and then app server is all non ssl.
should i use real ssl certificate?
No test certificate should work, issue seems with configuration at your end
is ssl certificate bound to an ip?
No this is bound to server name and not IP. This is URL name to be more specific
Is there any way i can use the default ssl certs?
Yes
How exactly should the httpd.conf look like?
It should be part of configuration , first configure web server to listen on SSL
Any changes necessary to ssl.conf?
It should be part of configuration
For configuring SSL on 10g R3 use http://download-uk.oracle.com/docs/cd/B31017_01/core.1013/b28940/sslmid.htm
Replyhi Atul,
Thank you for the support, i have put all my ssl configuration into ssl.conf and http related configuration into httpd.conf. that resolved my url rewrite from https to http problem. But then i had to create a wallet with self signed certificate to procedd ahead with https on clustered environment.
so summary is:
defult wallet doesnot work for https on clustered environment,
i had raised a SR in metalink about this problem and as per meta link ssl cert is bound to an ip. let me post you the exact conversation that i had with metalink.
1) is ssl bound to an ip?
It is bound to an IP address and you can only have 1 SSL listener per IP
so, now my next step is, i have an extenal load balancer and looking forward to use extenal load balancer. similar to so.mycompany.com in the document 🙂
ReplyGood to hear that configuration is working for you now
Are you still confused with SSL certificate ? Your question to oracle support was wrong.
Is should be “Is ssl “certificate” bound to an IP or ServerName”
Answer is certificate is linked to serverName (what so ever user type in browser to access web server)
Is ssl bound to an ip? (ssl here is protocol & not ssl certificate)
SSL/protocol is bound to combination of IP & port number so in one IP address you could start two SSL server like
IP1:443
IP1:444
[…] – If this is second middle tier node in your configuration then configure load balancer for existing and new middle tier (Use Metalink Note 380489.1 for R12 and 217368.1 for 11i). Check more on Load Balancer Here […]
ReplyHi Atul,
In Our environment we have configured OHS as a reverse proxy which forwards the request to weblogic nodes. We have our OHS instance configured on the Bigip Level. There are some scenarios where we have to test the application deployed on the individual managed server for troubleshooting purpose. Currently our application can only be accessed through Oracle access manager and it gives OAM error when we try to access the application directly. Can we have a irule in place on the BIGIP level to access the application deployed on the individual managed server.
Reply