Professional Documents
Culture Documents
In this Document
Goal
Fix
1. Overview of Apache and Examples of how Apache can be Configured in a PeopleSoft
Environment.
2. How to Determine which Apache Version should be Installed for your OS Platform.
3. How to Download and Install Apache.
4. How to Install the Apache WebLogic Plug-in
5. How to Configure Apache with WebLogic Plug-in
6. Configure WebLogic to use "WebLogic Plugin Enabled" option:
7. How to Test the Apache Configuration
8. Troubleshooting Tips
9. Where to Find more Information.
References
Applies to:
PeopleSoft Enterprise PT PeopleTools - Version 8.50 to 8.52 [Release 8.4]
Information in this document applies to any platform.
Goal
This document provides information for installing, configuring, testing and troubleshooting
when using Apache Reverse Proxy Server with WebLogic 10.3.x, in a PeopleSoft environment.
The instructions also include steps for installing and configuring the 'Apache HTTP Server
Plug-In'. Note that we recommend you use the Apache HTTP Server Plug-In as it enhances an
Apache installation by enabling WebLogic server to handle load balancing or requests that
require the dynamic functionality of the WebLogic server.
Fix
1. Overview of Apache and Examples of how Apache can be Configured in a
PeopleSoft Environment.
Apache can be used as a Reverse Proxy Server (RPS) to one or more WebLogic PIA's. When
using Apache, the end user enters a browser URL containing a host name/port# that points to
the RPS, not the WebLogic server. Below is the sequence of events that occur in a PeopleSoft
environment using an Apache RPS:
1. User accesses the PeopleSoft application, from browser, by using a URL containing the
hostname and port# of the RPS.
Example: http://ApacheHost:8080/ps/signon.html
2. The user request is routed through the Apache RPS and then forwarded to the WebLogic
plug-in.
The plug-in then evaluates the request and forwards it to the WebLogic PIA.
3. The WebLogic PIA then processes the request and returns a response via the plug-in to the
Apache RPS.
You can configure Apache RPS to forward requests to either one WebLogic PIA or to multiple
WebLogic PIA's. If using multiple WebLogic PIA's, the PIA's can be in a 'WebLogic Cluster',
or they can be independent PIA's. And they can be on the same machine or multiple machines.
The transmission of requests from Apache RPS to the WebLogic PIA(s) can be completed
using either http or https protocol.
It is important that you install the proper Apache RPS version and that you use a supported
platform. Use the following WebLogic link to determine which Apache version should be
installed for your Operating System:
http://download.oracle.com/docs/cd/E13196_01/platform/suppconfigs/configs103/103_over/ad
d-ons.html
If you configure your PeopleSoft environment with an unsupported Apache version, you may
experience performance issues and/or errors.
You can download and install the Apache HTTP server using the following link:
http://www.apache.org/dist/httpd/
From the above link, you may want to click 'Current Releases' which will direct you to a HTTP
Server Download page which shows best available version.
For Windows, you may wish to choose the 'binary' download file. Note that there are different
files to download depending on whether or not you are installing SSL on Apache.
The following link contains additional detail on installing Apache on Windows:
http://httpd.apache.org/docs/2.2/platform/windows.html
For Unix, you need to install 'source' download file. Refer to the following link for details on
installing Apache on Unix:
http://httpd.apache.org/docs/2.2/
There are two versions of Apache plug-in that are supported with WebLogic 10.3.x:
1) Version 1.0 plug-in
-OR-
2) Version 1.1 plug-in
The following document provides details on the differences between Plug-in versions 1.0 and
1.1:
Document# 1111903.1 WebLogic Server 10gR3 (10.3.0) and 11gR1 (10.3.x) - Web Server
Plug-In Support
You can use either plug-in version in your PeopleSoft environment (version 1.1 must be used if
installing a SHA2 SSL certificate on WebLogic). Below are instructions for installing each
version. You may find it easier to install version 1.0.
Note: Another option, to get the latest plug-in file, for version 1.0, is to download it from 'My
Oracle Support'. This can be done as follows:
1. First download the file as follows:
a. Log into My Oracle Support (MOS)
b. Go to the 'Patches & Updates' tab
c. In the 'Patch Search' section:
i. Enter patch#10051798
ii. Click 'Search' button
iii. The patch will be displayed. Click on the hyperlink and then click 'download' button
to download the plug-in files.
2. Now, unzip the file you just downloaded and go to the appropriate directory based on your
Apache OS and Apache version you are installing.
3. Extract the file for your Apache version and OS.
a. If using http protocol when proxying requests to WebLogic: Extract file mod_wl_22.so
b. If using https protocol when proxying requests to WebLogic: Extract file
mod_wl128_22.so
4. Copy the file to <APACHE_HOME>/modules
The primary configuration file, for Apache, is the 'httpd.conf' file which is located in your
Apache install directory:APACHE_HOME\conf\httpd.conf
1. First, add a line to load the WebLogic plug-in file. There is a section, in httpd.conf, where all
the modules are loaded. You can add a line to the end of this section, for the WebLogic plug-in
module. Note that the name of plug-in file will differ depending on what plug-in version you
are using (as outlined in the previous step). So add the line as follows:
-If using Plug-In version 1.1, add line:
LoadModule weblogic_module weblogic-plug-ins-1.1\mod_wl.so
-If using Plug-In version 1.0 and configuring Apache plug-in to use SSL, add line:
LoadModule weblogic_module modules\mod_wl128_22.so
-If using Plug-In version 1.0 and NOT configuring Apache plug-in to use SSL, add line:
LoadModule weblogic_module modules\mod_wl_22.so
2. Next, add an 'IfModule mod_weblogic.c' section to the end of the httpd.conf file (where the
other 'IfModule' sections are). This section will contain information on how to forward
incoming requests to the WebLogic server.
The following link contains information on all parameters that can be used with the Apache
plug-in for WebLogic:
http://download.oracle.com/docs/cd/E12840_01/wls/docs103/plugins/plugin_params.html#wp1
143055
The remainder of this section contains several sample Apache Configurations and the
corresponding values to use in the 'mod_weblogic.c' section (in httpd.conf). You might want to
first start out with a simple configuration (Example 1) and get that working before moving on
to a more complex configuration
<IfModule mod_weblogic.c>
WebLogicHost wlmachine
WebLogicPort 8000
MatchExpression /
</IfModule>
EXAMPLE 2: Apache configuration using two PIA's (and no SSL)
In this example, Apache is proxying requests to multiple WebLogic PIA's: Requests are being
forwarded to PIA's listening on ports 8000 and 8001 on web server box "wlmachine".
Note that if you are forwarding requests to multiple PIA's, you must specify the cookie name in
the Apache httpd.conf file, as in the example below. The same cookie name value must be
specified in Apache configuration file (httpd.conf) and WebLogic configuration file
(PS_HOME\webserv\<DOMAIN_NAME>\applications\peoplesoft\PORTAL.war\WEB-
INF\weblogic.xml) for each PIA that Apache is sending requests to:
<IfModule mod_weblogic.c>
WebLogicCluster wlmachine:8001,wlmachine:8000
MatchExpression /
WLCookieName PORTAL-PSJSESSIONID
</IfModule>
<IfModule mod_weblogic.c>
WebLogicCluster wlmachine1:8000,wlmachine2:8000
MatchExpression /
WLCookieName PORTAL-PSJSESSIONID
Debug ON
DebugConfigInfo On
WLLogFile c:/tmp/wls_plugin.log
</IfModule>
1. First, you will need to get the root certificate for the server certificate that the
WebLogic PIA is using (this step applies for both Plug-in versions 1.0 and 1.1). If you do
not have the root certificate for the WebLogic PIA, refer to the following document for
instructions on how to obtain the root certificate:
Document# 646024.1: E-WS: How to extract the root CA from a server certificate?
At the end of this step, you should have the root certificate in a file. The contents of the
root file, will look something like this:
-----BEGIN CERTIFICATE-----
MIIEJjCCA4+gAwIBAgIQMFbEDgfLmZFFDDT15K+BYDANBgkqhkiG9w0BAQUFADCB
vjD68zPGvIgVDGwnY/uJx2sZi6hLeK5N+Zv5X2nKr1FlLim6fg/mpexm6xY3VIsyza
Gm72Yp2GEbnbCQ==
-----END CERTIFICATE----
Note: If your certificate uses both a root and intermediate certificate, then the above file
should contain both: first the intermediate certificate followed by the root certificate.
<IfModule mod_weblogic.c>
SecureProxy ON
TrustedCAFile "C:/Program Files/Apache Software
Foundation/Apache2.2/conf/Certs/root.cer"
WebLogicCluster wlmachine1:443,wlmachine2:443
MatchExpression /
WLCookieName PORTAL-PSJSESSIONID
Debug ON
DebugConfigInfo On
WLLogFile c:/tmp/wls_plugin.log
</IfModule>
<IfModule mod_weblogic.c>
SecureProxy ON
WLSSLWallet="C:\Program Files\Apache Software
Foundation\Apache2.2\weblogic-plugins-1.1\bin\my-wallet\"
WebLogicCluster wlmachine1:443,wlmachine2:443
MatchExpression /
WLCookieName PORTAL-PSJSESSIONID
Debug ON
DebugConfigInfo On
WLLogFile c:/tmp/wls_plugin.log
</IfModule>
When using a web server plug-in, we recommend that you set the 'WebLogic Plugin Enabled'
parameter, as there are a few known issues when not setting this parameter, especially if using
https (see document 1300409.1 for details). This parameter can be set as follows:
a. Log into WebLogic console (using url http://machine-name:port#/console/)
b. Click 'Lock & Edit' button on top left page
c. From left menu, choose Environment -> Servers
d. Click the 'PIA' hyperlink on right menu.
e. Go to tab 'Configuration' and sub-tab 'General'
f. At bottom of page, click the 'Advanced' hyperlink
g. Check box next to 'WebLogic Plug-In Enabled
h. Save change
i. Click 'Activate Changes' button on top left page
7. How to Test the Apache Configuration
1. First you, should test direct access to the WebLogic PIA to make certain it is accessible.
When you initially test, you may want to configure your WebLogic PIA to use a web profile
that does NOT have an authentication domain or virtual addressing configured. (just to rule out
any issues with misconfigured Web Profile).
To test direct access to the WebLogic PIA, log into the PeopleSoft application, from a browser,
using WebLogic PIA/Port# in the url. Example:
http://websvr:8000/ps/signon.html
2. Next you should verify that the Apache proxy is up and running (httpd -k start). If you made
any configuration changes, be sure to shut down Apache and restart it.
You can run "netstat -an" to verify that the Apache server is listening on the port that you
configured for the RPS
3. Now try accessing the PeopleSoft application, via the Apache RPS. Example:
http://ApacheSvr/ps/signon.html
If you can sign in to the PeopleSoft system, your installation and configuration was successful.
If you run into any problems, refer to the next section: 'Troubleshooting Tips'
8. Troubleshooting Tips
Below are a few things you can do to assist in troubleshooting issues with the Apache RPS:
1. First make certain that debug logging in enabled for your plug-in. This can be done by
adding parameters 'Debug ON', 'DebugConfigInfo On' and 'WLLogFile' to the
'mod_weblogic.c' section. Example:
<IfModule mod_weblogic.c>
WebLogicCluster wlmachine1:8000,wlmachine2:8000
MatchExpression /
WLCookieName PORTAL-PSJSESSIONID
Debug ON
DebugConfigInfo On
WLLogFile c:/tmp/wls_plugin.log
</IfModule>
Then, restart the RPS (if any configuration changes made) and attempt to access the PeopleSoft
application via the Apache RPS. Then check the log file for any error details (in the above
example, the log file is located in /tmp/wls_plugin.log)
2. If there is no log file for the plug-in, then this tells us that Apache is never communicating
with the plug-in. In this case, check the Apache log file (instead of the Apache Plug-In log
file). By default, Apache logs errors to file "logs/error.log" (search parameter 'ErrorLog' in file
httpd.conf to confirm the log file you are using).
The log files often contain details as to cause of problem, which may help in resolving the
issue.
If you are getting messaqe "The requested URL /<SITE_NAME>/signon.html was not found
on this server", then verify you have set "MatchExpression /"
If you are getting message "Failure of server APACHE bridge: No backend server
available....", then verify that parameter "WebLogicCluster" (or "WebLogicHost and
WebLogicPort") is pointing to the correct hostname/port# of the WebLogic PIA. And verify
that the PIA(s) are up and running
-The "authentication domain" should match to the domain specified in the browser url that user
is using to access the PeopleSoft application. So if accessing the PeopleSoft application via
Apache RPS, then the domain should match that of the Apache machine. For example, if user
access the PeopleSoft application using:
http://ApacheSvr.mycompany.com/ps/signon.html
Then the 'authentication domain' should be set to '.mycompany.com' (if you specified an
authentication domain when installing the PIA, then you will also need to check file
"weblogic.xml" and verify it has the proper value for 'CookieDomain'. File "weblogic.xml" is
located in
<PS_HOME>/webserv/<DOMAIN_NAME>/applications/peoplesoft/PORTAL.war/WEB-
INF/)
-The 'default addressing' should be set to the protocol, machine name and port in the browser
url that user is using to access the PeopleSoft application. So when using an Apache RPS, the
user is entering a browser url that contains the RPS protocol/machine name/prot#. Therefore
you would need to change web profile default addressing to use the RPS values for protocol,
hostname and port#
Wed Nov 5 18:51:55 2008 <3616848122590751549> Connect returns -1, and error no set to
55, msg 'Operation now in progress'
If you see signs of issues with session stickiness and see the above messages in the WebLogic
Apache Plug-In log, do the following:
1. Make sure that the Apache config file, httpd.conf, is specifying the cookie name using
parameter WLCookieName (note that this parameter used to be called 'CookieName' but the
'CookieName' parameter has been deprecated and can no longer be used.)
2. Verify that the cookie name value, specified in the Apache configuration, matches the cookie
name value specified in the WebLogic configuration file (weblogic.xml) for each PIA that the
RPS is forwarding requests to. The weblogic.xml file is located in
<PS_HOME>\webserver\peoplesoft\applications\peoplesoft\PORTAL.war\web-inf. Below is
an excerpt from the weblogic.xml file showing the cookie setting:
<session-param>
<param-name>CookieName</param-name>
<param-value>PORTAL-PSJSESSIONID</param-value>
</session-param>
3. Lastly, verify you are not using an outdated plugin. Refer to the following document for
details:
Document# 661519.1 : How to find out if the proxy plugin is outdated?
Below are additional resources with information about using Apache Reverse Proxy Server:
2. Below is a link from the WebLogic division, on Installing and Configuring the Apache
HTTP Server plug-in:
http://download.oracle.com/docs/cd/E12840_01/wls/docs103/plugins/apache.html
References
NOTE:1111903.1 - WebLogic Server Web Server Plug-In Support
NOTE:1300409.1 - WebLogic Plug-In Enabled is Required When Using a Web Server Plug-In
with WLS 10.3.4 and Higher
NOTE:646024.1 - E-WS: How to extract the root CA from a server certificate?
NOTE:661519.1 - E-WL: How to Find out if the Proxy Plugin is Outdated for WebLogic