Wednesday, July 25, 2007

How to Set Apache as Reverse Proxy to Weblogic using SSL

1. Apache Setup
I. Install from http://www.hightechimpact.com/Apache/httpd/binaries/win32/ following installer apache_2.0.59-win32-x86-openssl-0.9.7j.msi
II. Make sure we install on C:\ApacheGroup or something rather than Program Files\Apache Group because SSL configuration has problems with spaces.
III. You will find an Icon for ApacheMonitorService on your system Tray. Click it and it should show something like below

I. click Stop to stop Apache Server
II. Copy the files ssleay32.dll and libeay32.dll from the Apache2/bin directory to Winows\System32
III. Copy this file in Apache2/bin directory
IV. Go to bin directory of Apache and give this command

V. openssl req -config openssl.cnf -new -out my-server.csrThis creates a certificate signing request and a private key.Look for attaché screen shot

I. Now Apache on Windows cannot understand private key which is encrypted, hence we need to unencrypt this as follows

openssl rsa -in privkey.pem -out my-server.key

II. Now we need to generate the Self Certificate using following command

openssl x509 -in my-server.csr -out my-server.cert -req -signkey my-server.key -days 365

III. Now we need to create a directory inside Apache2/conf directory called ssl and copy the two files my-server.key and my-server.cert to this directory.
IV. Go to Apache2/conf and open httpd.conf and uncomment the line to enable SSL LoadModule ssl_module modules/mod_ssl.so
V. Change following lines in httpd.conf so that ssl is on always
before
# Bring in additional module-specific configurations

Include conf/ssl.conf

To be just

After

# Bring in additional module-specific configurations
Include conf/ssl.conf
VI. Open ssl.conf in Apache2/conf and change following
VII. Keep only one thing SSLRandomSeed startup builtin
VIII. Remove the tags and so that SSL is ON always.
IX. Change the file for the entry as SSLSessionCache none and comment the two lines
i. #SSLSessionCache dbm:logs/ssl_scache
ii. #SSLSessionCacheTimeout 300
X. Change the following entries SSLCertificateFile conf/ssl/my-server.cert and SSLCertificateKeyFile conf/ssl/my-server.key
XI. Now from the System tray start the Apache Server.
XII. If there is some service running on 443 (like on doc) then change ssl.conf every place to some other port like 6443. There should be three places like Virtual Host, Listen, and ServerName
XIII. Now from browser if we run https://machine:port/ (https://doc:6443) we should see
I. Now again stop the Apache Server. From bea813/weblogic81/server/bin copy the mod_wl_20.so to Apache2/modules directory
II. Open the httpd.conf and below the ssl uncommented LoadModule add this
LoadModule weblogic_module modules/mod_wl_20.so
III. Open ssl.conf and add following lines to it

SetHandler weblogic-handler
WebLogicCluster weblogicmachine:weblogicnonsslport
Debug ALL
WLLogFile logs/weblogic_access.log


SetHandler weblogic-handler
WebLogicCluster weblogicmachine:weblogicnonsslport
Debug ALL
WLLogFile logs/weblogic_access.log


IV. Note the logging All is for test and once everything works, remove Debug and WLLogFile entry from both locations.

2 comments:

Christophe said...

Hy, i'm trying to do this configuration with your articles but it don't Wrok.
So i present you my environnement.
1)URL to access to the application: Appli1.domain1.com
2) Reverse proxy apache 2.2 (without SSL for the moment)
3)plugin mod_wl_22.so
4)Weblogic 9.3 with Peoplesoft on a different domain : Serveur5.domain2.com, and an domaine authentication : .domain2.com

And offcourse the authentication doesn't work because the domaine is not .domain2.com when i try appli1.domain1.com/ps/signon.html

Alfred Avina said...

As we know, Big data consulting services is the future of the industries these days, this article helps me to figure out which language I need to learn to pursue the future in this field.