OHS 12c (12.1.3) and OHS 11g mod_wl_ohs.conf - SSL proxy setup
In this post , I will cover an important difference between OHS 11g and 12c mod
_wl_ohs.conf which which is used to establish ssl proxy for the backend services.
this is how 11g mod_wl_ohs.conf looks like for SSL proxy setup
------------------------------------------------------------------------------------------------------------------
<Proxy *>
Order deny,allow
Allow from all
</Proxy>
SSLProxyEngine on
#SSLProxyWallet /var/oracle/webserver/instances/ohsinstance/config/OHS/ohs1/keystores/ssl-proxy
SSLProxyWallet /app/oracle/ohswallets/apiwallet
<Location /appContext>
ProxyPass https://host1:ssl_port/appContext
ProxyPassReverse https://host1:ssl_port/appContext
</Location>
------------------------------------------------------------------------------------------------------------------
in 12c SSL v3 protocol is not supported by default so we have to use to TLS v1 to establish SSL connectivity with backend services.
SSLProxyEngine on
SSLProxyWallet /path_to_wallet_folder
SSLProxyProtocol TLSv1
<Location /appContext>
ProxyPass https://host1:ssl_port/appContext
ProxyPassReverse https://host1:ssl_port/appContext
</Location>
The above proxy config uses apache proxy but if we want to switch to oracle weblogic ohs proxy then the following config will be required
<IfModule weblogic_module>
<Location /app1/path1>
WLSRequest On
WebLogicHost hostname
WebLogicPort port
SecureProxy On
WLProxySSL On
WLSSLWallet "/path_to_wallet_folder"
</Location>
</IfModule>
_wl_ohs.conf which which is used to establish ssl proxy for the backend services.
this is how 11g mod_wl_ohs.conf looks like for SSL proxy setup
------------------------------------------------------------------------------------------------------------------
<Proxy *>
Order deny,allow
Allow from all
</Proxy>
SSLProxyEngine on
#SSLProxyWallet /var/oracle/webserver/instances/ohsinstance/config/OHS/ohs1/keystores/ssl-proxy
SSLProxyWallet /app/oracle/ohswallets/apiwallet
<Location /appContext>
ProxyPass https://host1:ssl_port/appContext
ProxyPassReverse https://host1:ssl_port/appContext
</Location>
------------------------------------------------------------------------------------------------------------------
in 12c SSL v3 protocol is not supported by default so we have to use to TLS v1 to establish SSL connectivity with backend services.
SSLProxyEngine on
SSLProxyWallet /path_to_wallet_folder
SSLProxyProtocol TLSv1
<Location /appContext>
ProxyPass https://host1:ssl_port/appContext
ProxyPassReverse https://host1:ssl_port/appContext
</Location>
The above proxy config uses apache proxy but if we want to switch to oracle weblogic ohs proxy then the following config will be required
<IfModule weblogic_module>
<Location /app1/path1>
WLSRequest On
WebLogicHost hostname
WebLogicPort port
SecureProxy On
WLProxySSL On
WLSSLWallet "/path_to_wallet_folder"
</Location>
</IfModule>
Comments
Post a Comment