Fusion Applications: Configuring the Web Tier
In my previous post, I installed the components for IDM. In this post I will describe the steps to configure Oracle Web Tier.
Oracle Web Tier comprises of two components:
- Oracle Web Cache
A content-aware server accelerator, secure reverse proxy server that improves the performance, scalability, and availability of web sites
- Oracle HTTP Server
Apache based web server that provides a HTTP listener for Oracle WebLogic Server and the framework for hosting static pages, dynamic pages, and applications over the web and includes all base Apache modules and modules developed specifically by Oracle.
In this post we will configure Oracle HTTP Server.
We installed Oracle Web Tier in /u01/app/oracle/product/fmw/web.
To start the configuration of Oracle HTTP Server issue the following command in the bin directory
./config.sh
On the Welcome screen click on Next. Now the Configure Components screen shows.
Select only component Oracle HTTP server and click on Next.
Set Instance Home Location to /u01/app/oracle/admin/ohs_inst1.
Set Instance Name to ohs_inst1.
Set OHS to ohs1.
After this click on Next and you see next screen.
Select option Specify Ports using Configuration file to set static ports. Click on the Browse button and open example file staticports.ini from directory /home/oracle/install/webtier/Disk1/stage/Response. Click the View/Edit File button and uncomment and set the following lines:
OPMN Local Port = 6700 OHS Port = 7777
Click Save file button and on the next screen choose not to be informed about security updates. On the Installation Summary screen click on Configure to start the configuration. If all went well, you should see following progress screen.
Click on Next and the next screen click Finish.
You should now be able to access the homepage of Oracle HTTP Server by url http://fusionidm:7777
By default, the Oracle HTTP server runs as the user nobody. In the Identity Management installation, the Oracle HTTP server should run as the Software owner oracle and group oinstall.
Open file httpd.conf wich is located in directory /u01/app/oracle/admin/ohs_inst1/config/OHS/ohs1 and change the following section to:
User oracle Group oinstall
In order for Oracle Identity Management Suite to work with a load balancer, you must create two virtual hosts.
Create a file called virtual_hosts.conf in directory /u01/app/oracle/admin/ohs_inst1/config/OHS/ohs1/moduleconf. Any filename is accepable as long as is end with .conf, httpd.conf includes all files with extention conf in this direcory.
Add the following lines to file virtual_hosts.conf.
NameVirtualHost *:7777 <VirtualHost *:7777> ServerName https://sso.mycompany.com:443 RewriteEngine On RewriteOptions inherit UseCanonicalName On </VirtualHost> <VirtualHost *:7777> ServerName http://oiminternal.mycompany.com:80 RewriteEngine On RewriteOptions inherit UseCanonicalName On </VirtualHost>
Now, sso.mycompany.com and oiminternal.mycompany.com are in fact a loadbalancer of your choice, which is not a part of the installation manual. So we will have to setup our own loadbalancer. Loadbalancing only one Wehhost may seem unnecessarily (and it is!), I will still setup a loadbalancer, just to finish the exercise and knowing Oracle they will use this loadbalancer is further configuration of other components.
LoadBalancer
Again, It is not my intention to setup a high available infrastructure, but to try to follow the installation manual as far as possible, I will setup a loadbalancer. As a loadbalancer I will install Apache server on a Windows Server 2008. After downloading and installing Apache 2.2, open httpd.conf file. Uncomment the following modules:
LoadModule actions_module modules/mod_actions.so LoadModule alias_module modules/mod_alias.so LoadModule asis_module modules/mod_asis.so LoadModule auth_basic_module modules/mod_auth_basic.so LoadModule authn_default_module modules/mod_authn_default.so LoadModule authn_file_module modules/mod_authn_file.so LoadModule authz_default_module modules/mod_authz_default.so LoadModule authz_groupfile_module modules/mod_authz_groupfile.so LoadModule authz_host_module modules/mod_authz_host.so LoadModule authz_user_module modules/mod_authz_user.so LoadModule autoindex_module modules/mod_autoindex.so LoadModule cgi_module modules/mod_cgi.so LoadModule dir_module modules/mod_dir.so LoadModule env_module modules/mod_env.so LoadModule include_module modules/mod_include.so LoadModule isapi_module modules/mod_isapi.so LoadModule log_config_module modules/mod_log_config.so LoadModule mime_module modules/mod_mime.so LoadModule negotiation_module modules/mod_negotiation.so LoadModule proxy_module modules/mod_proxy.so LoadModule proxy_ajp_module modules/mod_proxy_ajp.so LoadModule proxy_balancer_module modules/mod_proxy_balancer.so LoadModule proxy_connect_module modules/mod_proxy_connect.so LoadModule proxy_http_module modules/mod_proxy_http.so LoadModule setenvif_module modules/mod_setenvif.so LoadModule ssl_module modules/mod_ssl.so LoadModule vhost_alias_module modules/mod_vhost_alias.so
And uncomment the following lines to enable virtualhosts and SSL
# Virtual hosts Include conf/extra/httpd-vhosts.conf # Virtual hosts Include conf/extra/httpd-vhosts.conf
Go to directory extra and open file httpd-vhosts.conf and the following lines:
NameVirtualHost *:80 <VirtualHost *:80> ServerName LBR1.mycompany.com ServerAlias LBR1.mycompany.com DocumentRoot "C:/Program Files/Apache Software Foundation/Apache2.2" ProxyRequests Off <Proxy *> Order deny,allow Allow from all </Proxy> <Proxy balancer://mycluster> BalancerMember http://FusionIDM:7777 route=FusionIDM ProxySet lbmethod=byrequests </Proxy> ProxyPass /balancer-manager ! ProxyPass / balancer://mycluster/ stickysession=JSESSIONID nofailover=On <Location /balancer-manager> SetHandler balancer-manager </Location> <Directory "C:/Program Files/Apache Software Foundation/Apache2.2"> AllowOverride AuthConfig </Directory> </VirtualHost>
This will forward all incoming HTTP request to FusionIDM:7777.
To enable SSL, edit file httpd-ssl.conf and add the following lines within the <Virtualhost *:443> branche
ProxyRequests Off <Proxy *> Order deny,allow Allow from all </Proxy> <Proxy balancer://mycluster> BalancerMember http://FusionIDM:7777 route=FusionIDM ProxySet lbmethod=byrequests </Proxy> ProxyPass /balancer-manager ! ProxyPass / balancer://mycluster/ stickysession=JSESSIONID nofailover=On <Location /balancer-manager> SetHandler balancer-manager </Location>
We have to adjust the hosts file of the loadbalancer server so the server knows the loadbalacer and our FusionIDM server.
Find the ipaddress of FusionIDM and adjust your hosts file to the following:
127.0.0.1 localhost LBR1.mycompany.com 10.19.131.40 FusionIDM
Now the loadbalancer server can connect to FusionIDM server. To be able to access the loadbalancer from FusionIDM we need to add the ipaddress of the loadbalancer server to the hosts files of the FusionIDM server.
Find the ipaddress of the loadbalancer server and adjust your hosts file to the following:
10.19.131.38 oiminternal.mycompany.com sso.mycompany.com
Bounce the loadbalancer. You should now be able to acces the HTTP server from FusionIDM by issuing the loadbalancer urls
https://sso.mycompany.com/ http://oiminternal.mycompany.com
Starting and Stopping Oracle HTTP server
In order to start Oracle HTTP server, environment variable ORACLE_HOME needs to point to HTTP server home /u01/app/oracle/product/fmw/web. We already have a database running on this server, which also uses its own ORACLE_HOME, we have set in the .bash_profile to /u01/app/oracle/product/11.2.0.2/db_1.
To be able to start the HTTP server without interfering the database environment variables I created a startup script like follow:
#!/bin/sh # # # startwebtier.sh # # echo "Starting Oracle HTTP Server" ORACLE_HOME=/u01/app/oracle/product/fmw/web ORACLE_INSTANCE=/u01/app/oracle/admin/ohs_inst1 PATH=$ORACLE_HOME/opmn/bin:$PATH export ORACLE_HOME export ORACLE_INSTANCE export PATH echo "ORACLE_HOME set as $ORACLE_HOME" echo "ORACLE_INSTANCE set as $ORACLE_INSTANCE" echo "PATH set as $PATH" opmnctl startall
Now we can start our database and HTTP server on the same server, without conflicting ORACLE_HOMES.
This concludes the configuration of Oracle HTTP server and Loadbalancer. In the next post I will describe the steps needed to Configure a Weblogic Domain and extend it with HTTP server.
Viewed 16573 times by 3659 visitors
11 Responses (last comment shown first)
Hi!
Thanks very much for a job well done!
Can you help me?
Version:FApps- 11.1.4,Oracle Linux x86-64. 5.8? VirtBox
After configuring Oracle HTTP Server (/u01/app/oracle/product/fmw/web/config.sh) the process of Web Tier Configuration “Create and start AS instance (inst1) FAILED”. In log file-”Unable to start opmn”.
Any idea what is wrong?
Thank you for your time.
Dmitri
Hii,
Thanks very much for a job well done. pls i do not understand the apache stuff?. Am installing on a single system, do i still need apache?. Why did you install on server 08 and not the linux server?
At the end of the instalation are we going to have two databases-: one for fmw and the other for Fusion application.
Regards,
Hi,
When you started installing linux on the server you used IP 10.19.131.39. (http://bloggingaboutoracleapplications.org/oracle-fusion-applications-installing-oracle-enterprise-linux-64bit-to-host-oracle-identity-management/)
Now I see your hosts file has the IP 10.19.131.40.
Why is that?
Hakan Biroglu Reply:
October 21st, 2011 at 11:58 am
Klaas,
Server is setup to have Dynamic IpAddress.
No need for you to change your ipaddress.
Always use your ipaddress asigned to your FQDM.
Hakan
Charl,
The Loadbalancer I used in this post is just a simple Apache webserver, configured as a loadbalancer. The configuration is the same in Windows as in Linux. What issue are you hitting? Are you able to start Apache at all. If not, you might be hitting the obvious privileged ports of Linux 80/443. If so try starting Apache as root. Did you create a certificate for SSL? if not, do this first, (plenty of examples on the internet). Also look in the log dir to find the specific error you are hitting?
Hi
Thanks a lot for your huge and easy to follow effort on compiling these postings.
Just a question – is there a way to run the load balancer on Linux. I tried installing open-ssl & apache in linux and then follow the Windows instructions above to configure apache. It does not work.
Regards
Charl
Excellent post. I liked the details of the configuration you provided.
Thank you.
Hi
I solved the problem with opmn not starting yourself. Maybe someone you know is interesting:
Linux administrator may have configured SELinux to ‘enforcing’
The server may have been rebooted, not aware the SE Linux enforcing had been enabled/
Solution
To temporarily disable enforcement on a running system, perform the following:
Login as root, execute:
/usr/sbin/setenforce 0
Logout as root , log back in as the user under which the product is installed
./opmnctl start or ./opmnctl startall or via installer. Works fine.
To permanently disable enforcement during a system reboot, then perform the following:
Login as root
Modify /etc/selinux/config,change SELINUX=enforcing to SELINUX=disabled, Reboot.
Thank’s !
[Reply to this comment]