WebLogic Module in Oracle HTTP Server - weblogic

We are currently hosting OSB applications in Weblogic and using Oracle HTTP Server to proxy the requests to the JVMs behind using mod_wl_ohs.
However, we want to log the cluster member (e.g: hostname:port) of each request. In mod_proxy_balancer, We have something like %{BALANCER_WORKER_NAME}e. Any suggestions for OHS config?

Related

WebLogic (with SSL) as proxy for any WSGI web server

I researched about any plugin/module WSGI for Oracle WebLogic 12c that allows me run a python flask app, with no success.
The reason for why i need to run from WebLogic 12c, it's because i need to use the SSL certfied living there.
Researching, i found many web server (Apache, Gunicorn, etc) can act as proxy of WebLogic, here is an example, where Nginx receive all the requests with SSL and then passed them to WebLogic:
https://medium.com/#Dracontis/nginx-as-proxy-for-weblogic-with-ssl-c7e1076e2c0c
So, i wonder if there is a manner to invert this order? I mean, WebLogic receive all the requests (safely because of SSL certified) and then pass them to any web server with the WSGI standard.
Thanks in advance.
I didn't find a sort of solution that accomplished the topic above. However, in case someone needs implements this topology here is what i did:
I've installed an Oracle HTTP Server (OHS) and creating a wallet for the SSL certified, in certain way in which the OHS can receive the requests secure, then inside the OHS with specific setting achieve forward the request to the Apache running with the module WSGI.

HAProxy with https and kerberos

I'm trying to implement a reverse proxy in our system, for a micro-services architecture.
The proxy server is HAProxy that works with SSL Termination and needs to proxy requests to a backend server with Https and Kerberos authentication.
I succeeded to terminate the ssl on the proxy server and pass the request to the https server (I need the termination in order to route requests by their body, to specific backend services) , but failing to authenticate with kerberos on the backend server.
Is it possible to implement Kerberos auth on the proxy server and then pass the TGT to the different backend services?
I have successfully done this and it took some work.
At the time I was using HDP so I used ambari to setup a hive server on the HAproxy node. (This was done solely for the purpose of having Ambari manage the kerberos principle. The hive server itself never ran)
Then I merged the keytab for my hive server (on the proxy) with my Hive server keytabs so that the principle could be used on the hive servers. I think I also allowed it as a principle to work with hive. I'm sure there is another path that would allow you to use delegation but this was the past of least resistance and made it so hive managed mostly managed the keytab. I did have to re-merge the keytab when they where regenerated but it wasn't as bad as manually managing keytabs.

weblogic AS: application deployed on a cluster with two managed servers

I'm on Weblogic AS 10.3.5, I have two managed servers pointed to a cluster, so I have two url, one for the first managed server, the other one for the second.
I will deploy my application on the cluster, so will I reach it on both the url? will the application deployed and running on both the servers?
How does it work? Can you give me some references, please?
Is it clear?
Thanks a lot!
First, you shouldn't be using WebLogic 10.3.5 anymore since it has reached the last stage of support called Sustained Support. Consider to upgrade at least to WebLogic 10.3.6.
Related to your question, I believe you are talking about a Web Application and how to access it. First you need to read about Load Balancing in a Cluster. For the web part (JSP and Servlets) basically you have to options: setup a Web Server (like Apache HTTP) to make use of the WebLogic Plug-in, that will then be connected to the WebLogic cluster. The other easier option is to simply use an LBR (load balance router hardware).
These are the "software" solutions you have for Load Balancing your web application in a clustered WebLogic:
WebLogic Server supports the following Web servers and associated
proxy plug-ins:
WebLogic Server with the HttpClusterServlet
Netscape Enterprise Server with the Netscape (proxy) plug-in
Apache with the Apache Server (proxy) plug-in
Microsoft Internet Information Server with the Microsoft-IIS (proxy) plug-in
You can read more about this options at the Configure Proxy Plug-ins documentation page for WebLogic 10.3.6.

Why aren't HTTP Headers from Oracle Access Manager passing through to WebSphere from IHS?

I have a IBM HTTP Web Server setup as a reverse proxy for a WebSphere application server. We use Oracle Access Manager for user authentication. There is also a Oracle Webgate running on the IHS server to intercept the requests and check them against the Oracle policy.
I can see the authentication going through and Oracle passes back the value needed in an HTTP Header, OAM_REMOTE_USER. The problem is, at some point in the process, that header is not passed on to the WebSphere Application Server.
The Oracle Webgate is monitoring port 8443, but I am not understanding if that means for the Web Server or the App Server since both are on the same physical machine and have the same server name. If I just create a virtual host on the Web Server for 8443 and do not create the port on the App Server, the headers are going through correctly. The problem with this is that I have to use PreserveProxyHeader for the request to go through the WebGate 8443 port, so after authentication it comes back looking for my Application on port 8443, which does not exist on the Web Server. The only way it can find my application on port 8443 is if I also add a port on the App server for that port, which contains the application.
I guess the main thing I am struggling to understand is if I need to define the port Webgate monitors on the HTTP Server and App Server, or if it should only be on the HTTP Server side. It seems like no matter what I do, at some point the request gets redirected from the HTTP Server to the App Server and strips out any OAM HTTP headers that were there. I've managed to prevent them from dropping by removing the 8443 port from the app server, but now my app cannot be mapped to.
This is WebSphere App Server 8.0 and IBM HTTP Server 8.0.0.5.
In the administrative console, click Servers > Server Types > Web servers > web_server_name > Plug-in properties > Request routing. Disable "Remove special headers". Regenerate your plugin configuration XML, and redistribute it.

NServiceBus and one way communication

I would like to use NServiceBus in my application. Unfortunately there are some security limitations in my infrastructure. I have the following scenario:
I have web server, proxy server and application server. The main problem is that communication from web server to proxy server and from proxy server to application server is blocked by firewall. Reverse communication is allowed so my application server can fire proxy server and then my proxy server can fire web server. Is there any way to support this scenario with NServiceBus (eg. with Gateway that will be periodically check proxy queue and web server queue) or maybe I must write my own solution.