Oracle® Collaboration Suite SSL Configuration Release 2 (9.0.4) Part Number B15611-01 |
|
|
View PDF |
To configure SSL in Web Cache, you will be using the Web Cache Manager administration interface.
See Also: For more information about the Web Cache Manager, refer to Oracle9iAS Web Cache Administration and Deployment Guide |
For a Single-Box Installation
In a single-box installation, Web Cache is configured as a reverse proxy. Web Cache receives incoming requests on the standard HTTP port 80 or HTTPS port 443. It then redirects these requests to the configured nonstandard ports on the Middle Tier and Infrastructure components. Because the Middle Tier and Infrastructure are on the same server, all requests received at webcacheipaddress
are directed to the Infrastructure and all requests received at webcachehostname
are redirected to the Middle Tier. Even though both resolve to the same server, Web Cache handles them differently.
For a Distributed Installation
For a distributed installation, Web Cache runs on the Middle Tier and receives requests from the browser on the standard HTTP and HTTPS ports (80 and 443). The Middle Tier Oracle HTTP Server listens for requests from Web Cache on 7778 and 4444. The Infrastructure tier HTTP server is configured to use the standard HTTP and HTTPS ports (80 and 443). Requests to the Infrastructure bypass the Web Cache.
This chapter contains the following topics:
To start Web Cache Manager:
Start the admin server process with the webcachectl start
or webcachectl startadm
commands.
Point your browser to the following URL:
http://
webcachehostname
:4000
When prompted for the administrator user ID and password, enter administrator
for the user name, and then enter the appropriate password. The first time you log in, the password is administrator.
By default, Web Cache listens with the HTTP protocol on port 7777 and HTTPS on port 4443. You must change these to listen on HTTP port 80 and HTTPS port 443 on the webcachehostname
or the midtierhostname
.
Note: The IP addresses for the default HTTP and HTTPS ports are set to ANY. On startup, Web Cache attempts to bind the ports to all IP addresses. If multiple instances of Web Cache are running on a multihomed host with multiple IP addresses, then change ANY to a specific IP address to avoid port conflicts. |
To change the listening ports in Web Cache Manager:
In the navigator pane, select Cache-Specific Configuration, and then select Listening Ports. The Listening Ports page appears.
In the Listening Ports page, select Add. The Edit Listening Ports page dialog box appears.
Select the cache from the list to modify. For example, hostname-Webcache
.
Complete the fields as follows for non-SSL connections:
IP Address = Any
Port=80
Protocol=HTTP
Complete the fields as follows for SSL connections:
IP Address = Any
Port=443
Protocol=HTTPS
Wallet=path_to_wallet
On UNIX, wallets are stored by default in /etc/ORACLE/WALLETS/
user_name
.
Clisk Submit.
Web Cache uses site settings to determine the appropriate site for the requests. The default site definition established during installation uses the host name and listening port of the computer on which the Oracle Application Web Server was installed, typically midtierhostname:7777
. For SSL, you must replace this site definition with the ones described in this section.
For a single-box installation, you need two site definitions: one that maps to the host name (webcachehostname:443
) and one that maps to the IP address (webcacheipaddress:443
) of the Web Cache server. This allows Web Cache to redirect requests to the appropriate Middle Tier or Infrastructure components even though they reside on the same server. You must also create an alias for the webcachehostname
site with the port set to 80. This alias redirects all HTTP requests to use a secure HTTPS connection.
For a distributed installation, you only need one site definition, defined as midtierhostname
with the port set to 443. You must also create an alias for the site that is midtierhostname
with the port set to 80. This alias redirects all HTTP requests to use a secure HTTPS connection.
To configure site definitions in Web Cache Manager:
In the navigator pane, select General Configuration and then select Sites. The Site Definitions page appears.
In the Site Definitions page, select Add Site. The Add Site dialog box appears.
For single-box installations, create the following site definitions:
Site Definition 1
Host Name = webcachehostname
Port=443
Default=Yes
Alias=webcachehostname
:80
Site Definition 2
Host Name = webcacheipaddress
Port=443
Default=No
Alias=webcacheipaddress:80
For distributed installations, create the following site definition:
Host Name = midtierhostname
Port=443
Default=Yes
Alias=midtierhostname:80
Click Submit.
Configure Web Cache with the application Web servers for which it sends cache misses. Typically, Web Cache uses application Web servers for internal sites.
By default, the listening port and host name of the Oracle HTTP Server are configured. When Web Cache is installed, Oracle HTTP Server has a default listening HTTP port of 7778 and an HTTPS port of 4444.
For a single-box installation, you must create two Application Web Server entries. One entry directs traffic to the Listen HTTPS port (4444 in this example) of the Middle Tier Oracle HTTP Server. The other entry directs traffic to the HTTPS port (4443) on the Infrastructure tier Oracle HTTP Server.
For a distributed installation, you must create one Application Web Server entry for the Middle Tier that directs traffic to the Listen HTTPS port (4444) of the Middle Tier Oracle HTTP Server.
To configure the application Web server in Web Cache Manager:
In the navigator pane, select General Configuration, and then select Application Web Server. The Application Web Server page appears.
On the Application Web Server page, select Add Site. The Create Application Web Server dialog box appears.
For single-box installations, create the following Application Web Server entries:
Entry 1
Host Name = infratierhostname
Port=4443
Capacity=50
Failover Threshold=25
Ping URL = /
Ping Interval=10
Protocol=HTTPS
Entry 2
Host Name = midtierhostname
Port=4444
Capacity=50
Failover Threshold=25
Ping URL = /
Ping Interval=10
Protocol=HTTPS
For distributed installations, create the following Application Web Server entry:
Host Name = midtierhostname
Port=4444
Capacity=50
Failover Threshold=25
Ping URL = /
Ping Interval=10
Protocol=HTTPS
Select Submit.
When using HTTPS as the listening protocol, you must also specify the location of the wallet for Web Cache communication to the application Web server. By default, wallets are stored in the following location on UNIX:
/etc/ORACLE/WALLETS/
user_name
To specify the wallet location:
In the navigator pane, select Cache-Specific Configuration and then select Origin Server Wallet. The Origin Server Wallet page appears.
On the Origin Server Wallet page, select the cache for which to modify wallet settings, and then click Edit. The Edit Origin Server Wallet dialog box appears.
In the Wallet Directory field, enter the location of the wallet in the Wallet field.
Click Submit.
In this step, you will map the sites you have defined to the physical servers in your installation.
In a single-box installation there will be two mappings: one that maps the webcachehostname
to the Middle Tier components and one that maps the webcacheipaddress
to the Infrastructure tier components.
In a distributed installation there will be one mapping. This will map requests received by Web Cache to the Middle Tier components HTTP Server listening port.
To configure site to server mappings:
In the navigator pane, select General Configuration and then select Site to Server Mapping. The Site to Server Mapping page appears.
On the Site to Server Mapping page, select Create if no mappings exist. If mappings already exist, select a mapping, and then select Insert Above or Insert Below. The Create Site to Server Mapping or Edit/Add Site to Server Mapping dialog box appears.
Select from Site Definitions to select a site definition created in the Site Definitions page.
On the Select Origins Servers to which this Site is mapped page, select Select Application Web Servers to select application Web servers specified in the Application Web Servers page.
Your site to server mappings should be as follows:
For a single-box installation
Mapping 1
Site Host Name=webcachehostname
Site Port=443
Site Exclude=NONE
Origin Server Host Name=midtierhostname
Origin Server Port=4444
Origin Server Proxy=No
Mapping 2
Site Host Name=webcacheipaddress
Site Port=443
Site Exclude=NONE
Origin Server Host Name=infratierhostname
Origin Server Port=4443
Origin Server Proxy=No
For a distributed installation
Site Host Name=midtierhostname
Site Port=443
Site Exclude=NONE
Origin Server Host Name=midtierhostname
Origin Server Port=4444
Origin Server Proxy=No
Click Submit.
In a distributed installation that involves a Web Cache cluster, you must perform all of the SSL configuration steps explained in Section 4.2 through Section 4.5 on each Web Cache server in the cluster. After completing the SSL configuration changes, you must propagate your changes across the cluster.
If you have configured Web Cache correctly for SSL, then you should be able to access the Middle Tier and Infrastructure tier default page by using the following URLs:
For a single-box install:https://
webcachehostname
https://
webcacheipaddress
For a distributed install: https://
midtierhostname
If this test fails, go back and correct your Web Cache SSL configuration before proceeding.