Installing and Configuring the Microsoft Internet Information Server (ISAPI) Plug-In

 

This following sections describes how to install and configure the Microsoft Internet Information Server Plug-In. The following topics are covered:

• Overview of the Microsoft Internet Information Server Plug-In

• Installing the Microsoft Internet Information Server Plug-In

• Sample iisproxy.ini File

• Using SSL with the Microsoft Internet Information Server Plug-In

• Proxying Servlets From IIS to WebLogic Server

• Testing the Installation

• Connection Errors and Clustering Failover

Overview of the Microsoft Internet Information Server Plug-In

The Microsoft Internet Information Server Plug-In allows requests to be proxied from a Microsoft Internet Information Server (IIS) to WebLogic Server. The plug-in enhances an IIS installation by allowing WebLogic Server to handle those requests that require the dynamic functionality of WebLogic Server.

The Microsoft Internet Information Server Plug-In is intended for use in an environment where the Internet Information Server (IIS) serves static pages such as HTML pages, while dynamic pages such as HTTP Servlets or JavaServer Pages are served by WebLogic Server. The WebLogic Server may be operating in a different process, possibly on a different host. To the end user-the browser-the HTTP requests delegated to WebLogic Server still appear to be coming from IIS. The HTTP-tunneling facility of the WebLogic client-server protocol also operates through the plug-in, providing access to all WebLogic Server services.

Connection Pooling and Keep-Alive

The Microsoft Internet Information Server Plug-In improves performance by using a re-usable pool of connections from the plug-in to WebLogic Server. The plug-in implements HTTP 1.1 keep-alive connections between the plug-in and WebLogic Server by re-using the same connection in the pool for subsequent requests from the same client. If the connection is inactive for more than 30 seconds, (or a user-defined amount of time) the connection is closed and returned to the pool.

Proxying Requests

The plug-in proxies requests to WebLogic Server based on a configuration that you specify. You can proxy requests either based on the URL of the request (or a portion of the URL). This is called proxying by path. You can also proxy request based on the MIME type of the requested file. You can also use a combination of both methods. If a request matches both criteria, the request is proxied by path. You can also specify additional parameters for each of these types of requests that define additional behavior of the plug-in. For more information, see Installing the Microsoft Internet Information Server Plug-In.

Platform Support

For the latest information on operating system and IIS version compatibility with the Microsoft Internet Information Server Plug-In, see the platform support page.

Installing the Microsoft Internet Information Server Plug-In

To install the Microsoft Internet Information Server Plug-In:

1. Copy the iisproxy.dll file from the /bin directory of your WebLogic Server installation into a convenient directory that is accessible by IIS. This directory must also contain the iisproxy.ini file.

2. Start the IIS Internet Service Manager by selecting it from the Microsoft IIS Start menu.

3. In the left panel of the Service Manager, select your website (the default is "Default Web Site").

4. Click the "Play" arrow in the toolbar to start.

5. Open the properties for the selected website by holding the right mouse button down over the website selection in the left panel.

6. In the Properties panel, select the Home Directory tab, and click the Configuration button in the Applications Settings section.

7. Configure proxying by file type:

   1. On the App Mappings tab, click the Add button to add file types and configure them to be proxied to WebLogic Server.

   2. In the dialog box, browse to find the "iisproxy.dll" file.

   3. Set the Extension to the type of file that you want to proxy to WebLogic Server.

   4. Select the "Script engine" check box.

   5. Set Execute Permissions to "Scripts and Executables".

   6. Deselect the "Check that file exists" check box.

   7. Set the Method exclusions as needed to create a secure installation.

   8. When you finish, click the OK button to save the configuration. Repeat this process for each file type you want to proxy to WebLogic.

   9. When you finish configuring file types, click the OK button to close the Properties panel.

      Note: Any path information you add to the URL after the server and port is passed directly to WebLogic Server. For example, if you request a file from IIS with the URL:

      http://myiis.com/jspfiles/myfile.jsp

      it is proxied to WebLogic Server with a URL such as

      http://mywebLogic:7001/jspfiles/myfile.jsp

8. Create the iisproxy.ini file.

   The iisproxy.ini file contains name=value pairs that define configuration parameters for the plug-in. The parameters are listed in General Parameters for Web Server Plug-Ins.

   Note: Changes in the parameters will not go into effect until you restart the "IIS Admin Service" (Under services, in the control panel).

   BEA recommends that you locate the iisproxy.ini file in the same directory that contains the iisproxy.dll file. You can also use other locations. If you place the file elsewhere, note that WebLogic Server searches for iisproxy.ini in the following directories, in the following order:

   1. The same directory where iisproxy.dll is located.

   2. The home directory of the most recent version of WebLogic Server that is referenced in the Windows Registry. If WebLogic Server does not find the iisproxy.ini file there, it continues looking in the Windows Registry for older versions of WebLogic Server and looks for the iisproxy.ini file in the home directories of those installations.

   3. c:\weblogic

9. Define the WebLogic Server host and port number to which the Microsoft Internet Information Server Plug-In proxies requests. Depending on your configuration, there are two ways to define the host and port:

   • If you are proxying requests to a single WebLogic Server, define the WebLogicHost and WebLogicPort parameters in the iisproxy.ini file. For example:

     WebLogicHost=localhost
     WebLogicPort=7001

   • If you are proxying requests to a cluster of WebLogic Servers, define the WebLogicCluster parameter in the iisproxy.ini file. For example:

     WebLogicCluster=myweblogic.com:7001,yourweblogic.com:7001

10. Configure proxying by path. In addition to proxying by file type you can configure the Microsoft Internet Information Server Plug-In to serve files based on their path by specifying some additional parameters in the iisproxy.ini file. Proxying by path takes precedence over proxying by MIME type.

    To configure proxying by path:

    1. Place the iisforward.dll file in the same directory as the iisproxy.dll file and add the iisforward.dll file as a filter service in IIS (WebSite Properties ISAPI Filters tab Add the iisforward dll).

    2. Register .wlforward as a special file type to be handled by iisproxy.dll.

    3. Define the property WlForwardPath in iisproxy.ini. WlForwardPath defines the path that is proxied to WebLogic Server, for example: WlForwardPath=/weblogic.

    4. Set the PathTrim parameter to trim off the WlForwardPath when necessary. For example, using

       WlForwardPath=/weblogic
       PathTrim=/weblogic

       trims a request from IIS to Weblogic Server. Therefore, /weblogic/session is changed to /session.

    5. If you want requests that do not contain extra path information (in other words, requests containing only a host name), set the DefaultFileName parameter to the name of the welcome page of the Web Application to which the request is being proxied. The value of this parameter is appended to the URL.

    6. If you need to debug your application, set the Debug=ON" parameter in iisproxy.ini. A c:\tmp\iisforward.log is generated containing a log of the plug-in's activity that you can use for debugging purposes.

11. Set any additional parameters in the iisproxy.ini file. A complete list of parameters is available in the appendix General Parameters for Web Server Plug-Ins.

12. If you are proxying servlets from IIS to WebLogic Server and you are not proxying by path, please read the section Proxying Servlets From IIS to WebLogic Server.

Creating ACLs through IIS

ACLs will not work through the Microsoft Internet Information Server Plug-In if the Authorization header is not passed by IIS. Use the following information to ensure that the Authorization header is passed by IIS.

When using Basic Authentication, the user is logged on with local log-on rights. To enable the use of Basic Authentication, grant each user account the Log On Locally user right on the IIS server. Note the following two problems that may result from Basic Authentication's use of local logon.

• If the user does not have local log-on rights, Basic Authentication will not work even if the FrontPage, IIS, and Windows NT configurations appear to be correct.

• A user who has local log-on rights and who can obtain physical access to the host computer running IIS will be permitted to start an interactive session at the console.

To enable Basic Authentication, in the Directory Security tab of the console, ensure that the Allow Anonymous option is "on" and all other options are "off".

Sample iisproxy.ini File

Here is a sample iisproxy.ini file for use with a single, non-clustered WebLogic Server. Comment lines are denoted with the "#" character.

# This file contains initialization name/value pairs
# for the IIS/WebLogic plug-in.

WebLogicHost=localhost
WebLogicPort=7001
ConnectTimeoutSecs=20
ConnectRetrySecs=2

Here is a sample iisproxy.ini file with clustered WebLogic Servers. Comment lines are denoted with the "#" character.

# This file contains initialization name/value pairs
# for the IIS/WebLogic plug-in.

WebLogicCluster=myweblogic.com:7001,yourweblogic.com:7001
ConnectTimeoutSecs=20
ConnectRetrySecs=2

Note: If you are using SSL between the plug-in and WebLogic Server the port number should be defined as the SSL listen port.

Using SSL with the Microsoft Internet Information Server Plug-In

You can use the Secure Sockets Layer (SSL) protocol to protect the connection between the WebLogic Server proxy plug-in and the Microsoft Internet Information Server. The SSL protocol provides confidentiality and integrity to the data passed between the Microsoft Internet Information Server Plug-In and WebLogic Server. In addition, the SSL protocol allows the WebLogic Server proxy plug-in to authenticate itself to the Microsoft Internet Information Server to ensure that information is passed to a trusted principal.

The Microsoft Internet Information Server Plug-In does not use the transport protocol (http or https) to determine whether or not the SSL protocol will be used to protect the connection between the proxy plug-in and the Microsoft Internet Information Server. In order to use the SSL protocol with the Microsoft Internet Information Server Plug-In, configure the WebLogic Server receiving the proxied requests to use the SSL protocol. The port on the WebLogic Server that is configured for secure SSL communication is used by the WebLogic Server proxy plug-in to communicate with the Microsoft Internet Information Server.

Note: You cannot configure a 2-way SSL between the Microsoft Internet Information Server and WebLogic Server. The SSL protocol is a point-to-point connection, cyptographically sealed end-to-end. Therefore, any type of proxy or firewall cannot see into the SSL socket. The Microsoft Internet Information Server acts as the server end-point in the SSL connection. The configuration is:

client-->2-way SSL-->IIS<--1-way SSL<--WebLogic Server

The Microsoft Internet Information Server cannot use the digital certificate from the first SSL connection in the second SSL connection because it cannot use the client's private key.

To use the SSL protocol between Microsoft Internet Information Server Plug-In and WebLogic Server:

1. Configure WebLogic Server for SSL. For more information, see Configuring the SSL Protocol.

2. Configure the WebLogic Server SSL listen port. For more information, see Configuring the Listen Port.

3. Set the WebLogicPort parameter in the iisproxy.ini file to the listen port configured in step 2.

4. Set the SecureProxy parameter in the iisproxy.ini file to ON.

5. Set additional parameters in the iisproxy.ini file that define the SSL connection. For a complete list of parameters, see SSL Parameters for Web Server Plug-Ins.

For example:

WebLogicHost=myweblogic.com
WebLogicPort=7002
SecureProxy=ON

Proxying Servlets From IIS to WebLogic Server

Servlets may be proxied by path if the iisforward.dll is registered as a filter. You would then invoke your servlet with a URL similar to the following:

http://weblogic:7001/weblogic/myServlet

To proxy servlets if iisforward.dll is not registered as a filter, you must configure proxying by file type.To proxy servlets by file type:

1. Register an arbitrary file type (extension) with IIS to proxy the request to the WebLogic Server, as described on page 10-163. in step 7.under Installing the Microsoft Internet Information Server Plug-In.

2. Register your servlet in the appropriate Web Application. For more information on registering servlets, see Configuring Servlets.

3. Invoke your servlet with a URL formed according to this pattern:

   http://www.myserver.com/virtualName/anyfile.ext

   where virtualName is the URL pattern defined in the <servlet-mapping> element of the Web Application deployment descriptor (web.xml) for this servlet. and ext is a file type (extension) registered with IIS for proxying to WebLogic Server. The anyfile part of the URL is ignored in this context.

   Note:

   • If the image links called from the servlet are part of the Web Application, you must also proxy the requests for the images to WebLogic Server by registering the appropriate file types (probably .gif and .jpg) with IIS. You can, however, choose to serve these images directly from IIS if desired.

   • If the servlet being proxied has links that call other servlets, then these links must also be proxied to WebLogic Server, conforming to the pattern shown above.

Testing the Installation

After you install and configure the Microsoft Internet Information Server Plug-In, follow these steps for deployment and testing:

1. Make sure WebLogic Server and IIS are running.

2. Save a JSP file into the document root of the default Web Application.

3. Open a browser and set the URL to the IIS + filename.jsp as shown in this example:

   http://myii.server.com/filename.jsp

   If filename.jsp is displayed in your browser, the plug-in is functioning.

Connection Errors and Clustering Failover

When the Microsoft Internet Information Server Plug-In attempts to connect to WebLogic Server, the plug-in uses several configuration parameters to determine how long to wait for connections to the WebLogic Server host and, after a connection is established, how long the plug-in waits for a response. If the plug-in cannot connect or does not receive a response, the plug-in will attempt to connect and send the request to other WebLogic Servers in the cluster. If the connection fails or there is no response from any WebLogic Server in the cluster, an error message is sent.

Figure 10-1 demonstrates how the plug-in handles failover.

Connection Failures

Failure of the host to respond to a connection request could indicate possible problems with the host machine, networking problems, or other server failures.

Failure of WebLogic Server to respond, could indicate that WebLogic Server is not running or is unavailable, a hung server, a database problem, or other application failure.

Failover with a Single, Non-Clustered WebLogic Server

If you are running only a single WebLogic Server the same logic described here applies, except that the plug-in only attempts to connect to the server defined with the WebLogicHost parameter. If the attempt fails, an HTTP 503 error message is returned. The plug-in continues trying to connect to WebLogic Server until ConnectTimeoutSecs is exceeded.

The Dynamic Server List

When you specify a list of WebLogic Servers in the WebLogicCluster parameter, the plug-in uses that list as a starting point for load balancing among the members of the cluster. After the first request is routed to one of these servers, a dynamic server list is returned containing an updated list of servers in the cluster. The updated list adds any new servers in the cluster and deletes any that are no longer part of the cluster or that have failed to respond to requests. This list is updated automatically with the HTTP response when a change in the cluster occurs.

Failover, Cookies, and HTTP Sessions

When a request contains a session information stored in a cookie, in the POST data, or by URL encoding, the session ID contains a reference to the specific server in which the session was originally established (called the primary server) and a reference to an additional server where the original session is replicated (called the secondary server). A request containing a cookie attempts to connect to the primary server If that attempt fails, the request is routed to the secondary server. If both the primary and secondary servers fail, the session is lost and the plug-in attempts to make a fresh connection to another server in the dynamic cluster list. For more information see Figure 10-1 Connection Failover.

Figure 10-1 Connection Failover

*The Maximum number of retries allowed in the red loop is equal to
ConnectTimeoutSecs ÷ ConnectRetrySecs.