10 Oracle Web Cache

This chapter describes issues associated with Oracle Web Cache. It includes the following topics:

• Section 10.1, "Configuration Issues and Workarounds"

• Section 10.2, "Documentation Errata"

10.1 Configuration Issues and Workarounds

This section describes configuration issues and their workarounds. It includes the following topics:

• Section 10.1.1, "Reset the Random Password Generated in the Oracle Portal, Forms, Reports and Discoverer Install Types"

• Section 10.1.2, "Running Oracle Web Cache Processes as a Different User Is Not Supported"

• Section 10.1.3, "Defining Duplicate Origin Servers Causes Startup Failure"

• Section 10.1.4, "Mixed Protocols in Site-to-Server Mappings Causes Startup Failures"

• Section 10.1.5, "Oracle Web Cache Not Restarting When All Listening Ports Are SSL-Enabled"

• Section 10.1.6, "Exceptions When Starting Oracle Web Cache After Accessing Configuration Pages from Oracle Enterprise Manager Fusion Middleware Control"

10.1.1 Reset the Random Password Generated in the Oracle Portal, Forms, Reports and Discoverer Install Types

For enhanced security, no default hard-coded passwords are used for managing Oracle Web Cache.

When you install the Oracle Web Tier installation type, the Oracle Universal Installer prompts you to choose a password. The Web Cache Administrator page of the Oracle Universal Installer prompts you to enter a password for the administrator account. The administrator account is the Oracle Web Cache administrator authorized to log in to Oracle Web Cache Manager and make configuration changes through that interface.

When you install the Oracle Portal, Forms, Reports and Discoverer installation type, the prompt for the administrator password is missing. Instead, the Oracle Portal, Forms, Reports and Discoverer install type uses a random value chosen at install time.

No matter the installation type, before you begin configuration, change the passwords for these accounts to a secure password. If you are configuring a cache cluster, all members of the cluster must use the same password for the administrator account.

To change the password, use the Passwords page of Fusion Middleware Control, as described in Section 5.2, "Configuring Password Security," of the Oracle Fusion Middleware Administrator's Guide for Oracle Web Cache.

10.1.2 Running Oracle Web Cache Processes as a Different User Is Not Supported

Running Oracle Web Cache as a user other than the installed user through the use of the webcache_setuser.sh setidentity command is not supported for this release. Specifically, you cannot change the user ID with the following sequence:

1. Change the process identity of the Oracle Web Cache processes in the Process Identity page using Oracle Web Cache Manager (Properties > Process Identity).

2. Use the webcache_setuser.sh script as follows to change file and directory ownership:

   webcache_setuser.sh setidentity <user_ID> 
   

   where <user_ID> is the user you specified in the User ID field of the Process Identity page.

3. Restart Oracle Web Cache using opmnctl.

   Oracle Web Cache will start and then immediately shut down.

   In addition, messages similar to the following appear in the event log:

   [2009-06-02T21:22:46+00:00] [webcache] [ERROR:1] [WXE-13212] [logging] [ecid: ] Access log file /scratch/webtier/home/instances/instance1/diagnostics
   /logs/WebCache/webcache1/access_log could not be opened.
   [2009-06-02T21:22:46+00:00] [webcache] [WARNING:1] [WXE-13310] [io] [ecid: ] Problem opening file /scratch/webtier/home/instances/instance1/config
   /WebCache/webcache1/webcache.pid (Access Denied).
   [2009-06-02T21:22:46+00:00] [webcache] [ERROR:1] [WXE-11985] [esi] [ecid: ] Oracle Web Cache is unable to obtain the size of the default ESI fragment 
   page /scratch/webtier/home/instances/instance1/config
   /WebCache/webcache1/files/esi_fragment_error.txt.
   [2009-06-02T21:22:46+00:00] [webcache] [WARNING:1] [WXE-11905] [security] [ecid: ] SSL additional information: 
   The system could not open the specified file.
   

For further information about the webcache_setuser.sh script, see Section 5.9, "Running webcached with Root Privilege," of the Oracle Fusion Middleware Administrator's Guide for Oracle Web Cache.

10.1.3 Defining Duplicate Origin Servers Causes Startup Failure

Fusion Middleware Control enables you to configure multiple origin servers using the same host name and port number. Configure origin servers with duplicate host and port settings, both the cache server and admin server processes fail to start.

To resolve this issue:

1. Use a text editor to open webcache.xml, located in:

   (UNIX) ORACLE_INSTANCE/<instance_name>/config/WebCache/<webcache_name>
   (Windows) ORACLE_INSTANCE\<instance_name>\config\WebCache\<webcache_name>
   

2. Find the two or more HOST elements with the same NAME and PORT values as mentioned in the startup error message in the event log. Edit the port number of one of the HOST elements so that it is a unique value between 1 and 65535.

   For example, suppose the error message in the event log is as follows:

   Duplicate origin server hosts specified for host my.company.com port 8888.
   

   Also, the HOST elements in webcache.xml are as follows:

     <HOST OSSTATE="ON" LOADLIMIT="100" PORT="8888" NAME="my.company.com" ID="h1" />
     <HOST OSSTATE="ON" LOADLIMIT="100" PORT="8888" NAME="my.company.com" ID="h2" />
   

   You would modify the PORT value for one. For example:

     <HOST OSSTATE="ON" LOADLIMIT="100" PORT="8888" NAME="my.company.com" ID="h1" />
     <HOST OSSTATE="ON" LOADLIMIT="100" PORT="9999" NAME="my.company.com" ID="h2" />
   

You can now restart both the admin and cache server processes. You can then use Fusion Middleware Control or Web Cache Manager to make further configuration changes.

For further information about the configuring site-to-server mapping, see Section 2.11.2, "Specify Origin Server Settings," of the Oracle Fusion Middleware Administrator's Guide for Oracle Web Cache.

10.1.4 Mixed Protocols in Site-to-Server Mappings Causes Startup Failures

When you map sites to origin servers you cannot create a mapping that has a mix of HTTP and HTTPS origin sever. Select origin servers using HTTP or HTTPS, but not both protocols. If you select of origin server using a mix of HTTP and HTTPS, both the cache server and admin server processes fail to start.

To resolve this issue:

1. Use a text editor to open webcache.xml, located in:

   (UNIX) ORACLE_INSTANCE/<instance_name>/config/WebCache/<webcache_name>
   (Windows) ORACLE_INSTANCE\<instance_name>\config\WebCache\<webcache_name>
   

2. And the VIRTUALHOSTMAP element:

   <VIRTUALHOSTMAP PORT="80" NAME="my.company.com">
     <HOSTREF HOSTID="h1"/>
     <HOSTREF HOSTID="h2"/>
   </VIRTUALHOSTMAP>
   

3. Remove one of the HOSTREF child elements. For example:

   <VIRTUALHOSTMAP PORT="80" NAME="my.company.com">
     <HOSTREF HOSTID="h1"/>
    </VIRTUALHOSTMAP>
   

You can now restart both the admin and cache server processes. You can also use Fusion Middleware Control or Oracle Web Cache Manager to make further configuration changes.

For further information about the configuring site-to-server mappings, see Section 2.11.4, "Map Site Definitions to Origin Servers," of the Oracle Fusion Middleware Administrator's Guide for Oracle Web Cache.

10.1.5 Oracle Web Cache Not Restarting When All Listening Ports Are SSL-Enabled

Oracle Process Manager and Notification Server pings Oracle Web Cache. If the ping fails, OPMN attempts to restart Oracle Web Cache. If you configure all of the Oracle Web Cache listening ports for SSL, OPMN may unsuccessfully restart Oracle Web Cache unless you import the certificate to the OPMN wallet with one of the following methods:

• WLST Utility

  1. Use the exportWalletObject to export a certificate or other wallet object to a file.

  2. Use the importWalletObject to import a certificate or other object into an Oracle wallet.

• orapki Utility

  1. Use the orapki wallet export command to export a certificate to a file.

  2. Use the orapki wallet add command to import a certificate into an Oracle wallet.

  For further information about these utilities, see the Oracle Fusion Middleware Administrator's Guide.

10.1.6 Exceptions When Starting Oracle Web Cache After Accessing Configuration Pages from Oracle Enterprise Manager Fusion Middleware Control

To start, stop, or restart Oracle Web Cache from Fusion Middleware Control, from the Web Cache menu, you can choose Control, and then Start Up, Shut Down, or Restart. If you select Shut Down, and then a Start Up on a configuration page, Fusion Middleware Control may return exception errors. If these errors occur in your environment, perform the operations from Web Cache Home page.

10.2 Documentation Errata

This section describes documentation errata. It includes the following topic:

• Section 10.2.1, "Supported SSL Protocol Versions"

10.2.1 Supported SSL Protocol Versions

The online help for the SSL Configuration section of the Edit Port page in Fusion Middleware Control and Chapter 5, "Configuring Security" of Oracle Fusion Middleware Administrator's Guide for Oracle Web Cache do not provide details about the versions of SSL from the SSL Protocol Version list. The SSL version are mapped as follows:

• All: This selection enables the v1, v3, and v3-v2Hello options.

• v1: This selection supports TLS version 1 traffic.

• v3: This selection provides SSL version 3 traffic.

• v3_v2Hello: This selection combines the SSL version 2 hello message format with SSL version 3 handling to support SSL version upgrade during handshake operations.