Set Up an Oracle Cloud Infrastructure Load Balancer

If you need the ability to update the Oracle Cloud Infrastructure Load Balancing configuration for an Oracle Java Cloud Service instance, then you must create the load balancer manually. You can't update the Oracle Cloud Infrastructure Load Balancing configuration if the load balancer is provisioned automatically during the creation of the Oracle Java Cloud Service instance.

Prepare to Set Up an Oracle Cloud Infrastructure Load Balancer

Before you begin setting up an instance of Oracle Cloud Infrastructure Load Balancing for your Oracle Java Cloud Service instance, understand the advantages and disadvantages of using a manually configured load balancer. In addition, gather the required information about the Oracle WebLogic Server managed servers in the Oracle Java Cloud Service instance.

  1. Understand the advantages of using a manually configured instance of Oracle Cloud Infrastructure Load Balancing, when compared with a load balancer that's provisioned automatically while creating an Oracle Java Cloud Service instance.

    A manually configured Oracle Cloud Infrastructure Load Balancing instance gives you greater flexibility and control.

    • You can choose the bandwidth shape while creating the load balancer.

      An Oracle Cloud Infrastructure Load Balancing instance that's provisioned automatically during the creation of an Oracle Java Cloud Service instance is configured to use the 100-Mbps shape; you can't choose the shape.

    • You can configure the parameters of the load balancer. For example, you can add your own SSL/TLS certificates, configure listeners, add multiple backend sets, configure routing rules, and so on.
  2. Be aware of the disadvantages of using a manually configured instance of Oracle Cloud Infrastructure Load Balancing.

    A manually configured load balancer imposes certain administrative responsibilities:

    • When you scale-out or scale-in your Oracle Java Cloud Service instance, the backend set of a manually configured Oracle Cloud Infrastructure Load Balancing instance is not updated automatically. You must update the backend set manually to add or remove the Oracle WebLogic Server nodes.
    • When you delete the Oracle Java Cloud Service instance, the load balancer instance is not removed automatically; you must delete it separately.
  3. Obtain an SSL/TLS certificate.

    You can use a certificate that's issued by a third-party Certificate Authority (CA), or a self-signed certificate that you generate by using tools such as Open SSL.

    For more information about obtaining a CA certificate, see the documentation provided by your CA. For the steps to generate self-signed certificates, see the documentation for the certificate-generation tool that you want to use.

  4. Identify the listen ports of the Oracle WebLogic Server managed servers in your Oracle Java Cloud Service instance.
    The default listen ports of the managed servers in an Oracle Java Cloud Service instance are 8001 for HTTP and 8002 HTTPS. The listen ports are defined in the network channel configuration of each managed server.
    • If you want to terminate SSL at the load balancer, then use the HTTP port number of the managed server.
    • If you want the load balancer to route requests to the backend using HTTPS, then use the HTTPS port number.
    You can find the listen ports of the managed servers in the Oracle WebLogic Server administration console.
    1. Sign in the Oracle WebLogic Server Administration Console of your Oracle Java Cloud Service instance.
    2. In the Domain Structure pane, expand Environment, and click Servers.
      Complete the steps that follow for each managed server to which you want the load balancer to route requests.
    3. Click the name of the managed server.
    4. Click the Protocols tab.
    5. Click the Channels subtab.
    6. Note the HTTP or HTTPS port number (as required) that's displayed in the Public Port field.

Create and Configure an Instance of Oracle Cloud Infrastructure Load Balancing

Using the Oracle Cloud Infrastructure web console, create a load balancer and configure its backend set.

  1. Sign in to the Oracle Cloud Infrastructure web console.
  2. In the Regions list near the upper-right corner, select the region in which you created your Oracle Java Cloud Service instance.
  3. Identify the OCIDs of the compute nodes of the Oracle Java Cloud Service instance for which you want to set up a load balancer.
    1. In the services menu, under the Core Infrastructure group, select Compute, and then select Instances.
    2. In the Compartment field, select ManagedCompartmentForPaaS.
    3. From the list of compute nodes displayed, locate the nodes of your Oracle Java Cloud Service instance.
      The names of the compute nodes are in the format, subscriptionID|JaaS|jcsInstanceName|wls|vm-n (for example, 599949999|JaaS|myJCSinstance|wls|vm-1).

      Look for the compute nodes where jcsInstanceName matches the name of your Oracle Java Cloud Service instance.

    4. Copy the OCID of each compute node.

      Note:

      Your Oracle Java Cloud Service instance might contain multiple nodes. Make sure that you copy the OCID of every node.
  4. Create an instance of Oracle Cloud Infrastructure Load Balancing.
    1. In the services menu, under the Core Infrastructure group, select Networking, and then select Load Balancers.
    2. In the Compartment field, select the compartment that you want to create the load balancer in.
    3. Click Create Load Balancer.
    4. Enter or select the load balancer settings.
      For detailed instructions, see the Oracle Cloud Infrastructure documentation.

      Load Balancer Information: Enter a name, select the bandwidth shape, and specify whether the load balancer must be public or private. Note that the shape you choose here affects the billing for the load balancer instance.

      Network Information: Select the virtual cloud network (VCN) and the subnets to which you want to attach the load balancer. In a region that has more than one availability domain (AD), you can select either a single regional subnet (recommended) or two AD-specific subnets.

      Listener Information:
      • Protocol: Select HTTP.
      • Port: Enter the port number at which you want the load balancer to receive requests from clients.

        Make a note of the port number that you enter.

      • Use SSL: Select this check box.
      • In the certificate-related fields, specify the certificate that you obtained earlier, the private key (mandatory), and the passphrase for the key.
      Backend Set Information:
      • Select a traffic distribution policy.
      • Remove the placeholder backend server by clicking Delete button.

        Don't add any backend servers yet. You'll add them later.

      • Click Show Advanced Options, and enter a name of your choice in the Backend Set Name field.
      • Leave the other fields at the default settings.
    5. Click Create.
  5. Configure the backend set.
    1. Under Resources in left navigation pane, click Backend Sets.
    2. Click the backend set displayed in the Backend Sets section of the web console.
    3. Under Resources in left navigation pane, click Backends.
    4. Click Edit Backends.
    5. Create a backend server for each Oracle Java Cloud Service node to which you want the load balancer to route requests:
      For each backend server, enter the following:
      • Instance OCID: Enter the OCID of the Oracle Java Cloud Service node.
      • Port: Enter the port at which the managed server node listens for requests (for example, 8001).
      • Weight: Enter the relative weight that you want to assign to the node.
    6. After you create the required the backend servers, click Submit.
      The Add Security List Rules dialog box is displayed.
    7. Wait for the backend set to be updated. When the status changes to SUCCEEDED, scroll down and click Create Rules.
  6. Configure the load balancer to include the WL-Proxy-SSL header in the requests that it forwards to the Oracle WebLogic Server nodes in the backend set.
    Oracle WebLogic Server uses this header to determine that the requests came to the load balancer over SSL/TLS.
    1. In the breadcrumbs at the top of the web console, click Load Balancer Details.
    2. Under Resources in left navigation pane, click Rule Sets.
    3. Click Create Rule Set, and enter or select the following:
      • Name: Enter a name for the rule set.
      • Action: Select Add Request Header.
      • Header: Enter WL-Proxy-SSL
      • Value: Enter true
    4. Click Create.
    5. Click Close.
    6. After the new rule set is created, under Resources in the left navigation pane, click Listeners.
    7. Locate the listener that you created earlier, click Actions menu, and select Edit Listener.
    8. In the Edit Listener dialog box, in the Rule Sets section, click Additional Rule Set.
    9. Select the rule set that you created, and click Submit.
    10. Click Close.
  7. Ensure that the security list of the load balancer's subnets have the required security rules to allow TCP traffic from the internet to the listener port that you created.
    If your region has more than one AD and if you specified two AD-specific subnets for the load balancer, then complete the following steps for each of the two subnets.
    1. On the Load Balancer Details page, locate the Subnet field, and click the subnet.
      The VCN that contains the subnet is displayed.
    2. Locate your load balancer's subnet, and click the security list displayed for it.
    3. Under Ingress Rules, check whether a rule with the following properties exists:
      Source: 0.0.0.0/0
      IP Protocol: TCP
      Source Port Range: All
      Destination Port Range: yourListenerPort

      If the rule exists, then skip the remainder of this substep and proceed to the "Verify access" step.

    4. If the rule doesn't exist, then click Edit All Rules near the top of the page.
    5. In the Edit Security List Rules dialog box, scroll to the bottom of the Allow Rules for Ingress section.
    6. Click the + Another Ingress Rule button after the last ingress rule.
      A new rule (initially empty) is created.
    7. Enter or select the following:
      • Source CIDR: Enter 0.0.0.0/0
      • Destination Port Range: Enter the port number of your listener.
      • Leave the other fields at the default settings.
    8. Scroll to the bottom of the Edit Security List Rules dialog box.
    9. Click Save Security List Rules.
  8. Verify access to the applications deployed to your Oracle Java Cloud Service.
    1. In the Load Balancer Information section of the web console, note the public IP address displayed in the IP Address field.
    2. Construct the load-balancer URL for the application that you want to access.
      URL format: https://address:port/appContextRoot

      URL example: https://203.0.113.100:4343/my-app

      • address is the public IP address of the load balancer.
      • port is the port number of the load balancer's listener.

        If you don't know the port number, click Listeners in the Resources left-navigation pane, locate the required listener, and note the port number.

      • /appContextRoot is the context root (path) of the application.

        For example, the context root of the sample application that's included with Oracle Java Cloud Service is /sample-app. You can find the context root of your application from the application settings in the Oracle WebLogic Server Administration Console.

    3. In your web browser, go the URL that you constructed.