Set Up an Oracle Cloud Infrastructure Load Balancer

If you need the ability to update the Oracle Cloud Infrastructure Load Balancing configuration for an Oracle Java Cloud Service instance, then you must create the load balancer manually. You can't update the Oracle Cloud Infrastructure Load Balancing configuration if the load balancer is provisioned automatically during the creation of the Oracle Java Cloud Service instance.

Prepare to Set Up an Oracle Cloud Infrastructure Load Balancer

Before you begin setting up an instance of Oracle Cloud Infrastructure Load Balancing for your Oracle Java Cloud Service instance, understand the advantages and disadvantages of using a manually configured load balancer. In addition, gather the required information about the Oracle WebLogic Server managed servers in the Oracle Java Cloud Service instance.

  1. Understand the advantages of using a manually configured instance of Oracle Cloud Infrastructure Load Balancing, when compared with a load balancer that's provisioned automatically while creating an Oracle Java Cloud Service instance.

    A manually configured Oracle Cloud Infrastructure Load Balancing instance gives you greater flexibility and control.

    • You can choose the bandwidth shape while creating the load balancer.

      An Oracle Cloud Infrastructure Load Balancing instance that's provisioned automatically during the creation of an Oracle Java Cloud Service instance is configured to use the 100-Mbps shape; you can't choose the shape.

    • You can configure the parameters of the load balancer. For example, you can add your own SSL/TLS certificates, configure listeners, add multiple backend sets, configure routing rules, and so on.
  2. Be aware of the disadvantages of using a manually configured instance of Oracle Cloud Infrastructure Load Balancing.

    A manually configured load balancer imposes certain administrative responsibilities:

    • When you scale-out or scale-in your Oracle Java Cloud Service instance, the backend set of a manually configured Oracle Cloud Infrastructure Load Balancing instance is not updated automatically. You must update the backend set manually to add or remove the Oracle WebLogic Server nodes.
    • When you delete the Oracle Java Cloud Service instance, the load balancer instance is not removed automatically; you must delete it separately.
  3. Obtain an SSL/TLS certificate.

    You can use a certificate that's issued by a third-party Certificate Authority (CA), or a self-signed certificate that you generate by using tools such as Open SSL.

    For more information about obtaining a CA certificate, see the documentation provided by your CA. For the steps to generate self-signed certificates, see the documentation for the certificate-generation tool that you want to use.

  4. Identify the listen ports of the Oracle WebLogic Server managed servers in your Oracle Java Cloud Service instance.
    The default listen ports of the managed servers in an Oracle Java Cloud Service instance are 8001 for HTTP and 8002 HTTPS. The listen ports are defined in the network channel configuration of each managed server.
    • If you want to terminate SSL at the load balancer, then use the HTTP port number of the managed server.
    • If you want the load balancer to route requests to the backend using HTTPS, then use the HTTPS port number.
    You can find the listen ports of the managed servers in the Oracle WebLogic Server administration console.
    1. Sign in the Oracle WebLogic Server Administration Console of your Oracle Java Cloud Service instance.
    2. In the Domain Structure pane, expand Environment, and click Servers.
      Complete the steps that follow for each managed server to which you want the load balancer to route requests.
    3. Click the name of the managed server.
    4. Click the Protocols tab.
    5. Click the Channels subtab.
    6. Note the HTTP or HTTPS port number (as required) that's displayed in the Public Port field.

Create and Configure an Instance of Oracle Cloud Infrastructure Load Balancing

Using the Oracle Cloud Infrastructure web console, create a load balancer and configure its backend set.

  1. Sign in to the Oracle Cloud Infrastructure web console.
  2. In the Regions list near the upper-right corner, select the region in which you created your Oracle Java Cloud Service instance.
  3. Create an instance of Oracle Cloud Infrastructure Load Balancing.
    1. From the navigation menu, under the Core Infrastructure group, select Networking, and then select Load Balancers.
    2. In the Compartment field, select the compartment that you want to create the load balancer in.
    3. Click Create Load Balancer.
    4. Enter a name for the load balancer.
    5. Specify whether the load balancer must be public or private.
    6. Select the bandwidth shape.
      Note that the shape you choose here affects the billing for the load balancer.
    7. Select the virtual cloud network (VCN) and the subnets to which you want to attach the load balancer.
      In a region that has more than one availability domain (AD), you can select either a single regional subnet (recommended) or two AD-specific subnets.
    8. Click Next Step.
    9. Select a load balancing policy.
    10. Click Add Backends.
    11. Click Change Compartment, and then select ManagedCompartmentForPaaS.
    12. Locate and select the nodes of your Oracle Java Cloud Service instance.
      The names of the compute nodes are in the format, subscriptionID|JaaS|jcsInstanceName|wls|vm-n.

      For example: 599949999|JaaS|myJCSinstance|wls|vm-1

      Look for the compute nodes where jcsInstanceName matches the name of your Oracle Java Cloud Service instance.

    13. Click Add Selected Backends.
    14. Change the Port of each server to the port at which the managed server node listens for requests (for example, 8001).
    15. Optional: Click Advanced Options, and then change the default name of the backend set.
    16. Click Next Step.
    17. Optional: Change the default listener name and port.
    18. Select or paste your SSL certificate.
    19. If you selected a self-signed certificate, then select or paste the corresponding private key, and enter the private key passphrase.
    20. Click Create Load Balancer.
  4. Configure the load balancer to include the WL-Proxy-SSL header in the requests that it forwards to the Oracle WebLogic Server nodes in the backend set.
    Oracle WebLogic Server uses this header to determine that the requests came to the load balancer over SSL/TLS.
    1. From the load balancer details page, under Resources in left navigation pane, click Rule Sets.
    2. Click Create Rule Set.
    3. Enter a name for the rule set.
    4. Select Specify Request Header Rules.
    5. Configure the rule:
      • Action: Select Add Request Header.
      • Header: Enter WL-Proxy-SSL
      • Value: Enter true
    6. Click Create.
    7. Click Close.
      Wait for the rule to be created.
    8. Under Resources in the left navigation pane, click Listeners.
    9. Locate the listener that you created earlier, click Actions icon, and then select Edit.
    10. In the Edit Listener dialog box, in the Rule Sets section, click Additional Rule Set.
    11. Select the rule set that you created, and then click Save Changes.
    12. Click Close.
  5. Ensure that the security list of the load balancer's subnet has the required security rules to allow TCP traffic from the Internet to the listener port that you created.
    If your region has more than one AD and if you specified two AD-specific subnets for the load balancer, then complete the following steps for each of the two subnets.
    1. On the Load Balancer Details page, locate the Subnet field, and then click the subnet.
      The VCN that contains the subnet is displayed.
    2. Click your load balancer's subnet.
    3. Click the first security list for the subnet.
    4. Under Ingress Rules, check whether a rule with the following properties exists:
      Source: 0.0.0.0/0
      IP Protocol: TCP
      Source Port Range: All
      Destination Port Range: yourListenerPort

      If the rule exists, then skip the remainder of this substep and proceed to the "Verify access" step.

    5. If the rule doesn't exist, then click Add Ingress Rules.
    6. For Source CIDR, enter 0.0.0.0/0.
    7. For Destination Port Range, enter the port number of your listener.
    8. Click Add Ingress Rules.
  6. Verify access to the applications deployed to your Oracle Java Cloud Service.
    1. Return the Load Balancer Details page.
    2. Note the public IP address displayed in the IP Address field.
    3. Construct the load balancer URL for the application that you want to access.
      URL format: https://yourLBAddress:yourListenerPort/yourAppContextRoot

      URL example: https://203.0.113.100:4343/my-app

      If you didn't change the listener port, the default is 443.

      The context root of the sample application that's included with Oracle Java Cloud Service is /sample-app. You can find the context root of your application from the application settings in the Oracle WebLogic Server Administration Console.

    4. In your web browser, go the URL that you constructed.

For more information, see Managing a Load Balancer in the Oracle Cloud Infrastructure documentation.