Transfer EUM Data to OMC Collectors
APM supports different deployment scenarios for transfer of EUM data to OMC. Listed here are different deployment scenarios and related configuration options.
Determine configuration scenario for your deployment
Scenario 1: If your company allows full internet access to all users, EUM data will be sent to OMC without any special configuration, without a proxy setup.
Scenario 2: If your company limits internet access, but would still like complete EUM data to be sent to OMC, then you should configure your existing firewall or proxy to permit requests to be sent to OMC. See Transferring EUM Data through a Proxy.
Scenario 3: If there are special security or administrative requirements, you can configure a reverse proxy or proxy in front of existing proxies or firewalls. See Transferring EUM Data through a Reverse Proxy.
Transfer EUM Data through a Proxy
In cases where internal users of an enterprise web application have access to that application, but not to the internet in general, proxy rules should be adapted to allow access to the APM collector for all users. In that way, you can send EUM performance data to the APM collector even if users do not have access to the collector otherwise.
You can see the details of the APM collector endpoint to be configured in the APM UI by selecting APM Admin and then Browser Agent. Enable access to the collectorURL. Configuration of a proxy is vendor specific, see the documentation provided by the proxy vendor for configuration details.
Transfer EUM Data through a Reverse Proxy
The reverse proxy technique allows browsers to find a way through the customer firewall that is open for access only to the OMC Collector. The browser will find the reverse proxy and interact with it like the Oracle cloud end point. You can configure reverse proxy by following these steps:
Configure APM Agent to use a different collectorUrl
The APM Agent should override the end point it receives from Oracle cloud with the local end point of the reverse proxy. This can be done by configuring the property for collectorUrl
in AgentStartup.properties
file. This setting will override the default value that is retrieved from Oracle cloud through service registry. When there are no https
sites that require monitoring, set the collectorUrl
to http
instead of https
.
oracle.apmaas.agent.collectorUrl=https://myproxy.example.com:4443/APMaaSCollector/external/collector
In the example above, replace myproxy.example.com
and the port number 4443 with the hostname and the port number of the machine where the reverse proxy is installed. Once the collectorUrl
is updated, bounce the application server(s).
Configure a Reverse Proxy
You can configure a reverse proxy using any reverse proxy configuration tools like NGINX, Squid or WebLogic ProxyPlugin.
Note:
If you have an Oracle HTTP Server setup, skip steps 1-6. If you are using a trusted certificate, skip step 7.-
Navigate to http://www.oracle.com/technetwork/middleware/webtier/downloads/index.html
-
Accept the license agreement.
-
Scroll to Oracle WebTier 12cR2 and Oracle HTTP Server 12.2.1.1.
-
Select Linux-64 bit and download the installer.
-
Follow the documentation to install Oracle HTTP Server at https://docs.oracle.com/middleware/1213/index.html.
Note:
The above document assumes that OHS is installed at/Oracle
. -
Start the
nodemanager
.# export DOMAIN_HOME=<WLS Domain home> # cd $DOMAIN_HOME/bin # nohup ./startNodeManager.sh > nm.out&
Example:# export DOMAIN_HOME="/Oracle/Middleware/Oracle_Home/user_projects/domains/base_domain" # cd $DOMAIN_HOME/bin # nohup ./startNodeManager.sh > nm.out&
-
Add the HTTP Server certificate to wallet.
-
Prepare the wallet:
# export DOMAIN_HOME=<WLS Domain home> # cd $DOMAIN_HOME/config/fmwconfig/components/OHS/instances/ohs1/keystores # mkdir proxy # $DOMAIN_HOME/../../../oracle_common/bin/orapki wallet create -wallet . -auto_login_only
Example:
# export DOMAIN_HOME=/Oracle/Middleware/Oracle_Home/user_projects/domains/base_domain # cd $DOMAIN_HOME/config/fmwconfig/components/OHS/instances/ohs1/keystores # mkdir proxy # $DOMAIN_HOME/../../../oracle_common/bin/orapki wallet create -wallet . -auto_login_only
-
Get the Certificates and add to the wallet:
Method 1:
# echo -n | openssl s_client -connect <OMC collector URL>:<port> | sed -ne '/-BEGIN CERTIFICATE-/,/-END CERTIFICATE-/p' > /tmp/proxy_certificate.cert
Method 2:
-
Install (or update) the CA certificates:
# yum update ca-certificates
-
Split the bundle CA root file containing all certificates into separate files. (
orapki
cannot handle a bundle.)# awk 'BEGIN {c=0;} /BEGIN CERT/{c++} { print > "cert." c ".pem"}' < /etc/pki/tls/certs/ca-bundle.crt
-
Load the individual certificates into the OHS proxy wallet.
# for i in `ls cert.*.pem`; do / Oracle/Middleware/Oracle_Home/oracle_common/bin/orapki wallet add -wallet . -cert $i -trusted_cert -auto_login_only; done
-
-
-
Retrieve the APM
collectorUrl
.In the left navigation pane on the APM UI, click Administration and select Browser Agent. The
collectorUrl
is displayed in the Browser Agent screen. . -
Configure HTTPS reverse proxy with Oracle HTTP Server.
-
In an editor, open the
ssl.conf
file located in the folderohs1
.# export DOMAIN_HOME=<WLS Domain home> DOMAIN_HOME/config/fmwconfig/components/OHS/instances/ohs1
Example:
# export DOMAIN_HOME="/Oracle/Middleware/Oracle_Home/user_projects/domains/base_domain" # vi $DOMAIN_HOME/config/fmwconfig/components/OHS/instances/ohs1/ssl.conf
-
Configure the SSL reverse proxy in an existing virtualhost definition section.
Example:... <VirtualHost *:4443> <IfModule ossl_module> # SSL Engine Switch: # Enable/Disable SSL for this virtual host. SSLEngine on SSLProxyEngine on SSLProxyWallet "${ORACLE_INSTANCE}/config/fmwconfig/components/${COMPONENT_TYPE}/instances/${COMPONENT_NAME}/keystores/proxy" SSLProxyVerify none ProxyPass "/APMaaSCollector" "https://cloud_APM_Collector/APMaaSCollector" ProxyPassReverse "/APMaaSCollector" "https://cloud_APM_Collector/APMaaSCollector" ProxyPreserveHost On ProxyRequests off ... </VirtualHost> ...
-
Replace the URL
https://cloud_APM_Collector/APMaaSCollector
with the actual collector URL on Oracle cloud from step 8.Note:
To use HTTP communication between browser and Reverse Proxy, comment out theSSLEngine on
line. -
Start
ohs1
component.# export DOMAIN_HOME=<WLS Domain home> # cd DOMAIN_HOME/bin # ./startComponent.sh ohs1
Example:
# export DOMAIN_HOME=/Oracle/Middleware/Oracle_Home/user_projects/domains/base_domain # cd DOMAIN_HOME/bin # ./startComponent.sh ohs1
-
Collect Internal IP Addresses
In internal company networks that are monitored with EUM, you can view the client IP addresses by making these configurations.
- Configure your proxy or gateway device to add the
X-ORACLE-CLIENT-IP
header. - Populate this header with the real IP address of the client.
Configuration details depend on the device or software being used.
Note:
Reporting on geographic locations is currently not supported for internal IP addresses.