1. Installing and Configuring Oracle Application Performance Monitoring
  2. Set Up End User Monitoring
  3. Transfer EUM Data to OMC Collectors

Transfer EUM Data to OMC Collectors

APM supports different deployment scenarios for transfer of EUM data to OMC. Listed here are different deployment scenarios and related configuration options.

Determine configuration scenario for your deployment

Scenario 1: If your company allows full internet access to all users, EUM data will be sent to OMC without any special configuration, without a proxy setup.

Scenario 2: If your company limits internet access, but would still like complete EUM data to be sent to OMC, then you should configure your existing firewall or proxy to permit requests to be sent to OMC. See Transferring EUM Data through a Proxy.

Scenario 3: If there are special security or administrative requirements, you can configure a reverse proxy or proxy in front of existing proxies or firewalls. See Transferring EUM Data through a Reverse Proxy.

Transfer EUM Data through a Proxy

In cases where internal users of an enterprise web application have access to that application, but not to the internet in general, proxy rules should be adapted to allow access to the APM collector for all users. In that way, you can send EUM performance data to the APM collector even if users do not have access to the collector otherwise.

You can see the details of the APM collector endpoint to be configured in the APM UI by selecting APM Admin and then Browser Agent. Enable access to the collectorURL. Configuration of a proxy is vendor specific, see the documentation provided by the proxy vendor for configuration details.

Transfer EUM Data through a Reverse Proxy

The reverse proxy technique allows browsers to find a way through the customer firewall that is open for access only to the OMC Collector. The browser will find the reverse proxy and interact with it like the Oracle cloud end point. You can configure reverse proxy by following these steps:

Configure APM Agent to use a different collectorUrl

The APM Agent should override the end point it receives from Oracle cloud with the local end point of the reverse proxy. This can be done by configuring the property for collectorUrl in AgentStartup.properties file. This setting will override the default value that is retrieved from Oracle cloud through service registry. When there are no https sites that require monitoring, set the collectorUrl to http instead of https.

Here is an example of the setting:
oracle.apmaas.agent.collectorUrl=https://myproxy.example.com:4443/APMaaSCollector/external/collector
In the example above, replace myproxy.example.com and the port number 4443 with the hostname and the port number of the machine where the reverse proxy is installed. Once the collectorUrl is updated, bounce the application server(s).

Configure a Reverse Proxy

You can configure a reverse proxy using any reverse proxy configuration tools like NGINX, Squid or WebLogic ProxyPlugin.

Note:

If you have an Oracle HTTP Server setup, skip steps 1-6. If you are using a trusted certificate, skip step 7.

  1. Navigate to http://www.oracle.com/technetwork/middleware/webtier/downloads/index.html

  2. Accept the license agreement.

  3. Scroll to Oracle WebTier 12cR2 and Oracle HTTP Server 12.2.1.1.

  4. Select Linux-64 bit and download the installer.

  5. Follow the documentation to install Oracle HTTP Server at https://docs.oracle.com/middleware/1213/index.html.

    Note:

    The above document assumes that OHS is installed at /Oracle.

  6. Start the nodemanager. 

    # export DOMAIN_HOME=<WLS Domain home>
# cd $DOMAIN_HOME/bin
# nohup ./startNodeManager.sh > nm.out&
    Example:
    # export DOMAIN_HOME="/Oracle/Middleware/Oracle_Home/user_projects/domains/base_domain"
# cd $DOMAIN_HOME/bin
# nohup ./startNodeManager.sh > nm.out&

  7. Add the HTTP Server certificate to wallet.

    1. Prepare the wallet:

      # export DOMAIN_HOME=<WLS Domain home>
# cd $DOMAIN_HOME/config/fmwconfig/components/OHS/instances/ohs1/keystores
# mkdir proxy
# $DOMAIN_HOME/../../../oracle_common/bin/orapki wallet create -wallet . -auto_login_only

      Example:

      # export DOMAIN_HOME=/Oracle/Middleware/Oracle_Home/user_projects/domains/base_domain
# cd $DOMAIN_HOME/config/fmwconfig/components/OHS/instances/ohs1/keystores
# mkdir proxy
# $DOMAIN_HOME/../../../oracle_common/bin/orapki wallet create -wallet . -auto_login_only

    2. Get the Certificates and add to the wallet:

      Method 1:

      # echo -n | openssl s_client -connect <OMC collector URL>:<port> | sed -ne '/-BEGIN CERTIFICATE-/,/-END CERTIFICATE-/p' > /tmp/proxy_certificate.cert

      Method 2:

      1. Install (or update) the CA certificates:

        # yum update ca-certificates

      2. Split the bundle CA root file containing all certificates into separate files. (orapki cannot handle a bundle.) 

        # awk 'BEGIN {c=0;} /BEGIN CERT/{c++} { print > "cert." c ".pem"}' < /etc/pki/tls/certs/ca-bundle.crt

      3. Load the individual certificates into the OHS proxy wallet.

        # for i in `ls cert.*.pem`; do / Oracle/Middleware/Oracle_Home/oracle_common/bin/orapki wallet add -wallet . -cert $i -trusted_cert -auto_login_only; done

  8. Retrieve the APM collectorUrl.

    In the left navigation pane on the APM UI, click Administration and select Browser Agent. The collectorUrl is displayed in the Browser Agent screen. .

  9. Configure HTTPS reverse proxy with Oracle HTTP Server.

    1. In an editor, open the ssl.conf file located in the folder ohs1. 

      # export DOMAIN_HOME=<WLS Domain home>
DOMAIN_HOME/config/fmwconfig/components/OHS/instances/ohs1

      Example:

      # export DOMAIN_HOME="/Oracle/Middleware/Oracle_Home/user_projects/domains/base_domain"
# vi $DOMAIN_HOME/config/fmwconfig/components/OHS/instances/ohs1/ssl.conf

    2. Configure the SSL reverse proxy in an existing virtualhost definition section.

      Example:
      ...
<VirtualHost *:4443>
  <IfModule ossl_module>
   #  SSL Engine Switch:
   #  Enable/Disable SSL for this virtual host.
   SSLEngine on
   SSLProxyEngine on
   SSLProxyWallet "${ORACLE_INSTANCE}/config/fmwconfig/components/${COMPONENT_TYPE}/instances/${COMPONENT_NAME}/keystores/proxy"
   SSLProxyVerify none
   ProxyPass "/APMaaSCollector" "https://cloud_APM_Collector/APMaaSCollector"
   ProxyPassReverse "/APMaaSCollector" "https://cloud_APM_Collector/APMaaSCollector"
   ProxyPreserveHost On
   ProxyRequests off
   ...
</VirtualHost>
...

    3. Replace the URL https://cloud_APM_Collector/APMaaSCollector with the actual collector URL on Oracle cloud from step 8.

      Note:

      To use HTTP communication between browser and Reverse Proxy, comment out the SSLEngine on line.

    4. Start ohs1 component. 

      # export DOMAIN_HOME=<WLS Domain home>
# cd DOMAIN_HOME/bin
# ./startComponent.sh ohs1

      Example:

      # export DOMAIN_HOME=/Oracle/Middleware/Oracle_Home/user_projects/domains/base_domain
# cd DOMAIN_HOME/bin
# ./startComponent.sh ohs1

Collect Internal IP Addresses

In internal company networks that are monitored with EUM, you can view the client IP addresses by making these configurations.

  1. Configure your proxy or gateway device to add the X-ORACLE-CLIENT-IP header.
  2. Populate this header with the real IP address of the client.

Configuration details depend on the device or software being used.

Note:

Reporting on geographic locations is currently not supported for internal IP addresses.