Access the WebLogic Remote Console

Use the WebLogic Server Remote Console to access a domain in Oracle WebLogic Server for OCI release 14c (14.1.2.0.0).

Note:

As of 14c (14.1.2.0.0) the WebLogic Server Administration Console has been removed. For comparable functionality, you will use the WebLogic Remote Console.

If you are running 12c (12.2.1.4.0) or 14c (14.1.1), then you will continue to use the WebLogic Console as described in Access the WebLogic Server Administration Console.

In 14c (14.1.2.0.0) you will use the new Oracle WebLogic Remote console to manage domains installed with WebLogic Server for OCI Stacks. The following sections describe how to perform some basic management functions. For more information about using the Remote Console, see the Remote Console online help.

After you have created a domain using WebLogic Server for OCI stack version 14.1.2, you must download and install the Remote Console from the following GitHub repository:https://github.com/oracle/weblogic-remote-console .

Access the WebLogic Remote Console in a Public Subnet

Oracle WebLogic Servers running on compute instances assigned to a public subnet are accessible from the public internet using the Remote Console.

Sign into the Oracle Cloud Infrastructure Console.
Click the Navigation Menu icon, select Compute. Under the Compute group, click Instances.
From the Compartment dropdown, select the compartment in which your domain is created.
Click the name of the domain instance that has the Administration Server node.
The instance with the Administration Server node has wls-0 appended to the name. For example: abcde7xy-wls-0
Copy the public IP address value.
Open the WebLogic Remote Console and create a new Admin Server Connection Provider.
In the provider information provide the following values:
1. Name: Use a name that can easily correlate to this WebLogic domain e.g. abcde7xy
2. Provide Credentials: There are two methods to provide credentials in WebLogic 14.1.2:
  - specify the Username and Password fields in the provider
  - ask the remote console to open a web browser to authenticate using Single Sign on which will require you to re-authenticate when your session is expired
3. URL: https://IP-address:wls_administration_port
  The default WebLogic Server domain-wide Administration Port is 9002
  
  For example:
  
  https://192.0.2.1:9002
4. Proxy Override: Leave this field empty.
5. Make Insecure Connection: Selected
  The certificates used in WebLogic Server for OCI are issued to OCI DNS which is not resolvable outside. If you want to verify for Domain name information you can create a local host alias to pointing the Admin Server Internal FQDN to the Admin Server IP address and use the FQDN instead of the IP in URL.
  
  Note:
  You may also need to trust the CA used to sign your certificate.

Access the WebLogic Remote Console in a Private Subnet

Oracle WebLogic Server compute instances assigned to a private subnet are not accessible from the public Internet.Therefore, in order to use WebLogic Remote console to manage WebLogic domains deployed in such instances, you must create SSH tunneling.

Create SSH tunneling.
By opening an SSH tunnel with dynamic port forwarding, the SSH client becomes a Socket Secure (SOCKS) proxy listening on the port you specify. All traffic that routes to the proxy port is forwarded to its destination through the proxy server. Then when you configure your local installation of the WebLogic Remote Console to use a SOCKS proxy.
You can open an SSH tunnel using any of the following options:
- Bastion instance that's created on a public subnet and dynamic port forwarding with a secure shell (SSH) utility. See Create SSH Tunneling Using the Bastion Instance.
- Bastion service and dynamic port forwarding with a secure shell (SSH) utility. See Create SSH Tunneling Using the Bastion Service.
Configure a new provider in WebLogic Remote Console. See Configure Admin Server Provider using Proxy

Create SSH Tunneling Using the Bastion Instance

To use the WebLogic Remote console to manage WebLogic domains in a private subnet, you must use the bastion instance.

Sign in to the Oracle Cloud Infrastructure Console.
Click the Navigation Menu icon, select Compute. Under the Compute group, click Instances.
From the Compartment drop-down list, select the compartment in which your domain is created.
Click the name of the domain instance that has the Administration Server node.
The instance with the Administration Server node has wls-0 appended to the name. For example: abcde7xy-wls-0
Copy the private IP address value.
Return to the Compute Instances page.
Click the name of the bastion instance that's associated with the domain.
The domain's bastion instance is identified by servicename-bastion-instance. For example: abcde7xy-bastion-instance
Copy the public IP address value.
From your computer, open an SSH tunnel. There are two options:
- running the ssh command
- using PuTTY
To open an SSH tunnel by running the ssh command, follow these instructions:
1. From your computer, open an SSH tunnel to an unused port on the bastion node as the opc user.
  For example, you can use port 1088 for SOCKS proxy, but it can be any other unused port.
2. Specify the -D option to use dynamic port forwarding.
  Provide the path to the private key that corresponds to the public key that you specified when you created the domain.
  The SSH command format is:
```
ssh -i path_to_private_key -N -L localPort:AdminServerIP:wls_admin_port -p ssh_port opc@bastion_public_ip
```
  The default WebLogic Server domain-wide Administration Port is 9002
  For example:
```
ssh -i ~/.ssh/mykey.openssh -N -L 9002:10.0.2.1:9002 -p 22 opc@198.51.100.1
```
To open an SSH Tunnel using PuTTY, follow these instructions:
1. Start PuTTY on your Windows computer.
  The PuTTY Configuration page is displayed, showing the Session panel.
2. In the Host Name (or IP address) field, enter the public IP address of the bastion node.
3. In the Category navigation tree, expand Connection, and then click Data.
4. In the Auto-login username field, enter opc.
5. In the When username is not specified field, select Prompt.
6. In the Category tree, expand Connection, and then click SSH.
7. Under Protocol options, select the Don't start a shell command at all check box.
8. In the Category tree, expand SSH, and then click Auth.
9. Under Private key file for authentication, click Browse.
10. Navigate to the location of your private key file, and select it. Click Open.This private key corresponds to the public key that you specified when you created this service instance.
  
  Note:
  The .ppk file extension indicates that the private key is in PuTTY's proprietary format. You must use a key of this format when using PuTTY. If Oracle Cloud generated this key for your service instance, see the PuTTY documentation for information about converting the key format
11. In the Category tree, expand SSH, and then click Tunnels.
12. In the Destination field, enter IP:port where IP is the private IP address of the WebLogic Server node and port is the port number on the node to which you want to connect.
13. In the Source Port field, enter the same port number.
14. Click the Add button.
15. Optional: To save this session configuration, click Session in the Category tree, and then click Save. To load a saved configuration, select the configuration name, and then click Load.
16. Click Open.
17. If prompted, enter the passphrase for the private key

Create SSH Tunneling Using the Bastion Service

Create a Bastion service and dynamic port forwarding with a secure shell (SSH) utility.

Sign in to the Oracle Cloud Infrastructure Console.
If you have already created a Bastion service and a session in the required VCN, navigate to the Bastion and the Session, and then continue from step 18.
Click the navigation menu Navigation Menu icon, select Identity & Security. Under the Identity & Security group, click Bastion.
From the Compartment drop-down list, select the compartment in which your domain is created.
Click Create bastion.
Enter a name for the bastion.
Under Configure networking, select the Target virtual cloud network of the target resource that you intend to connect to by using sessions hosted on this bastion.
Select the Target subnet.
The subnet must either be the same as the target resource's subnet or it must be a subnet from which the target resource's subnet accepts network traffic.
In CIDR block allowlist, add one or more address ranges in CIDR notation that you want to allow to connect to sessions hosted by this bastion.
Enter a CIDR block, and then either click the value or press Enter to add the value to the list. The maximum allowed number of CIDR blocks is 20.
From the list of Bastion, click the name of the Bastion you created.
Click Create session.
From the Session type drop-down list, select SSH port forwarding session.
Under Connect to the target host option, select Instance name.
From the Compute instance, select the domain instance that has the Administration Server node.
The instance with the Administration Server node has wls-0 appended to the name. For example: abcde7xy-wls-0
In the Port field, enter the WebLogic administration server's listener port number, where the administration console is accessible. By default, the port number is 9002.
Under Add SSH Key, provide the public key file of the SSH key pair that you want to use for the session.
Click Create Session.
Click Actions for the session you created, and select View SSH command.
In the View SSH command window, click Copy to copy the SSH command.
Paste the SSH command in a text editor.
In the SSH command, replace <privateKey> with the path to the private key that corresponds to the public key that you specified when you created the domain.
In the SSH command, replace the <localPort> with the preferred local port number.
Copy the updated SSH command.
From your computer, open a SSH utility.
Paste the SSH command and then press Enter.
If prompted to continue connecting, type Yes and press Enter.

Configure Admin Server Provider using Proxy

After you have set up the SSH tunneling, you must configure a new provider in WebLogic Remote Console.

Sign in to the Oracle Cloud Infrastructure Console.
Click the navigation menu Navigation Menu icon, select Compute. Under the Compute group, click Instances.
From the Compartment drop-down list, select the compartment in which your domain is created.
Click the name of the domain instance that has the Administration Server node.
The instance with the Administration Server node has wls-0 appended to the name. For example: abcde7xy-wls-0
Copy the private IP address value that will be referred to as the admin_server_private_ip_address.
Open the WebLogic Remote Console and create a new Admin Server Connection Provider.
In the provider information panel, provide the following values:
1. Name: Use a name that can easily correlate to this WebLogic domain e.g. abcde7xy
2. Provide Credentials: There are two methods to provide credentials in WebLogic 14.1.2:
  - specify the Username and Password fields in the provider
  - ask the Remote Console to open a web browser to authenticate using Single Sign on. This option requires you to re-authenticate when your session is expired and configure your browser with Socks4.
3. URL: https://localHost:localPort
  For example:
  
  https://127.0.0.1:9002
4. Proxy Override: Leave this field empty.
5. Make Insecure Connection: Selected
  The certificates used in WebLogic Server for OCI are issued to OCI DNS which is not resolvable outside. If you want to verify for Domain name information, then you can create a local host alias to point to the Admin Server Internal FQDN to the Admin Server IP address and use the FQDN instead of the IP in URL.
  
  Note:
  You may also need to trust the CA used to sign your certificate.
6. When you click OK, the Remote Console should load your WebLogic domain home.
  
  Note:
  If you selected option “Use Web Authentication” you will first be redirected to a browser to provide credentials.