Configuring Oracle HTTP Server for an Enterprise Deployment

16 Configuring Oracle HTTP Server for an Enterprise Deployment

Install and configure Oracle HTTP Server (OHS) to direct HTTP(S) requests from the hardware load balancer to specific Managed Servers in the application tier.

For an enterprise deployment, Oracle HTTP Server must be installed on each of the web tier hosts and configured as Oracle HTTP standalone domains on each host.

In an SSL Terminated deployment, the load balancer communicates with OHS over the HTTP protocol and the OHS instances are also communicate over the HTTP Protocol to the backend WebLogic servers.

In end-to-end SSL deployments, the Load balancer communicates with OHS over SSL protocol for a more secure configuration. The OHS instances also communicate over SSL protocol with the specific Managed Servers in the application tier. SSL is configured all the way from the LBR to the backend WebLogic servers.

Before you configure Oracle HTTP Server, be sure to review Understanding the Web Tier.

About the Oracle HTTP Server Domains
In an enterprise deployment, each Oracle HTTP Server instance is configured on a separate host and in its own standalone domain. This allows for a simple configuration that requires a minimum amount of configuration and a minimum amount of resources to run and maintain.
Variables Used When Configuring the Oracle HTTP Server
As you perform the tasks in this chapter, you will be referencing the variables listed in this section.
Setting Environment Variables
Set environment variables used in this chapter.
Installing Oracle HTTP Server on WEBHOST1
Install the Oracle HTTP Server software on the web tier by using the Oracle Universal Installer. Verify the installation after you complete the procedure.
Creating an Oracle HTTP Server Domain on WEBHOST1
You can create a new Oracle HTTP Server standalone domain on the first web tier host by using the Configuration Wizard.
Installing and Configuring an Oracle HTTP Server Domain on WEBHOST2
After you install Oracle HTTP Server and configure a domain on WEBHOST1, then you must also perform the same tasks on WEBHOST2.
Starting the Node Manager and Oracle HTTP Server Instances on WEBHOST1 and WEBHOST2
It is important to understand how to start the Oracle HTTP Server instances on WEBHOST1 and WEBHOST2.
Backing Up the Configuration
It is an Oracle best practices recommendation to create a backup after you successfully extended a domain or at another logical point. Create a backup after you verify that the installation so far is successful. This is a quick backup for the express purpose of immediate restoration in case of problems in later steps.
Generate Required Certificates for OHS SSL Listeners
In an End to End SSL deployment the OHS listeners use SSL and you must create appropriate certificates for them.
Configuring Oracle HTTP Server to Route Requests to the Application Tier
Update the Oracle HTTP Server configuration files so that the web server instances route requests to the servers in the domain.
Validating the Virtual Server Configuration and Access to the Consoles
Validate the virtual server configuration on the load balancer, and the access to the management console and the Administration Server.
Sample Virtual Host Files
The sample list includes the complete examples of all the virtual host files used in an Oracle Identity and Access Management deployment.

Parent topic: Configuring the Enterprise Deployment

About the Oracle HTTP Server Domains

In an enterprise deployment, each Oracle HTTP Server instance is configured on a separate host and in its own standalone domain. This allows for a simple configuration that requires a minimum amount of configuration and a minimum amount of resources to run and maintain.

Note:

Oracle Fusion Middleware requires that a certified Java Development Kit (JDK) is installed on your system and JAVA_HOME is set on the web tier hosts.

For more information about the role and configuration of the Oracle HTTP Server instances in the web tier, see Understanding the Web Tier.

Parent topic: Configuring Oracle HTTP Server for an Enterprise Deployment

Variables Used When Configuring the Oracle HTTP Server

As you perform the tasks in this chapter, you will be referencing the variables listed in this section.

The following table explains the configuration file property values required in this section.

Table 16-1 OHS Variables Used in This Chapter

Variable	Sample Value	Description
WEB_ORACLE_HOME	`/u02/oracle/products/ohs`	The read-only location for the Oracle HTTP Server product binaries. For the web tier host computers, this directory is stored on the local disk.
WEB_DOMAIN_HOME	`/u02/oracle/config/domains/ohsDomain`	The Domain home for the standalone Oracle HTTP Server domain, which is created when you install Oracle HTTP Server on the local disk of each web tier host.
JAVA _HOME	`/u02/oracle/products/jdk`	The location where you install the supported Java Development Kit (JDK).
IADADMINVHN	`iadadminvhn.example.com`	The virtual host name used as the listen address for the Administration Server used by the IAMAccessDomain and fails over with manual failover of the Administration Server. It is enabled on the node where the Administration Server process is running.
IGDADMINVHN	`igdadminvhn.example.com`	The virtual host name used as the listen address for the Administration Server used by the IAMGovernanceDomain and fails over with manual failover of the Administration Server. It is enabled on the node where the Administration Server process is running.
WEBHOST1	`webhost1.example.com`	The hostname of WEBHOST1.
WEBHOST2	`webhost2.example.com`	The hostname of WEBHOST2.

Parent topic: Configuring Oracle HTTP Server for an Enterprise Deployment

Setting Environment Variables

Set environment variables used in this chapter.

To help navigate this guide, to be able to copy sample commands without modification you can set the following environment variables, replacing the values with values appropriate to your environment.

export WEB_ORACLE_HOME=/u02/oracle/products/ohs
export JAVA_HOME=/u02/oracle/products/jdk
export PATH=$JAVA_HOME/bin:$PATH

Parent topic: Configuring Oracle HTTP Server for an Enterprise Deployment

Installing Oracle HTTP Server on WEBHOST1

Install the Oracle HTTP Server software on the web tier by using the Oracle Universal Installer. Verify the installation after you complete the procedure.

Parent topic: Configuring Oracle HTTP Server for an Enterprise Deployment

Starting the Installer on WEBHOST1

To start the installation program, perform the following steps.

Log in to WEBHOST1.
Go to the directory in which you downloaded the installation program.
Enter the following command to launch the installation program:
```
./fmw_14.1.2.0.0_ohs_linux64.bin
```
When the installation program appears, you are ready to begin the installation.

Parent topic: Installing Oracle HTTP Server on WEBHOST1

Navigating the Oracle HTTP Server Installation Screens

The following table lists the screens in the order that the installation program displays them.

If you need additional help with any of the installation screens, click the Help button on the screen.

Table 16-2 Oracle HTTP Server Installation Screens

Screen	Description
Installation Inventory Setup	On UNIX operating systems, this screen appears if you install any Oracle product on this host for the first time. Specify the location where you want to create your central inventory. Ensure that the operating system group name selected on this screen has write permissions to the central inventory location. See Understanding the Oracle Central Inventory in Installing Software with the Oracle Universal Installer. Note: Oracle recommends that you configure the central inventory directory within the products directory. Example: `/u02/oracle/products/oraInventory` You may also need to execute the `createCentralinventory.sh` script as root from the `oraInventory` folder after the installer completes.
Welcome	This screen introduces you to the product installer.
Auto Updates	Use this screen to automatically search My Oracle Support for available patches or automatically search the local directory for patches that you have already downloaded for your organization.
Installation Location	Use this screen to specify the location of your Oracle home directory. For the purposes of an enterprise deployment, enter the value of the WEB_ORACLE_HOME variable listed in Table 8-3. For Example: `/u02/oracle/products/ohs`
Installation Type	Select Standalone HTTP Server (Managed independently of WebLogic server). This installation type allows you to configure the Oracle HTTP Server instances independently from any other existing Oracle WebLogic Server domains.
JDK Selection	For the value of JDK Home, enter the value of JAVA_HOME that you set when installing the JDK software.
Prerequisite Checks	This screen verifies that your system meets the minimum necessary requirements. If there are any warning or error messages, verify that your host computers and the required software meet the system requirements and certification information described in Host Computer Hardware Requirements and Operating System Requirements for the Enterprise Deployment Topology.
Installation Summary	Use this screen to verify the installation options that you selected. If you want to save these options to a response file, click Save Response File and provide the location and name of the response file. Response files can be used later in a silent installation situation. See Using the Oracle Universal Installer in Silent Mode in Installing Software with the Oracle Universal Installer.
Installation Progress	This screen allows you to see the progress of the installation.
Installation Complete	This screen appears when the installation is complete. Review the information on this screen, then click Finish to close the installer.

Parent topic: Installing Oracle HTTP Server on WEBHOST1

Verifying the Oracle HTTP Server Installation

Verify that the Oracle HTTP Server installation completed successfully by validating the WEB_ORACLE_HOME folder contents.

Run the following command to compare the installed folder structure with the following list:

Navigate to the $ORACLE_HOME:
```
cd $ORACLE_HOME
```

Run the following command:

ls --format=single-column $WEB_ORACLE_HOME

The following files and directories are listed in theOracle HTTP Server Oracle Home:


assistants
bin
cfgtoollogs
clone
crs
crypto
css
cv
deinstall
drdaas
env.ora
has
hs
install
instantclient
inventory
javavm
jdbc
jlib
jpub
ldap
lib
network
nls
odbc
ohs
olap
OPatch
opmn
oracle_common
oracore
oraInst.loc
ord
oss
oui
perl
plsql
plugins
precomp
QOpatch
racg
rdbms
root.sh
schagent.conf
sdk
slax
sqlcl
sqlj
sqlplus
srvm
suptools
ucp
unixODBC
usm
utl
webgate
wlserver
xdk

Parent topic: Installing Oracle HTTP Server on WEBHOST1

Installing a Supported JDK

Oracle Fusion Middleware requires that a certified Java Development Kit (JDK) is installed on your system.

Locating and Downloading the JDK Software
Installing the JDK Software
Oracle Fusion Middleware requires you to install a certified Java Development Kit (JDK) on your system.

Parent topic: Installing Oracle HTTP Server on WEBHOST1

Locating and Downloading the JDK Software

To find a certified JDK, see the certification document for your release on the Oracle Fusion Middleware Supported System Configurations page.

After you identify the Oracle JDK for the current Oracle Fusion Middleware release, you can download an Oracle JDK from the following location on Oracle Technology Network:

https://www.oracle.com/java/technologies/downloads/

Be sure to navigate to the download for the Java SE JDK.

Parent topic: Installing a Supported JDK

Installing the JDK Software

Oracle Fusion Middleware requires you to install a certified Java Development Kit (JDK) on your system.

You must install the JDK in the following locations:

On the local storage device for each of the Web tier host computers. The Web tier host computers, which reside in the DMZ, do not necessarily have access to the shared storage on the application tier.

For more information about the recommended location for the JDK software, see Understanding the Recommended Directory Structure for an Enterprise Deployment.

To install JDK 21.0:

Change directory to the location where you downloaded the JDK archive file.
```
cd download_dir
```
Unpack the archive into the JDK home directory, and then run the following commands:
```
tar -xzvf jdk-21.0.4+8_linux-x64_bin.tar.gz
```
Note that the JDK version listed here was accurate at the time this document was published. For the latest supported JDK, see the Oracle Fusion Middleware System Requirements and Specifications for the current Oracle Fusion Middleware release.
Move the JDK directory to the recommended location in the directory structure.
For example:
```
mv ./jdk-21.0.4 /u02/oracle/products/jdk
```
See File System and Directory Variables Used in This Guide.
Run the following command to verify that the appropriate java executable is in the path and your environment variables are set correctly:
```
java -version
```
The Java version in the output should be displayed as 21.0.4.

Parent topic: Installing a Supported JDK

Creating an Oracle HTTP Server Domain on WEBHOST1

You can create a new Oracle HTTP Server standalone domain on the first web tier host by using the Configuration Wizard.

Parent topic: Configuring Oracle HTTP Server for an Enterprise Deployment

Starting the Configuration Wizard on WEBHOST1

To start the Configuration Wizard, navigate to the following directory and start the WebLogic Server Configuration Wizard, as follows:

cd $WEB_ORACLE_HOME/oracle_common/common/bin

./config.sh

Parent topic: Creating an Oracle HTTP Server Domain on WEBHOST1

Navigating the Configuration Wizard Screens for an Oracle HTTP Server Domain

Oracle recommends that you create a standalone domain for the Oracle HTTP Server instances on each web tier host.

The following topics describe how to create a new standalone Oracle HTTP Server domain:

Table 16-3 Navigating the Infrastructure Installation Screens

Screen	Description
Selecting the Domain Type and Domain Home Location	On the Configuration Type screen, select Create a new domain. In the Domain Location field, specify the value of the <WEB_DOMAIN_HOME> variable, as defined in File System and Directory Variables Used in This Guide. For example, `/u02/oracle/products/ohs`. Note: The Configuration Wizard creates the new directory that you specify here. Create the directory on local storage, so the web servers do not have any dependencies on storage devices outside the DMZ. Tip: More information about the Domain home directory can be found in About the Domain Home Directory in Planning an Installation of Oracle Fusion Middleware. More information about the other options on this screen can be found in Configuration Type in Oracle Fusion Middleware Creating WebLogic Domains Using the Configuration Wizard. For more information about the web tier and the DMZ, see Understanding the Firewalls and Zones of a Typical Enterprise Deployment. For more information about the <WEB_DOMAIN_HOME> directory variable, see File System and Directory Variables Used in This Guide. Click Next.
Selecting the Configuration Templates	On the Templates screen, make sure Create Domain Using Product Templates is selected, then select the following templates: Oracle HTTP Server (Standalone) - [ohs] Tip: More information about the options on this screen can be found in Templates in Creating WebLogic Domains Using the Configuration Wizard. Click Next.
Selecting the JDK for the Web Tier Domain	Select the Oracle HotSpot JDK installed in the `/u02/oracle/products/jdk` directory prior to the Oracle HTTP Server installation. Click Next.
Configuring System Components	On the System Components screen, configure one Oracle HTTP Server instance. The screen should, by default, have a single instance defined. This is the only instance that you need to create. The default instance name in the System Component field is `ohs1`. Use this default name when you configure `WEBHOST1`. Make sure that `OHS` is selected in the Component Type field. If an application is not responding, use the Restart Interval Seconds field to specify the number of seconds to wait before you attempt a restart if an application is not responding. Use the Restart Delay Seconds field to specify the number of seconds to wait between restart attempts. Click Next.
Configuring OHS Server	Use the OHS Server screen to configure the OHS servers in your domain: Select ohs1 from the System Component drop-down menu. In the Listen Address field, enter `webhost1.example.com`. All the remaining fields are prepopulated, but you can change the values as required for your organization. See OHS Server in Oracle Fusion Middleware Creating WebLogic Domains Using the Configuration Wizard. In the Server Name field, verify the value of the listen address and listen port. It should appear as follows: `http://webhost1.example.com:7777`
Configuring Node Manager	Select Per Domain Default Location as the Node Manager type, and specify the user name and password for the Node Manager. Note: For more information about the options on this screen, see Node Manager in Creating WebLogic Domains Using the Configuration Wizard. For information about Node Manager configuration, see Configuring Node Manager on Multiple Machines in Administering Node Manager for Oracle WebLogic Server.
Reviewing Your Configuration Specifications and Configuring the Domain	The Configuration Summary screen contains the detailed configuration information for the domain you are about to create. Review the details of each item on the screen and verify that the information is correct. You can go back to any previous screen if you need to make any changes, either by using the Back button or by selecting the screen in the navigation pane. Domain creation will not begin until you click Create. Tip: More information about the options on this screen can be found in Configuration Summary in Creating WebLogic Domains Using the Configuration Wizard. Click Next.
Writing Down Your Domain Home and Administration Server URL	The Configuration Success screen shows the domain home location. Make a note of the information provided here, as you need it to start the servers and access the Administration Server. Click Finish to close the Configuration Wizard.

Parent topic: Creating an Oracle HTTP Server Domain on WEBHOST1

Installing and Configuring an Oracle HTTP Server Domain on WEBHOST2

After you install Oracle HTTP Server and configure a domain on WEBHOST1, then you must also perform the same tasks on WEBHOST2.

Log in to WEBHOST2 and install Oracle HTTP Server by using the instructions in Installing Oracle HTTP Server on WEBHOST1.
Configure a new standalone domain on WEBHOST2 by using the instructions in Creating a Web Tier Domain on WEBHOST1.

Use the name ohs2 for the instance on WEBHOST2, and be sure to replace all occurrences of WEBHOST1 with WEBHOST2 and all occurrences of ohs1 with ohs2 in each of the examples.

Parent topic: Configuring Oracle HTTP Server for an Enterprise Deployment

Starting the Node Manager and Oracle HTTP Server Instances on WEBHOST1 and WEBHOST2

It is important to understand how to start the Oracle HTTP Server instances on WEBHOST1 and WEBHOST2.

Parent topic: Configuring Oracle HTTP Server for an Enterprise Deployment

Starting the Node Manager on WEBHOST1 and WEBHOST2

Before you can start the Oracle HTTP Server instances, you must start the Node Manager on WEBHOST1 and WEBHOST2:

Log into WEBHOST1 and navigate to the following directory:
```
cd $WEB_DOMAIN_HOME/nodemanager
```
Start the Node Manager as shown in the following sections by using nohup and nodemanager.out as an example output file:
```
nohup $WEB_DOMAIN_HOME/bin/startNodeManager.sh > $WEB_DOMAIN_HOME/nodemanager/nodemanager.out 2>&1 &
```
Log in to WEBHOST2 and perform steps 1 and 2.

See Advanced Node Manager Configuration in Administering Node Manager for Oracle WebLogic Server.

Parent topic: Starting the Node Manager and Oracle HTTP Server Instances on WEBHOST1 and WEBHOST2

Starting the Oracle HTTP Server Instances

To start the Oracle HTTP Server instances:

Navigate to the following directory on WEBHOST1:
```
cd $WEB_DOMAIN_HOME/bin
```
For more information about the location of the WEB_DOMAIN_HOME directory, see File System and Directory Variables Used in This Guide.
Enter the following command:
```
./startComponent.sh ohs1
```
Note:

Every time you start the Oracle HTTP server, you will be asked for the Node Manager password. If you do not wish this behaviour, then use the following command the first time you start the Oracle HTTP server:
```
./startComponent.sh ohs1 storeUserConfig
```
This time when you enter the Node Manager password, it will be encrypted and stored. Future start and stop of the Oracle HTTP server will not require you to enter the Node Manager password.
Note:
For more information, see Storing Your Node Manager Password.
When prompted, enter the Node Manager password.
Repeat steps 1 through 3 to start the ohs2 instance on WEBHOST2. See Starting Oracle HTTP Server Instances in Administering Oracle HTTP Server.

Parent topic: Starting the Node Manager and Oracle HTTP Server Instances on WEBHOST1 and WEBHOST2

Backing Up the Configuration

It is an Oracle best practices recommendation to create a backup after you successfully extended a domain or at another logical point. Create a backup after you verify that the installation so far is successful. This is a quick backup for the express purpose of immediate restoration in case of problems in later steps.

The backup destination is the local disk. You can discard this backup when the enterprise deployment setup is complete. After the enterprise deployment setup is complete, you can initiate the regular deployment-specific Backup and Recovery process.

For information about backing up your configuration, see Performing Backups and Recoveries for an Enterprise Deployment.

Parent topic: Configuring Oracle HTTP Server for an Enterprise Deployment

Generate Required Certificates for OHS SSL Listeners

In an End to End SSL deployment the OHS listeners use SSL and you must create appropriate certificates for them.

The OHS certificates must be SAN certificates and include the virtual server name and the server names of the server they are running on. It is required to have certificates for each WEBHOST address, adding as SAN the different ServerNames that are used in them.

This enterprise deployment uses igdinternal.example.com, igdadmin.example.com, oig.example.com, login.example.com and iadadmin.example.com as frontend addresses. These addresses are used in the WLS domain configuration as frontend addresses for different clusters and servers.

Oracle recommends using the same Identity and Trust store files for all the Certificate Authorities (CAs) and certificates used in the application tier. The OHS nodes, do not use shared storage so the stores need to be copied to their private folders. Certificates in a production system should come from formal CA's.

For more information about certificates, see Obtaining SSL Certificates.

Perform the following steps to create OHS wallets from existing certificates:

Create a Wallet Trust Store and add in the certificate CA.

$WEB_ORACLE_HOME/bin/orapki wallet create -wallet /u02/oracle/config/keystores/orapki -auto_login_only

$WEB_ORACLE_HOME/bin/orapki wallet add -wallet /u02/oracle/config/keystores/orapki -auto_login_only -trusted_cert -cert /u02/oracle/config/keystores/idmCA.crt

Create a Wallet for each virtual host.

export vHost=login.example.com
export wHost=webhost1.example.com
export ksHome=/u02/oracle/config/keystores
export kspwd=password

$WEB_ORACLE_HOME/bin/orapki wallet create -wallet $ksHome/orapki/wallet_$vHost -auto_login_only

$WEB_ORACLE_HOME/bin/orapki wallet import_pkcs12 -wallet $ksHome/orapki/wallet_$vHost -auto_login_only -pkcs12file $ksHome/$vHost.p12 -pkcs12pwd $kspwd

Repeat all steps for each virtual host.
Repeat all steps for the WEBHOST2.

Parent topic: Configuring Oracle HTTP Server for an Enterprise Deployment

Configuring Oracle HTTP Server to Route Requests to the Application Tier

Update the Oracle HTTP Server configuration files so that the web server instances route requests to the servers in the domain.

Parent topic: Configuring Oracle HTTP Server for an Enterprise Deployment

About the Oracle HTTP Server Configuration for an Enterprise Deployment

The following topics provide overview information about the changes that are required to the Oracle HTTP Server configuration files in an enterprise deployment.

Parent topic: Configuring Oracle HTTP Server to Route Requests to the Application Tier

Purpose of the Oracle HTTP Server Virtual Hosts

The reference topologies in this guide require that you define a set of virtual servers on the hardware load balancer. You can then configure Oracle HTTP Server to recognize requests to specific virtual hosts (that map to the load balancer virtual servers) by adding <VirtualHost> directives to the Oracle HTTP Server instance configuration files.

For each Oracle HTTP Server virtual host, you define a set of specific URLs (or context strings) that route requests from the load balancer through the Oracle HTTP Server instances to the appropriate Administration Server or Managed Server in the Oracle WebLogic Server domain.

Parent topic: About the Oracle HTTP Server Configuration for an Enterprise Deployment

About the WebLogicCluster Parameter of the <VirtualHost> Directive

A key parameter of the Oracle HTTP Server <VirtualHost> directive is the WebLogicCluster parameter, which is part of the WebLogic Proxy Plug-In for Oracle HTTP Server. When you configure Oracle HTTP Server for an enterprise deployment, consider the following information when you add this parameter to the Oracle HTTP Server configuration files.

The servers specified in the WebLogicCluster parameter are important only at startup time for the plug-in. The list needs to provide at least one running cluster member for the plug-in to discover other members of the cluster. When you start the Oracke HTTP server, the listed cluster member must be running. Oracle WebLogic Server and the plug-in work together to update the server list automatically with new, failed, and recovered cluster members.

Some example scenarios:

Example 1: If you have a two-node cluster and then add a third member, you do not need to update the configuration to add the third member. The third member is discovered on the fly at runtime.
Example 2: You have a three-node cluster but only two nodes are listed in the configuration. However, if both listed nodes are down when you start Oracle HTTP Server, then the plug-in would fail to route to the cluster. You must ensure that at least one of the listed nodes is running when you start Oracle HTTP Server.

If you list all members of the cluster, then you guarantee you can route to the cluster, assuming at least one member is running when Oracle HTTP Server is started.

Parent topic: About the Oracle HTTP Server Configuration for an Enterprise Deployment

Recommended Structure of the Oracle HTTP Server Configuration Files

Rather than adding multiple virtual host definitions to the httpd.conf file, Oracle recommends that you create separate, smaller, and more specific configuration files for each of the virtual servers required for the products that you are deploying. This avoids populating an already large httpd.conf file with additional content, and it can make troubleshooting configuration problems easier.

For example, in a typical Oracle Fusion Middleware Infrastructure domain, you can add a specific configuration file called admin_vh.conf that contains the virtual host definition for the Administration Server virtual host (ADMINVHN). If you are using an End to End SSL deployment all virtual hosts in this Enterprise Deployment Guide will use SSL. This Enterprise Deployment Guide segregates the listeners and certificates that are used by the different endpoints exposed through OHS. It uses different certificates and listeners for the external, internal and administration virtual hosts. This permits segregating the traffic and the encryption quality for each type of access and provides a well-structured mapping of front ends, Virtual Hosts and listeners.

Parent topic: About the Oracle HTTP Server Configuration for an Enterprise Deployment

Modifying the httpd.conf File to Include Virtual Host Configuration Files

Perform the following tasks to prepare the httpd.conf file for the additional virtual hosts required for an enterprise topology:

Log in to WEBHOST1.
Locate the httpd.conf file for the first Oracle HTTP Server instance (ohs1) in the domain directory:
```
cd $WEB_DOMAIN_HOME/config/fmwconfig/components/OHS/ohs1/
```

Verify if the httpd.conf file has the appropriate configuration as follows:

Run the following command to verify the ServerName parameter, be sure that it is set correctly, substituting the correct value for the current WEBHOSTn:
```
grep "ServerName http" httpd.conf   
ServerName http://webhost1.example.com:7777 
```
Run the following command to verify there is an include statement that includes all *.conf files from the moduleconf subdirectory:
```
grep moduleconf httpd.conf   
IncludeOptional "moduleconf/*.conf"
```

If either validation fails to return results, or returns results that are commented out, open the httpd.conf file in a text editor and make the required changes in the appropriate locations.

# 
# ServerName gives the name and port that the server uses to identify itself. 
# This can often be determined automatically, but we recommend you specify 
# it explicitly to prevent problems during startup. 
# 
# If your host doesn't have a registered DNS name, enter its IP address here. 
# 
ServerName http://webhost1.example.com:7777 
#  and at the end of the file:  
# Include the admin virtual host (Proxy Virtual Host) related configuration 
include "admin.conf"  
IncludeOptional "moduleconf/*.conf"

Save the httpd.conf file.

Ensure ssl.conf is included in the httpd configuration.
```
grep ssl.conf httpd.conf
```
Include ssl.conf and copy the ssl.conf file to a different file name.

Note:
This is used as a template for other module conf files.
```
cp $WEB_DOMAIN_HOME/config/fmwconfig/components/OHS/ohs1/ssl.conf $WEB_DOMAIN_HOME/config/fmwconfig/components/OHS/ohs1/moduleconf/ssl.template
```
Log in to WEBHOST2 and perform steps 2 and 3 for the httpd.conf file, replacing any occurrences of webhost1 or ohs1 with webhost2 or ohs2 in the instructions as necessary.

Edit the ssl.conf file to include only the following lines (remove other content from the file):


<IfModule ossl_module>
#
# Some MIME-types for downloading Certificates and CRLs
    AddType application/x-x509-ca-cert .crt
    AddType application/x-pkcs7-crl .crl

# Inter-Process Session Cache:
# Configure the SSL Session Cache: First the mechanism
# to use, second the expiring timeout (in seconds) and third
# the mutex to be used.
    SSLSessionCache "shmcb:${ORACLE_INSTANCE}/servers/${COMPONENT_NAME}/logs/ssl_scache(512000)"
    SSLSessionCacheTimeout 300

</IfModule>

   # Client Authentication (Type):
   # Client certificate verification type and depth. Types are
   # none, optional and require.
   SSLVerifyClient None

   # SSL Protocol Support:
   # Configure usable SSL/TLS protocol versions.
   SSLProtocol TLSv1.2 TLSv1.3

   # Option to prefer the server's cipher preference order
   SSLHonorCipherOrder on

   # SSL Cipher Suite:
   # List the ciphers that the client is permitted to negotiate.
   SSLCipherSuite TLS_AES_128_GCM_SHA256,TLS_AES_256_GCM_SHA384,TLS_CHACHA20_POLY1305_SHA256,TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256,TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384,TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256,TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384

   <FilesMatch "\.(cgi|shtml|phtml|php)$">
      SSLOptions +StdEnvVars
   </FilesMatch>

   <Directory "${ORACLE_INSTANCE}/config/fmwconfig/components/${COMPONENT_TYPE}/instances/${COMPONENT_NAME}/cgi-bin">
      SSLOptions +StdEnvVars
   </Directory>

   BrowserMatch "MSIE [2-5]" \
         nokeepalive ssl-unclean-shutdown \
         downgrade-1.0 force-response-1.0

   # Add the following directive to add HSTS
   <IfModule mod_headers.c>
   Header always set Strict-Transport-Security "max-age=63072000; preload; includeSubDomains"

Modify the $WEB_DOMAIN_HOME/config/fmwconfig/components/OHS/ohs1/mod_wl_ohs.conf to include the appropriate WLSSWallet file (required to route on SSL to the WLS backends) as follows:

Note:
This is a template to configure mod_weblogic.
```
LoadModule weblogic_module "${PRODUCT_HOME}/modules/mod_wl_ohs.so"
```
This empty block is needed to save mod_wl related configuration from EM to this file when changes are made at the Base Virtual Host Level.
```
<IfModule weblogic_module>
 
    WLIOTimeoutSecs 900
    KeepAliveSecs 290
    FileCaching OFF
    WLSocketTimeoutSecs 15
    ErrorPage http://www.oracle.com/splash/cloud/index.html
    WLRetryOnTimeout NONE
    WLForwardUriUnparsed On
    SecureProxy On
    WLSSLWallet "/u02/oracle/config/keystores/orapki/"
</IfModule>
```

Parent topic: Configuring Oracle HTTP Server to Route Requests to the Application Tier

Modifying the httpd.conf File to Set Server Runtime Parameters

Out of the box, the Oracle HTTP Server comes configured with a number of values which effect how the server behaves when it is running. For most of the deployments, these values are sufficient. However, in an Oracle Identity and Access Management deployment, it is recommended that you update these values by doing the following:

Log in to WEBHOST1.
Locate the httpd.conf file for the first Oracle HTTP Server instance (ohs1) in the domain directory:
```
cd $WEB_DOMAIN_HOME/config/fmwconfig/components/OHS/ohs1/
```
Locate the section of the file with the following line:

<IfModule mpm_worker_module>

Update the entries in this section to reflect the following:

<IfModule mpm_worker_module>
  ServerLimit             20
  StartServers            10
  MaxClients              1500
  MinSpareThreads         200
  MaxSpareThreads         800
  ThreadsPerChild         250
  ThreadLimit             250
  MaxRequestsPerChild     1000  
  MaxRequestWorkers       400 
  MaxConnectionsPerChild  0
 </IfModule>

Update the following values:
- MaxKeepAliveRequests 0
- Timeout 300
- KeepAliveTimeout 10
Save the httpd.conf file.
Log in to WEBHOST2 and perform steps 2 and 3 for the httpd.conf file, replacing any occurrences of WEBHOST1 or ohs1 with WEBHOST2 or ohs2 in the instructions as necessary.

Parent topic: Configuring Oracle HTTP Server to Route Requests to the Application Tier

Creating the Virtual Host Configuration Files

Parent topic: Configuring Oracle HTTP Server to Route Requests to the Application Tier

SSL Terminated Deployments

To create the virtual host configuration files:

Note:

Before you create the virtual host configuration files, be sure that you have configured the virtual servers on the load balancer, as described in Purpose of the Oracle HTTP Server Virtual Hosts.

Log in to WEBHOST1 and change directory to the configuration directory for the first Oracle HTTP Server instance (ohs1):
```
cd $WEB_DOMAIN_HOME/config/fmwconfig/components/OHS/ohs1/moduleconf
```

If you are configuring Oracle Access Management, create the iadadmin_vh.conf file and add the following directive:

<VirtualHost webhost1.example.com:7777>
    ServerName http://iadadmin.example.com:80
    ServerAdmin you@your.address
    RewriteEngine On
    RewriteOptions inherit
    UseCanonicalName On
</VirtualHost>

If you are configuring Oracle Access Management, create the login_vh.conf file and add the following directive:

<VirtualHost webhost1.example.com:7777>
    ServerName https://login.example.com:443
    ServerAdmin you@your.address
    RewriteEngine On
    RewriteOptions inherit
    UseCanonicalName On
</VirtualHost>

If you are configuring Oracle Identity Governance, create the igdadmin_vh.conf file, and add the following directive:

<VirtualHost webhost1.example.com:7777>
    ServerName http://igdadmin.example.com:80
    ServerAdmin you@your.address
    RewriteEngine On
    RewriteOptions inherit
    UseCanonicalName On
</VirtualHost>

If you are configuring Oracle Identity Governance, create the prov_vh.conf file, and add the following directive:

<VirtualHost webhost1.example.com:7777>
    ServerName https://oig.example.com:443
    ServerAdmin you@your.address
    RewriteEngine On
    RewriteOptions inherit
    UseCanonicalName On
</VirtualHost>

If you are configuring Oracle Identity Governance, create the igdinternal_vh.conf file, and add the following directive:

<VirtualHost webhost1.example.com:7777>
    ServerName http://igdinternal.example.com:7777
    ServerAdmin you@your.address
    RewriteEngine On
    RewriteOptions inherit
</VirtualHost>

Parent topic: Creating the Virtual Host Configuration Files

End to End SSL Deployments

To create the virtual host files for end to end ssl deployments:

In an end to end SSL deployment, the LBR communicates with OHS over SSL protocol for a more secure configuration. The OHS instances also communicate over SSL protocol with the specific Managed Servers in the application tier. SSL is configured all the way from the LBR to the backend WLS servers.

Each virtual host listens on a different port to allow different certificates to be used for each. This simplifies load balancing and allows different quality of certificates to be used for each server if required.

Note:

Before you create the virtual host configuration files, ensure that you have configured the virtual servers on the load balancer as described in Purpose of the Oracle HTTP Server Virtual Hosts.

Log into WEBHOST1 and change directory to the configuration directory for the first Oracle HTTP Server instance (ohs1):
```
cd $WEB_DOMAIN_HOME/config/fmwconfig/components/OHS/ohs1/moduleconf
```

If you are configuring Oracle Access Management, create the iadadmin_vh.conf file and add the following directive:

Listen 4445
<VirtualHost webhost1.example.com:4445>

    ServerName http://iadadmin.edg.com:443
    ServerAdmin you@your.address
    RewriteEngine On
    RewriteOptions inherit
    UseCanonicalName On
    AllowEncodedSlashes On

    SSLEngine on
    SSLWallet "/u02/oracle/config/keystores/orapki/wallet_iadadmin.edg.com"

</VirtualHost>

If you are configuring Oracle Access Management, create the login_vh.conf file and add the following directive:

Listen 4447
<VirtualHost webhost1.example.com:4447>

    ServerName http://login.edg.com:443
    ServerAdmin you@your.address
    RewriteEngine On
    RewriteOptions inherit
    UseCanonicalName On
    AllowEncodedSlashes On

    SSLEngine on 
    SSLWallet "/u02/oracle/config/keystores/orapki/wallet_login.edg.com"
</VirtualHost>

If you are configuring Oracle Identity Governance, create the igdadmin_vh.conf file, and add the following directive:

Listen 4446
<VirtualHost webhost1.example.com:4446>

    ServerName https://igdadmin.edg.com:443
    ServerAdmin you@your.address
    RewriteEngine On
    RewriteOptions inherit
    UseCanonicalName On
    AllowEncodedSlashes On

    SSLEngine on    
    SSLWallet "/u02/oracle/config/keystores/orapki/wallet_igdadmin.edg.com"

</VirtualHost>

If you are configuring Oracle Identity Governance, create the oig_vh.conf file, and add the following directive:

Listen 4448
<VirtualHost webhost1.example.com:4448>

    ServerName https://oig.example.com:443
    ServerAdmin you@your.address
    RewriteEngine On
    RewriteOptions inherit
    UseCanonicalName On
    AllowEncodedSlashes On

    SSLEngine on
    SSLWallet "/u02/oracle/config/keystores/orapki/wallet_oig.example.com"

</VirtualHost>

If you are configuring Oracle Identity Governance, create the igdinternal_vh.conf file, and add the following directive:

Listen 4449
<VirtualHost webhost1.example.com:4449>

    ServerName http://igdinternal.edg.com:443
    ServerAdmin you@your.address
    RewriteEngine On
    RewriteOptions inherit
    UseCanonicalName On
    AllowEncodedSlashes On

    SSLEngine on
    SSLWallet "/u02/oracle/config/keystores/orapki/wallet_igdinternal.edg.com"

</VirtualHost>

Parent topic: Creating the Virtual Host Configuration Files

Routing Requests to WebLogic Servers

You need to configure each virtual host to redirect requests to the back end WebLogic servers.

For SSL Terminated environments all Location directives must contain WLSRequest ON, WLProxySSL ON and WLProxySSLPassThrough ON, for example:


<Location /console>
    WLSRequest ON
    WLProxySSL ON
    WLProxySSLPassThrough ON
    WebLogicHost iadadminvhn.example.com
    WeblogicPort 7001
</Location>

<Location /oam>
    WLSRequest ON
    WLProxySSL ON
    WLProxySSLPassThrough ON
    WebLogicCluster oamhost1.example.com:14100,oamhost2.example.com:14100
</Location>

For End to End SSL environments all Location directives must contain WLSRequest ON, for example:

 
<Location /console
    WLSRequest ON 
    WebLogicHost iadadminvhn.example.com
    WeblogicPort 9002
</Location>

<Location /oam>
    WLSRequest ON
    WebLogicCluster oamhost1.example.com:14101,oamhost2.example.com:14101
</Location>

The following tables lists the configuration files the you must edit on WEBHOST1 in $WEB_DOMAIN_HOME/config/fmwconfig/components/OHS/ohs1/moduleconf/. Add the Location directives as above with the corresponding values from the table.

The following sample files are available to reference:

Table 16-4 Directives Required for iadadmin_vh.conf

Location	Type (Host/Cluster)	Back End(s)	SSL Terminated Port	End to End SSL Port
`/console`	`WebLogicHost`	`iadadminvhn.example.com`	`7001`	`9002`
`/em`	`WebLogicHost`	`iadadminvhn.example.com`	`7001`	`9002`
`/management`	`WebLogicHost`	`iadadminvhn.example.com`	`7001`	`9002`
`/oamconsole`	`WebLogicHost`	`iadadminvhn.example.com`	`7001`	`9002`
`/access`	`WebLogicCluster`	`oamhost1.example.com,oamhost2.example.com`	`14100`	`14101`
`/oam/services`	`WebLogicHost`	`iadadminvhn.example.com`	`7001`	`7002`
`/oam/services/rest`	`WebLogicHost`	`iadadminvhn.example.com`	`7001`	`7002`
`/iam/admin`	`WebLogicHost`	`iadadminvhn.example.com`	`7001`	`7002`
`/oam/services/rest/11.1.2.0.0`	`WebLogicHost`	`iadadminvhn.example.com`	`7001`	`7002`
`/oam/services/rest/ssa`	`WebLogicHost`	`iadadminvhn.example.com`	`7001`	`7002`
`/oam/services/rest/ssa`	`WebLogicHost`	`iadadminvhn.example.com`	`7001`	`7002`
`/dms`	`WebLogicHost`	`iadadminvhn.example.com`	`7001`	`7002`
`/oam`	`WebLogicCluster`	`oamhost1.example.com,oamhost2.example.com`	`14100`	`14101`

Table 16-5 Directives Required for igdadmin_vh.conf

Location	Cookie Name	Type (Host/Cluster)	Back Ends	SSL Terminated Port	End to End SSL Port
`/console`		`WebLogicHost`	`igdadminvhn.example.com`	`7101`	`9201`
`/em`		`WebLogicHost`	`igdadminvhn.example.com`	`7101`	`9201`
`/management`		`WebLogicHost`	`igdadminvhn.example.com`	`7101`	`9201`
`/oim`	`oimjsessionid`	`WebLogicCluster`	`oighost1.example.com,oighost2.example.com`	`14000`	`14001`
`/iam`	`oimjsessionid`	`WebLogicCluster`	`oighost1.example.com,oighost2.example.com`	`14000`	`14001`
`/sysadmin`	`oimjsessionid`	`WebLogicCluster`	`oighost1.example.com,oighost2.example.com`	`14000`	`14001`
`/admin`	`oimjsessionid`	`WebLogicCluster`	`oighost1.example.com,oighost2.example.com`	`14000`	`14001`
`/identity`	`oimjsessionid`	`WebLogicCluster`	`oighost1.example.com,oighost2.example.com`	`14000`	`14001`
`/OIGUI`	`oimjsessionid`	`WebLogicCluster`	`oighost1.example.com,oighost2.example.com`	`14000`	`14001`
`/FacadeWebApp`	`oimjsessionid`	`WebLogicCluster`	`oighost1.example.com,oighost2.example.com`	`14000`	`14001`
`/SchedulerService-web`	`oimjsessionid`	`WebLogicCluster`	`oighost1.example.com,oighost2.example.com`	`14000`	`14001`
`/dms`		`WebLogicHost`	`igdadminvhn.example.com`	`7101`	`9201`

Table 16-6 Directives Required for login_vh.conf

Location	Cookie Name	Type (Host/Cluster)	Back Ends	SSL Terminated Port	End to End SSL Port	Comment
`/oam`	`OAMJSESSIONID`	`WebLogicCluster`	`oamhost1.example.com,oamhost2.example.com`	`14100`	`14101`
`/oamfed`	`OAMJSESSIONID`	`WebLogicCluster`	`oamhost1.example.com,oamhost2.example.com`	`14100`	`14101`
`/otpfp/`	`OAMJSESSIONID`	`WebLogicCluster`	`oamhost1.example.com,oamhost2.example.com`	`14100`	`14101`
`/ms_oauth`	`OAMJSESSIONID`	`WebLogicCluster`	`oamhost1.example.com,oamhost2.example.com`	`14100`	`14101`
`/oamservices/rest/auth`	`OAMJSESSIONID`	`WebLogicCluster`	`oamhost1.example.com,oamhost2.example.com`	`14100`	`14101`
`/oamservices/rest/access`	`OAMJSESSIONID`	`WebLogicCluster`	`oamhost1.example.com,oamhost2.example.com`	`14100`	`14101`
`/iam/access`	`OAMJSESSIONID`	`WebLogicCluster`	`oamhost1.example.com,oamhost2.example.com`	`14100`	`14101`
`/oauth2`	`OAMJSESSIONID`	`WebLogicCluster`	`oamhost1.example.com,oamhost2.example.com`	`14100`	`14101`
`/.well-known/openid-configuration`	`OAMJSESSIONID`	`WebLogicCluster`	`oamhost1.example.com,oamhost2.example.com`	`14100`	`14101`	Also add: `PathTrim /.well-known` `PathPrepend /oauth2/rest` :
`/.well-known/oidc-configuration`	`OAMJSESSIONID`	`WebLogicCluster`	`oamhost1.example.com,oamhost2.example.com`	`14100`	`14101`	Also add: `PathTrim /.well-known` `PathPrepend /oauth2/rest` :
`/CustomConsent`	`OAMJSESSIONID`	`WebLogicCluster`	`oamhost1.example.com,oamhost2.example.com`	`14100`	`14101`

Table 16-7 Directives Required for oig_vh.conf

Location	Cookie Name	Type (Host/Cluster)	Back Ends	SSL Terminated Port	End to End SSL Port
`/identity`	`oimjsessionid`	`WebLogicCluster`	`oighost1.example.com,oighost2.example.com`	`14000`	`14001`
`/HTTPClnt`	`oimjsessionid`	`WebLogicCluster`	`oighost1.example.com,oighost2.example.com`	`14000`	`14001`
`/reqsvc`	`oimjsessionid`	`WebLogicCluster`	`oighost1.example.com,oighost2.example.com`	`14000`	`14001`
`/FacadeWebApp`	`oimjsessionid`	`WebLogicCluster`	`oighost1.example.com,oighost2.example.com`	`14000`	`14001`
`/iam`	`oimjsessionid`	`WebLogicCluster`	`oighost1.example.com,oighost2.example.com`	`14000`	`14001`
`/OIGUI`	`oimjsessionid`	`WebLogicCluster`	`oighost1.example.com,oighost2.example.com`	`14000`	`14001`

Table 16-8 Directives Required for igdinternal_vh.conf

Location	Cookie Name	Type (Host/Cluster)	Back Ends	SSL Terminated Port	End to End SSL Port	Comments
`/sodcheck`	`oimjsessionid`	`WebLogicCluster`	`oighost1.example.com,oighost2.example.com`	`7003`	`7004`
`/role-sod`	`oimjsessionid`	`WebLogicCluster`	`oighost1.example.com,oighost2.example.com`	`14000`	`14001`
`/workflowservice`	`oimjsessionid`	`WebLogicCluster`	`oighost1.example.com,oighost2.example.com`	`14000`	`14001`
`/callbackResponseService`	`oimjsessionid`	`WebLogicCluster`	`oighost1.example.com,oighost2.example.com`	`14000`	`14001`
`/spml-xsd`	`oimjsessionid`	`WebLogicCluster`	`oighost1.example.com,oighost2.example.com`	`14000`	`14001`
`/spmlws`	`oimjsessionid`	`WebLogicCluster`	`oighost1.example.com,oighost2.example.com`	`14000`	`14001`	Also add: `PathTrim /weblogic` :
`/reqsvc`	`oimjsessionid`	`WebLogicCluster`	`oighost1.example.com,oighost2.example.com`	`14000`	`14001`
`/soa-infra`	`oimjsessionid`	`WebLogicCluster`	`oighost1.example.com,oighost2.example.com`	`7003`	`7004`
`/ucs`	`oimjsessionid`	`WebLogicCluster`	`oighost1.example.com,oighost2.example.com`	`7003`	`14001`
`/provisioning-callback`	`oimjsessionid`	`WebLogicCluster`	`oighost1.example.com,oighost2.example.com`	`14000`	`14001`
`/CertificationCallbackService`	`oimjsessionid`	`WebLogicCluster`	`oighost1.example.com,oighost2.example.com`	`14000`	`14001`
`/IdentityAuditCallbackService`	`oimjsessionid`	`WebLogicCluster`	`oighost1.example.com,oighost2.example.com`	`14000`	`14001`
`/soa/composer`	`oimjsessionid`	`WebLogicCluster`	`oighost1.example.com,oighost2.example.com`	`7003`	`7004`
`/integration`	`oimjsessionid`	`WebLogicCluster`	`oighost1.example.com,oighost2.example.com`	`7003`	`7004`
`/sdpmessaging/userprefs-ui`	`oimjsessionid`	`WebLogicCluster`	`oighost1.example.com,oighost2.example.com`	`7003`	`7004`
`/iam`	`oimjsessionid`	`WebLogicCluster`	`oighost1.example.com,oighost2.example.com`	`14000`	`14001`

Parent topic: Configuring Oracle HTTP Server to Route Requests to the Application Tier

Copying Configuration Files to WEBHOST2

Once the Location directives are added to the OHS configuration files on WEBHOST1, you must copy the files to WEBHOST2 and edit appropriately.

Copy the iadadmin_vh.conf, igdadmin_vh.conf, login_vh.conf, oig_vh.conf andigdinternal_vh.conf to the configuration directory for the second Oracle HTTP Server instance (ohs2) on WEBHOST2:
```
scp $WEB_DOMAIN_HOME/config/fmwconfig/components/OHS/ohs1/moduleconf/* oracle@webhost2:$WEB_DOMAIN_HOME/config/fmwconfig/components/OHS/ohs2/moduleconf
```
Edit each of the files copied in the previous step on WEBHOST2 and change any references of webhost1.example.com to webhost2.example.com.

Parent topic: Configuring Oracle HTTP Server to Route Requests to the Application Tier

Restarting the OHS Instances on WEBHOST1 and WEBHOST2

Restart the Oracle HTTP Server (OHS) instances on both WEBHOST1 and WEBHOST2.

Restart the ohs1 instance on WEBHOST1 by performing the following steps:
1. Change directory to the following location:
```
cd $WEB_DOMAIN_HOME/bin
```
2. Enter the following commands to stop and start the instance:
```
./stopComponent.sh ohs1
```
```
./startComponent.sh ohs1
```
Restart the ohs2 instance on WEBHOST2 by performing the following steps:
1. Change directory to the following location:
```
cd $WEB_DOMAIN_HOME/bin
```
2. Enter the following commands to stop and start the instance:
```
./stopComponent.sh ohs2
```
```
./startComponent.sh ohs2
```

Parent topic: Configuring Oracle HTTP Server to Route Requests to the Application Tier

Validating Access Through the Load Balancer

You should verify URLs to ensure that appropriate routing and failover is working from Oracle HTTP Server to OAM_Cluster.

Verifying the URLs

Parent topic: Configuring Oracle HTTP Server to Route Requests to the Application Tier

Verifying the URLs

To verify the URLs:

While oam_server2 is running, stop oam_server1 using the Oracle Fusion Middleware Control.
Access https://login.example.com/oam/server/logout.
Start oam_server1 from the Oracle Fusion Middleware Control.
Stop oam_server2 from the Oracle Fusion Middleware Control.
Access https://login.example.com/oam/server/logout.

You can verify the cluster node to which you were directed after the traffic balancing provided through your load balancer and then again through the web tier.

Parent topic: Validating Access Through the Load Balancer

Validating the Virtual Server Configuration and Access to the Consoles

Validate the virtual server configuration on the load balancer, and the access to the management console and the Administration Server.

From the load balancer, access the following URLs to ensure that your load balancer and Oracle HTTP Server are configured properly. These URLs should show the initial Oracle HTTP Server 14c web page.

https://login.example.com/index.html
https://oig.example.com/index.html
http://iadadmin.example.com/index.html
http://igdadmin.example.com/index.html

Use the following URLs to the hardware load balancer to display the Oracle Fusion Middleware Control, and log in using the Oracle WebLogic Server administrator credentials:

SSL Terminated: http://iadadmin.example.com/em
End to End SSL: https://iadadmin.example.com/em

This validates that the iadadmin.example.com virtual host on the load balancer is able to route requests to the Oracle HTTP Server instances on the web tier, which in turn can route requests for the WebLogic Remote Console to the Administration Server in the application tier.

Similarly, you should be able to access the Fusion Middleware Control for the igdadmin virtual host using the following URLs:

SSL Terminated: http://igdadmin.example.com/em
End to End SSL: https://igdadmin.example.com/em

Parent topic: Configuring Oracle HTTP Server for an Enterprise Deployment

Sample Virtual Host Files

The sample list includes the complete examples of all the virtual host files used in an Oracle Identity and Access Management deployment.

Parent topic: Configuring Oracle HTTP Server for an Enterprise Deployment

SSL Terminated Deployments

login_vh.conf

Listen 7777

<VirtualHost webhost1.example.com:7777>
    ServerName https://login.example.com:443
    ServerAdmin you@your.address
    RewriteEngine On
    RewriteOptions inherit

#OAM Entries
    <Location /oam>
        WLSRequest ON
        WLProxySSL ON
        WLProxySSLPassThrough ON
        WLCookieName OAMJSESSIONID
        WebLogicCluster oamhost1.example.com:14100,oamhost2.example.com:14100
    </Location>

    <Location /oamfed>
        WLSRequest ON
        WebLogicCluster oamhost1.example.com:14100,oamhost2.example.com:14100
        WLCookieName OAMJSESSIONID
        WLProxySSL ON
        WLProxySSLPassThrough ON
    </Location>

# OAM Forgotten Password Page
    <Location /otpfp/>   
        WLSRequest ON   
        WebLogicCluster oamhost1.example.com:14100,oamhost2.example.com:14100  
        WLCookieName OAMJSESSIONID   
        WLProxySSL ON   
        WLProxySSLPassThrough ON
     </Location>

     <Location /ms_oauth>
         WLSRequest ON
         WebLogicCluster oamhost1.example.com:14100,oamhost2.example.com:14100
         WLCookieName OAMJSESSIONID
         WLProxySSL ON
         WLProxySSLPassThrough ON
     </Location>

     <Location /oamservices/rest/auth>
         WLSRequest ON
         WLCookieName OAMJSESSIONID
         WebLogicCluster oamhost1.example.com:14100,oamhost2.example.com:14100
     </Location>

     <Location /oamservices/rest/access>
         WLSRequest ON
         WLCookieName OAMJSESSIONID
         WebLogicCluster oamhost1.example.com:14100,oamhost2.example.com:14100
     </Location>
 
     <Location /iam/access>
         WLSRequest ON
         WLCookieName OAMJSESSIONID
         WebLogicCluster oamhost1.example.com:14100,oamhost2.example.com:14100
     </Location>

     <Location /oauth2>
         WLSRequest ON
         WLCookieName OAMJSESSIONID
         WebLogicCluster oamhost1.example.com:14100,oamhost2.example.com:14100
     </Location>

     <Location /.well-known/openid-configuration>
         WLSRequest ON
         WLCookieName OAMJSESSIONID
         PathTrim /.well-known
         PathPrepend /oauth2/rest
         WebLogicCluster oamhost1.example.com:14100,oamhost2.example.com:14100
     </Location>

     <Location /.well-known/oidc-configuration>
         WLSRequest ON
         WLCookieName OAMJSESSIONID
         PathTrim /.well-known
         PathPrepend /oauth2/rest
         WebLogicCluster oamhost1.example.com:14100,oamhost2.example.com:14100
     </Location>

     <Location /CustomConsent>
         WLSRequest ON
         WLCookieName OAMJSESSIONID
         WebLogicCluster oamhost1.example.com:14100,oamhost2.example.com:14100
     </Location>
</VirtualHost>

oig_vh.conf

Listen 7777

<VirtualHost webhost1.example.com:7777>
    ServerName https://oig.example.com:443
    RewriteEngine On
    RewriteOptions inherit

    <Location /identity>
    WLSRequest ON
    WLCookieName oimjsessionid
    WebLogicCluster oighost1.example.com:14000,oighost2.example.com:14000
    WLProxySSL ON
    WLProxySSLPassThrough ON
    </Location>

    <Location /HTTPClnt>
    WLSRequest ON
    WLCookieName oimjsessionid
    WebLogicCluster oighost1.example.com:14000,oighost2.example.com:14000
    WLProxySSL ON
    WLProxySSLPassThrough ON
    </Location>

# Requests webservice URL
    <Location /reqsvc>
    WLCookieName oimjsessionid
    WebLogicCluster oighost1.example.com:14000,oighost2.example.com:14000
    WLProxySSL ON
    WLProxySSLPassThrough ON
    </Location>

    <Location /FacadeWebApp>
    SetHandler weblogic-handler
    WLCookieName oimjsessionid
    WebLogicCluster oighost1.example.com:14000,oighost2.example.com:14000
    WLProxySSL ON
    WLProxySSLPassThrough ON
    </Location>

    <Location /iam>
    SetHandler weblogic-handler
    WLCookieName oimjsessionid
    WebLogicCluster oighost1.example.com:14000,oighost2.example.com:14000
    WLProxySSL ON
    WLProxySSLPassThrough ON
    </Location>

    <Location /OIGUI>
    SetHandler weblogic-handler
    WLCookieName oimjsessionid
    WebLogicCluster oighost1.example.com:14000,oighost2.example.com:14000
    WLProxySSL ON
    WLProxySSLPassThrough ON
    </Location>
</VirtualHost>

iadadmin_vh.conf

Listen 7777

<VirtualHost webhost1.example.com:7777>
    ServerName iadadmin.example.com:80
    RewriteEngine On
    RewriteOptions inherit
    UseCanonicalName On

# Admin Server and EM
    <Location /console>
    WLSRequest ON
    WebLogicHost iadadminvhn.example.com
    WeblogicPort 7001
    </Location>

    <Location /management>
    WLSRequest ON
    WebLogicHost iadadminvhn.example.com
    WeblogicPort 7001
    </Location>

    <Location /em>
    WLSRequest ON
    WebLogicHost iadadminvhn.example.com
    WeblogicPort 7001
    </Location>

    <Location /oamconsole>
    WLSRequest ON
    WebLogicHost iadadminvhn.example.com
    WeblogicPort 7001
    </Location>

    <Location /access>
    WLSRequest ON
    WebLogicCluster oamhost1.example.com:14150,oamhost2.example.com:14150
    WLCookieName OAMJSESSIONID
    </Location>

# Required for Multi-Datacenter
    <Location /oam/services>
    WLSRequest ON
    WebLogicHost iadadminvhn.example.com
    WeblogicPort 7001
    </Location>

    <Location /oam/admin/api>
        WLSRequest ON
        WebLogicHost iadadminvhn.example.com
        WebLogicPort 7001
    </Location>

    <Location /oam/services/rest>
        WLSRequest ON
        WebLogicHost iadadminvhn.example.com
        WebLogicPort 7001
    </Location>

    <Location /iam/admin>
        WLSRequest ON
        WebLogicHost iadadminvhn.example.com
        WebLogicPort 7001
    </Location>

    <Location /oam/services/rest/11.1.2.0.0>
        WLSRequest ON
        WebLogicHost iadadminvhn.example.com
        WebLogicPort 7001
    </Location>

    <Location /oam/services/rest/ssa>
        WLSRequest ON
        WebLogicHost iadadminvhn.example.com
        WebLogicPort 7001
    </Location>

    <Location /dms>
        WLSRequest ON
        WebLogicHost iadadminvhn.example.com
        WebLogicPort 7001
    </Location>

    <Location /oam>
        WLSRequest ON
        WebLogicCluster oamhost1.example.com:14100,oamhost2.example.com:14100
    </Location>

</VirtualHost>

igdadmin_vh.conf

Listen 7777

<VirtualHost webhost1.example.com:7777>
    ServerName igdadmin.example.com:80
    RewriteEngine On
    RewriteOptions inherit
    UseCanonicalName On

# Admin Server and EM
    <Location /console>
    WLSRequest ON
    WebLogicHost igdadminvhn.example.com
    WeblogicPort 7101
    </Location>

    <Location /management>
    WLSRequest ON
    WebLogicHost igdadminvhn.example.com
    WeblogicPort 7101
    </Location>

    <Location /em>
    WLSRequest ON
    WebLogicHost igdadminvhn.example.com
    WeblogicPort 7101
    </Location>

    <Location /oim>
    WLSRequest ON
    WLCookieName oimjsessionid
    WebLogicCluster oighost1.example.com:14000,oighost2.example.com:14000
    </Location>

    <Location /iam>
    WLSRequest ON
    WLCookieName oimjsessionid
    WebLogicCluster oighost1.example.com:14000,oighost2.example.com:14000
    </Location>

    <Location /sysadmin>
    WLSRequest ON
    WLCookieName oimjsessionid
    WebLogicCluster oighost1.example.com:14000,oighost2.example.com:14000
    </Location>

    <Location /admin>
    WLSRequest ON
    WLCookieName oimjsessionid
    WebLogicCluster oighost1.example.com:14000,oighost2.example.com:14000
    </Location>

# OIM self service console
    <Location /identity>
    WLSRequest ON
    WLCookieName oimjsessionid
    WebLogicCluster oighost1.example.com:14000,oighost2.example.com:14000
    </Location>

    <Location /OIGUI>
    WLSRequest ON
    WLCookieName oimjsessionid
    WebLogicCluster oighost1.example.com:14000,oighost2.example.com:14000
    </Location>

    <Location /FacadeWebApp>
    WLSRequest ON
    WLCookieName oimjsessionid
    WebLogicCluster oighost1.example.com:14000,oighost2.example.com:14000
    </Location>

# Scheduler webservice URL
    <Location /SchedulerService-web>
    WLSRequest ON
    WLCookieName oimjsessionid
    WebLogicCluster oighost1.example.com:14000,oighost2.example.com:14000
    </Location>

    <Location /dms>
      WLSRequest ON
      WebLogicHost igdadminvhn.example.com
      WeblogicPort 7101
    </Location>
</VirtualHost>

igdinternal_vh.conf

Listen 7777

<VirtualHost webhost1.example.com:7777>
    ServerName igdinternal.example.com:7777
    RewriteEngine On
    RewriteOptions inherit

    <Location /sodcheck>
    WLSRequest ON
    WLCookieName oimjsessionid
    WebLogicCluster oighost1.example.com:7003,oighost2.example.com:7003
    </Location>

# OIM, role-sod profile
    <Location /role-sod>
    WLSRequest ON
    WLCookieName oimjsessionid
    WebLogicCluster oighost1.example.com:14000,oighost2.example.com:14000
    </Location>

# Callback webservice for SOA. SOA calls this when a request is approved/rejected
# Provide the SOA Managed Server Port
    <Location /workflowservice>
    WLSRequest ON
    WLCookieName oimjsessionid
    WebLogicCluster oighost1.example.com:14000,oighost2.example.com:14000
    </Location>

# used for FA Callback service.
    <Location /callbackResponseService>
    WLSRequest ON
    WLCookieName oimjsessionid
    WebLogicCluster oighost1.example.com:14000,oighost2.example.com:14000

    </Location>

# spml xsd profile
    <Location /spml-xsd>
    WLSRequest ON
    WLCookieName oimjsessionid
    WebLogicCluster oighost1.example.com:14000,oighost2.example.com:14000
    </Location>

# OIM, spml dsml profile
    <Location /spmlws>
    WLSRequest ON
    PathTrim /weblogic
    WLCookieName oimjsessionid
    WebLogicCluster oighost1.example.com:14000,oighost2.example.com:14000
    </Location>

    <Location /reqsvc>
    WLSRequest ON
    WLCookieName oimjsessionid
    WebLogicCluster oighost1.example.com:14000,oighost2.example.com:14000
    </Location>

# SOA Infra
    <Location /soa-infra>
    WLSRequest ON
    WLCookieName oimjsessionid
    WebLogicCluster oighost1.example.com:7003,oighost2.example.com:7003
    </Location>

# UMS Email Support
    <Location /ucs>
    WLSRequest ON
    WLCookieName oimjsessionid
    WebLogicCluster oighost1.example.com:7003,oighost2.example.com:7003
    </Location>

    <Location /provisioning-callback>
    WLSRequest ON
    WLCookieName oimjsessionid
    WebLogicCluster oighost1.example.com:14000,oighost2.example.com:14000

    </Location>

   <Location /CertificationCallbackService>
   WLSRequest ON
   WLCookieName oimjsessionid
   WebLogicCluster oighost1.example.com:14000,oighost2.example.com:14000

   </Location>

   <Location /IdentityAuditCallbackService>
   WLSRequest ON
   WLCookieName oimjsessionid
   WebLogicCluster oighost1.example.com:14000,oighost2.example.com:14000

   </Location>

# SOA Callback webservice for SOD - Provide the SOA Managed Server Ports
    <Location /soa/composer>
    WLCookieName oimjsessionid
    WebLogicCluster oighost1.example.com:7003,oighost2.example.com:7003
    </Location>

    <Location /integration>
    WebLogicCluster oighost1.example.com:7003,oighost2.example.com:7003
    WLCookieName oimjsessionid
    </Location>

    <Location /sdpmessaging/userprefs-ui>
    WLCookieName oimjsessionid
    WebLogicCluster oighost1.example.com:7003,oighost2.example.com:7003

    </Location>
            
    <Location /iam>
    WLCookieName oimjsessionid
    WebLogicCluster oighost1.example.com:14000,oighost2.example.com:14000
    </Location>
</VirtualHost>

Parent topic: Sample Virtual Host Files

End to End SSL Deployments

login_vh.conf

Listen 4447

<VirtualHost webhost1.example.com:4447>
    ServerName https://login.example.com:443
    ServerAdmin you@your.address
    SSLWallet "/u01/oracle/config/keystores/orapki/wallet_login.example.com"
    RewriteEngine On
    RewriteOptions inherit
    UseCanonicalName On

#OAM Entries
    <Location /oam>
        WLSRequest ON
        WLCookieName OAMJSESSIONID
        WebLogicCluster oamhost1.example.com:14101,oamhost2.example.com:14101
    </Location>

   <Location /oamfed>
        WLSRequest ON
        WLCookieName OAMJSESSIONID
        WebLogicCluster oamhost1.example.com:14101,oamhost2.example.com:14101
    </Location>


# OAM Forgotten Password Page
   <Location /otpfp>
        WLSRequest ON
        WLCookieName OAMJSESSIONID
        WebLogicCluster oamhost1.example.com:14101,oamhost2.example.com:14101
    </Location>

    <Location /ms_oauth>
        WLSRequest ON
        WLCookieName OAMJSESSIONID
        WebLogicCluster oamhost1.example.com:14101,oamhost2.example.com:14101
    </Location>

    <Location /oamservices/rest/auth>
        WLSRequest ON
        WLCookieName OAMJSESSIONID
        WebLogicCluster oamhost1.example.com:14101,oamhost2.example.com:14101
    </Location>

    <Location /oamservices/rest/access>
        WLSRequest ON
        WLCookieName OAMJSESSIONID
        WebLogicCluster oamhost1.example.com:14101,oamhost2.example.com:14101
    </Location>

    <Location /iam/access>
        WLSRequest ON
        WLCookieName OAMJSESSIONID
        WebLogicCluster oamhost1.example.com:14101,oamhost2.example.com:14101
    </Location>

    <Location /oauth2>
        WLSRequest ON
        WLCookieName OAMJSESSIONID
        WebLogicCluster oamhost1.example.com:14101,oamhost2.example.com:14101
    </Location>

    <Location /.well-known/openid-configuration>
        WLSRequest ON
        WLCookieName OAMJSESSIONID
        PathTrim /.well-known
        PathPrepend /oauth2/rest
        WebLogicCluster oamhost1.example.com:14101,oamhost2.example.com:14101
    </Location>

    <Location /.well-known/oidc-configuration>
        WLSRequest ON
        WLCookieName OAMJSESSIONID
        PathTrim /.well-known
        PathPrepend /oauth2/rest
        WebLogicCluster oamhost1.example.com:14101,oamhost2.example.com:14101
    </Location>

    <Location /CustomConsent>
        WLSRequest ON
        WLCookieName OAMJSESSIONID
        WebLogicCluster oamhost1.example.com:14101,oamhost2.example.com:14101
    </Location>

</VirtualHost>

oig_vh.conf

Listen 4448

<VirtualHost webhost1.example.com:4448>
    ServerName https://oig.example.com:443
    AllowEncodedSlashes On
    SSLEngine on
    SSLWallet "/u01/oracle/config/keystores/orapki/wallet_oig.example.com"
    RewriteEngine On
    RewriteOptions inherit
    UseCanonicalName On

    <Location /identity>
        WLSRequest ON
        WLCookieName oimjsessionid
        WebLogicCluster oighost1.example.com:14001,oighost2.example.com:14001
    </Location>

    <Location /HTTPClnt>
        WLSRequest ON
        WLCookieName oimjsessionid
        WebLogicCluster oighost1.example.com:14001,oighost2.example.com:14001
    </Location>

# Requests webservice URL
    <Location /reqsvc>
        WLSRequest ON
        WLCookieName oimjsessionid
        WebLogicCluster oighost1.example.com:14001,oighost2.example.com:14001
    </Location>

    <Location /FacadeWebApp>
        WLSRequest ON
        WLCookieName oimjsessionid
        WebLogicCluster oighost1.example.com:14001,oighost2.example.com:14001
    </Location>

    <Location /iam>
        WLSRequest ON
        WLCookieName oimjsessionid
        WebLogicCluster oighost1.example.com:14001,oighost2.example.com:14001
    </Location>

    <Location /OIGUI>
        WLSRequest ON
        WLCookieName oimjsessionid
        WebLogicCluster oighost1.example.com:14001,oighost2.example.com:14001
    </Location>

</VirtualHost>

iadadmin_vh.conf

Listen webhost1.example.com:4445

<VirtualHost webhost1.example.com:4445>
    ServerName https://iadadmin.example.com:443
    AllowEncodedSlashes On
    SSLEngine on
    SSLWallet "/u02/oracle/config/keystores/orapki/wallet_iadadmin.example.com"
    RewriteEngine On
    RewriteOptions inherit
    UseCanonicalName On

    <Location /console>
        WLSRequest ON
        WebLogicHost iadadminvhn.example.com
        WebLogicPort 9002
    </Location>

    <Location /management>
        WLSRequest ON
        WebLogicHost iadadminvhn.example.com
        WebLogicPort 9002
    </Location>

    <Location /em>
        WLSRequest ON
        WebLogicHost oamhost1..example.com
        WebLogicPort 9002
    </Location>

    <Location /oamconsole>
        WLSRequest ON
        WebLogicHost iadadminvhn.example.com
        WebLogicPort 9002
    </Location>

    <Location /access>
        WLSRequest ON
        WebLogicCluster oamhost1.example.com:14101,oamhost2.example.com:14101
    </Location>


# Required for Multi-Datacenter
    <Location /oam/services>
        WLSRequest ON
        WebLogicHost iadadminvhn.example.com
        WeblogicPort 7002
    </Location>

    <Location /oam/admin/api>
        WLSRequest ON
        WebLogicHost iadadminvhn.example.com
        WebLogicPort 7002
    </Location>

    <Location /oam/services/rest>
        WLSRequest ON
        WebLogicHost iadadminvhn.example.com
        WebLogicPort 7002
    </Location>

    <Location /iam/admin>
        WLSRequest ON
        WebLogicHost iadadminvhn.example.com
        WebLogicPort 7002
    </Location>

    <Location /oam/services/rest/11.1.2.0.0>
        WLSRequest ON
        WebLogicHost iadadminvhn.example.com
        WebLogicPort 7002
    </Location>

    <Location /oam/services/rest/ssa>
        WLSRequest ON
        WebLogicHost iadadminvhn.example.com
        WebLogicPort 7002
    </Location>

    <Location /dms>
        WLSRequest ON
        WebLogicHost iadadminvhn.example.com
        WebLogicPort 7002
    </Location>

    <Location /oam>
        WLSRequest ON
        WebLogicCluster oamhost1.example.com:14101,oamhost2.example.com:14101
    </Location>

</VirtualHost>

igdadmin_vh.conf

Listen webhost1.example.com:4446

<VirtualHost webhost1.example.com:4446>
    ServerName https://igdadmin.example.com:443
    ServerAdmin you@your.address
    RewriteEngine On
    RewriteOptions inherit
    UseCanonicalName On
    RequestHeader set "X-Forwarded-Host" "igdadmin.example.com"

    # Admin Server and EM
    <Location /console>
        WLSRequest ON
        WebLogicHost igdadminvhn.example.com
        WeblogicPort 9201
    </Location>

    <Location /management>
        WLSRequest ON    
        WebLogicHost igdadminvhn.example.com
        WeblogicPort 9201
    </Location>

    <Location /em>
        WLSRequest ON
        WebLogicHost igdadminvhn.example.com
        WeblogicPort 9201
    </Location>

    <Location /oim>
        WLSRequest ON
        WLCookieName oimjsessionid
        WebLogicCluster oighost1.example.com:14001,oighost2.example.com:14001
    </Location>

    <Location /iam>
        WLSRequest ON
        WLCookieName oimjsessionid
        WebLogicCluster oighost1.example.com:14001,oighost2.example.com:14001
    </Location>

    <Location /sysadmin>
        WLSRequest ON
        WLCookieName oimjsessionid
        WebLogicCluster oighost1.example.com:14001,oighost2.example.com:14001 
    </Location>

    <Location /admin>
        WLSRequest ON
        WLCookieName oimjsessionid
        WebLogicCluster oighost1.example.com:14001,oighost2.example.com:14001
    </Location>

    # OIM self service console
    <Location /identity>
        WLSRequest ON
        WLCookieName oimjsessionid
        WebLogicCluster oighost1.example.com:14001,oighost2.example.com:14001
    </Location>

    <Location /OIGUI>
        WLSRequest ON
        WLCookieName oimjsessionid
        WebLogicCluster oighost1.example.com:14001,oighost2.example.com:14001
    </Location>

    <Location /FacadeWebApp>
        WLSRequest ON
        WLCookieName oimjsessionid
        WebLogicCluster oighost1.example.com:14001,oighost2.example.com:14001
    </Location>

    # Scheduler webservice URL
    <Location /SchedulerService-web>
        WLSRequest ON
        WLCookieName oimjsessionid      
        WebLogicCluster oighost1.example.com:14001,oighost2.example.com:14001
    </Location>

    <Location /dms>
        WLSRequest ON
        WebLogicHost igdadminvhn.example.com
        WeblogicPort 9201
    </Location>

</VirtualHost>

igdinternal_vh.conf

Listen 4449

<VirtualHost webhost1.example.com:4449>
    ServerName https://igdinternal.example.com:443
    ServerAdmin you@your.address
    RewriteEngine On
    RewriteOptions inherit
    UseCanonicalName On
    RequestHeader set "X-Forwarded-Host" "igdinternal.example.com"

    <Location /sodcheck>
       WLSRequest ON
       WLCookieName oimjsessionid
       WebLogicCluster oighost1.example.com:7004,oighost2.example.com:7004
    </Location>

    # OIM, role-sod profile
    <Location /role-sod>
       WLSRequest ON
       WLCookieName oimjsessionid
       WebLogicCluster oighost1.example.com:14001,oighost2.example.com:14001
    </Location>

    # Callback webservice for SOA. SOA calls this when a request is approved/rejected
    # Provide the SOA Managed Server Port
    <Location /workflowservice>
        WLSRequest ON
        WLCookieName oimjsessionid
        WebLogicCluster oighost1.example.com:14001,oighost2.example.com:14001
    </Location>

    # used for FA Callback service.
    <Location /callbackResponseService>
        WLSRequest ON
        WLCookieName oimjsessionid
        WebLogicCluster oighost1.example.com:14001,oighost2.example.com:14001
    </Location>

    # spml xsd profile
    <Location /spml-xsd>
        WLSRequest ON
        WLCookieName oimjsessionid
        WebLogicCluster oighost1.example.com:14001,oighost2.example.com:14001
    </Location>

    # OIM, spml dsml profile
    <Location /spmlws>
        WLSRequest ON
        PathTrim /weblogic
        WLCookieName oimjsessionid
        WebLogicCluster oighost1.example.com:14001,oighost2.example.com:14001
    </Location>

    <Location /reqsvc>
        WLSRequest ON
        WLCookieName oimjsessionid
        WebLogicCluster oighost1.example.com:14001,oighost2.example.com:14001
    </Location>

    # SOA Infra
    <Location /soa-infra>
        WLSRequest ON
        WLCookieName oimjsessionid
        WebLogicCluster oighost1.example.com:7004,oighost2.example.com:7004
    </Location>

    # UMS Email Support
    <Location /ucs>
        WLSRequest ON
        WLCookieName oimjsessionid
        WebLogicCluster oighost1.example.com:7004,oighost2.example.com:7004
    </Location>

    <Location /provisioning-callback>
        WLSRequest ON
        WLCookieName oimjsessionid      
        WebLogicCluster oighost1.example.com:14001,oighost2.example.com:14001
    </Location>

    <Location /CertificationCallbackService>
        WLSRequest ON
        WLCookieName oimjsessioni
        WebLogicCluster oighost1.example.com:14001,oighost2.example.com:14001
    </Location>

    <Location /IdentityAuditCallbackService>
        WLSRequest ON
        WLCookieName oimjsessionid
        WebLogicCluster oighost1.example.com:14001,oighost2.example.com:14001
    </Location>
  
    # SOA Callback webservice for SOD - Provide the SOA Managed Server Ports
    <Location /soa/composer>
        WLCookieName oimjsessionid
        WebLogicCluster oighost1.example.com:7004,oighost2.example.com:7004
    </Location>

    <Location /integration>
        WebLogicCluster oighost1.example.com:7004,oighost2.example.com:7004
        WLCookieName oimjsessionid
    </Location>

    <Location /sdpmessaging/userprefs-ui>
        WLCookieName oimjsessionid
        WebLogicCluster oighost1.example.com:7004,oighost2.example.com:7004
    </Location>
		
    <Location /iam>
        WLCookieName oimjsessionid
        WebLogicCluster oighost1.example.com:14001,oighost2.example.com:14001
    </Location>

</VirtualHost>

Parent topic: Sample Virtual Host Files