Oracle provides different proxy plug-ins for use with Oracle WebLogic Server.
This chapter includes the following topics:
What are Oracle WebLogic Server Proxy Plug-Ins?
The Oracle WebLogic Server Proxy Plug-ins allow requests to be proxied from HTTP Web Server to Oracle WebLogic Server. In this way, proxy plug-ins enable the HTTP server to communicate with applications deployed on Oracle WebLogic Server.
A proxy plug-in enhances an HTTP server installation by allowing Oracle WebLogic Server to handle requests that require dynamic functionality. In other words, you typically use a proxy plug-in where the HTTP server serves static pages such as HTML pages, while Oracle WebLogic Server serves dynamic pages such as HTTP Servlets and Java Server Pages (JSPs).
Oracle WebLogic Server may be operating in a different process, possibly on a different host. To the end user—the browser—the HTTP requests delegated to Oracle WebLogic Server still appear to be coming from the HTTP server.
Availability of Oracle WebLogic Server Proxy Plug-Ins
For example, the following directories are included in the proxy plug-in distribution:
lib/mod_wl_24.so(Oracle WebLogic Server Proxy Plug-in for Apache HTTP Server)
jlib/*.jar(Java helper libraries for orapki)
For information about installing and configuring the proxy plug-ins for Apache HTTP Server, see Installing the Oracle WebLogic Server Proxy Plug-In for Apache HTTP Server and Configuring the Oracle WebLogic Server Proxy Plug-In for Apache HTTP Server.
Features of the 22.214.171.124.0 Proxy Plug-Ins
The Oracle WebLogic Server 126.96.36.199 Proxy Plug-ins add support for HTTP/2 and support for the use of TLS v1.3 with both HTTP/1.1 and HTTP/2 protocols.
This section includes the following topics:
Support for HTTP/2 Protocol
The Oracle WebLogic Server 188.8.131.52.0 Proxy Plug-in for Apache HTTP Server on Linux supports the HTTP/2 protocol.
The HTTP/2 protocol uses a binary framing mechanism to exchange data between the client and the server. All HTTP/2 communication is split into smaller messages and frames, each of which is encoded in a binary format. As a result, both client and server must use the new binary encoding mechanism to understand each other. An HTTP/1.x client will not understand an HTTP/2-only server, and vice versa.
Note:Websocket is not supported over HTTP/2.
Server Push Functionality
The server push functionality is one of the key features of the HTTP/2 protocol.
Accessing websites follows the request and response pattern. A user sends a request to a remote server. The server responds with the requested content with some delay. The initial request to a web server is generally for an HTML document. In this scenario, the server replies with the requested HTML resource. The HTML is then parsed by the browser, where references to other assets are discovered, such as style sheets, scripts, and images. Upon their discovery, the browser makes separate requests for those assets, which are then responded to by the server. The problem with this mechanism is that it forces the user to wait for the browser to discover and retrieve critical assets until after an HTML document has been downloaded. This delays rendering time and increases load time.
The server push functionality is a solution to this problem. It lets the server preemptively push website assets to the client without the user having explicitly asked for them.
For example, consider a website where all pages rely on styles defined in an external style sheet named
styles.css. When the user requests
index.html from the server, the
styles.css is sent to the user just after the server starts sending the response for
index.html. Rather than waiting for the server to send
index.html and then waiting for the browser to request and receive
styles.css, the user only has to wait for the server to respond with both
styles.css on the initial request. This decreases the rendering time of the page.
To enable the server push functionality, configure the H2Push directive and use link headers either in the web server configuration file or in the response. For configuring the H2Push directive, see H2Push Directive in the Apache HTTP Server Documentation.
The Oracle WebLogic Server Proxy Plug-ins support link headers created using
Example of link header in the web server configuration file:
Header add Link "</xxx.css>;rel=preload"
Header add Link "</xxx.js>;rel=preload"
Example of link header in the response:
on in the
httpd.conf file if link header
is sent in the response, as given
HTTPServeletRequest, and using 103 early hints along with the link
headers are NOT supported.
Support for TLSv1.3 Protocol
The Oracle WebLogic Server 184.108.40.206.0 Proxy Plug-ins support the TLSv1.3 protocol.
Use the WebLogicSSLVersion directive to specify the SSL protocol version to be used for communication between the proxy plug-in and Oracle WebLogic Server.
The support for TLSv1.3 protocol includes the following features:
- Support for new TLSv1.3 cipher suites. See WebLogicSSLCiphers.
- Support for certificates signed with the RSASSA-PSS signature algorithm. See Using Certificates Signed with RSASSA-PSS Signature Algorithm.
Removal of TLSv1.1 Protocol From the Default List
In the 220.127.116.11.0 version of the Oracle WebLogic Server Proxy Plug-ins, the TLSv1.1 protocol is
removed from the default list of supported protocols. If you want to use the TLSv1.1
protocol, it must be explicitly added to the configuration using the
WebLogicSSLVersion directive. A warning message is logged if
you configure the TLSv1.1 protocol.
A few ciphers are deprecated in 18.104.22.168.0 and are removed from the list of supported ciphers. If you want to use the deprecated ciphers for handshake between the web server and the Oracle WebLogic Server, you must explicitly add them to the configuration using the
WebLogicSSLCiphers directive. A warning message is generated if any cipher from the deprecated list is used.
- Default list of ciphers for TLSv1.3:
- Default list of ciphers for TLSv1.2:
- Deprecated list of ciphers in 22.214.171.124.0:
Features Inherited from Previous 12c Releases
In addition to the new features, Oracle WebLogic Server Proxy Plug-ins have also inherited features from the previous 12c releases.
- The Oracle WebLogic Server Proxy Plug-in has removed support for TLS1.0 SSL protocol. Therefore, the proxy plug-in fails to connect to Oracle WebLogic Server when you configure TLS1.0 SSL protocol for SSL communication.
- The proxy plug-in considers MD5 signed certificates as insecure. Therefore, these certificates are disabled by default. If you are using SSL to connect to Oracle WebLogic Server, and if the wallet contains any certificates signed with MD5, replace them by SHA-2 signed certificates. Otherwise, the server fails to start. For more information about MD5 signed certificates, see Replacing Certificates Signed Using the MD5 Algorithm.
- The proxy plug-in supports Apache HTTP Server 2.4.x Web Server
mod_wl_24.soproxy plug-in module. So, you will need to load the
mod_wl_24.somodule with Apache HTTP Server 2.4.x. This is typically done by editing the Apache HTTP Server configuration file(s).
- The proxy plug-in does not support Apache HTTP Server 2.2.x
mod_wl.soOracle WebLogic Server module. Hence, this module has been removed from the proxy plug-in distribution.
- Oracle WebLogic Server 12.1.2 supports deploying WebSocket applications. Oracle WebLogic Server 12.2.1.x Proxy Plug-in for Apache HTTP Server 2.4.x can now handle WebSocket connection upgrade requests and effectively proxy to WebSocket applications hosted within Oracle WebLogic Server 12.1.2 and later. See About WebSocket Proxy Configurations.
- The proxy plug-in now includes the following Oracle WebLogic
Server Proxy Plug-in configuration parameters:
- WLMaxWebSocketClients: Limits the number of active
WebSocket connections at any instant of time. The default value is
Half of MaxClients(or
- WebLogicSSLVersion: Chooses the SSL protocol version to use while communicating HTTPS requests between Oracle WebLogic Server Proxy Plug-ins and WebLogic Managed Server(s)/ Cluster(s).
- WLMaxWebSocketClients: Limits the number of active WebSocket connections at any instant of time. The default value is
- The proxy plug-in provides support for monitoring the performance of Oracle WebLogic Server Proxy Plug-in where a request is proxied to the back-end Oracle WebLogic Server. See Understanding the DMS Metrics for Oracle WebLogic Server Proxy Plug-In.
- The proxy plug-in for Apache HTTP Server Web Server now logs the debug information to the respective web server error log files. Hence, the proxy plug-in parameters specific to the debug logs (Debug and WLLogFile) have been deprecated.
- The proxy plug-ins improve performance using a pool of
connections from the plug-in to Oracle WebLogic Server. The proxy plug-in
implements HTTP 1.1 keep-alive connections between the proxy plug-in and
Oracle WebLogic Server by reusing the same connection for subsequent
requests from the same proxy plug-ins. If the connection is inactive for
more than 20 seconds, (or a user-defined amount of time), the connection is
closed. See KeepAliveEnabled.
Note:The web server manages client connections.
- The proxy plug-in proxies requests to Oracle WebLogic Server
based on a configuration that you specify.
- You can proxy requests based on the URL of the request or a portion of the URL. This is called proxying by path.
- You can also proxy a request based on the MIME type of the requested file, which is called proxying by file extension.
You can also enable both methods. If you enable both methods and a request matches both criteria, the request is proxied by path.
You can also specify additional parameters for each of these types of requests that define additional behavior of the proxy plug-in.