Home
/
Middleware
/
Oracle HTTP Server
1/24
Contents
Title and Copyright Information
Preface
Audience
Documentation Accessibility
Related Documents
Conventions
What's New in Oracle HTTP Server 12
c
(12.2.1)
New and Changed Features in 12
c
(12.2.1)
Part I Understanding Oracle HTTP Server
1
Introduction to Oracle HTTP Server
1.1
What is Oracle HTTP Server?
1.2
Oracle HTTP Server 12
c
(12.2.1) Topologies
1.3
Key Features of Oracle HTTP Server
1.3.1
Restricted-JRF Mode
1.3.2
Oracle WebLogic Server Proxy Plug-In (mod_wl_ohs)
1.3.3
CGI and Fast CGI Protocol (mod_proxy_fcgi)
1.3.4
Security Features
1.3.4.1
Oracle Secure Sockets Layer (mod_ossl)
1.3.4.2
Security: Encryption with Secure Sockets Layer
1.3.4.3
Security: Single Sign-On with WebGate
1.3.5
URL Rewriting and Proxy Server Capabilities
1.4
Domain Types
1.4.1
WebLogic Server Domain (Full-JRF Mode)
1.4.2
WebLogic Server Domain (Restricted-JRF Mode)
1.4.3
Standalone Domain
1.5
Understanding Oracle HTTP Server Directory Structure
1.6
Understanding Configuration Files
1.6.1
Staging and Run-time Configuration Directories
1.6.2
Oracle HTTP Server Configuration Files
1.6.3
Modifying an Oracle HTTP Server Configuration File
1.7
Upgrading from Earlier Releases of Oracle HTTP Server
1.8
Oracle HTTP Server Support
2
Understanding Oracle HTTP Server Modules
2.1
Oracle-Developed Modules for Oracle HTTP Server
2.1.1
mod_certheaders Module—Enables Reverse Proxies
2.1.2
mod_context Module—Creates or Propagates ECIDs
2.1.3
mod_dms Module—Enables Access to DMS Data
2.1.4
mod_odl Module—Enables Access to ODL
2.1.5
mod_ora_audit—Supports Authentication and Authorization Auditing
2.1.6
mod_ossl Module—Enables Cryptography (SSL)
2.1.7
mod_webgate Module—Enables Single Sign-on
2.1.8
mod_wl_ohs Module—Proxies Requests to Oracle WebLogic Server
2.2
Apache HTTP Server and Third-party Modules in Oracle HTTP Server
3
Understanding Oracle HTTP Server Management Tools
3.1
Administering Oracle HTTP Server Using Fusion Middleware Control
3.1.1
Accessing Fusion Middleware Control
3.1.2
Accessing the Oracle HTTP Server Home Page
3.1.3
Understanding the Oracle HTTP Server Home Page
3.1.4
Editing Configuration Files Using Fusion Middleware Control
3.2
Administering Oracle HTTP Server Using WLST
3.2.1
Oracle HTTP Server-Specific WLST Commands
3.2.2
Using WLST in a Standalone Environment
Part II Managing Oracle HTTP Server
4
Running Oracle HTTP Server
4.1
Before You Begin
4.2
Creating an OHS Instance
4.2.1
Creating an Oracle HTTP Server Instance in a WebLogic Server Domain
4.2.1.1
Creating an Instance by Using WLST
4.2.1.2
Creating an Instance by Using Fusion Middleware Control
4.2.1.3
About Instance Provisioning
4.2.2
Creating an Oracle HTTP Server Instance in a Standalone Domain
4.3
Performing Basic Oracle HTTP Server Tasks
4.3.1
About Using the WLST Commands
4.3.2
Understanding the PID File
4.3.3
Starting Oracle HTTP Server Instances
4.3.3.1
Starting Oracle HTTP Server Instances Using Fusion Middleware Control
4.3.3.2
Starting Oracle HTTP Server Instances Using WLST
4.3.3.3
Starting Oracle HTTP Server Instances from the Command Line
4.3.3.3.1
Storing Your Node Manager Password
4.3.3.4
Starting Oracle HTTP Server Instances on a Privileged Port (UNIX Only)
4.3.3.5
Starting Oracle HTTP Server Instances as a Different User (UNIX Only)
4.3.4
Stopping Oracle HTTP Server Instances
4.3.4.1
Stopping Oracle HTTP Server Instances Using Fusion Middleware Control
4.3.4.2
Stopping Oracle HTTP Server Instances Using WLST
4.3.4.3
Stopping Oracle HTTP Server Instances from the Command Line
4.3.5
Restarting Oracle HTTP Server Instances
4.3.5.1
Restarting Oracle HTTP Server Instances Using Fusion Middleware Control
4.3.5.2
Restarting Oracle HTTP Server Instances Using WLST
4.3.6
Checking the Status of a Running Oracle HTTP Server Instance
4.3.6.1
Checking Server Status Using Fusion Middleware Control
4.3.6.2
Checking Server Status Using WLST
4.3.7
Deleting an Oracle HTTP Server Instance
4.3.7.1
Deleting an Oracle HTTP Server Instance in a WebLogic Server Domain
4.3.7.1.1
Deleting an Instance Using WLST
4.3.7.1.2
Deleting an Instance Using Fusion Middleware Control
4.3.7.2
Deleting an Oracle HTTP Server Instance from a Standalone Domain
4.3.8
Changing the Default Node Manager Port Number
4.3.8.1
Changing the Default Node Manager Port Using WLST
4.3.8.2
Changing the Default Node Manager Port Using Oracle WebLogic Server Administration Console
4.4
Remotely Administering Oracle HTTP Server
4.4.1
Setting Up a Remote Environment
4.4.1.1
Host Requirements for a Remote Environment
4.4.1.2
Task 1: Set Up an Expanded Domain on host1
4.4.1.3
Task 2: Pack the Domain on host1
4.4.1.4
Task 3: Unpack the Domain on host2
4.4.1.5
Task 4: Run Oracle HTTP Server Remotely
5
Working with Oracle HTTP Server
5.1
About Editing Configuration Files
5.1.1
Editing a Configuration File for a Standalone Domain
5.1.2
Editing a Configuration File for a WebLogic Server Domain
5.2
Specifying Server Properties
5.2.1
Specifying Server Properties Using Fusion Middleware Control
5.2.2
Specify Server Properties by Editing the httpd.conf File
5.3
Configuring Oracle HTTP Server Instances
5.3.1
Secure Sockets Layer Configuration
5.3.2
Configuring Secure Sockets Layer in Standalone Mode
5.3.2.1
Configure SSL
5.3.2.1.1
Task 1: Create a Real Wallet
5.3.2.1.2
Task 2: (Optional) Customize Your Configuration
5.3.2.1.3
Basic SSL Configuration Example
5.3.2.2
Specify SSLVerifyClient on the Server Side
5.3.2.2.1
Forcing Clients to Authenticate Using Certificates
5.3.2.2.2
Forcing a Client to Authenticate for a Particular URL
5.3.2.2.3
Authorizing a Client for a Particular URL
5.3.2.2.4
Allowing Clients with Strong Ciphers and CA Client Certificate or Basic Authentication
5.3.2.3
Enable SSL Between Oracle HTTP Server and Oracle WebLogic Server
5.3.3
Exporting the Keystore to an Oracle HTTP Server Instance Using WLST
5.3.4
Importing Wallets to the KSS Database after an Upgrade Using WLST
5.3.5
Associating Oracle HTTP Server Instances With a Keystore Using WLST
5.3.6
Configuring MIME Settings using Fusion Middleware Control
5.3.6.1
Configuring MIME Types
5.3.6.2
Configuring MIME Encoding
5.3.6.3
Configuring MIME Languages
5.3.7
About Configuring mod_proxy_fcgi
5.3.8
About Configuring the Oracle WebLogic Server Proxy Plug-In (mod_wl_ohs)
5.3.8.1
Configuring SSL for mod_wl_ohs
5.3.9
Removing Access to Unneeded Content
5.3.9.1
Edit the cgi-bin Section
5.3.9.2
Edit the Fancy Indexing Section
5.3.9.3
Edit the Product Documentation Section
5.3.10
Using the apxs Command to Install Extension Modules
5.3.11
Disabling the Options Method
5.3.12
Updating Oracle HTTP Server Component Configurations on a Shared Filesystem
5.4
Configuring the mod_security Module
5.4.1
Configuring mod_security in the httpd.conf File
5.4.2
Configuring mod_security in a mod_security.conf File
5.4.3
Sample mod_secuirity.conf File
6
Managing and Monitoring Server Processes
6.1
Oracle HTTP Server Processing Model
6.1.1
Request Process Model
6.1.2
Single Unit Process Model
6.2
Monitoring Server Performance
6.2.1
Oracle HTTP Server Performance Metrics
6.2.2
Viewing Performance Metrics
6.2.2.1
Viewing Server Metrics Using Fusion Middleware Control
6.2.2.2
Viewing Server Metrics Using WLST
6.3
Oracle HTTP Server Performance Directives
6.3.1
Understanding Performance Directives
6.3.1.1
Changing the MPM Type Value in a Standalone Domain
6.3.1.2
Changing the MPM Type Value in a WebLogic Server Managed Domain
6.3.2
Configuring Performance Directives Using Fusion Middleware Control
6.3.2.1
Setting the Request Configuration Using Fusion Middleware Control
6.3.2.2
Setting the Connection Configuration Using Fusion Middleware Control
6.3.2.3
Setting the Process Configuration Using Fusion Middleware Control
6.4
Understanding Process Security for UNIX
7
Managing Connectivity
7.1
Default Listen Ports
7.2
Defining the Admin Port
7.3
Viewing Port Number Usage
7.3.1
Viewing Port Number Usage Using Fusion Middleware Control
7.3.2
Viewing Port Number Usage Using WLST
7.4
Managing Ports
7.4.1
Creating Ports Using Fusion Middleware Control
7.4.2
Editing Ports Using Fusion Middleware Control
7.4.3
Disabling a Listening Port in a Standalone Environment
7.5
Configuring Virtual Hosts
7.5.1
Creating Virtual Hosts Using Fusion Middleware Control
7.5.2
Configuring Virtual Hosts Using Fusion Middleware Control
8
Managing Oracle HTTP Server Logs
8.1
Overview of Server Logs
8.1.1
About Error Logs
8.1.2
About Access Logs
8.1.3
Configuring Log Rotation
8.1.3.1
Syntax and Examples for Time- and Size-Based Log Rotation
8.2
Configuring Oracle HTTP Server Logs
8.2.1
Configuring Error Logs Using Fusion Middleware Control
8.2.1.1
Configuring the Error Log Format and Location
8.2.1.2
Configuring the Error Log Level
8.2.1.3
Configuring Error Log Rotation Policy
8.2.2
Configuring Access Logs Using Fusion Middleware Control
8.2.2.1
Configuring the Access Log Format
8.2.2.2
Configuring the Access Log File
8.2.3
Configuring the Log File Creation Mode (umask) (UNIX/Linux Only)
8.2.3.1
Configure umask for an Oracle HTTP Server Instance in a Standalone Domain
8.2.3.2
Configure umask for an Oracle HTTP Server Instance in a WebLogic Server Managed Domain
8.3
Configuring the Log Level Using WLST
8.4
Log Directives for Oracle HTTP Server
8.4.1
Oracle Diagnostic Logging Directives
8.4.1.1
OraLogMode
8.4.1.2
OraLogDir
8.4.1.3
OraLogSeverity
8.4.1.4
OraLogRotationParams
8.4.2
Apache HTTP Server Log Directives
8.4.2.1
ErrorLog
8.4.2.2
LogLevel
8.4.2.3
LogFormat
8.4.2.4
CustomLog
8.5
Viewing Oracle HTTP Server Logs
8.5.1
Viewing Logs Using Fusion Middleware Control
8.5.2
Viewing Logs Using WLST
8.5.3
Viewing Logs in a Text Editor
8.6
Recording ECID Information
8.6.1
About ECID Information
8.6.2
Configuring Error Logs for ECID Information
8.6.3
Configuring Access Logs for ECID Information
8.7
Terminating SSL Requests
8.7.1
About Terminating SSL at the Load Balancer
8.7.1.1
Terminating SSL at the Load Balancer
8.7.2
About Terminating SSL at Oracle HTTP Server
8.7.2.1
Terminating SSL at Oracle HTTP Server
9
Managing Application Security
9.1
About Oracle HTTP Server Security
9.2
Classes of Users and Their Privileges
9.3
Resources Protected
9.4
Authentication, Authorization and Access Control
9.4.1
Access Control
9.4.2
User Authentication and Authorization
9.4.2.1
Authenticating Users with Apache HTTP Server Modules
9.4.2.2
Authenticating Users with WebGate
9.4.3
Support for FMW Audit Framework
9.4.3.1
Managing Audit Policies Using Fusion Middleware Control
9.5
Implementing SSL
9.5.1
Global Server ID Support
9.5.2
PKCS #11 Support
9.5.3
SSL and Logging
9.6
Using mod_security
9.7
Using Trust Flags
Part III Appendixes
A
Oracle HTTP Server WLST Custom Commands
A.1
Getting Help on Oracle HTTP Server WLST Custom Commands
A.2
Names of WLST Custom Commands Have Changed
A.3
Oracle HTTP Server Commands
A.3.1
ohs_addAdminProperties
A.3.2
ohs_addNMProperties
A.3.3
ohs_createInstance
A.3.4
ohs_deleteInstance
A.3.5
ohs_exportKeyStore
A.3.6
ohs_postUpgrade
A.3.7
ohs_updateInstances
B
Migrating to the mod_proxy_fcgi and mod_authnz_fcgi Modules
B.1
Task 1: Replace LoadModule Directives in htttpd.conf File
B.2
Task 2: Delete mod_fastcgi Configuration Directives From the htttpd.conf File
B.3
Task 3: Configure mod_proxy_fcgi to Act as a Reverse Proxy to an External FastCGI Server
B.4
Task 4: Setup an External FastCGI Server
B.5
Task 5: Setup mod_authnz_fcgi to Work with FastCGI Authorizer Applications.
C
Frequently Asked Questions
C.1
How Do I Create Application-Specific Error Pages?
C.2
What Type of Virtual Hosts Are Supported for HTTP and HTTPS?
C.3
Can I Use Different Language and Character Set Versions of Document?
C.4
Can I Apply Apache HTTP Server Security Patches to Oracle HTTP Server?
C.5
Can I Upgrade the Apache HTTP Server Version of Oracle HTTP Server?
C.6
Can I Compress Output From Oracle HTTP Server?
C.7
How Do I Create a Namespace That Works Through Firewalls and Clusters?
C.8
How Can I Enhance Website Security?
C.9
Why is REDIRECT_ERROR_NOTES not set for "File Not Found" errors?
C.10
How can I hide information about the Web Server Vendor and Version
C.11
Can I Start OHS by Using apachectl or Other Command-Line Tool?
C.12
How Do I Configure Oracle HTTP Server to Listen at Port 80?
C.13
How Do I Terminate Requests Using SSL Within Oracle HTTP Server?
C.14
How Do I Configure End-to-End SSL Within Oracle HTTP Server?
C.15
Can Oracle HTTP Server Front-End Oracle WebLogic Server?
C.16
What is the Difference Between Oracle WebLogic Server Domains and Standalone Domains?
C.17
Can Oracle HTTP Server Cache the Response Data?
C.18
How Do I Configure a Virtual Server-Specific Access Log?
D
Troubleshooting Oracle HTTP Server
D.1
Oracle HTTP Server Unable to Start Due to Port Conflict
D.2
System Overloaded by Number of httpd Processes
D.3
Permission Denied When Starting Oracle HTTP Server On a Port Below 1024
D.4
Using Log Files to Locate Errors
D.4.1
Rewrite Log
D.4.2
Script Log
D.4.3
Error Log
D.5
Recovering an OHS Instance on a Remote Host
D.6
Oracle HTTP Server Performance Issues
D.6.1
Special Runtime Files Reside on a Network File System
D.6.2
UNIX Sockets on a Network File System
D.6.3
DocumentRoot on a Slow File System
D.7
Out of DMS Shared Memory
D.8
Performance Issues with Instances Created on Shared File Systems
D.9
Node Manager 12c (12.1.2) OHS Throws Java Exception on AIX
E
Configuration Files
E.1
httpd.conf File
E.2
ssl.conf File
E.3
admin.conf File
E.4
mod_wl_ohs.conf File
E.5
mime.types File
E.6
ohs.plugins.nodemanager.properties File
E.7
magic File
E.8
keystores/<
wallet-directory
> File
E.9
auditconfig.xml File
E.10
component-logs.xml File
E.11
component_events.xml File
E.12
Additional Reference
F
Property Files
F.1
ohs_admin.properties File
F.2
ohs_nm.properties File
F.3
ohs.plugins.nodemanager.properties File
F.3.1
Cross-platform Properties
F.3.2
Environment Variable Configuration Properties
F.3.3
Properties Specific to Oracle HTTP Server Instances Running on Linux and UNIX
G
OHS Module Directives
G.1
Note on mod_wl_ohs Module
G.2
mod_certheaders Module
G.2.1
AddCertHeader Directive
G.2.2
SimulateHttps Directive
G.3
mod_ossl Module
G.3.1
SSLCARevocationFile Directive
G.3.2
SSLCARevocationPath Directive
G.3.3
SSLCipherSuite Directive
G.3.4
SSLEngine Directive
G.3.5
SSLFIPS Directive
G.3.6
SSLHonorCipherOrder Directive
G.3.7
SSLInsecureRenegotiation Directive
G.3.8
SSLOptions Directive
G.3.9
SSLProtocol Directive
G.3.10
SSLProxyCipherSuite Directive
G.3.11
SSLProxyEngine Directive
G.3.12
SSLProxyProtocol Directive
G.3.13
SSLProxyWallet Directive
G.3.14
SSLRequire Directive
G.3.15
SSLRequireSSL Directive
G.3.16
SSLSessionCache Directive
G.3.17
SSLSessionCacheTimeout Directive
G.3.18
SSLTraceLogLevel Directive
G.3.19
SSLVerifyClient Directive
G.3.20
SSLWallet Directive
Index
Scripting on this page enhances content navigation, but does not change the content in any way.