4.4 Preparing Your OHS Configuration Files

Before you deploy Oracle HTTP Server (OHS), you must prepare your OHS configuration files.

The steps below assume familiarity with on premises Oracle HTTP Server in terms of general configuration, and use of Oracle WebGate.

Note:

Administrators should be aware of the following:

• If you do not specify configuration files beforehand, then the OHS container is deployed with a default configuration of Oracle HTTP Server.
• The directories listed below are optional. For example, if you do not want to deploy WebGate then you do not need to create the webgateConf and webgateWallet directories. Similarly, if you do not want to copy files to htdocs then you do not need to create the htdocs directory.

1. Make a directory to store your OHS configuration files:

   mkdir -p <myohsfiles>

   For example:

   mkdir -p /OHSK8S/myOHSfiles

2. Set the $MYOHSFILES environment variable as follows:

   export MYOHSFILES=<myohsfiles>

   For example:

   export MYOHSFILES=/OHSK8S/myOHSfiles

3. Create the following directories for your OHS configuration:

   mkdir -p $MYOHSFILES/ohsConfig/httpconf
   mkdir -p $MYOHSFILES/ohsConfig/moduleconf 
   mkdir -p $MYOHSFILES/ohsConfig/htdocs
   mkdir -p $MYOHSFILES/ohsConfig/htdocs/myapp
   mkdir -p $MYOHSFILES/ohsConfig/webgate/config/wallet
   mkdir -p $MYOHSFILES/ohsConfig/wallet/mywallet

   Where:
   • httpconf - contains any configuration files you want to configure that are usually found in the $OHS_DOMAIN_HOME/config/fmwconfig/components/OHS/ohs1 directory. For example httpd.conf, ssl.conf and mod_wl_ohs.conf. The webgate.conf does not need to be copied as this will get generated automatically if deploying with Oracle WebGate.
   • moduleconf - contains any additional config files, for example virtual host configuration files that you want to copy to the $OHS_DOMAIN_HOME/config/fmwconfig/components/OHS/ohs1/moduleconf folder in the container.
   • htdocs - contains any html files, or similar, that you want to copy to the $OHS_DOMAIN_HOME/config/fmwconfig/components/OHS/ohs1/htdocs folder in the container.
   • htdocs/myapp - myapp is an example directory name that exists under htdocs. If you need to copy any directories under htdocs above, then create the directories you require.
   • webgate/config - contains the extracted Oracle WebGate configuration. For example, when you download the <agent>.zip file from Oracle Access Management (OAM) Console, you extract the zip file into this directory. If you are accessing OAM URL’s via SSL, this directory must also contain the Certificate Authority cacert.pem file(s) that signed the certificate of the OAM entry point. For example, if you will access OAM via a HTTPS Load Balancer URL, then cacert.pem is the CA certificate(s) that signed the load balancer certificate.
   • webgate/config/wallet - contains the contents of the wallet directory extracted from the <agent>.zip file.
   • wallet/mywallet - if OHS is to be configured to use SSL, this directory contains the preconfigured OHS Wallet file, cwallet.sso.

   Note:

   Administrators should be aware of the following if configuring OHS for SSL:

   • The wallet must contain a valid certificate.
   • Only auto-login-only wallets (cwallet.sso only) are supported. For example, wallets created with orapki using the auto-login-only option. Password protected wallets (ewallet.p12) are not supported.
   • You must configure ssl.conf in $MYOHSFILES/ohsConfig/httpconf and set the directory for SSLWallet to:

     SSLWallet "${ORACLE_INSTANCE}/config/fmwconfig/components/${COMPONENT_TYPE}/instances/${COMPONENT_NAME}/keystores/wallet/mywallet"

   An example file system may contain the following:

   ls -R $MYOHSFILES/ohsConfig
   /OHSK8S/myOHSfiles/ohsConfig:
   htdocs  httpconf  moduleconf  wallet  webgate
   
   /OHSK8S/myOHSfiles/ohsConfig/htdocs:
   myapp  mypage.html
   
   /OHSK8S/myOHSfiles/ohsConfig/htdocs/myapp:
   index.html
   
   /OHSK8S/myOHSfiles/ohsConfig/httpconf:
   httpd.conf  mod_wl_ohs.conf  ssl.conf
   
   /OHSK8S/myOHSfiles/ohsConfig/moduleconf:
   vh.conf
   
   /OHSK8S/myOHSfiles/ohsConfig/wallet:
   mywallet
   
   /OHSK8S/myOHSfiles/ohsConfig/wallet/mywallet:
   cwallet.sso
   
   /OHSK8S/myOHSfiles/ohsConfig/webgate:
   config
   
   /OHSK8S/myOHSfiles/ohsConfig/webgate/config:
   cacert.pem  cwallet.sso  cwallet.sso.lck  ObAccessClient.xml  wallet
   
   /OHSK8S/myOHSfiles/ohsConfig/webgate/config/wallet:
   cwallet.sso  cwallet.sso.lck

Set WLDNSRefreshInterval and WebLogicCluster Directives

If your OHS deployment is configured to communicate with Oracle WebLogic Server, then you must set the WLDNSRefreshInterval and WebLogicCluster directives in your OHS configuration files appropriately.

In the file where your WLS location directives reside, you must set the following:

<IfModule weblogic_module>
WLDNSRefreshInterval 10
</IfModule>

For WebLogicCluster, the values to set depend on whether the WLS is deployed on-premises, on the same Kubernetes cluster as OHS, or on a different Kubernetes cluster to OHS. The following sections explain how to set the values in each case.

On-premises Configuration

If OHS is connecting to a WebLogic Server deployed in an on-premises configuration (non-Kubernetes), then set:

WebLogicCluster <APPHOST1>:<PORT>,<APPHOST2>:<PORT>

For example, if you were connecting to the WebLogic Server Administration Server port:

<Location /console>
   WLSRequest ON
   DynamicServerList OFF
   WLProxySSL ON
   WLProxySSLPassThrough ON
   WLCookieName OAMJSESSIONID
   WebLogicCluster APPHOST1.example.com:7001,APPHOST2.example.com:7001
 </Location>

Oracle HTTP Server on a Shared Kubernetes Cluster

If OHS is connecting to a WebLogic Server deployed on the same Kubernetes cluster, then set the following depending on your environment:

WebLogicHost <service_name>.<namespace>.svc.cluster.local
WebLogicPort <port>

or:

WebLogicCluster <service_name>.<namespace>.svc.cluster.local:<port>

Note:

You can get the <service_name> and <port> by running kubectl get svc -n <namespace> on your Kubernetes cluster.

The following shows an example when connecting to an Oracle Access Management (OAM) Managed Server cluster service and port:

<Location /oam>
WLSRequest ON
DynamicServerList OFF
WLProxySSL ON
WLProxySSLPassThrough ON
WLCookieName OAMJSESSIONID
WebLogicCluster accessdomain-cluster-oam-cluster.oamns.svc.cluster.local:14100

Oracle HTTP Server on an Independent Kubernetes Cluster

If OHS is connecting to a WebLogic Server deployed on a separate Kubernetes cluster, then set:

WebLogicCluster <K8S_WORKER_HOST1>:30777,<K8S_WORKER_HOST2>:30777,<K8S_WORKER_HOST3>:30777

Where <K8S_WORKER_HOSTX> is your Kubernetes worker node hostname.domain, and 30777 is the HTTP port of the ingress controller.

For example:

<Location /console>
   WLSRequest ON
   DynamicServerList OFF
   WLProxySSL ON
   WLProxySSLPassThrough ON
   WLCookieName OAMJSESSIONID
   WebLogicCluster K8_WORKER_HOST1.example.com:30777,K8_WORKER_HOST2.example.com:30777,K8_WORKER_HOST3.example.com:30777
 </Location>