Access the WebLogic Console

Use the WebLogic Server Administration Console to access a domain in Oracle WebLogic Server for OCI.

Note:

Security check warnings are displayed at the top of the console. See About the Security Checkup Tool for the warnings and how to handle them.

• Access the WebLogic Console in a Public Subnet
• Access the WebLogic Console in a Private Subnet
• Access the WebLogic Console Through a Load Balancer

Access the WebLogic Console in a Public Subnet

Oracle WebLogic Server compute instances assigned to a public subnet are accessible from the public Internet.

1. Sign in to the Oracle Cloud Infrastructure Console.
2. Click the navigation menu , select Compute. Under the Compute group, click Instances.
3. From the Compartment dropdown, select the compartment in which your domain is created.
4. Click the name of the domain instance that has the Administration Server node.
   The instance with the Administration Server node has wls-0 appended to the name. For example: abcde7xy-wls-0
5. Copy the public IP address value.
6. In a browser, specify the URL of the WebLogic Server Administration Console in the following format, using the public IP address and appropriate port:

   https://IP-address:port/console

   The default SSL port is 7002, unless it was changed during stack creation.

   For example:

   https://192.0.2.1:7002/console

7. When prompted, enter the WebLogic Server administrator user name and password for this domain.

Access the WebLogic Console in a Private Subnet

Oracle WebLogic Server compute instances assigned to a private subnet are not accessible from the public Internet.

To access the WebLogic Server Administration Console to administer such instances, you can use:

• Bastion instance that's created on a public subnet and dynamic port forwarding with a secure shell (SSH) utility. See Access by Using the Bastion Instance.
• Bastion service and dynamic port forwarding with a secure shell (SSH) utility. See Access by Using the Bastion Service.

By opening an SSH tunnel with dynamic port forwarding, the SSH client becomes a Socket Secure (SOCKS) proxy listening on the port you specify. All traffic that routes to the proxy port is forwarded to its destination through the proxy server. Then when you configure your browser to use a SOCKS proxy, you can access a private domain's administration console.

Access by Using the Bastion Instance

To access the WebLogic console in a private subnet by using the bastion instance, complete the following steps:

1. Sign in to the Oracle Cloud Infrastructure Console.
2. Click the navigation menu , select Compute. Under the Compute group, click Instances.
3. From the Compartment drop-down list, select the compartment in which your domain is created.
4. Click the name of the domain instance that has the Administration Server node.
   The instance with the Administration Server node has wls-0 appended to the name. For example: abcde7xy-wls-0
5. Copy the private IP address value.
6. Return to the Compute Instances page.
7. Click the name of the bastion instance that's associated with the domain.
   The domain's bastion instance is identified by servicename-bastion-instance. For example: abcde7xy-bastion-instance
8. Copy the public IP address value.
9. From your computer, open an SSH tunnel. There are two options:
   1. To open an SSH tunnel by running the ssh command, follow these instructions:
      1. From your computer, open an SSH tunnel to an unused port on the bastion node as the opc user. For example, you can use port 1088 for SOCKS proxy. It can be any other unused port.

         Specify the -D option to use dynamic port forwarding. Provide the path to the private key that corresponds to the public key that you specified when you created the domain.

         The SSH command format is:

         ssh -C -D port_for_socks_proxy -i path_to_private_key opc@bastion_public_ip

         For example:

         ssh -C -D 1088 -i ~/.ssh/mykey.openssh opc@198.51.100.1

      2. In your browser settings, set up the SOCKS (version 5) proxy configuration. Specify your local computer and the same SOCKS port that you used in your SSH command.
      3. Specify the URL of the WebLogic Server Administration Console in the following format, using the private IP address:

         http://private_ip_address:port/console

         The default port is 7001, unless it was changed during stack creation.

         For example:

         http://192.0.2.254:7001/console

      4. When prompted, enter the WebLogic Server administrator user name and password.

      On a Windows platform, you can use Windows PowerShell to run the SSH command or use PuTTY.

   2. To open an SSH Tunnel using PuTTY, follow these instructions:
      1. Start PuTTY on your Windows computer.

         The PuTTY Configuration page is displayed, showing the Session panel.

      2. In the Host Name (or IP address) field, enter the public IP address of the bastion node.
      3. In the Category navigation tree, expand Connection, and then click Data.
      4. In the Auto-login username field, enter opc.
      5. In the When username is not specified field, select Prompt.
      6. In the Category tree, expand Connection, and then click SSH.
      7. Under Protocol options, select the Don't start a shell command at all check box.
      8. In the Category tree, expand SSH, and then click Auth.
      9. Under Private key file for authentication, click Browse.
      10. Navigate to the location of your private key file, and select it. Click Open.This private key corresponds to the public key that you specified when you created this service instance.

          Note:

          The .ppk file extension indicates that the private key is in PuTTY's proprietary format. You must use a key of this format when using PuTTY. If Oracle Cloud generated this key for your service instance, see the PuTTY documentation for information about converting the key format
      11. In the Category tree, expand SSH, and then click Tunnels.
      12. In the Destination field, enter IP:port where IP is the private IP address of the WebLogic Server node and port is the port number on the node to which you want to connect.
      13. In the Source Port field, enter the same port number.
      14. Click the Add button.
      15. Optional: To save this session configuration, click Session in the Category tree, and then click Save.

          To load a saved configuration, select the configuration name, and then click Load.

      16. Click Open.
      17. If prompted, enter the passphrase for the private key.

      Applications that are running on your local computer can now communicate with the node by using localhost:port, where port is the local port number.

      For example:

      http://localhost:7001/console

      The default port is 7001, unless it was changed during stack creation. When prompted, enter the WebLogic Server administrator user name and password.

   After your work with the SSH tunnel is completed, press Ctrl+C to close the SSH tunnel.

Access by Using the Bastion Service

To access the WebLogic console in a private subnet by using the bastion service, complete the following steps:

1. Sign in to the Oracle Cloud Infrastructure Console.
2. If you have already created a Bastion service and a session in the required VCN, navigate to the Bastion and the Session, and then continue from step 18.
3. Click the navigation menu , select Identity & Security. Under the Identity & Security group, click Bastion.
4. From the Compartment drop-down list, select the compartment in which your domain is created.
5. Click Create bastion.
6. Enter a name for the bastion.
7. Under Configure networking, select the Target virtual cloud network of the target resource that you intend to connect to by using sessions hosted on this bastion.
8. Select the Target subnet.

   The subnet must either be the same as the target resource's subnet or it must be a subnet from which the target resource's subnet accepts network traffic.

9. In CIDR block allowlist, add one or more address ranges in CIDR notation that you want to allow to connect to sessions hosted by this bastion.

   Enter a CIDR block, and then either click the value or press Enter to add the value to the list. The maximum allowed number of CIDR blocks is 20.

10. From the list of Bastion, click the name of the Bastion you created.
11. Click Create session.
12. From the Session type drop-down list, select SSH port forwarding session.
13. Under Connect to the target host option, select Instance name.
14. From the Compute instance, select the domain instance that has the Administration Server node.

    The instance with the Administration Server node has wls-0 appended to the name. For example: abcde7xy-wls-0

15. In the Port field, enter the WebLogic administration server's listener port number, where the administration console is accessible. By default, the port number 7002.
16. Under Add SSH Key, provide the public key file of the SSH key pair that you want to use for the session.
17. Click Create Session.
18. Click the Actions icon for the session you created, and select View SSH command.
19. In the View SSH command window, click Copy to copy the SSH command.
20. Paste the SSH command in a text editor.
21. In the SSH command, replace <privateKey> with the path to the private key that corresponds to the public key that you specified when you created the domain.
22. In the SSH command, replace the <localPort> with the preferred local port number.
23. Copy the updated SSH command.
24. From your computer, open a SSH utility.
25. Paste the SSH command and then press Enter.

    If prompted to continue connecting, type Yes and press Enter.

26. Specify the URL of the WebLogic Server Administration Console in the following format:

    https://localhost:<local-port>/console

    The default port is 7002, unless it was changed during stack creation.

    For example:

    https://localhost:7002/console

27. When prompted, enter the WebLogic Server administrator user name and password.

Access the WebLogic Console Through a Load Balancer

Oracle WebLogic Server compute instances assigned to a private subnet are not accessible from the public Internet. So, if you have created the load balancer manually, you can access the administration console via load balancer's public IP address.

However, it is recommended to access the WebLogic Server Administration Console using the bastion instance that's created on a public subnet and dynamic port forwarding with a secure shell (SSH) utility. See Access the WebLogic Console in a Private Subnet.

Note:

If you created the load balancer in a different network than the Oracle WebLogic Server domain network with nonoverlapping CIDRs, you must create a Local Peering Gateway on both the domain network and load balancer network and add a route table for the subnet for WebLogic domain and the load balancer subnet to use the respective Local Peering Gateway.

For SSL connections that terminate at the load balancer, you must configure the load balancer to include the WL-Proxy-SSL header in the rule set and enable the WebLogic Proxy Plugin on the cluster and the administration server.

To access the WebLogic administration console through the load balancer:

1. Configure the load balancer to include the WL-Proxy-SSL header in the rule set. See Create an HTTPS Listener for the Load Balancer.
2. Enable WebLogic Proxy Plugin for the administration server by adding the following line in domain config.xml under AdminServer config:

   <weblogic-plugin-enabled>true</weblogic-plugin-enabled>

3. Restart the domain using the following script:

   /opt/scripts/restart_domain.sh -o restart

4. Create a backend set for the load balancer.
   1. Sign in to the Oracle Cloud Infrastructure Console.
   2. From the navigation menu, click Networking, and then click Load Balancers.
   3. Click the name of the Compartment that contains the load balancer you want to modify, and then click the load balancer's name.
   4. Under Resources menu, click Backend Sets,
      The list of Backend Sets is displayed.
   5. Click Create Backend Set.
   6. Specify the backend set details.
      1. Enter a Name for the backend set.
      2. Select the load balancer policy for the backend set.

         For policies, see Load Balancing Policies.

      3. Under Health Check, specify the parameters to confirm the health of backend servers.
         • Protocol: HTTP
         • Port: 7001
         • URL Path: Private IP address of the WebLogic Server admin VM

         Optionally, you can specify the other test parameters to confirm the health of backend servers, as required.

   7. Click Create Backend Set.
5. Specify the backend server for the backend set.
   1. Click the name of the backend set that you created in step 4.
   2. Under Resources menu, click Backends.
   3. Click Add Backends.
   4. Select IP Addresses.
   5. Enter the private IP address of a backend server you want to add to the backend set.
   6. For Port, enter 7001.
   7. Click Add.
6. In the Oracle Cloud Infrastructure Console, from the navigation menu, click Networking, and then select Load Balancers.
7. Select the Compartment where your load balancer is located.
8. Click the name of the load balancer that is associated with your domain.
9. Copy the public IP address value.
10. In a browser, specify the URL of the WebLogic Server Administration Console in the following format, using the public IP address and port:

    https://IP-address:port/console

11. When prompted, enter the WebLogic Server administrator user name and password.