Monday, August 15, 2011

Fusion Applications: Configuring the Web Tier

In my previous post, I installed the components for IDM. In this post I will describe the steps to configure Oracle Web Tier.

Oracle Web Tier comprises of two components:
  • Oracle Web Cache
A content-aware server accelerator, secure reverse proxy server that improves the performance, scalability, and availability of web sites
  •  Oracle HTTP Server
Apache based web server that provides a HTTP listener for Oracle WebLogic Server and the framework for hosting static pages, dynamic pages, and applications over the web and includes all base Apache modules and modules developed specifically by Oracle.

In this post we will configure Oracle HTTP Server.


We installed Oracle Web Tier in /u01/app/oracle/product/fmw/web.

To start the configuration of Oracle HTTP Server issue the following command in the bin directory

./config.sh

On the Welcome screen click on Next.  Now the Configure Components screen shows.


Select only component Oracle HTTP server and click on Next.


Set Instance Home Location to /u01/app/oracle/admin/ohs_inst1.

Set Instance Name to ohs_inst1.

Set OHS to ohs1.

After this click on Next and you see next screen.


Select option Specify Ports using Configuration file to set static ports. Click on the Browse button and open example file staticports.ini  from directory /home/oracle/install/webtier/Disk1/stage/Response. Click the View/Edit File button and uncomment and set the following lines:

OPMN Local Port = 6700
OHS Port = 7777

Click Save file button and on the next screen choose not to be informed about security updates. On the Installation Summary screen click on Configure to start the configuration. If all went well, you should see following progress screen.



Click on Next and the next screen click Finish.

You should now be able to access the homepage of Oracle HTTP Server by url http://fusionidm:7777


By default, the Oracle HTTP server runs as the user nobody. In the Identity Management installation, the Oracle HTTP server should run as the Software owner oracle and group oinstall.

Open file httpd.conf wich is located in directory /u01/app/oracle/admin/ohs_inst1/config/OHS/ohs1 and change the following section to:

User oracle
Group oinstall

In order for Oracle Identity Management Suite to work with a load balancer, you must create two virtual hosts.

Create a file called virtual_hosts.conf in directory  /u01/app/oracle/admin/ohs_inst1/config/OHS/ohs1/moduleconf. Any filename is accepable as long as is end with .conf, httpd.conf includes all files with extention conf in this direcory.

Add the following lines to file virtual_hosts.conf.

NameVirtualHost *:7777
<VirtualHost *:7777>
   ServerName https://sso.mycompany.com:443
   RewriteEngine On
   RewriteOptions inherit
   UseCanonicalName On
</VirtualHost>

<VirtualHost *:7777>
   ServerName http://oiminternal.mycompany.com:80
   RewriteEngine On
   RewriteOptions inherit
   UseCanonicalName On
</VirtualHost>

Now, sso.mycompany.com and oiminternal.mycompany.com are in fact a loadbalancer of your choice, which is not a part of the installation manual. So we will have to setup our own loadbalancer. Loadbalancing only one Wehhost may seem unnecessarily (and it is!), I will still setup a loadbalancer, just to finish the exercise and knowing Oracle they will use this loadbalancer is further configuration of other components.

LoadBalancer

Again, It is not my intention to setup a high available infrastructure, but to try to follow the installation manual as far as possible, I will setup a loadbalancer. As a loadbalancer I will install Apache server on a Windows Server 2008. After downloading and installing Apache 2.2,  open httpd.conf file. Uncomment the following modules:

LoadModule actions_module modules/mod_actions.so
LoadModule alias_module modules/mod_alias.so
LoadModule asis_module modules/mod_asis.so
LoadModule auth_basic_module modules/mod_auth_basic.so
LoadModule authn_default_module modules/mod_authn_default.so
LoadModule authn_file_module modules/mod_authn_file.so
LoadModule authz_default_module modules/mod_authz_default.so
LoadModule authz_groupfile_module modules/mod_authz_groupfile.so
LoadModule authz_host_module modules/mod_authz_host.so
LoadModule authz_user_module modules/mod_authz_user.so
LoadModule autoindex_module modules/mod_autoindex.so
LoadModule cgi_module modules/mod_cgi.so
LoadModule dir_module modules/mod_dir.so
LoadModule env_module modules/mod_env.so
LoadModule include_module modules/mod_include.so
LoadModule isapi_module modules/mod_isapi.so
LoadModule log_config_module modules/mod_log_config.so
LoadModule mime_module modules/mod_mime.so
LoadModule negotiation_module modules/mod_negotiation.so
LoadModule proxy_module modules/mod_proxy.so
LoadModule proxy_ajp_module modules/mod_proxy_ajp.so
LoadModule proxy_balancer_module modules/mod_proxy_balancer.so
LoadModule proxy_connect_module modules/mod_proxy_connect.so
LoadModule proxy_http_module modules/mod_proxy_http.so
LoadModule setenvif_module modules/mod_setenvif.so
LoadModule ssl_module modules/mod_ssl.so
LoadModule vhost_alias_module modules/mod_vhost_alias.so

And uncomment the following lines to enable virtualhosts and SSL

# Virtual hosts
Include conf/extra/httpd-vhosts.conf
# Virtual hosts
Include conf/extra/httpd-vhosts.conf

Go to directory extra and open file httpd-vhosts.conf and the following lines:

NameVirtualHost *:80
<VirtualHost *:80>
        ServerName LBR1.mycompany.com
 ServerAlias LBR1.mycompany.com

        DocumentRoot "C:/Program Files/Apache Software Foundation/Apache2.2"

        ProxyRequests Off

        <Proxy *>
          Order deny,allow
          Allow from all
        </Proxy>

        <Proxy balancer://mycluster>
          BalancerMember http://FusionIDM:7777 route=FusionIDM
          ProxySet lbmethod=byrequests
        </Proxy>
        ProxyPass /balancer-manager !
        ProxyPass / balancer://mycluster/ stickysession=JSESSIONID nofailover=On

        <Location /balancer-manager>
          SetHandler balancer-manager
        </Location>

        <Directory "C:/Program Files/Apache Software Foundation/Apache2.2">
    AllowOverride AuthConfig
 </Directory>
</VirtualHost>

This will forward all incoming HTTP request to FusionIDM:7777.

To enable SSL, edit file httpd-ssl.conf and add the following lines within the <Virtualhost *:443> branche
        ProxyRequests Off

        <Proxy *>
          Order deny,allow
          Allow from all
        </Proxy>

        <Proxy balancer://mycluster>
          BalancerMember http://FusionIDM:7777 route=FusionIDM
          ProxySet lbmethod=byrequests
        </Proxy>
        ProxyPass /balancer-manager !
        ProxyPass / balancer://mycluster/ stickysession=JSESSIONID nofailover=On

        <Location /balancer-manager>
          SetHandler balancer-manager
        </Location>

We have to adjust the hosts file of the loadbalancer server so the server knows the loadbalacer and our FusionIDM server.

Find the ipaddress of FusionIDM and adjust your hosts file to the following:

127.0.0.1       localhost LBR1.mycompany.com
10.19.131.40    FusionIDM

Now the loadbalancer server can connect to FusionIDM server. To be able to access the loadbalancer from FusionIDM we need to add the ipaddress of the loadbalancer server to the hosts files of the FusionIDM server.

Find the ipaddress of  the loadbalancer server and adjust your hosts file to the following:

10.19.131.38   oiminternal.mycompany.com sso.mycompany.com

Bounce the loadbalancer. You should now be able to acces the HTTP server from FusionIDM by issuing the loadbalancer urls
https://sso.mycompany.com/
http://oiminternal.mycompany.com


Starting and Stopping Oracle HTTP server


In order to start Oracle HTTP server, environment variable ORACLE_HOME needs to point to HTTP server home /u01/app/oracle/product/fmw/web. We already have a database running on this server, which also uses its own ORACLE_HOME, we have set in the .bash_profile to /u01/app/oracle/product/11.2.0.2/db_1.

To be able to start the HTTP server without interfering the database environment variables I created a startup script like follow:

#!/bin/sh
#
#
# startwebtier.sh
#
#
echo "Starting Oracle HTTP Server"

ORACLE_HOME=/u01/app/oracle/product/fmw/web
ORACLE_INSTANCE=/u01/app/oracle/admin/ohs_inst1
PATH=$ORACLE_HOME/opmn/bin:$PATH
export ORACLE_HOME
export ORACLE_INSTANCE
export PATH

echo "ORACLE_HOME set as $ORACLE_HOME"
echo "ORACLE_INSTANCE set as $ORACLE_INSTANCE"
echo "PATH set as $PATH"

opmnctl startall

Now we can start our database and HTTP server on the same server, without conflicting ORACLE_HOMES.

This concludes the configuration of Oracle HTTP server and Loadbalancer. In the next post I will describe the steps needed to Configure a Weblogic Domain and extend it with HTTP server.

11 comments:

  1. [...] the next posts I will describe the steps to configure the individual components and the configuration of the [...]

    ReplyDelete
  2. Excellent post. I liked the details of the configuration you provided.

    Thank you.

    ReplyDelete
  3. [...] my previous post I had configure Oracle HTTP server and an Apache LoadBalancer to handle all HTTP(s) traphic for [...]

    ReplyDelete
  4. Charl5:54 PM

    Hi

    Thanks a lot for your huge and easy to follow effort on compiling these postings.

    Just a question - is there a way to run the load balancer on Linux. I tried installing open-ssl & apache in linux and then follow the Windows instructions above to configure apache. It does not work.

    Regards
    Charl

    ReplyDelete
  5. Charl,

    The Loadbalancer I used in this post is just a simple Apache webserver, configured as a loadbalancer. The configuration is the same in Windows as in Linux. What issue are you hitting? Are you able to start Apache at all. If not, you might be hitting the obvious privileged ports of Linux 80/443. If so try starting Apache as root. Did you create a certificate for SSL? if not, do this first, (plenty of examples on the internet). Also look in the log dir to find the specific error you are hitting?

    ReplyDelete
  6. Klaas3:20 PM

    Hi,

    When you started installing linux on the server you used IP 10.19.131.39. (http://bloggingaboutoracle.com/oracle-fusion-applications-installing-oracle-enterprise-linux-64bit-to-host-oracle-identity-management/)

    Now I see your hosts file has the IP 10.19.131.40.
    Why is that?

    ReplyDelete
  7. Klaas,

    Server is setup to have Dynamic IpAddress.
    No need for you to change your ipaddress.
    Always use your ipaddress asigned to your FQDM.

    Hakan

    ReplyDelete
  8. Hii,

    Thanks very much for a job well done. pls i do not understand the apache stuff?. Am installing on a single system, do i still need apache?. Why did you install on server 08 and not the linux server?

    At the end of the instalation are we going to have two databases-: one for fmw and the other for Fusion application.

    Regards,

    ReplyDelete
  9. Dmitri10:30 AM

    Hi!
    Thanks very much for a job well done!

    Can you help me?
    Version:FApps- 11.1.4,Oracle Linux x86-64. 5.8? VirtBox

    After configuring Oracle HTTP Server (/u01/app/oracle/product/fmw/web/config.sh) the process of Web Tier Configuration "Create and start AS instance (inst1) FAILED". In log file-"Unable to start opmn".


    Any idea what is wrong?
    Thank you for your time.
    Dmitri

    ReplyDelete
  10. Dmitri1:17 PM

    Hi
    I solved the problem with opmn not starting yourself. Maybe someone you know is interesting:
    Linux administrator may have configured SELinux to 'enforcing'
    The server may have been rebooted, not aware the SE Linux enforcing had been enabled/

    Solution

    To temporarily disable enforcement on a running system, perform the following:
    Login as root, execute:

    /usr/sbin/setenforce 0

    Logout as root , log back in as the user under which the product is installed

    ./opmnctl start or ./opmnctl startall or via installer. Works fine.

    To permanently disable enforcement during a system reboot, then perform the following:
    Login as root
    Modify /etc/selinux/config,change SELINUX=enforcing to SELINUX=disabled, Reboot.

    Thank's !

    ReplyDelete
  11. Poonam8:51 AM

    Hi DMitri,

    Were you able to overcome the error message you received in web tier config “Create and start AS instance (inst1) FAILED”. In log file-”Unable to start opmn”.

    I am getting same error , need to know the resolution or reason.

    Poonam

    ReplyDelete