Using OHS 11.1.1.9 or 12c as an SSL Reverse-Proxy to OHS 11.1.1.7
(Doc ID 1920143.1)
Last updated on APRIL 28, 2023
Applies to:
Oracle Fusion Middleware - Version 11.1.1.7.0 and laterOracle HTTP Server - Version 11.1.1.7.0 and later
Information in this document applies to any platform.
Goal
Using OHS 11.1.1.9 or 12c as an SSL Reverse-Proxy to OHS 11.1.1.7
The following document should be reviewed before following this document as the solution provided here is from the Statement of Direction:
<Note 2041410.1> - Support Status of New SSL Features Released with Oracle HTTP Server and Oracle Web Cache 11.1.1.9
- In summary, there are new SSL features with OHS 11.1.1.9 which cannot be backported. However, some Oracle installations do not support an upgrade of OHS to 11.1.1.9
This document outlines steps and considerations when using a newer OHS 11.1.1.9 or OHS 12c in front of an older OHS 11g 11.1.1.7 to be an SSL reverse-proxy in the following request flow:
Client --https--> OHS11.1.1.9or12c/mod_proxy -- https --> OHS11.1.1.7/mod_wl_ohs->WLS10.3.6
The typical use case explained in detail:
- The request flow this document will outline is with mod_proxy, intended to be an option when it is not desired or supported to interrupt the otherwise ALREADY EXISTING configured WLS Proxy Plug-In (OHS/mod_wl_ohs) where an Oracle Fusion Middleware 11g product installed with 11.1.1.7 components is deployed to Oracle WebLogic Server 10.3.6.
- You can implement a reverse-proxy for many reasons. A reason this particular version specific option may be chosen is because newer OHS versions will have newer SSL features from the older OHS version. (See <Note 2041410.1>). The primary goal of this document is to outline the general proxy configuration for this. This has been minimally tested and does not consider any other integration with other Oracle products except the stated OHS versions and a basic Java application deployed to WLS.
-- If you are using other Oracle product, please seek out assistance to ensure this was tested, certified and approved in order to verify if any extra configuration is required for optimal results.
-- This is already determined not supported with "Oracle Web Cache", "Oracle Portal, Forms, Reports, and Discoverer 11g (11.1.1)", or "Oracle Cloud Control 12c (12.1)" installations. - Until DEC 2018, OHS 11.1.1.7 will be the only Pre-11.1.1.9 version under error correction support. It is not certified/supported to use OHS 11.1.1.9 or OHS 12c as a reverse proxy in front of any other 11.1.1.7 products out of Premier Support (e.g., PFRD 11.1.1.7 or 10g environments, reference Note 944866.1). See also Compatibility matrix where OHS 11g was never supported in front of 10g environments. A full upgrade should be performed or place a Load Balancer hardware solution in front of your older environments.
Solution
To view full details, sign in with your My Oracle Support account. |
|
Don't have a My Oracle Support account? Click to get started! |
In this Document
| Goal |
| Using OHS 11.1.1.9 or 12c as an SSL Reverse-Proxy to OHS 11.1.1.7 |
| Solution |
| 1. Configure General SSL on both Oracle HTTP Servers |
| 2. Decide How WebLogic Server Will Be Configured |
| 3. Configure Reverse-Proxy |
| More Info / Known Issues |
| Next Steps |
| References |