Using a Proxy server in front of E1 Web Server

I'm trying to setup a frontend proxy server to sit in front of JDE Web server. I'm using a linux application called pound. It also does load balancing and SSL offload. I can get the proxy-ing/load balancing to work fine if I'm just using HTTP. When I try to move to HTTPS, I get to the login page fine, but as soon as I login, it wants to immediately revert back to HTTP. I can throw the "S" back in after I get logged in and HTTPS works fine for the rest of the session.

Has anyone done something similar with any proxy/ssl offload product, not just pound?? Any thoughts? I've tweaked just about every setting related to pound that I can think of, so I'm pretty sure it's something about the login process in JDE that's doing it.

I've had the exact same experience whether I'm using OAS/Apache or WebLogic, both behave exactly the same.

Hi, I configured ssl access for JDE with WebLogic. These are steps:
1- install WebLogic application server
2- Configure WLS Domain and your JDE web application
3- extend you WLS domain installing Fusion Middleware WebTier utilities to install Oracle HTTP server (suppose on same JDE web sever)
4- customize Oracle HTTP server httpd.conf file enabling

Listen 443

5- customize mod_wl_ohs.conf file adding a virtual host

<VirtualHost *:443>
<Location /jde>
SetHandler weblogic-handler
WebLogicHost YOURSERVERWITHJDEWEB
WebLogicPort YOURJDEWEBPORT
</Location>
<IfModule ossl_module>
SSLEngine on
SSLProtocol nzos_Version_1_0 nzos_Version_3_0_With_2_0_Hello nzos_Version_3_0
SSLCipherSuite SSL_RSA_WITH_RC4_128_MD5,SSL_RSA_WITH_RC4_128_SHA,SSL_RSA_WITH_3DES_EDE_CBC_SHA,SSL_RSA_WITH_DES_CBC_SHA,TLS_RSA_WITH_AES_128_CBC_SHA,TLS_RSA_WITH_AES_256_CBC_SHA
SSLVerifyClient none
SSLWallet "${ORACLE_INSTANCE}/config/${COMPONENT_TYPE}/${COMPONENT_NAME}/keystores/default"
SSLCRLCheck Off
</IfModule>
</VirtualHost>


Now you have to configure your proxy to comunicate with an url like

https://YOURSERVERWITHJDEWEB/jde/E1Menu.maf

Good Luck
gg

I've gotten this figured out in both weblogic and OAS now. As for the above post, sure that works, but enabling SSL at that level was exactly what I was trying to avoid. The solution I am working on offloads the SSL encryption/decryption at the proxy level so that all communication on the local network is HTTP while communication between the client and proxy is HTTPS...so the SSL is terminating at the proxy. If your needs require SSL throughout, then yes, you have to do what you describe above.


For my needs, this is what I did:

for WebLogic, you have to have your proxy inject a new header(each proxy has their own way of doing this) like the following:

WL-Proxy-SSL: true

For OAS, it's basically doing the same thing, but it's configured on the OAS/OHS side of things:

You have to add some addtional modules in the httpd.conf and configure the virtual host(see below). I also found that the proxy does need to run HTTPS on port 443, while OAS can listen on whatever port you choose:

Listen 4430
# SSL on the front-end (terminating there) requires certain responses.
# Load correct module before the VirtualHost configuration:
# UNIX:
# LoadModule certheaders_module libexec/mod_certheaders.so
# WINDOWS (two lines):
# LoadModule certheaders_module modules/ApacheModuleCertHeaders.dll
# AddModule mod_certheaders.c
# Important: AddModule line is best included with other AddModule
NameVirtualHost *:4430
<VirtualHost *:4430>
# Front-end name
ServerName www.company.com
# Front-End Port
Port 443
# SSL on the front-end (terminating there) requires certain responses.
# (See LoadModule and AddModule lines above)
AddCertHeader HTTPS
# For use with other load balancers and front-end devices:
SimulateHttps On
# Applications such as SSO and Portal will require the following:
RewriteEngine On
RewriteOptions inherit
</VirtualHost>