需求:
Oracle Agile需要加密传输,需要F5做SSL OFFLOAD。
oracle support 说明:
Set "WebLogic Plug-In Enabled" settings (under Servers==>==>Advanced and under agileDomain==>Web Applications) to Yes. Also configure F5 load balancer to set HTTP header "WL-PROXY-SSL" to true. This resolved the issue.
Set 'WebLogic Plug-In Enabled' and restart server.
Login to weblogic admin console
Lock and edit
a - In the left pane, click on agileDomain and Web Applications on the right pane
b - Scroll down that right pane above and find the setting: WebLogic Plugin Enabled
c - Enable the check box
Environment | Servers
Click on each managed cluster node link in the right pane
In the General tab, click on the Advanced section below
Set WebLogic Plug-In Enabled: to YES
Click on Save and Release configuration
Do this for each cluster moanaged node
Restart the weblogic Agile cluster
On the F5 loadbalancer, perform the equivalent of this setting ‘RequestHeader set WL-Proxy-SSL true’.
Note: this applys to all proxy and load balancer.
How to set ‘RequestHeader set WL-Proxy-SSL ’ to true.
For Apache Reverse proxy:
In the apache httpd.conf file>
Uncomment ‘LoadModule headers_module modules/mod_headers.so’
Add ‘RequestHeader set WL-Proxy-SSL true’
For a loadbalancer like Netscaler:
enable ns feature REWRITE
add rewrite action Insert-SSL-Header insert_http_header WL-Proxy-SSL "\"true\"" -bypassSafetyCheck YES
add rewrite policy SSL-Header-policy HTTP.REQ.IS_VALID Insert-SSL-Header
bind lb vserver agilestage.corp-443 -policyName SSL-Header-policy -priority 100 -gotoPriorityExpression END -type REQUEST
F5配置:
配置标准80 vs,关联80到443重定向
配置标准443 vs,关联header inset 和uri重定向irule,
irule:
when HTTP_REQUEST {
HTTP::header insert "WL-Proxy-SSL true"
if { [HTTP::uri] equals "/" } {
HTTP::redirect https://[HTTP::host]/Agile}
}
优势:通过F5做SSL OFFLOAD,能够节约后端大量的开发时间。