The numbers indicate the TCP port used on the server side. All of the red lines are HTTP. The green line (from OHS to the OAM Server) is the OAM NAP protocol.
1. SSLProxyEngine on
2.
3. Order deny,allow
4. Allow from all
5.
3. Order deny,allow
4. Allow from all
5.
6.
7. RewriteEngine on
8. ProxyPreserveHost on
9.
10. NameVirtualHost *:443
11.
12.
13. ServerName login.oracledemo.com
14.
15. SSLEngine on
16. SSLProtocol all -SSLv2
17. SSLCipherSuite ALL:!ADH:!EXPORT:!SSLv2:RC4+RSA:+HIGH:+MEDIUM:+LOW
18. SSLCertificateFile /home/oracle/simpleCA/login.oracledemo.com.crt
19. SSLCertificateKeyFile /home/oracle/simpleCA/login.oracledemo.com.key
20.
21. ProxyPass / http://localhost:14100/
22. ProxyPassReverse / http://localhost:14100/
23.
13. ServerName login.oracledemo.com
14.
15. SSLEngine on
16. SSLProtocol all -SSLv2
17. SSLCipherSuite ALL:!ADH:!EXPORT:!SSLv2:RC4+RSA:+HIGH:+MEDIUM:+LOW
18. SSLCertificateFile /home/oracle/simpleCA/login.oracledemo.com.crt
19. SSLCertificateKeyFile /home/oracle/simpleCA/login.oracledemo.com.key
20.
21. ProxyPass / http://localhost:14100/
22. ProxyPassReverse / http://localhost:14100/
23.
24.
25.
26. ServerName idm11g.oracledemo.com
27.
28. SSLEngine on
29. SSLProtocol all -SSLv2
30. SSLCipherSuite ALL:!ADH:!EXPORT:!SSLv2:RC4+RSA:+HIGH:+MEDIUM:+LOW
31. SSLCertificateFile /home/oracle/simpleCA/idm11g.oracledemo.com.crt
32. SSLCertificateKeyFile /home/oracle/simpleCA/idm11g.oracledemo.com.key
33.
34. RequestHeader set IS_SSL ssl
35.
36. ProxyPass / http://localhost:7777/
37. ProxyPassReverse / http://localhost:7777/
38.
26. ServerName idm11g.oracledemo.com
27.
28. SSLEngine on
29. SSLProtocol all -SSLv2
30. SSLCipherSuite ALL:!ADH:!EXPORT:!SSLv2:RC4+RSA:+HIGH:+MEDIUM:+LOW
31. SSLCertificateFile /home/oracle/simpleCA/idm11g.oracledemo.com.crt
32. SSLCertificateKeyFile /home/oracle/simpleCA/idm11g.oracledemo.com.key
33.
34. RequestHeader set IS_SSL ssl
35.
36. ProxyPass / http://localhost:7777/
37. ProxyPassReverse / http://localhost:7777/
38.
SSLProxyEngine on
Order deny,allow
Allow from all
RewriteEngine on
ProxyPreserveHost on
NameVirtualHost *:443
ServerName login.oracledemo.com
SSLEngine on
SSLProtocol all -SSLv2
SSLCipherSuite ALL:!ADH:!EXPORT:!SSLv2:RC4+RSA:+HIGH:+MEDIUM:+LOW
SSLCertificateFile /home/oracle/simpleCA/login.oracledemo.com.crt
SSLCertificateKeyFile /home/oracle/simpleCA/login.oracledemo.com.key
ProxyPass / http://localhost:14100/
ProxyPassReverse / http://localhost:14100/
ServerName idm11g.oracledemo.com
SSLEngine on
SSLProtocol all -SSLv2
SSLCipherSuite ALL:!ADH:!EXPORT:!SSLv2:RC4+RSA:+HIGH:+MEDIUM:+LOW
SSLCertificateFile /home/oracle/simpleCA/idm11g.oracledemo.com.crt
SSLCertificateKeyFile /home/oracle/simpleCA/idm11g.oracledemo.com.key
RequestHeader set IS_SSL ssl
ProxyPass / http://localhost:7777/
ProxyPassReverse / http://localhost:7777/
There are a couple of interesting bits in that configuration...
First is that when you use mod_proxy Apache will use the host name in the URL specified in ProxyPass when it talks to the back end server. In this case that means that the OHS server would see a request with a host header that said "localhost:7777". Which can confuse the application and isn't at all what a conventional load balancer would do. Adding "ProxyPreserveHost on" to the configuration makes mod_proxy use the same name when it talks to the backend server (again OHS in my case) as the browser sent in the original request.
More Here
Courtesy:http://fusionsecurity.blogspot.com/2011/04/using-apache-to-simulate-ssl-load.html
0 comments:
Post a Comment