配置OHS 12C转发HTTPS请求

1、先创建一个文件夹，作为接下来的秘钥库

mkdir 

 

示例：

mkdir /home/oracle/fmwhome/esbwallet

2、创建秘钥库

先进入目录：$OHS_HOME/oracle_common/bin/   

在该目录下执行如下命令，创建秘钥库；之后系统会提供输入秘钥库密码。

orapki wallet create -wallet -auto_login

PS：是秘钥库的绝对地址

创建完成后，文件夹中会生成如下文件

• cwallet.sso      

• cwallet.sso.lck  

• ewallet.p12      

• ewallet.p12.lck

 

示例：

./orapki wallet create -wallet /home/oracle/fmwhome/esbwallet -auto_login

 

3、往秘钥库中导入证书

在目录：$OHS_HOME/oracle_common/bin/   下执行如下命令；之前系统会提示输入秘钥库密码。

orapki wallet add -wallet -trusted_cert -cert

 

PS：是秘钥库的绝对地址，是证书的绝对路径

示例：

./orapki wallet add -wallet /home/oracle/fmwhome/esbwallet -trusted_cert -cert /home/oracle/fmwhome/esbwallet/EsbCer.cer

 

4、配置代理

进入目录：

$OHS_HOME/user_projects/domains/ohs_domain/config/fmwconfig/components/OHS/instances/ohs1/

编辑文件：mod_wl_ohs.conf

命令：

vi mod_wl_ohs.conf

 

在文件mod_wl_ohs.conf中添加如下代码：

        SSLProxyEngine On

        SSLProxyWallet /home/oracle/fmwhome/esbwallet

        #转发配置

        ProxyPass /Interface/ https://10.96.183.195:8080/api

        ProxyPassReverse  /Interface/ https://10.96.183.195:8080/api

        

        ProxyRequests off

        #SSLProxyProtocol ALL -TLSv1.1 -TLSv1.2

        #SSLProxyCipherSuite HIGH:MEDIUM:!LOW:!NULL:!aNULL:!eNULL:+SHA1:+MD5:+HIGH:+MEDIUM

其中，SSLProxyWallet 后面接的地址是秘钥库的绝对地址

 

5、最后重启OHS实例即可

 

—————————————————————分割线—————————————————————————

PS：

如下为一段操作案例

------------------------------------------------

[oracle@esbproxytest bin]$ ./orapki wallet create -wallet /home/oracle/fmwhome/esbwallet -auto_login

Oracle PKI Tool : Version 12.2.1.0.0

Copyright (c) 2004, 2015, Oracle and/or its affiliates. All rights reserved.

Enter password:   

Enter password again:   

[oracle@esbproxytest bin]$ ls /home/oracle/fmwhome/esbwallet/

cwallet.sso      cwallet.sso.lck  ewallet.p12      ewallet.p12.lck  testUrl.cer      

[oracle@esbproxytest bin]$ ./orapki wallet add -wallet /home/oracle/fmwhome/esbwallet -trusted_cert -cert /home/oracle/fmwhome/esbwallet/EsbCer.cer

Oracle PKI Tool : Version 12.2.1.0.0

Copyright (c) 2004, 2015, Oracle and/or its affiliates. All rights reserved.

Cannot modify auto-login (sso) wallet

Enter wallet password:   

 

 

[oracle@esbproxytest ohs1]$ pwd

/home/oracle/fmwhome/ohs/user_projects/domains/ohs_domain/config/fmwconfig/components/OHS/instances/ohs1

[oracle@esbproxytest ohs1]$ cat mod_wl_ohs.conf

# NOTE : This is a template to configure mod_weblogic.

 

 

LoadModule weblogic_module   "${PRODUCT_HOME}/modules/mod_wl_ohs.so"

 

 

# This empty block is needed to save mod_wl related configuration from EM to this file when changes are made at the Base Virtual Host Level

#      WebLogicHost

#      WebLogicPort

#      MatchExpression *.jsp

 

 

#

#      SetHandler weblogic-handler

#      PathTrim /weblogic

#      ErrorPage  http:/WEBLOGIC_HOME:WEBLOGIC_PORT/

#  

      SetHandler weblogic-handler

      WebLogicHost esb1.hitachi.com

      WebLogicPort 8011

      MatchExpression /esb

 

 

      SetHandler weblogic-handler

      WebLogicHost esb1.hitachi.com

      WebLogicPort 8015

      MatchExpression /esbtest

 

 

  SSLProxyEngine On

  SSLProxyWallet /home/oracle/fmwhome/esbwallet

       

  ProxyPass /api https://10.96.***.***:8080/api

  ProxyPassReverse  /api https://10.96.1*3.1*5:8080/api

 

  #测试2

  ProxyPass /esbtest https://10.98.1*9.1*8:8014/esbtest

  ProxyPassReverse  /esbtest https://10.98.1*9.1*8:8014/esbtest

        

  ProxyRequests off

  #SSLProxyProtocol ALL -TLSv1.1 -TLSv1.2

  #SSLProxyCipherSuite HIGH:MEDIUM:!LOW:!NULL:!aNULL:!eNULL:+SHA1:+MD5:+HIGH:+MEDIUM

 

 

------------------------------------------------