Tuesday, October 25, 2016

Proxy server configuration for Weblogic Server !!!

Hi all, in this blog post I want to just share the experience of how we can force weblogic server to communicate to external server using proxy server which has internet connectivity.

It’s cloud time, most of enterprise apps been deployed to cloud now days, in such circumstances obviously client has requirement to established http/https connectivity between legacy system to cloud based system e.g. locally hosted ERP system needs to communicate to salesforce instance which is hosted in cloud via Oracle SOA SCA composite services.

While we establishing connection to cloud from on-premises application security shouldn’t be compromised. As result most enterprise has practice that when they connect to outside application which are hosted on cloud, they go via a proxy server which are hosted in DMZ zone and single point from where external connection can be made, instead of each internal server get exposed with internet connectivity.

In, regard to achieve this requirement we need to force applications server to use proxy server for any specific service and bypass all local traffic, so that it won’t cause any performance issue.
Oracle SOA hosted services can achieve this outcome using below two methods-

1)      Service level Proxy configuration

2)      Server level Proxy configuration

Both option has pros and cons. E.g. service level proxy configuration is easy to implement and impact of this change is limited to one service only, but server level proxy configuration is bit tricky and if does not work then it can impact whole environment which could be problematic situation. Although we have noticed that many clients prefer to have Server level configuration as in future if any new API get introduced and need external app connectivity via internet then no additional configuration required to do so.

In one of my recent engagement, we faced difficult time to implement Server level proxy configuration while service level proxy configuration always worked without any problem.

We have tried at least 10-15 different attempt of configuration for Server level Proxy configuration and finally it worked. I don’t want to go through too much details here what are the various attempt we have made instead I will just list final proxy configuration which works for us.

Below are the steps to implement Service and Server level configuration –

SCA composite level proxy configuration-

Go to EM console >> server particular composite process >> under service and reference section, select particular service reference for which you need to specify proxy server >> select the properties tab page. Here you can find proxy server related configuration and can specify Proxy Host, Proxy Port, Proxy Username, Proxy User password etc.

Weblogic Server level proxy configuration-

Earlier, I said the server level proxy configuration is bit tricky one, the reason of that is Oracle does not document this configuration properly. As per Oracle doc “Developing SOAApplications with Oracle SOA Suite 12c (12.1.3) E28305-06”. However, when I navigate to same location I can’t find any such configuration exist, so there is mismatch between what Oracle doc says and what configuration exist on SOA server side.

Later, even we have found one Oracle Doc ID 1953376.1 at website which confirm the document mismatch, look at below snap highlighted part -

And then as per Oracle Doc ID 1953376.1 suggestion we have started trying out setting up JAVA_OPTION.  To set the JAVA_OPTION was very simply as simple as eating a piece of cake. However, it didn’t work as expected and then we have spent good amount of time to troubleshoot piece by piece above JAVA_OPTION parameters and then finally were able to configure proxy server.

The JAVA_OPTION suggested by Oracle was – 

JAVA_OPTIONS="-Dhttp.proxySet=true -Dhttp.proxyPort=80 -Dhttp.nonProxyHosts=localhost.localdomain||localhost|*"

However, it didn’t work for us. The working JAVA_OPTION which we have used is this – 

JAVA_OPTIONS="${JAVA_OPTIONS} -Dhttp.proxyHost= -Dhttp.proxyPort=3333 -Dhttp.nonProxyHosts=*|local*|soasit*"

My Comment
In my case this parameter was not having any significance at all, proxy configuration was working with or without this parameter, although by looking this parameter its seems like it enable/disable the proxy server configuration, but in reality it was not doing anything in my case.
This is the proxy server hostname, you can use direct IP as well if there is no redundant node been setup for Proxy server. Proxy server host name must need to resolved either via /etc/hosts file or DNS server name.

Note: I have seen oracle documentation where they have separate entry for https calls they use -Dhttps.proxyHost parameter. However, in our case we were able to send https traffic as well to proxy without using -Dhttps.proxyHost parameter.
This is numeric port number been used for Proxy server.
This is very important parameter as this decide what are all the hostname and IP need to be excluded, so be careful this parameters values. Wild character e.g. * is allow to cover the larger scope. If you miss to bypass local traffic then proxy server will be bombarded with heaps of additional traffic, even the performance of your service API will be degraded. Don’t forgot to check the proxy server access.log to verify which particular traffic going to proxy and which one not.  

Reference: -

No comments:

Post a Comment