F5给oracle agile做SSL OFFLOAFD

Posted 2022-02-23

需求：

Oracle Agile需要加密传输，需要F5做SSL OFFLOAD。

oracle support 说明：
Set "WebLogic Plug-In Enabled" settings (under Servers==>==>Advanced and under agileDomain==>Web Applications) to Yes. Also configure F5 load balancer to set HTTP header "WL-PROXY-SSL" to true. This resolved the issue.

Set ‘WebLogic Plug-In Enabled‘ and restart server.

1. Login to weblogic admin console
2. Lock and edit
   a - In the left pane, click on agileDomain and Web Applications on the right pane
   b - Scroll down that right pane above and find the setting: WebLogic Plugin Enabled
   c - Enable the check box
3. Environment | Servers
4. Click on each managed cluster node link in the right pane
5. In the General tab, click on the Advanced section below
6. Set WebLogic Plug-In Enabled: to YES
7. Click on Save and Release configuration
8. Do this for each cluster moanaged node
9. Restart the weblogic Agile cluster

On the F5 loadbalancer, perform the equivalent of this setting ‘RequestHeader set WL-Proxy-SSL true’.

Try HTTPS url:
https://agile934Server.com/Agile/PLMServlet

Note: this applys to all proxy and load balancer.

How to set ‘RequestHeader set WL-Proxy-SSL ’ to true.

For Apache Reverse proxy:

In the apache httpd.conf file>
Uncomment ‘LoadModule headers_module modules/mod_headers.so’
Add ‘RequestHeader set WL-Proxy-SSL true’

For a loadbalancer like Netscaler:

enable ns feature REWRITE
add rewrite action Insert-SSL-Header insert_http_header WL-Proxy-SSL "\"true\"" -bypassSafetyCheck YES
add rewrite policy SSL-Header-policy HTTP.REQ.IS_VALID Insert-SSL-Header
bind lb vserver agilestage.corp-443 -policyName SSL-Header-policy -priority 100 -gotoPriorityExpression END -type REQUEST

F5配置：
配置标准80 vs，关联80到443重定向
配置标准443 vs，关联header inset 和uri重定向irule,

irule：
when HTTP_REQUEST
HTTP::header insert "WL-Proxy-SSL true"
if [HTTP::uri] equals "/"
HTTP::redirect https://[HTTP::host]/Agile

优势：通过F5做SSL OFFLOAD，能够节约后端大量的开发时间。