Friday 4 March 2016

SSL Configuration for Apache

First make sure that apache installations and SSL changes have done, now use these below steps to configure SSL certificates.

Step 1 : Move to "extra" directory of apache.

Ex: cd /APACHE_HOME/conf/extra

Step 2: Generate Private Key on the Server Running Apache + mod_ssl

Ex: openssl genrsa -des3 -out .key 4096

So your result will be : .key

Step 3: Generate a Certificate Signing Request (CSR)

Ex: openssl req -new -key .key –out .csr
So your result will be : .csr

Step 4: Generate a Self-Signed SSL Certificate

Ex: openssl x509 -req -days 365 -in .csr –signkey .key -out .crt
So your result will be : .crt

Step 5: Generate a CA file

Ex: openssl req -new -x509 -days 365 -key in .key -out in .ca
So your result will be : .ca

Step 6: Generate a DER file

Ex: openssl x509 -in .crt -out .der.crt -outform DER
So your result will be : .der.crt

Step 7: Removal of Passphrase (Optional if you want to remove passphrase)

Ex: openssl rsa -in .key -out new.key
So your result will be : new.key
Now copy that “new.key” to “.key” 
Ex : cp new.key .key .

Step 8: Finally copy .key and .crt to /APACHE_HOME/conf/, so use

Ex : cp .key /APACHE_HOME/conf/
cp .crt /APACHE_HOME/conf/

Note : You can change the key capacity to higher or lower (i have given 4096==4 MB) and also key validity to more days (i have given 365==1 Year).

Now you are done with your SSL certificates
Posted by at No comments:

What is a Thread dump? How will you take in unix/linux and windows?

 This is especially useful if your Java application sometimes seems to hang when running under load, as an analysis of the dump will show where the threads are stuck.

We will take thread dump in following ways,
Ø  Linux : kill -3 PID
Ø  Windows (console mode) : crtl+break
Ø  Windows (service) : beasvc -dump -svcname:mydomain_myserver.
The data file and change log file used by the embedded LDAP server can potentially grow quite large. You can configure maximum sizes for these files with the following weblogic.Server command line arguments:

  • -Dweblogic.security.ldap.maxSize=<max bytes>, which limits the size of the data file used by the embedded LDAP server. When the data file exceeds the specified size, WebLogic Server eliminates from the data file space occupied by deleted entries.
  • Dweblogic.security.ldap.changeLogThreshold=<number of entries>, which limits the size of the change log file used by the embedded LDAP server. When the change log file exceeds the specified number of entries, WebLogic Server truncates the change log by removing all entries that have been sent to all Managed Servers.
Posted by at No comments:

What is Proxy server ?Types of proxy server

Proxy Server:
In general words proxy server is nothing but an mediator(ex: bus, if you want to go to your home by using bus you can reach your destination) the same way we are using proxy server in weblogic.
 Proxy Server is an intermediary server between your web browser (client) which requests for some information/data and your server (web server/Application server) that process the data.

Types of Proxy Server:
 They are three different types of proxy servers. They are as follows

     1) Forward Proxy Servers:
Forward Proxy Server is a server which forwards the request from the intranet clients (web browser) to the internet servers. These proxy servers are present in the same network of your client.
     2)Open Proxy Server:
An open proxy is a proxy server which is accessible by any Internet user. Any proxy server that doesn’t restrict its client base to its own set of clients and allows any other client to connect to it is known as an “Open Proxy”.An anonymous open proxy allows users to conceal their IP address while browsing the Web or using other Internet services. They are in numerous open proxy servers present in Internet. For converting any flavor of proxy servers to Open Proxy servers we just have to enable the flag “ProxyRequests On” in the configuration file.
      3)Reverse Proxy Server:
A Proxy Server which takes requests from external clients (web browsers) or Internet and forwards them to servers in an internal network is called as Reverse Proxy Server. Generally, the reverse proxy servers are present in the same network where we have our App/Web servers.
Advantages of using Reverse Proxy Servers: The various advantages of using the proxy servers are as follows
           1) Filtering
2) Caching
3) Bypassing filters and censorship
4) Logging and eavesdropping
5) Gateways to private networks
6) Accessing services anonymously
Posted by at No comments:

WebLogic server Life Cycle:

Starting state:
During the starting state that instances ready the domain configuration data from its configuration directory. Whereas the Manager server will get their configuration data from Admin server. It is in this state that the instance the basic services such as the kernal and execute queues, the container service for logging and Node manager service. The server also deploy during this phase.

Stand by: 
In this state the server Instance will allow you to issue just to administrative requests. You can me the server state either running or shutdown state. Normally the server instance will automatically transition through the stand by state to next stage unless you start the instance with the start in stand by command.
Note: All ports are closed in this stat. But you can quickly transition to a running state.

Admin mode: 
The admin mode permits only Administrative task, deploying applications with those applications being able to only request from users with the admin and App tester roles. Running a server in admin mode is also useful when trying to diagnose problems with application gone badly.
Note: Servers will run in admin mode when there is problem with deployed application or JDBC connection pool.we can resume the server from Admin state to resume state.

Resuming state:
This is purely transitional state the server instance goes through after it transitions automatically through Admin state or you issue the resume command after first placing the instance in the stand by or Admin state. You can do this state change from command line or through the Admin console.

Running state: 
This is off course final state the server instance reaches after you either issue a start up command or resume command to move the server out of the Admin or stand by state. It is in the running state that the server can accept the service client request for it services.
Posted by at No comments:

What is boot.properties file and how to create

Boot.properties is a file, it containing  weblogic server username and password .
If your server is in production mode then only you have to create manually this boot.properties file.
If your server is in Development then you no need to create this file because server it self create this file while creating Domain.
A boot identity file contains the user credentials for starting and stopping an instance of WebLogic Server. An administration server or managed server can refer to this file for user credentials instead of prompting at the command line to provide them.

 To Create boot.properties:
Go to below location
Win :   C:\Oracle\Middleware\user_projects\domains\test_domain\servers\AdminServer\
Linux : Oracle\Middleware\user_projects\domains\test_domain\servers\AdminServer\
1.First you have to create security folder under AdminServer
2.Create boot.properties file under security folder.
3.Open notepad and write the below two lines
username=**********
password=***********
4.Save the file
5.Now your boot.properties file has been ready from next time your server starting it won't ask username and password, internally your server will call boot.properties file .you can find the below info in your log .
<Sep 21, 2014 10:06:35 PM IST> <Notice> <Security> <BEA-090082> <Security initia
lizing using security realm myrealm.>
<Sep 21, 2014 10:06:35 PM IST> <Notice> <Security> <BEA-090083> <Storing boot id
entity in the file: C:\Oracle\Middleware\user_projects\domains\test_domain\serve
rs\MS2\security\boot.properties>
Note:
If your server is in MSI Mode then you have to copy the security folder along with boot.properties and paste in to all your manage servers.

Posted by at No comments:

Differences b/w Development and Production Env

SSL:

Development Mode: You can use the demonstration digital certificates and the demonstration keystores provided by the WebLogic Server security services. With these certificates, you can design your application to work within environments secured by SSL.

Production Mode: You must not use the demonstration digital certificates and the demonstration keystores. If you do so, a warning message is displayed.

Deploying applications:

 Development Mode: WebLogic Server instances can deploy and update applications that reside in the domain_name/autodeploy directory automatically. It is recommended that this method be used only in a single-server development environment.
Production Mode: The auto-deployment feature is disabled; so, you must use the WebLogic Server administration console, the weblogic.Deployer tool, or the WebLogic Scripting Tool.

Log file rotation:

Development Mode: By default, when you start the WebLogic Server instance, the server automatically renames (rotates) its local server log file as SERVER-NAME.log.n. For the remainder of the server session, messages accumulate in the log file until the file grows to a size of 500 kilobytes.

Production Mode: The server rotates the local log file after the size of the file reaches 5000 kilobytes. When the server is configured for production mode, by default, all versions of the log files are kept. Administrators may want to customize the number of log files retained.

JDBC system resource:

Development Mode: The default capacity is 15 connections.

Production Mode: The default capacity is 25 connections.

Security:

Development Mode: The configuration of security is relatively relaxed, allowing you to auto-deploy applications.


 Production Mode:  The configuration of security is stringent, requiring a user name and password to deploy applications. Before putting a domain into production, familiarize yourself with the securing the production environment.
Posted by at No comments:

Change Heap in SOA

If you want to change default Memory Settings in SOA and Customize them according to your Admin and Managed Servers.

Increase Heap size memory in SOA Server follow below steps:

Backup for setSOADomainEnv.sh (/user_projects/domain/<soa_domain_name>/bin/setSOADomainEnv.sh
Update setSOADomainEnv.sh
Find - Below Values in setSOADomainEnv.sh:
DEFAULT_MEM_ARGS="-Xms512m -Xmx1024m"
PORT_MEM_ARGS="-Xms768m -Xmx1536m"

Replace With - Below Custom Values:
# line to specify different Xmx and Xms values to soa_server.
if [ "${SERVER_NAME}" = "soa_server1" ] ; then
DEFAULT_MEM_ARGS="-Xms2048m -Xmx2048m"
PORT_MEM_ARGS="-Xms2048m -Xmx2048m"
elif [ "${SERVER_NAME}" = "" ] || [ "${SERVER_NAME}" = "AdminServer" ]; then
DEFAULT_MEM_ARGS="-Xms512m -Xmx512m"
PORT_MEM_ARGS="-Xms512m -Xmx512m"
fi

3. Restart Admin and Managed Servers, Check new settings using below commands.

4. ps -ef |grep AdminServer and ps -ef |grep soa_server1


Posted by at No comments:

Change JDK In Weblogic Server

Sometime it is required to switch JDK used by weblogic server for example from Sun to JRockit (which gives better performance). Another use case could be to switch from 32 to 64 bit JDK as well as latest supported JDK. To verify supported JDK version checkOracle FMW support matrix


Installing new JDK:

First step is to install your desired JDK. Follow these steps to install

1. Download JRockit JDK from OTN

2. FTP the file to server and unzip it by running following command
$ unzip  jrockit_282V30318-01.zip

3. The file will be extracted with .bin extension, change the permission and make it executable.
$ chmod 755 jrockit-jdk1.6.0_29-R28.2.2-4.1.0-linux-x64.bin

4. Install JRockit to your desired location (in my example i have xserver running).

Follow the wizard to complete the installation. I installed JRockit on /u01/Oracle/jrockit-r28.2.2

$ ./jrockit-jdk1.6.0_29-R28.2.2-4.1.0-linux-x64.bin

Changing Weblogic Configuration to use new JDK

1. Shutdown all managed servers in Weblogic domain

2. Backup the following files
$MW_HOME/user_projects/domains/<domain  name>/bin/setDomainEnv.sh
$WL_HOME/common/bin/commEnv.sh

e.g.
$ cd  /u01/Oracle/Middleware/user_projects/domains/base_domain/bin
$ cp setDomainEnv.sh  setDomainEnv.sh.before_jdk_change

$ cd /u01/Oracle/Middleware/wlserver_10.3/common/bin
$ cp commEnv.sh  commEnv.sh.before_jdk_change

3. Edit setDomain.env file and find ${JAVA_HOME}
Comment the JAVA_HOME entry

#JAVA_HOME="${JAVA_HOME}"
#export  JAVA_HOME


4. Add the following after this

# Added the following lines to change to JRockit JDK
JAVA_HOME="/u01/Oracle/jrockit-r28.2.2"
export  JAVA_HOME
JAVA_VENDOR="Oracle"
export JAVA_VENDOR



5. Search the following section in the file, specifically for "-Djrockit.optfile":


Note: This parameter usually gives warning of being obsolete
you will find

EXTRA_JAVA_PROPERTIES="-Dcommon.components.home=${COMMON_COMPONENTS_HOME}   -Djrf.version=11.1.1 
-Dorg.apache.commons.logging.Log=org.apache.commons.logging.impl.Jdk14Logger 
-Ddomain.home=${DOMAIN_HOME} 
-Djrockit.optfile=${COMMON_COMPONENTS_HOME}/modules/oracle.jrf_11.1.1/jrocket_optfile.txt 
-Doracle.server.config.dir=${ORACLE_DOMAIN_CONFIG_DIR}/servers/${SERVER_NAME} 
-Doracle.domain.config.dir=${ORACLE_DOMAIN_CONFIG_DIR}
......"

remove the "-Djrockit.optfile" property:
-Djrockit.optfile=${COMMON_COMPONENTS_HOME}/modules/oracle.jrf_11.1.1/jrocket_optfile.txt

6. Save the file

7. Edit commEnv.sh file, find the following section

if [ -z "${JAVA_HOME}" -o -z "${JAVA_VENDOR}" ]; then



8. Add the following line after above section
JAVA_HOME="/u01/Oracle/jrockit-r28.2.2"
export JAVA_HOME
JAVA_VENDOR="Oracle"
export JAVA_VENDOR



9. Start Admin Server and confirm your changes by running following command

$ ps -ef | grep Admin

if you see something similar then your are good to start other managed servers


oracle   13927 13771  5 15:30 ?        00:03:58 /u01/Oracle/jrockit-r282.2/bin/java -jrockit -Xms2048m -Xmx2048m -Dweblogic.Name=AdminServer
Posted by at No comments:

Oracle weblogic Patch

patch is a piece of software designed to update a computer program or its supporting data, to fix or improve it. This includes fixing security vulnerabilities and other bugs, with such patches usually called bugfixes or bug fixes, and improving the usability or performance.

Weblogic patch:

For every quarter oracle will release patches in 2015 oracle released 3 patches for weblogic ,find the below

Jan - 12UV --- search for more info for this bug in oracle
April - YUIS --- search for more info for this bug in oracle
July - EJUW --- search for more info for this bug in oracle

Applying the patch in the linux environment.For windows environment use .cmd instead of sh.
Step :1
Check the weblogic version
Go to the below location and execute setEnv
/oracle/.../.../wlserver_10.3/server/bin
After executing set env check weblogic version by using java weblogic.version

Step 2: 
Go to the below location and copy patch file
/oracle/.../.../utils/bsu/cache_dir
cp -rf /home/.../.../AprilPatch/p20181997_1036_Generic.zip .
unzip p20181997_1036_Generic.zip
Step 3:
Apply the patch by using below command ,make sure while applying all instances should be in shutdown state.

bsu.sh -install -patch_download_dir=/oracle/.../Middleware/utils/bsu/cache_dir -patchlist=YUIS -prod_dir=/oracle/app/Middleware/wlserver_10.3


Step:4
Check the version it should be 10.3.6.0.11
java weblogic.version



Successfully applied the patch .now the weblogic version is changed from 10.3.6.0 to 10.3.6.0.11


Posted by at No comments:
Subscribe to: Posts (Atom)