1. Request a DNS ip address for finance.domain.com
DNS ip address registration will map server webHost1d.domain.com (or additional server) to finance.domain.com. Before the mapping, you can not ping finance.domain.com or nslookup finance.domain.com.
$ nslookup finance.domain.com
** server can't find finance: SERVFAIL
$ ping finance.domain.com
ping: unknown host finance.domain.com
2. After the DNS ip is registered, nslookup will work like something below. Here, 123.45.67.987 is the ip address for finance.domain.com
$ nslookup finance.domain.com
Server: 123.45.67.89
Address: 123.45.67.89#53
finance.domain.com canonical name = webHost1d.domain.com.
Name: webHost1d.domain.com
Address: 123.45.67.987
If finance.domain.com is monitored by F5, its DNS ip address will tied to multiple pool members inside F5, depending on the number of EBS web/forms nodes. In this case, nslookup will return slightly different:
$ nslookup finance.domain.com
Server: 123.45.67.89
Address: 123.45.67.89#53
finance.domain.com canonical name = finance.dev.vip.domain.com.
Name: finance.dev.vip.domain.com
Address: 123.45.67.987
The DNS entry for finance.domain.com pints the F5 CNAME finance.dev.vip.domain.com
3. Also, ping on it shall also work
$ ping finance.domain.com
PING finance.domain.com (123.45.67.987) 56(84) bytes of data.
64 bytes from finance.domain.com (123.45.67.987): icmp_seq=1 ttl=63 time=0.280 ms
64 bytes from finance.domain.com (123.45.67.987): icmp_seq=2 ttl=63 time=0.559 ms
4. Make 3 changes in $CONTEXT_FILE to use finance.domain.com as the URL.
<externURL oa_var="s_external_url">https://webhost1d.domain.com:4453</externURL> =>
<externURL oa_var="s_external_url">https://finance.domain.com:4453</externURL>
<webentryhost oa_var="s_webentryhost">webhost1d</webentryhost> =>
<webentryhost oa_var="s_webentryhost">finance</webentryhost>
<login_page oa_var="s_login_page">https://webhost1d.domain.com:4453/OA_HTML/AppsLogin</login_page> =>
<login_page oa_var="s_login_page">https://finance.domain.com:4453/OA_HTML/AppsLogin</login_page>
After AutoConfig, the EBS site can be accessed by https://finance.domain.com:4453
By the way, when 4453 is the ssl port number, it will be the value for three $CONTEXT_FILE variables (and also in $INST_TOP/ora/10.1.3/Apache/Apache/conf/ssl.conf file as the Listen port):
<httpslistenparameter oa_var="s_https_listen_parameter">4453</httpslistenparameter>
<web_ssl_port oa_var="s_webssl_port" oa_type="PORT" base="4443" step="1" range="-1" label="Web SSL Port">4453</web_ssl_port>
<activewebport oa_var="s_active_webport" oa_type="DUP_PORT" base="8000" step="1" range="-1" label="Active Web Port">4453</activewebport>
TROUBLESHHOTING
After an EBS R12.1.3 instance was cloned / moved to new nodes (webHost1d and webHost2d), EBS site page https://finance.domain.com:4453 did not work.
Page using node name http://webHost1d.domain.com:s_webport worked but failed on re-directing to login page (Note: if company network does not allow http, this page may not load up in browser. Then, on OS level, try $ wget webHost1d.domain.com 8021 ). So, Apache services worked fine. Furthermore, TELNET to the node link works (if telnet is not available, try "wget"):
Page using node name http://webHost1d.domain.com:s_webport worked but failed on re-directing to login page (Note: if company network does not allow http, this page may not load up in browser. Then, on OS level, try $ wget webHost1d.domain.com 8021 ). So, Apache services worked fine. Furthermore, TELNET to the node link works (if telnet is not available, try "wget"):
$ telnet webHost1d.domain.com 8021
Trying 177.99.88.66...
Connected to xifsapw3q.
Escape character is '^]'.
GET <== type in/Enter
<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<HTML><HEAD>
<TITLE>400 Bad Request</TITLE>
</HEAD><BODY>
<H1>Bad Request</H1>
Your browser sent a request that this server could not understand.<P>
invalid request-URI <P>
</BODY></HTML>
Connection closed by foreign host.
While using NSLOOKUP to check the site, it returns two IPs:
$ nslookup finance.domain.com <== It returns two entries
Server: 123.45.67.89
Address: 123.45.67.89#53
finance.domain.com canonical name = finance.dev.vip.domain.com.
Name: finance.dev.vip.domain.com
Address: 123.45.67.987
Name: finance.dev.vip.domain.com
Address: 123.45.66.987
Name: finance.dev.vip.domain.com
Address: 123.45.67.987
Name: finance.dev.vip.domain.com
Address: 123.45.66.987
The problem was in F5. After F5 admin removed and re-entered two pool members' IPs, and also re-entered port number (web_ssl_port 4453) in F5 tool, the problem got fixed. F5 admin said the problem was on the port number (s_webport 8021??). If s_webport is listened in F5, webpage https://finance.domain.com:4453 may give ERR_CONNECTION_RESET error
If 443 is used as s_active_webport (vs. 4453) in $CONTEXT_FILE, 443 shall be also entered in F5 to make site https://finance.domain.com work.
By the way, if EBS site https://finance.domain.com works, URL to single node https://webHost1d.domain.com:web_ssl_port shall say "This site is not secure" or "Your connection is not private" (or ERR_CERT_COMMON_NAME_INVALID, maybe because the ssl cert is not for webHost1d.domain.com).
Another common issue in network is IP address is not mapping to the DNS name, for example:
$ nslookup 123.45.67.987
** server can't find 123.45.67.987.in-addr.arpa: NXDOMAIN
1 comment:
Will SSL/TSL work in this type of configuration ?
Post a Comment