– We get plugin 1.0 shipped along with weblogic server which we can use at web server to prxoy request from front end to backend weblogic server
– Depending on your environmental needs you can add various parameters in plugin configuration. You can refer below link for the same:
http://docs.oracle.com/cd/E13222_01/wls/docs81/plugins/plugin_params.html#1143055
– To debug any Plugin issues you need to enable below debugs and get WebLogicBridgeConfig information. This information gets details on all parameters set at plugin level and it let us know whether its able to connect to backend weblogic:
DebugConfigInfo ON
Debug ALL
WLLogFile /tmp/proxy.log
– This proxy log will capture debug information. After adding them get WebLogicBridgeConfig information by navigating as below in browser:
http://<WebServer_Host>:<Port>/<App_Name>?__WebLogicBridgeConfig/
https://<WebServer_Host>:<SSL_Port>/<App_Name>?__WebLogicBridgeConfig/
NSAPI PLUGIN STATISTICS REPORT
I. Runtime Statistics
A. Requests
Number of new HTTP client connection requests.
B. Successful requests
Number of HTTP client requests that reached completion without throwing runtime exceptions.
C. Exception objects created
Number of runtime exception objects allocated from heap memory. This number equal the sum of all the runtime exceptions listed below.
D. Exception objects deleted
Number of runtime exception objects returned to heap memory. A difference between exception objects created and exception objects deleted indicates a memory leak has occurred.
E. URL objects created
Number of HTTP connection objects allocated from heap memory.
F. URL objects deleted
Number of HTTP connection objects returned to heap memory. A difference between URL objects created and URL objects deleted indicates a memory leak has occurred.
G. Connections recycled
Number of HTTP connection objects that were successfully reused by the proxy.
II. Runtime Exceptions
A. CONNECTION_REFUSED
The proxy was unable to connect to a backend server or a system error occurred while connecting to a backend server. The application server may be down or unable to accept new connections.
B. CONNECTION_TIMEOUT
The proxy aborted a timed connection attempt while waiting for a backend server. The application server may be down or unable to accept new connections.
C. READ_ERROR_FROM_CLIENT
The proxy was unable to process all of the data sent in an HTTP POST request from a frontend client. An NSAPI error may have occurred or the browser aborted the request.
D. READ_ERROR_FROM_SERVER
The proxy was unable to process all of data returned by the backend server due to an NSAPI error or a socket read failure. The application server may be down.
E. READ_ERROR_FROM_FILE
The plug-in FileCaching parameter is enabled and the proxy was unable to read HTTP POST data from a temporary file due to a system error.
F. WRITE_ERROR_TO_CLIENT
An NSAPI error occurred while returning an HTTP response to a frontend client. The browser may have aborted the request.
G. WRITE_ERROR_TO_SERVER
A socket write error occurred while sending HTTP headers to a backend server. The application server may be down or unable to accept requests.
H. WRITE_ERROR_TO_FILE
The plug-in FileCaching parameter is enabled and the proxy was unable to either open a temporary file or write HTTP POST data to a temporary file due to a system error. There may be insufficient space or incorrect permissions on the partition where the temporary files are being written.
I. READ_TIMEOUT
A socket timeout occurred while waiting for data from the backend server. The application server may be down or busy.
J. WRITE_TIMEOUT
A socket timeout occurred while sending data to the backend server. The application server may be down or busy.
K. UNKNOWN_HOST
A socket error occurred while attempting to connect to the backend server. The host name of the application server may be wrong or cannot be translated by DNS.
L. NO_RESOURCES
The proxy was unable to allocate sufficient memory from the heap.
M. PROTOCOL_ERROR
Covers a variety of processing errors that may occur from malformed or empty headers, improper chunking, chunked transfer encoding (CTE) errors, or other HTTP parsing errors. These errors suggest bad data is being sent by either the frontend client or the backend server.
N. CONFIG_ERROR
Covers configuration errors such as an invalid port number, failure to specify either ‘WebLogicCluster’ or ‘WebLogicHost’, or an invalid path trim parameter. Recheck the obj.conf file for incorrect spellings or values.
O. FAILOVER_REQUIRED
Indicates that a backend server has been marked as bad and that the proxy will attempt to contact the secondary application server.
P. POST_TIMEOUT
Indicates that the maximum number of retry attempts have been made while sending HTTP POST data to a backend server. The application server may be down or unable to accept requests.
Q. REQUEST_ENTITY_TOO_LARGE
The value set by HttpServletResponse.setContentLength() exceeded the plug-in MaxPostSize parameter.
R. HALF_OPEN_SOCKET_RETRY
The proxy was using a recycled socket and that socket has already been closed by the backend server. The request will be retried on the same host with a new connection.
———————————————————————————————————————————————————————————–
– Recently I had faced an interesting issue with plugin 1.0 where if we enable SSL all requests were getting hanged at Calling InitSSL. It worked well when ssl was disbaled. We could see below logging in proxy log:
================New Request: [GET /index.html HTTP/1.1] =================
Wed Feb 18 14:14:30 2012 <2403313293368701> INFO: SSL is configured
Wed Feb 18 14:14:30 2012 <2403313293368701> SSL Main Context not set. Calling InitSSL
Wed Feb 18 14:17:07 2012 <2403513293370271>
================New Request: [GET /content HTTP/1.1] =================
Wed Feb 18 14:17:07 2012 <2403513293370271> INFO: SSL is configured
Wed Feb 18 14:17:07 2012 <2403513293370271> SSL Main Context not set. Calling InitSSL
Wed Feb 18 14:17:58 2012 <2403113293370781>
– After analyzing further we came to know that plugin 1.0 when SSL enabled uses certicom SSL implementation. This certicom code calls initSSL which performs File System (FS) scan on all FS mounted on that particular machine in order to generate the random seed which creates secret key for SSL communication.
– If any of the File system is hang then every SSL request coming to the web server will get hanged.
– To validate this we had taken strace on same web server machine with SSL enabled with help below command:
Commnad: strace -o <outout file name> -tt -r -f -s4096 -p <apache process id>
– We could see below several FS scans done on all FS mounted on apache machine:
————————————————————————————————————————————————————————————-
2732 0.000089 statfs64(“/”, 84, {f_type=”EXT2_SUPER_MAGIC”, f_bsize=4096, f_blocks=258022, f_bfree=137746, f_bavail=124639, f_files=131072, f_ffree=115432, f_fsid={0, 0}, f_namelen=255, f_frsize=4096}) = 0
2732 0.000118 statfs64(“/home”, 84, {f_type=”EXT2_SUPER_MAGIC”, f_bsize=4096, f_blocks=258022, f_bfree=249120, f_bavail=236013, f_files=131072, f_ffree=130810, f_fsid={0, 0}, f_namelen=255, f_frsize=4096}) = 0
2732 0.000136 statfs64(“/tmp”, 84, {f_type=”EXT2_SUPER_MAGIC”, f_bsize=1024, f_blocks=507748, f_bfree=495253, f_bavail=469039, f_files=131072, f_ffree=130884, f_fsid={0, 0}, f_namelen=255, f_frsize=1024}) = 0
————————————————————————————————————————————————————————————
– From strace output its been observed that since SSL request was failing to generate random seed due to one of the Network File System (NFS) was hanged, all requests failed to reach backend weblogic and ultimately failed to serve request.
– As plugin 1.0 is deprecated we could not make any changes. So the only way to avoild this issue was to make sure all file systems including NFS should be accessible to generate random seed for secret key generation.
– Alternately we can upgrade plugin to 1.1 where it seems it uses other SSL implementation. You can refer below post to configure plugin 1.1 with SSL enabled: