Forum Stats

  • 3,783,613 Users
  • 2,254,809 Discussions
  • 7,880,488 Comments

Discussions

Mapping domain name to PaaS JCS / Load balancer IP Address and Not Secure browser notification

oladayo.s
oladayo.s Member Posts: 48 Red Ribbon
edited Dec 3, 2017 5:53PM in Java Cloud Service

Hello guys, I'm deploying applications to my PaaS JCS instance which has a load balancer.

Currently my applications are accessed via the ip address of my load balancer https://132.XX.XX.XX/app1context

wls version: 12.1.3.0.161018

My needs

  1. is to map this ip address to a my registered domain name.

        Up to now, I have found nothing detailed from the oracle documentation on how to do this. There exists references (a line or two) which seems to be ideal for experts who might have done this previously.

    2. Https certificates

         Everytime I access my applications via the url, I get the not secure warning. I am clueless on what I need to do to get past this issue. Note: My applications are ADF applications. Kindly advice.

          notsecure.PNG

I would appreciate it if anyone can provide step wise guide/instruction set on how to get these done.

many thanks

oladayo.sVikash Mishra-OracleUser_FIOHUUser_3U06U

Best Answer

Answers

  • Edi-Oracle
    Edi-Oracle Member Posts: 77 Green Ribbon
    edited Nov 19, 2017 7:23AM

    Hi,

    1) have you read the documentation on defining a custom DNS for a JCS ?

    2) this is the behavior ( the warning ) usually when openssl certificates are being used, you just need to accept the warning and click "advance" button or something similar depending on your browser.

    ( the warning won't be displayed anymore if you buy/issue your own certificates )

    Hope that helps.

    oladayo.s
  • oladayo.s
    oladayo.s Member Posts: 48 Red Ribbon
    edited Nov 19, 2017 10:28AM

    Thanks Edi for the quick response. 1. I've followed the documentation here and it does take me a step further; however something i noticed.   The url always resolves back to the loadbalancer's ipaddress i.e. changes from www.amagedon.com to 154.123.1.1.   Is this a standard behaviour or there's something that can be done to always mask the loadbalancer's ipaddress? 2. Thanks for this, however my initial expectation was to expect some sort of certificate installation prompt on my browser (tried chrome, edge etc) however nothing. I keep hitting the warning page which I accept to move onto the application page.

  • Vikash Mishra-Oracle
    Vikash Mishra-Oracle Member Posts: 61
    edited Nov 19, 2017 11:09AM

    Hi Oladayo,

    I believe your Q1 is already answered. To answer your Q2, you have 2 options. One that you can use self signed certificate and or Third Party CA signed certificate. Please refer the below Blog:

    https://blogs.oracle.com/blogbypuneeth/steps-to-create-a-self-signed-certificate-and-configure-custom-identity-and-custo…

    https://blogs.oracle.com/blogbypuneeth/steps-to-create-a-csr-certificate-signing-request-using-keytool-and-get-it-signed…

    Regards

    Vikash

    oladayo.s
  • handat
    handat Member Posts: 4,688 Gold Crown
    edited Nov 20, 2017 12:47AM

    You will need to configure your weblogic instance with the name that you registered in DNS. Since you initially only had an IP and no DNS resolvable name, that would had ended up as your default. Now that you have registered a DNS entry for your IP, you need to let weblogic know about it and use it. There is a configuration item called frontend url host (and port) which you can specify in weblogic. Put the DNS name that you registered and mapped to your IP into that field and set the port to 443.

    That should resolve your first problem. The second problem will be to buy a certificate from a trusted CA that either maps exactly to the hostname that you registered in DNS, or buy a wild card certificate which is one that maps to our entire domain, for example if your hostname in DNS is www.amagedon.com, then the subject or dn that you specify when you buy the certificate from your CA would be www.amagedon.com. If you own the whole domain, ie any hosts under the amagedon.com, then you would also be able to buy a wildcard certificate, ie *.amagedon.com. Not all CAs will allow you to get a wildcard certificate and those who do will usually charge you extra for that.

    oladayo.s
  • Vikash Mishra-Oracle
    Vikash Mishra-Oracle Member Posts: 61
    edited Nov 23, 2017 1:01PM
  • oladayo.s
    oladayo.s Member Posts: 48 Red Ribbon
    edited Nov 23, 2017 5:12PM

    Hello Handat, Thanks for your replies. 1. frontend url host/port: does this apply where a loadbalancer is in use? My deployed applications are accessed via a loadbalancer's ip address so i doubt configuring the frontend url host on wls would make any difference or what do you think. 2. Certificates - I'll get back to you on this. thanks

  • oladayo.s
    oladayo.s Member Posts: 48 Red Ribbon
    edited Nov 29, 2017 10:57AM

    Hello Handat, I'm afraid the suggested configuration changes at WLS cluster level does not quite give me the desired outcome. I changed the frontend host to abc.com, restarted the servers and on accessing the application using the domain name, my URL gets changed automatically back to host ip thus defeats the purpose of trying to mask the ip. Note: The ip is that of the loadbalancer.  I think what i need will be at the load balancer level.

  • oladayo.s
    oladayo.s Member Posts: 48 Red Ribbon
    edited Nov 29, 2017 11:00AM

    Thanks Vikash, However this does not quite give me the desired result. While I can confirm that i can reach the target host using my domain name now, however once the page is loaded the domain/vanity name is automatically changed back to the load balancer's IP address. There must be some kind of configuration that i can change at the lb level to ensure the vanity names used will remain sticky all the time.. Any ideas?

  • Narendra Modupalli
    Narendra Modupalli Member Posts: 21 Red Ribbon
    edited Nov 30, 2017 2:00AM Accepted Answer

    Hi Oladayo,

    Recently we had the same issue and we have resolved this by following the steps that are mentioned in the below url -

    https://docs.oracle.com/en/cloud/paas/java-cloud/jscug/configuring-ssl-oracle-java-cloud-service-instance.html#GUID-C54E…

    Once the SSL is configured then restart the JCS instance and then test the application. Hopefully this will help you to resolve your issue.

    Thanks & Regards,

    Narendra M.

    Vikash Mishra-OracleUser_FIOHUUser_3U06U
This discussion has been closed.