Revision ORACLE CORPORATION. Application Server Deployment Architecture Series. Using Web Cache as Reverse Proxy

Revision 1 ORACLE CORPORATION Application Server Deployment Architecture Series Using Web Cache as Reverse Proxy

Table of Contents Document Version 1.1 AUTHOR... 2 OBJECTIVES... 3 BACKGROUND... 4 CACHE OVERVIEW... 4 CONFIGURATION OVERVIEW... 9 STEP 1: ENSURE THE ORACLEAS AND REVERSE PROXY WEBCACHE COMPONENTS ARE RUNNING.... 9 STEP 2: CONFIGURE OHS WITH VIRTUAL HOSTS... 11 STEP 3: PPE LOOPBACK ON NON-SSL PORT... 12 STEP 4: MODIFY THE PORTAL WEBCACHE SETTINGS... 13 STEP 5: CONFIGURE SSO... 14 STEP 6: REASSOCIATE SSO WITH ORACLEAS PORTAL... 14 STEP 7: REREGISTER MOD_OSSO ON INFRASTRUCTURE/MIDDLE TIER... 15 STEP 8: CLEAR THE CACHES AND RESTART OHS... 15 STEP 9: APPLY FOR AN SSL CERTIFICATE WITH ORACLE WALLET MANAGER... 16 STEP 10: CONFIGURE WEBCACHE WITH SITE MAPPINGS, LISTEN PORTS AND URL PATH PREFIXES... 17 STEP 11: SSL CONFIGURATION IN OHS... 20 STEP 12: UPDATE OID WITH OPERATION URL.... 21 APPENDIX & ISSUES... 22

Author This document is written and maintained by the A-Team in collaboration with Oracle Application Server Product Management. Please contact Sudi.Narasimhan@oracle.com regarding any issues and bugs associated with this document. References: OracleAS 10.1.2 WebCache Administrator s Guide OracleAS 10.1.2 Portal Configuration Guide Enterprise Deployment Guide 2

Objectives 1. To support ReverseProxying for the Portal using OracleAS WebCache 10.1.2 2. Use of a single domain to support both Portal and Single Sign On requests. 3. Use Secure Socket Layer (SSL) to the ReverseProxy. 3

Background The fundamental goal of ReverseProxying is to isolate internal IT resources from the outside world of the Internet. Reverse Proxy servers act as a proxy for application or web servers ultimately providing scalability, security and load balancing capabilities. With the use of the ReverseProxy, several servers can be brought into a single URL domain space. The purpose of this paper is to illustrate the use of OracleAS WebCache as a Reverse Proxy server to isolate Intranet Application servers but enabling Internet users access to these servers without compromising their identity or security. OracleAS WebCache is primarily a content-aware server accelerator capable of storing static and dynamic web content with the added benefit of providing load-balancing and failover detection to a farm of application servers. Since, the WebCache is primarily the intercepting point for all HTTP traffic, it reduces the burden or the load that would normally be handled by the web servers behind it. Cache Overview 1. A request from an Internet client such as a browser is sent to a website at https://www.mycompany.com:443 2. The response from the Domain Name Server indicates an external IP Address such as 64.56.49.55. 3. The browser then contacts the Reverse Proxy Server (WebCache) with the externally published address. The firewall between the Internet and the DMZ using Network Address Translation (NAT) maps the externally published IP Address of the Reverse Proxy Server to an internal IP Address such 192.168.0.100. 4. If the requested content is in the webcache, then the content is sent directly to the browser. 5. If the content is not in the cache, then the WebCache will request the content from the OracleAS 10g. Once again, through the use of NAT (Network Address Translation), the Webcache attempts to contact the Application Server with an externally published IP Address which the firewall will translate into an internal IP Address such as 192.168.0.102. 6. The application server sends the content to the OracleAS Webcache. 7. OracleAS WebCache sends the content to the client and stores a copy of the page in the cache. 4

INTERNET www.mycompany.com Firewall DMZ OracleAS WebCache 10.1.2 Oracle Application Server 10g 10.1.2 (Midtier and Infrastructure) Webcache turned off Kilo.us.oracle.com OracleAS 10.1.2 Application Server 5

Architecture Overview 1. Two VMWare Instances were used with Linux RedHat Enterprise Linux AS Release 3 (Taroon Update 4). A.VMWare Instance A running Webcache 10.1.2 (J2EE and Webcache option) DNS Entry: www.mycompany.com B.VMWare Instance B running OracleAS 10.1.2 (Portal and Wireless Option) DNS Entry: kilo.us.oracle.com 2. Request for the Portal pages will be through the Reverse Proxy WebCache with SSL on port 443. 3. Secure Sockets Layer (SSL) will terminate at the WebCache beyond which communication between the WebCache and the Application Server will be non-ssl or HTTP. 4. There will be a site-to server mapping from the WebCache to the Application Server, which will utilize the OHS Listen Port. The Listen Port of OHS is an IP port on which the OHS listens on for incoming HTTP Requests. 5. Portal uses a stateless servlet called Parallel Page Engine (PPE) running on Oracle Containers for J2EE to inspect portal meta-data, contact providers and construct a portal page. A loopback for the portal meta-data from the Portal DB is performed by the PPE through mod_plsql and webcache in the absence of an LBR. This loopback will occur on port 80. Note: The High-Availability (HA) aspect would be covered if a loop-back occurred against a LoadBalancer such that the failure of one webcache would enable the request to be loadbalanced to another. 6. The OracleAS Webcache will not only act as the Reverse Proxy (Proxy in front of another server) but it will also prevent the identification of the internal server from being compromised. As per the primary use of the Webcache, it will support caching of dynamic user specific portal content and objects. Despite acting as a ReverseProxy, the Webcache can still do performance assurance, Layer 7 detection and failover for multiple OracleAS10g Instances and Invalidation based caching. 7. The webcache that is installed with the OracleAS 10g will be turned off. There are two deployment options for Portal as dictated by the Portal Configuration Guide, Dedicated or co-located. Co-located is the default option in which case the Portal is installed with the webcache on the same physical server. Co-located indicates that the webcache is deployed to a separate physical server to avoid resource contention and is used as a more scalable approach to high volume sites. This paper advocates the use of a dedicated webcache as part of the architecture. 6

8. Portal and SSO requests will be handled through the same domain (http://www.mycompany.com) as opposed to dividing into two respective subdomains (e.g portal.mycompany.com and sso.mycompany.com). This can be accomplished through a new feature introduced in OracleAS Webcache 10.1.2 known as URL Path Prefixing. By using two URL path prefixes, two distinct sites can be created to point to two different applications by still using the same domain/subdomain. 9. The Portal uses Invalidation Based caching such that when an enduser changes portal content, the content in the Webcache can be considered stale. As such, the portal meta-data repository generates an xml message over http to invalidate the cache. The Portal Meta-data repository can only send an invalidation message to a single target. In an high availability scenario, the invalidation message should be sent to a LoadBalancer which can then redirect to a member of a webcache cluster which would then propagate to other members in the cluster This scenario would be preferable to sending the invalidation message to a single webcache which would be a single point of failure. Configuration Parameters Description APPLICATION SERVER HOST Kilo.us.oracle.com REVERSEPROXY WEBCACHE HOST www.mycompany.com ORACLEAS INFRASTRUCTURE HOME /u02/oracleinfra Kilo.us.oracle.com ORACLEAS MIDDLE-TIER HOME /u02/oracleasmt Kilo.us.oracle.com REVERSEPROXY WEBCACHE HOST /home/oracle/orahome_1 www.mycompany.com INFRASTRUCTURE DB SID ORCL 7

ORACLEAS MIDDLE-TIER HTTP SERVER LISTEN PORT 7779 ORACLEAS INFRASTRUCTURE LISTEN PORT 7777 SSL_LISTEN PORT ON WEBCACHE 443 PPE LOOPBACK PORT ON WEBCACHE 80 OID HOST/PORT Kilo.us.oracle.com, 3060 Note: Please see Appendix for Portlists of OracleAS Instances and ReverseProxy Instances. 8

Configuration Overview Step 1: Ensure the OracleAS and Reverse Proxy WebCache Components are running. Step 2: Configure OHS with the URL domain. Step 3: PPE Loopback on Non-SSL Port Step 4: Modify the Portal WebCache Settings. Step 5: Configure Single-Sign On Server. Step 6: Reassociate SSO with OracleAS Portal. Step 7: Configure mod_osso on both the Infrastructure/Middle tier. Step 8: Clear Caches and restart OHS. Step 9: Apply for an SSL certificate with Oracle Wallet Manager. Step 10: Configure WebCache with Site Mappings, Listen Ports and URL Path prefixes. Step 11: SSL configuration in OHS. Step 12: Update OID with Operation URL. Step 1: Ensure the OracleAS and Reverse Proxy WebCache Components are running. a. Set the ORACLE_HOME if not already set Example: export ORACLE_HOME = /u02/oracleinfra b. StartUp the Infrastructure Listener $ORACLE_HOME/bin /lsnrctl start Example: /u02/oracleinfra/bin 9

[oracle@kilo bin]$. /lsnrctl start c. StartUp the Infrastructure Database Instance Example:/u02/OracleInfra/bin [oracle@kilo bin]$./sqlplus sys/oracle9i@orcl as sysdba SQL* Plus: Release 10.1.0.3.0 Production on Wed April 13 17:53:00 2005 Copyright 1982, 2004, Oracle. All rights Reserved Connected to an idle Instance. SQL> startup d. Startup the Process Manager on the Infrastructure Example: /u02/oracleinfra/opmn/bin [oracle@kilo bin]$./opmnctl startall e. Startup the Process Manager on the Mid-tier. Set the Oracle Home for the Mid-tier and then startup the Process Manager. Example: export ORACLE_HOME=/u02/oracleasMT Cd $ORACLE_HOME/opmn/bin [oracle@kilo bin]$./opmnctl startall f. Startup the ReverseProxy Webcache on www.mycompany.com Example: export ORACLE_HOME=/home/oracle/OraHome_1 Cd $ORACLE_HOME/bin [oracle@www OraHome_1]$./webcachectl start g. Once the Portal as been tested http://<machine-name.domain>:7779/pls/portal, shutdown the Webcache on the OracleAS Midtier but ensure that the ReverseProxy Webcache is still running. To shutdown the Webcache 10

in the Midtier logon to EM(see step.2 for starting up EM) and navigate to Farm > Oracle_Home_Midtier_Instance > Webcache shutdown. Step 2: Configure OHS with Virtual Hosts Define a Virtual Host in the OracleAS Middle Tier that will reflect the desired URL of http://www.mycompany.com a. Use the Enterprise Manager website (e.g http://kilo.us.oracle.com:1811). Login as ias_admin/<password defined at install time> and navigate to the Farm> Oracle_Home_Midtier Instance > HTTP Server > Administration > Advanced Server Properties > httpd.conf. Example: http://kilo.us.oracle.com:1811 >Login as ias_admin/oracle9i. Farm > Application Server :oracleasmt.kilo.us.oracle.com > HTTP Server > Advanced Server Properties Note: To startup Enterprise Manager, type emctl start iasconsole in the $ORACLE_HOME/bin directory. Alternatively, add the virtutalhost entry in the httpd.conf directly in the midtier $ORACLE_HOME/Apache/Apache/conf directory. Ensure that the dcmctl updateconfig is run once the httpd.conf has been edited with the changes and saved. The dcmctl utility (Distributed Configuration Management Control in $ORACLE_HOME/dcm/bin) allows the common administration tasks to be performed at the command line without the need for Enterprise Manager. The updateconfig updates the DCM repository once manual changes in the configuration files (e.g. httpd.conf) have been made. $ORACLE_HOME/dcm/bin > dcmctl updateconfig b. At the end of the httpd.conf file, type in the following, <VirtualHost *:7779> ServerName www.mycompany.com Port 443 RewriteEngine On RewriteOptions Inherit </VirtualHost> Click Apply. 11

By defining a virtualhost, OHS will assert the ServerName and the Port Directive in order for the Portal to construct absolute Portal Links that will be visible in the browser. Secondly, Portal uses the directives in the virtutalhost to redirect browsers to the entry defined in the ServerName. If a virtualhost is not defined, the default ServerName directive will be used.. The 7779 Port defined is the OHS Listen Port on the OracleAS Midtier. c. Define a virtualhost entry in the Infrastructure Oracle Home as well. <VirtualHost *:7777> ServerName www.mycompany.com Port 443 RewriteEngine On RewriteOptions Inherit </VirtualHost> 7777 is the OHS Listen Port for the OracleAS Infrastructure. Step 3: PPE Loopback on Non-SSL Port As described in the Architecture Overview, the PPE does a loopback request to the Portal DB via webcache and modplsql. To ensure that the PPE makes a loopback request, edit the web.xml at the OracleAS Middle-tier $ORACLE_HOME/j2ee/OC4J_Portal/applications/portal/portal/WEB-INF directory. a. <servlet> <servlet-name>page</servlet-name> <servlet-class>oracle.webdb.page</servlet-class> <init-param> <param-name>usescheme</param-name> <param-value>http</param-value> </init-param> 12

<init-param> <param-name>useport</param-name> <param-value>80</param-value> </init-param> </servlet> b. Run $ORACLE_HOME/dcm/bin dcmctl updateconfig c. Restart OC4J_Portal from EM or by typing./opmnctl restartproc process-type=oc4j_portal at the Mid-tier ORACLE_HOME/opmn/bin directory. d. Check if the OracleAS ReverseProxy Webcache is listening on port 80 to support the loopback request. To check logon to the Webcache Manager by going to the IPAddress of the ReverseProxy Machine and accessing the Manager on port 4000. Example: http://www.mycompany.com:4000 Login as ias_admin/<password defined at install time> e.g Oracle9i Click on Ports > Listen Ports. If 80 has not been defined in the Listen ports, click on Add. Enter IP Address: ANY Port Number: 80 Protocol: HTTP Click on Submit and restart the Webcache Step 4: Modify the Portal Webcache Settings The next step is to update the meta-data and change Portal s perspective of the Webcache settings. Since the Portal is no longer using the dedicated webcache associated with the midtier, but rather the ReverseProxy Webcache, the portal meta-data needs to be updated. a. Logon to EM (See Step2 to see how to start EM) 13

Step 5: Configure SSO b. Navigate to Farm > Application Server Mid-tier Home: hostname > Portal:portal Edit the following entries: Published Host: <ReverseProxy Host> e.g www.mycompany.com Listening Port : 443 Listening Port SSL Enabled : Yes Invalidation Target: <ReverseProxyHost> e.g. www.mycompany.com Click Apply. c. This will update the iasconfig.xml file that can be found in <Midtier_Oracle_Home>/portal/conf directory. Configure the SSO requires that the host name should be changed to the proxy host name with the use of the ssocfg script. On Linux/Unix:: $ORACLE_HOME/sso/bin/ssocfg.sh http proxy_server_name proxy_port Example: ssocfg.sh https www.mycompany.com 443 On Windows: %ORACLE_HOME%/sso/bin/ssocfg.bat http proxy_server_name proxy_port Example: ssocfg.bat https www.mycompany.com 443 Step 6: Reassociate SSO with OracleAS Portal Now that the SSO has been reconfigured, reassociate the Portal to the new SSO configuration by using the Portal Dependancy Settings Tool (ptlconfig). Navigate to the <Oracle_Midtier_Home>/portal/conf directory. Run ptlconfig with the following parameters: Ptlconfig dad portal sso host www.mycompany.com -port 443 ssl 14

Ensure that the ORACLE_HOME is set if not already. export ORACLE_HOME=<oracle_midtier_home> Example: export ORACLE_HOME=/u02/OracleasMT The tool will request either the OID Admin Password (which would have been defined at Install time) or the Portal Schema password. Step 7: Reregister mod_osso on Infrastructure/Middle Tier Reregister mod_osso on both Tiers by running ssoreg.sh a. $ORACLE_HOME/sso/bin ssoreg.sh -oracle_home_path -site_name -config_mod_osso TRUE -mod_osso_url -virtualhost Ensure that the appropriate ORACLE_HOME is set prior to running the script. For the Midtier: Example: ssoreg.sh oracle_home_path /u02/oracleasmt site_name www.mycompany.com -config_mod_osso TRUE mod_osso_url https://www.mycompany.com -virtualhost For the Infrastructure: Example: ssoreg.sh oracle_home_path /u02/oracleinfra site_name sso.mycompany.com config_mod_osso TRUE mod_osso_url https://www.mycompany.com Step 8: Clear the Caches and Restart OHS. a. Shutdown OHS on the middle-tier and on the Infrastructure either through EM or through opmn. 15

b. Remove the numbered files in the $ORACLE_HOME/Apache/modplsql/cache directory. Step 9: Apply for an SSL certificate with Oracle Wallet Manager a. Logon to the ReverseProxy OS as the oracle user. b. <Midtier_Oracle_Home>/bin directory. c. Type in./owm. d. Click on Wallet from the drop down menu. Then Click on New. When a dialog box appears with Your default wallet directory does not exist. Do you want to create it? Click Yes. If it says Unable to create system default wallet directory. Please contact your Oracle System Administrator for help. You can continue and create a wallet but you must save it in another location. Do you want to continue anyway?. Click Yes. e. Enter in a Wallet Password and confirm it. Leave the Wallet as Standard. f. When a dialog box appears with A new empty wallet has been created. Do you want to create a certificate request at this time? Click Yes. g. Type the following Common Name: <ReverseProxy Name> e.g. www.mycompany.com Organizational Unit : IT Organization: <Company Name> mycompany Locality/City: Redwood City State/Province: CA Country: United States Key Size: 2048 Then click on OK. h. Click on Wallet > Certificate[Requested] and copy from ---Begin New Certificate Request to ---End New Certicate Request---. The copied file needs to be pasted into a certificate Authority to issue an SSL Certificate. A certificate Authority could be Verisign, Thawte. 16

i. Import the user certificate and the Root Certificate. j. Once the Certificates have been imported into the Wallet the status will change to Ready. k. Click on Wallet from the drop down menu and save as. Choose a location that is accessible by the operating user e.g. <ORACLE_HOME>/mycompany/wallet. If the directory does not exist, the wallet manager will create it. l. Once the wallet has been saved, click on Wallet again from the drop down menu and check the Auto Login feature and then click on Save As again. m. A dialog box stating A wallet already exists in the selected location. Do you want to overwrite it. Click on Yes. n. Click on Exit from the Wallet drop down menu. Step 10: Configure WebCache with Site Mappings, Listen Ports and URL Path prefixes a. Logon to the ReverseProxy OS as oracle. Navigate to $ORACLE_HOME/webcache/bin and execute the webcache_setuser.sh script Example:./webcache_setuser.sh setidentity oracle b. Logon to the webcache manager on the ReverseProxy Webcache e.g. http://www.mycompany.com:4000 c. Enter in ias_admin/<password defined at install time> e.g Oracle9i d. Click on Ports > Listen Ports. e. Click on Add. f. IP Address: ANY Port Number: 443 Protocol: HTTPS Wallet: /home/oracle/orahome_1/mycompany/wallet (This was defined in the previous step.) g. Apply Changes. Restart the Webcache. 17

h. Navigate to the Origin Servers > Sites and Load Balancing and click on Origin Servers. i. Click on Add. j. Type the following: Host Name: <OracleAS Mid-tier Host> e.g. kilo.us.oracle.com Port: <Listen Port> e.g. 7779 Routing: Enable Capacity: 100 Failover Threshold: 5 Ping URL: / Ping Interval: 5 Protocol: HTTP Click on Submit. j. Click on Add again. k. Type the following: Host Name: <OracleAS Infrastructure Host> e.g. kilo.us.oracle.com Port: <Listen Port> egg. 7777 Routing: Enable Capacity: 100 Failover Threshold: 5 Ping URL: / Ping Interval: 5 Protocol: HTTP Click on Submit. l. Click on Apply Changes. m. To create the site definitions for www.mycompany.com click on Origin Servers, Sites and Load Balancing > site definitions. n. Add site. o. Host Name: www.mycompany.com 18

Port Number: 443 URL Path Prefix:/pls/orasso Default Site: No Create Alias from Site Name with/without www: No Click Submit. p. In the same manner as step O, create the sites as above but changing the following URL path prefixes: /pls/portal /oiddas /sso Click Apply Changes and Restart the Cache. q. Once the site definitions have been completed, now click on the Origin Servers, Sites and Load Balancing > Site-to-Server Mapping r. Click on Insert Above and map the following: Select from Site Definitions www.mycompany.com:443/pls/orasso Check the <OracleAS Infrastructure><Infrastructure Port> e.g. kilo.us.oracle.com:7777. Click on Submit. s. Insert below the following. Select from Site definitions www.mycompany.com:443/pls/orasso Check the <OracleAS Mid-tier Port><Mid-tier Listen Port> e.g. kilo.us.oracle.com:7779 Click on Submit. t. Do the same for the following. Select from Site definitions www.mycompany.com:443/oiddas Check the <OracleAS Infrastructure><Infrastructure Listen Port> e.g. kilo.us.oracle.com:7777 Click on Submit. u. Select from Site definitions www.mycompany.com:443/sso 19

Check the <OracleAS Infrastructure><Infrastructure Listen Port> e.g. kilo.us.oracle.com:7777 Click on Submit. Click Apply Changes and Restart. Step 11: SSL configuration in OHS. (From the SSO Administration Guide) Having configured SSL communication between just the browser and the proxy server, configure mod_certheaders on the middle tier. This module enables the Oracle HTTP Server to treat HTTP proxy requests that it receives as SSL requests. Add the lines that follow to httpd.conf ($ORACLE_HOME/Apache/Apache/conf). You can place them at the end of the file. Where they appear is unimportant. Enter this line to load the module: UNIX: LoadModule certheaders_module libexec/mod_certheaders.so Windows: LoadModule certheaders_module modules/apachemodulecertheaders.dll SimulateHttps on Example: For OracleAS Midtier LoadModule certheaders_module libexec/mod_certheaders.so SimulateHTTPS On <VirtualHost *:7779> ServerName www.mycompany.com Port 443 RewriteEngine On RewriteOptions Inherit 20

</VirtualHost> Example: For OracleAS Infrastructure LoadModule certheaders_module libexec/mod_certheaders.so SimulateHTTPS On <VirtualHost *:7777> ServerName www.mycompany.com Port 443 RewriteEngine On RewriteOptions Inherit </VirtualHost> Step 12: Update OID with Operation URL. a. The next step is to modify the DAS URL. On the OracleAS Infrastructure box, invoke the Oracle Directory Manager. b. On Linux / Unix : $ORACLE_HOME/bin Invoke./oidadmin c. Add the Server and the port. E.g. kilo.us.oracle.com, port 3060 d. Login to ODM with username orcladmin and password <defined at install time.> Oracle9i. e. Navigate through Entry Management > cn=oraclecontext > cn=products > cn=das >cn=operationurls. f. Change the orcldasurlbase to https://<reverseproxy name>/ e.g https://www.mycompany.com/ => Include the slash after the hostname as indicated. g. Click Apply. h. Logon to the portal https://www.mycompany.com/pls/portal as portal/<password defined at install time.> i. Click on Administer > Global Settings > SSO/OID. 21

j. Check Refresh Cache for OID Parameters. k. Click Apply and then OK. Appendix & Issues [System] Mid-tier Port List Host Name = kilo.us.oracle.com [Ports] Oracle HTTP Server port = 7778 Oracle HTTP Server Listen port = 7779 Oracle HTTP Server SSL port = 4445 Oracle HTTP Server Listen (SSL) port = 4446 Oracle HTTP Server Diagnostic port = 7201 Java Object Cache port = 7011 Oracle Notification Server Request port = 6004 Oracle Notification Server Local port = 6101 Oracle Notification Server Remote port = 6201 Log Loader port = 44001 DCM Discovery port = 7102 Enterprise Manager Agent Port = 1831 Application Server Control RMI port = 1851 Application Server Control port = 1811 Web Cache HTTP Listen port = 7778 Web Cache HTTP Listen (SSL) port = 4445 Web Cache Administration port = 4000 Web Cache Invalidation port = 4001 Web Cache Statistics port = 4002 22

[System] Infrastructure Port List Host Name = kilo.us.oracle.com [Ports] Oracle HTTP Server port = 7777 Oracle HTTP Server Listen port = 7777 Oracle HTTP Server SSL port = 4443 Oracle HTTP Server Listen (SSL) port = 4443 Oracle HTTP Server Diagnostic port = 7200 Java Object Cache port = 7010 Oracle Notification Server Request port = 6003 Oracle Notification Server Local port = 6100 Oracle Notification Server Remote port = 6200 Log Loader port = 44000 DCM Discovery port = 7101 Enterprise Manager Agent Port = 1830 Application Server Control RMI port = 1850 Application Server Control port = 1810 Oracle Internet Directory port = 3060 Oracle Internet Directory (SSL) port = 3131 Enterprise Manager Console HTTP Port (orcl) = 5500 Enterprise Manager Agent Port (orcl) = 1831 [Ports] www.mycompany.com ReverseProxy Webcache Port List Oracle HTTP Server Diagnostic port = 7200 Web Cache HTTP Listen port = 7777 Web Cache HTTP Listen (SSL) port = 4443 Web Cache Administration port = 4000 Web Cache Invalidation port = 4001 Web Cache Statistics port = 4002 WebCache Listen Port (SSL) = 443 23

WebCache Listen Port = 80 24