Oracle® Fusion Middleware Release Notes 11g Release 1 (11.1.1) for Linux x86-64 Part Number E14770-11 |
|
|
View PDF |
This chapter describes issues associated with Oracle Web Cache. It includes the following topics:
This section describes configuration issues and their workarounds. It includes the following topics:
Section 10.1.2, "Running Oracle Web Cache Processes as a Different User Is Not Supported"
Section 10.1.3, "Defining Duplicate Origin Servers Causes Startup Failure"
Section 10.1.4, "Mixed Protocols in Site-to-Server Mappings Causes Startup Failures"
Section 10.1.5, "Oracle Web Cache Not Restarting When All Listening Ports Are SSL-Enabled"
For enhanced security, no default hard-coded passwords are used for managing Oracle Web Cache.
When you install the Oracle Web Tier installation type, the Oracle Universal Installer prompts you to choose a password. The Web Cache Administrator page of the Oracle Universal Installer prompts you to enter a password for the administrator
account. The administrator
account is the Oracle Web Cache administrator authorized to log in to Oracle Web Cache Manager and make configuration changes through that interface.
When you install the Oracle Portal, Forms, Reports and Discoverer installation type, the prompt for the administrator
password is missing. Instead, the Oracle Portal, Forms, Reports and Discoverer install type uses a random value chosen at install time.
No matter the installation type, before you begin configuration, change the passwords for these accounts to a secure password. If you are configuring a cache cluster, all members of the cluster must use the same password for the administrator
account.
To change the password, use the Passwords page of Fusion Middleware Control, as described in Section 5.2, "Configuring Password Security," of the Oracle Fusion Middleware Administrator's Guide for Oracle Web Cache.
Running Oracle Web Cache as a user other than the installed user through the use of the webcache_setuser.sh setidentity
command is not supported for this release. Specifically, you cannot change the user ID with the following sequence:
Change the process identity of the Oracle Web Cache processes in the Process Identity page using Oracle Web Cache Manager (Properties > Process Identity).
Use the webcache_setuser.sh
script as follows to change file and directory ownership:
webcache_setuser.sh setidentity <user_ID>
where <
user_ID
>
is the user you specified in the User ID field of the Process Identity page.
Restart Oracle Web Cache using opmnctl
.
Oracle Web Cache will start and then immediately shut down.
In addition, messages similar to the following appear in the event log:
[2009-06-02T21:22:46+00:00] [webcache] [ERROR:1] [WXE-13212] [logging] [ecid: ] Access log file /scratch/webtier/home/instances/instance1/diagnostics /logs/WebCache/webcache1/access_log could not be opened. [2009-06-02T21:22:46+00:00] [webcache] [WARNING:1] [WXE-13310] [io] [ecid: ] Problem opening file /scratch/webtier/home/instances/instance1/config /WebCache/webcache1/webcache.pid (Access Denied). [2009-06-02T21:22:46+00:00] [webcache] [ERROR:1] [WXE-11985] [esi] [ecid: ] Oracle Web Cache is unable to obtain the size of the default ESI fragment page /scratch/webtier/home/instances/instance1/config /WebCache/webcache1/files/esi_fragment_error.txt. [2009-06-02T21:22:46+00:00] [webcache] [WARNING:1] [WXE-11905] [security] [ecid: ] SSL additional information: The system could not open the specified file.
For further information about the webcache_setuser.sh
script, see Section 5.9, "Running webcached with Root Privilege," of the Oracle Fusion Middleware Administrator's Guide for Oracle Web Cache.
Fusion Middleware Control enables you to configure multiple origin servers using the same host name and port number. Configure origin servers with duplicate host and port settings, both the cache
server and admin
server processes fail to start.
To resolve this issue:
Use a text editor to open webcache.xml
, located in:
(UNIX) ORACLE_INSTANCE/<instance_name>/config/WebCache/<webcache_name> (Windows) ORACLE_INSTANCE\<instance_name>\config\WebCache\<webcache_name>
Find the two or more HOST
elements with the same NAME
and PORT
values as mentioned in the startup error message in the event log. Edit the port number of one of the HOST
elements so that it is a unique value between 1 and 65535.
For example, suppose the error message in the event log is as follows:
Duplicate origin server hosts specified for host my.company.com port 8888.
Also, the HOST
elements in webcache.xml
are as follows:
<HOST OSSTATE="ON" LOADLIMIT="100" PORT="8888" NAME="my.company.com" ID="h1" /> <HOST OSSTATE="ON" LOADLIMIT="100" PORT="8888" NAME="my.company.com" ID="h2" />
You would modify the PORT
value for one. For example:
<HOST OSSTATE="ON" LOADLIMIT="100" PORT="8888" NAME="my.company.com" ID="h1" /> <HOST OSSTATE="ON" LOADLIMIT="100" PORT="9999" NAME="my.company.com" ID="h2" />
You can now restart both the admin
and cache
server processes. You can then use Fusion Middleware Control or Web Cache Manager to make further configuration changes.
For further information about the configuring site-to-server mapping, see Section 2.11.2, "Specify Origin Server Settings," of the Oracle Fusion Middleware Administrator's Guide for Oracle Web Cache.
When you map sites to origin servers you cannot create a mapping that has a mix of HTTP and HTTPS origin sever. Select origin servers using HTTP or HTTPS, but not both protocols. If you select of origin server using a mix of HTTP and HTTPS, both the cache
server and admin
server processes fail to start.
To resolve this issue:
Use a text editor to open webcache.xml
, located in:
(UNIX) ORACLE_INSTANCE/<instance_name>/config/WebCache/<webcache_name> (Windows) ORACLE_INSTANCE\<instance_name>\config\WebCache\<webcache_name>
And the VIRTUALHOSTMAP
element:
<VIRTUALHOSTMAP PORT="80" NAME="my.company.com"> <HOSTREF HOSTID="h1"/> <HOSTREF HOSTID="h2"/> </VIRTUALHOSTMAP>
Remove one of the HOSTREF
child elements. For example:
<VIRTUALHOSTMAP PORT="80" NAME="my.company.com"> <HOSTREF HOSTID="h1"/> </VIRTUALHOSTMAP>
You can now restart both the admin
and cache
server processes. You can also use Fusion Middleware Control or Oracle Web Cache Manager to make further configuration changes.
For further information about the configuring site-to-server mappings, see Section 2.11.4, "Map Site Definitions to Origin Servers," of the Oracle Fusion Middleware Administrator's Guide for Oracle Web Cache.
Oracle Process Manager and Notification Server pings Oracle Web Cache. If the ping fails, OPMN attempts to restart Oracle Web Cache. If you configure all of the Oracle Web Cache listening ports for SSL, OPMN may unsuccessfully restart Oracle Web Cache unless you import the certificate to the OPMN wallet with one of the following methods:
WLST Utility
Use the exportWalletObject
to export a certificate or other wallet object to a file.
Use the importWalletObject
to import a certificate or other object into an Oracle wallet.
orapki
Utility
Use the orapki wallet export
command to export a certificate to a file.
Use the orapki wallet add
command to import a certificate into an Oracle wallet.
For further information about these utilities, see the Oracle Fusion Middleware Administrator's Guide.
To start, stop, or restart Oracle Web Cache from Fusion Middleware Control, from the Web Cache menu, you can choose Control, and then Start Up, Shut Down, or Restart. If you select Shut Down, and then a Start Up on a configuration page, Fusion Middleware Control may return exception errors. If these errors occur in your environment, perform the operations from Web Cache Home page.
This section describes documentation errata. It includes the following topic:
The online help for the SSL Configuration section of the Edit Port page in Fusion Middleware Control and Chapter 5, "Configuring Security" of Oracle Fusion Middleware Administrator's Guide for Oracle Web Cache do not provide details about the versions of SSL from the SSL Protocol Version list. The SSL version are mapped as follows:
All: This selection enables the v1, v3, and v3-v2Hello options.
v1: This selection supports TLS version 1 traffic.
v3: This selection provides SSL version 3 traffic.
v3_v2Hello: This selection combines the SSL version 2 hello message format with SSL version 3 handling to support SSL version upgrade during handshake operations.