Transfer Real User Monitoring Data to Oracle Cloud Infrastructure Data Upload Endpoint
You can transfer Real User Monitoring data to the Oracle Cloud Infrastructure Data Upload Endpoint based on different deployment scenarios.
Determine the configuration scenario for your deployment
- Scenario 1: If your company allows full internet access to all users, Real User Monitoring data will be sent to Application Performance Monitoring without any special configuration or a proxy setup.
- Scenario 2: If your company limits internet access, but would still like complete Real User Monitoring data to be sent to Application Performance Monitoring, then you should configure your existing firewall or proxy to permit requests to be sent to Application Performance Monitoring. See Transfer Real User Monitoring Data Through a Proxy.
- Scenario 3: If there are special security or administrative requirements, you can configure a reverse proxy inside your network that forwards traffic in a more controlled way to Application Performance Monitoring. See Transfer Real User Monitoring Data Through a Reverse Proxy.
Transfer Real User Monitoring Data Through a Proxy
In cases where internal users of an enterprise web application have access to that application, but not to the internet in general, proxy rules should be adapted to allow access to the Data Upload Endpoint (window.apmrum.ociDataUploadEndpoint
) for all users. In this way, you can send Real User Monitoring performance data to the Data Upload Endpoint, even if users do not have access to it otherwise.
For information on the Data Upload Endpoint, see Deploy the APM Browser Agent With Your Application. Configuration of a proxy is vendor specific, see the documentation provided by the proxy vendor for configuration details.
Transfer Real User Monitoring Data Through a Reverse Proxy
The reverse proxy technique allows browsers to find a way through the customer firewall. A reverse proxy acts like an endpoint inside the enterprise network, which forwards each request to the Data Upload Endpoint, and returns the response it receives from there. You can configure a reverse proxy by following these steps:
Configure APM Browser Agent to Use a Different Data Upload Endpoint
The APM browser agent should override the Data Upload Endpoint with the local endpoint of the reverse proxy. This can be done by configuring the property for window.apmrum.ociDataUploadEndpoint
. Note that to use a reverse proxy, you'll need a valid certificate, more information regarding which is provided later in this section.
window.apmrum.ociDataUploadEndpoint='https://myproxy.example.com:4443'
In the example above, replace myproxy.example.com
and the port number 4443
with the host name and the port number of the machine where the reverse proxy is installed. Once the Data Upload Endpoint is updated, restart the application server.
Configure a Reverse Proxy
You can configure a reverse proxy using any reverse proxy configuration tool like NGINX, Squid, or WebLogic ProxyPlugin, however, the following instructions are only applicable if using Oracle HTTP Server (OHS).
If you have an OHS setup, skip steps 1-6. If you're using a trusted certificate, skip step 7.
-
Navigate to http://www.oracle.com/technetwork/middleware/webtier/downloads/index.html.
-
Accept the license agreement.
-
Scroll to Oracle WebTier 12cR2 and Oracle HTTP Server 12.2.1.1.
-
Select Linux-64 bit and download the installer.
-
Install Oracle HTTP Server. For information, see About the Oracle HTTP Server Installation in Installing and Configuring Oracle HTTP Server.
Note
The above document assumes that OHS is installed at/Oracle
. -
Start the
nodemanager
.# export DOMAIN_HOME=<WLS Domain home> # cd $DOMAIN_HOME/bin # nohup ./startNodeManager.sh > nm.out&
Here's an example:# export DOMAIN_HOME="/Oracle/Middleware/Oracle_Home/user_projects/domains/base_domain" # cd $DOMAIN_HOME/bin # nohup ./startNodeManager.sh > nm.out&
-
Add the HTTP Server certificate to wallet.
-
Prepare the wallet:
# export DOMAIN_HOME=<WLS Domain home> # cd $DOMAIN_HOME/config/fmwconfig/components/OHS/instances/ohs1/keystores # mkdir proxy # $DOMAIN_HOME/../../../oracle_common/bin/orapki wallet create -wallet . -auto_login_only
Here's an example:
# export DOMAIN_HOME=/Oracle/Middleware/Oracle_Home/user_projects/domains/base_domain # cd $DOMAIN_HOME/config/fmwconfig/components/OHS/instances/ohs1/keystores # mkdir proxy # $DOMAIN_HOME/../../../oracle_common/bin/orapki wallet create -wallet . -auto_login_only
-
Obtain the certificates and add them to the wallet:
Method 1:
# echo -n | openssl s_client -connect <Data Upload Endpoint>:<port> | sed -ne '/-BEGIN CERTIFICATE-/,/-END CERTIFICATE-/p' > /tmp/proxy_certificate.cert
Method 2:
-
Install (or update) the CA certificates:
# yum update ca-certificates
-
Split the bundle CA root file containing all certificates into separate files. (
orapki
cannot handle a bundle.)# awk 'BEGIN {c=0;} /BEGIN CERT/{c++} { print > "cert." c ".pem"}' < /etc/pki/tls/certs/ca-bundle.crt
-
Load the individual certificates into the OHS proxy wallet.
# for i in `ls cert.*.pem`; do / Oracle/Middleware/Oracle_Home/oracle_common/bin/orapki wallet add -wallet . -cert $i -trusted_cert -auto_login_only; done
-
-
-
Obtain the
ociDataUploadEndpoint
. For information, see Manually Inject Browser Agent. -
Configure HTTPS reverse proxy with Oracle HTTP Server.
-
In an editor, open the
ssl.conf
file located in the folderohs1
.# export DOMAIN_HOME=<WLS Domain home> DOMAIN_HOME/config/fmwconfig/components/OHS/instances/ohs1
Here's an example:
# export DOMAIN_HOME="/Oracle/Middleware/Oracle_Home/user_projects/domains/base_domain" # vi $DOMAIN_HOME/config/fmwconfig/components/OHS/instances/ohs1/ssl.conf
-
Configure the SSL reverse proxy in an existing virtual host definition section.
Here's an example:... <VirtualHost *:4443> <IfModule ossl_module> # SSL Engine Switch: # Enable/Disable SSL for this virtual host. SSLEngine on SSLProxyEngine on SSLProxyWallet "${ORACLE_INSTANCE}/config/fmwconfig/components/${COMPONENT_TYPE}/instances/${COMPONENT_NAME}/keystores/proxy" SSLProxyVerify none ProxyPass "/20200630/observations" "https://datauploadendpointurl.com/20200630/observations/public-span" ProxyPassReverse "/20200630/observations" "https://datauploadendpointurl.com/20200630/observations/public-span" ProxyPreserveHost On ProxyRequests off ... </VirtualHost> ...
-
Replace the URL
https://datauploadendpointurl.com/20200630/observations/public-span
with the actual Data Upload Endpoint.Note
To use HTTP communication between browser and Reverse Proxy, comment out theSSLEngine on
line. -
Start the
ohs1
component.# export DOMAIN_HOME=<WLS Domain home> # cd DOMAIN_HOME/bin # ./startComponent.sh ohs1
Here's an example:
# export DOMAIN_HOME=/Oracle/Middleware/Oracle_Home/user_projects/domains/base_domain # cd DOMAIN_HOME/bin # ./startComponent.sh ohs1
-