Transfer Real User Monitoring Data to Oracle Cloud Infrastructure Data Upload Endpoint

You can transfer Real User Monitoring data to the Oracle Cloud Infrastructure Data Upload Endpoint based on different deployment scenarios.

Determine the configuration scenario for your deployment

  • Scenario 1: If your company allows full internet access to all users, Real User Monitoring data will be sent to Application Performance Monitoring without any special configuration or a proxy setup.
  • Scenario 2: If your company limits internet access, but would still like complete Real User Monitoring data to be sent to Application Performance Monitoring, then you should configure your existing firewall or proxy to permit requests to be sent to Application Performance Monitoring. See Transfer Real User Monitoring Data Through a Proxy.
  • Scenario 3: If there are special security or administrative requirements, you can configure a reverse proxy inside your network that forwards traffic in a more controlled way to Application Performance Monitoring. See Transfer Real User Monitoring Data Through a Reverse Proxy.

Transfer Real User Monitoring Data Through a Proxy

In cases where internal users of an enterprise web application have access to that application, but not to the internet in general, proxy rules should be adapted to allow access to the Data Upload Endpoint (window.apmrum.ociDataUploadEndpoint) for all users. In this way, you can send Real User Monitoring performance data to the Data Upload Endpoint, even if users do not have access to it otherwise.

For information on the Data Upload Endpoint, see Deploy the APM Browser Agent With Your Application. Configuration of a proxy is vendor specific, see the documentation provided by the proxy vendor for configuration details.

Transfer Real User Monitoring Data Through a Reverse Proxy

The reverse proxy technique allows browsers to find a way through the customer firewall. A reverse proxy acts like an endpoint inside the enterprise network, which forwards each request to the Data Upload Endpoint, and returns the response it receives from there. You can configure a reverse proxy by following these steps:

Configure APM Browser Agent to Use a Different Data Upload Endpoint

The APM browser agent should override the Data Upload Endpoint with the local endpoint of the reverse proxy. This can be done by configuring the property for window.apmrum.ociDataUploadEndpoint. Note that to use a reverse proxy, you'll need a valid certificate, more information regarding which is provided later in this section.

Here's an example of the setting:
window.apmrum.ociDataUploadEndpoint='https://myproxy.example.com:4443'
In the example above, replace myproxy.example.com and the port number 4443 with the host name and the port number of the machine where the reverse proxy is installed. Once the Data Upload Endpoint is updated, restart the application server.

Configure a Reverse Proxy

You can configure a reverse proxy using any reverse proxy configuration tool like NGINX, Squid, or WebLogic ProxyPlugin, however, the following instructions are only applicable if using Oracle HTTP Server (OHS).

Note

If you have an OHS setup, skip steps 1-6. If you're using a trusted certificate, skip step 7.
  1. Navigate to http://www.oracle.com/technetwork/middleware/webtier/downloads/index.html.

  2. Accept the license agreement.

  3. Scroll to Oracle WebTier 12cR2 and Oracle HTTP Server 12.2.1.1.

  4. Select Linux-64 bit and download the installer.

  5. Install Oracle HTTP Server. For information, see About the Oracle HTTP Server Installation in Installing and Configuring Oracle HTTP Server.

    Note

    The above document assumes that OHS is installed at /Oracle.
  6. Start the nodemanager.

    # export DOMAIN_HOME=<WLS Domain home>
    # cd $DOMAIN_HOME/bin
    # nohup ./startNodeManager.sh > nm.out&
    Here's an example:
    # export DOMAIN_HOME="/Oracle/Middleware/Oracle_Home/user_projects/domains/base_domain"
    # cd $DOMAIN_HOME/bin
    # nohup ./startNodeManager.sh > nm.out&
  7. Add the HTTP Server certificate to wallet.

    1. Prepare the wallet:

      # export DOMAIN_HOME=<WLS Domain home>
      # cd $DOMAIN_HOME/config/fmwconfig/components/OHS/instances/ohs1/keystores
      # mkdir proxy
      # $DOMAIN_HOME/../../../oracle_common/bin/orapki wallet create -wallet . -auto_login_only

      Here's an example:

      # export DOMAIN_HOME=/Oracle/Middleware/Oracle_Home/user_projects/domains/base_domain
      # cd $DOMAIN_HOME/config/fmwconfig/components/OHS/instances/ohs1/keystores
      # mkdir proxy
      # $DOMAIN_HOME/../../../oracle_common/bin/orapki wallet create -wallet . -auto_login_only
    2. Obtain the certificates and add them to the wallet:

      Method 1:

      # echo -n | openssl s_client -connect <Data Upload Endpoint>:<port> | sed -ne '/-BEGIN CERTIFICATE-/,/-END CERTIFICATE-/p' > /tmp/proxy_certificate.cert

      Method 2:

      1. Install (or update) the CA certificates:

        # yum update ca-certificates
      2. Split the bundle CA root file containing all certificates into separate files. (orapki cannot handle a bundle.)

        # awk 'BEGIN {c=0;} /BEGIN CERT/{c++} { print > "cert." c ".pem"}' < /etc/pki/tls/certs/ca-bundle.crt
      3. Load the individual certificates into the OHS proxy wallet.

        # for i in `ls cert.*.pem`; do / Oracle/Middleware/Oracle_Home/oracle_common/bin/orapki wallet add -wallet . -cert $i -trusted_cert -auto_login_only; done
  8. Obtain the ociDataUploadEndpoint. For information, see Manually Inject Browser Agent.

  9. Configure HTTPS reverse proxy with Oracle HTTP Server.

    1. In an editor, open the ssl.conf file located in the folder ohs1.

      # export DOMAIN_HOME=<WLS Domain home>
      DOMAIN_HOME/config/fmwconfig/components/OHS/instances/ohs1

      Here's an example:

      # export DOMAIN_HOME="/Oracle/Middleware/Oracle_Home/user_projects/domains/base_domain"
      # vi $DOMAIN_HOME/config/fmwconfig/components/OHS/instances/ohs1/ssl.conf
    2. Configure the SSL reverse proxy in an existing virtual host definition section.

      Here's an example:
      ...
      <VirtualHost *:4443>
        <IfModule ossl_module>
         #  SSL Engine Switch:
         #  Enable/Disable SSL for this virtual host.
         SSLEngine on
         SSLProxyEngine on
         SSLProxyWallet "${ORACLE_INSTANCE}/config/fmwconfig/components/${COMPONENT_TYPE}/instances/${COMPONENT_NAME}/keystores/proxy"
         SSLProxyVerify none
         ProxyPass "/20200630/observations" "https://datauploadendpointurl.com/20200630/observations/public-span"
         ProxyPassReverse "/20200630/observations" "https://datauploadendpointurl.com/20200630/observations/public-span"
         ProxyPreserveHost On
         ProxyRequests off
         ...
      </VirtualHost>
      ...
    3. Replace the URL https://datauploadendpointurl.com/20200630/observations/public-span with the actual Data Upload Endpoint.

      Note

      To use HTTP communication between browser and Reverse Proxy, comment out the SSLEngine on line.
    4. Start the ohs1 component.

      # export DOMAIN_HOME=<WLS Domain home>
      # cd DOMAIN_HOME/bin
      # ./startComponent.sh ohs1

      Here's an example:

      # export DOMAIN_HOME=/Oracle/Middleware/Oracle_Home/user_projects/domains/base_domain
      # cd DOMAIN_HOME/bin
      # ./startComponent.sh ohs1