Applications

Oracle WebLogic 12c User Guide

| Product: Oracle WebLogic 12c

Overview

The Oracle WebLogic 12c AMI by cloudimg provides a fully preconfigured Oracle WebLogic Server installation ready to run on Amazon EC2. This image includes a sample WebLogic domain (base_domain) with an AdminServer already configured, allowing you to launch and access the WebLogic Administration Console within minutes of starting the instance.

Oracle WebLogic Server is an enterprise grade Java application server used to develop, deploy, and manage large scale distributed applications. It supports Java EE standards, provides robust clustering capabilities, and integrates seamlessly with Oracle databases and other Oracle middleware products. This AMI is suitable for development, testing, staging, and production environments.

All Oracle software is installed under a dedicated /u01 mount point on its own EBS volume, and the WebLogic instance is managed through convenient start and stop scripts under the oracle OS user's home directory.

This guide walks you through connecting to the instance, starting WebLogic, accessing the Administration Console, changing the administrator password, and applying security best practices.

Visit www.cloudimg.co.uk to explore the full catalogue of preconfigured AMIs available on the AWS Marketplace.

Prerequisites

Before launching the Oracle WebLogic 12c AMI, ensure you have the following in place.

AWS Account You need an active AWS account with permissions to launch EC2 instances and manage security groups.

EC2 Key Pair Create or select an existing EC2 key pair in the region where you plan to launch the instance. This key pair is required for SSH authentication.

Security Group Configuration Your security group must allow inbound traffic on the following ports:

Protocol Type Port Description
SSH TCP 22 SSH connectivity for remote administration
TCP TCP 7001 Oracle WebLogic Administration Console

Restrict SSH access to your own IP address or a trusted CIDR range. The WebLogic Administration Console port (7001) should also be limited to trusted IP addresses only.

Minimum System Requirements

Minimum CPU Minimum RAM Required Disk Space
1 vCPU 1 GB 20 GB

For production workloads or deployments with multiple managed servers, consider a m5.large or larger instance type with at least 4 GB of RAM. WebLogic benefits significantly from additional memory.

Step by Step Setup

Step 1: Launch the Instance

  1. Open the AWS Marketplace listing for Oracle WebLogic 12c by cloudimg.
  2. Click Continue to Subscribe, then Continue to Configuration.
  3. Select your preferred AWS Region and instance type.
  4. On the launch page, choose your VPC, subnet, and assign the security group you prepared above.
  5. Select your EC2 key pair and launch the instance.

Step 2: Wait for Status Checks

Allow the EC2 instance to reach 2/2 status checks passed before attempting to connect. The instance runs an initial boot update script that applies the latest operating system patches, so the first boot may take a few minutes longer than usual.

If you attempt to connect before both status checks have passed, you may see errors such as:

Permission denied (publickey,gssapi-keyex,gssapi-with-mic).
ec2-user@your-instance-ip's password:

This is expected behaviour during early boot. Wait for the status checks to complete and try again.

Step 3: Connect via SSH

Connect to the instance using your private key:

ssh -i /path/to/your-key.pem ec2-user@<PUBLIC_IP>

Replace <PUBLIC_IP> with the public IP address or public DNS name shown in the EC2 console.

Step 4: Switch to the Root User

Once connected as ec2-user, switch to the root user:

sudo su -

Step 5: Retrieve the WebLogic Administrator Password

The WebLogic administrator password is randomly generated at build time. Retrieve it from the credentials file:

cat /stage/scripts/weblogic-credentials.txt

Make a note of this password. You will need it to log in to the WebLogic Administration Console. The default administrator username is weblogic.

Step 6: Switch to the Oracle User

WebLogic services must be managed as the oracle OS user. Please type this command manually (do not copy and paste):

sudo su - oracle

Step 7: Start the WebLogic Instance

Three scripts are available in the oracle user's home directory. Start the sample WebLogic instance:

cd $HOME
. ./start-weblogic.sh

A start log file will be created under the oracle user's home directory. Monitor the startup progress:

tail -f /home/oracle/start-weblogic.log

Wait until you see the following messages in the log, confirming the server has started successfully:

<Server state changed to RUNNING>
<Server started in RUNNING mode>

The full startup output will show the AdminServer for domain "base_domain" running in Production Mode, listening on port 7001 for protocols including iiop, t3, ldap, snmp, and http.

Step 8: Access the WebLogic Administration Console

Open a web browser and navigate to:

http://<PUBLIC_IP>:7001/console

You will see the Oracle WebLogic Server Administration Console login page.

Enter the following credentials: - Username: weblogic - Password: The randomly generated password from /stage/scripts/weblogic-credentials.txt

Click Login to access the console.

Step 9: Change the Administrator Password (Recommended)

After your first login, it is strongly recommended that you change the default password. Follow these steps in the Administration Console:

  1. Click Lock & Edit in the top left pane to enter edit mode.
  2. In the left hand navigation, click Security Realms.
  3. Click myrealm to open the security realm settings.
  4. Select the Users and Groups tab.
  5. Click on the weblogic user.
  6. Select the Passwords tab.
  7. Enter your new strong password in both the New Password and Confirm New Password fields.
  8. Click Save.
  9. Click Release Configuration in the left hand pane to apply the changes.

Server Components

The Oracle WebLogic 12c AMI includes the following preconfigured components.

Component Software Home Description
Oracle WebLogic Server /u01 Enterprise Java application server with Administration Console
Java (JDK) Bundled with WebLogic Java Development Kit required by WebLogic Server

The WebLogic installation includes: - AdminServer configured in the base_domain domain - Administration Console accessible on port 7001 - WLST (WebLogic Scripting Tool) for command line administration - Support for protocols including IIOP, T3, LDAP, SNMP, and HTTP

Filesystem Layout

The AMI uses dedicated mount points to separate the operating system from the Oracle software.

Mount Point Description
/ Root filesystem containing the operating system
/boot Operating system kernel files
/u01 Oracle software installation directory on a dedicated volume

Key directories and their purposes:

Path Purpose
/u01 Top level Oracle software installation directory
/u01/oracle Oracle WebLogic installation home
/home/oracle Home directory for the oracle OS user, contains start/stop scripts
/home/oracle/setEnv.sh Sets Oracle environment variables including paths for WLST and other utilities
/home/oracle/start-weblogic.sh Script to start the WebLogic AdminServer instance
/home/oracle/stop-weblogic.sh Script to stop the WebLogic AdminServer instance
/home/oracle/start-weblogic.log Log output from the most recent WebLogic start operation
/stage/scripts cloudimg provisioning scripts and credential files
/stage/scripts/weblogic-credentials.txt Randomly generated WebLogic administrator password

The /u01 volume is mounted on a separate EBS volume, allowing you to independently resize storage for the Oracle installation without affecting the root filesystem.

Managing Services

WebLogic services are managed through the oracle OS user using scripts located in the oracle home directory.

Setting Up the Oracle Environment

Before using any Oracle utilities (such as WLST), source the environment script:

sudo su - oracle
. ./setEnv.sh

This sets the necessary environment variables including ORACLE_HOME, JAVA_HOME, and PATH entries for WebLogic tools.

Starting the WebLogic Instance

sudo su - oracle
cd $HOME
. ./start-weblogic.sh

Monitor the startup log:

tail -f /home/oracle/start-weblogic.log

The server is ready when you see Server state changed to RUNNING in the log output.

Stopping the WebLogic Instance

sudo su - oracle
cd $HOME
. ./stop-weblogic.sh

Checking WebLogic Status

You can verify whether the WebLogic process is running by checking Java processes:

ps -ef | grep weblogic

Or check if port 7001 is listening:

netstat -tlnp | grep 7001

Scripts and Log Files

The AMI includes several scripts and log files created by cloudimg to streamline provisioning and service management.

Script or Log Path Description
initial_boot_update.sh /stage/scripts Updates the operating system with the latest available patches on first boot
initial_boot_update.log /stage/scripts Output log from the initial boot update script
weblogic-credentials.txt /stage/scripts Contains the randomly generated WebLogic administrator password
setEnv.sh /home/oracle Sets Oracle environment variables for using tools such as WLST
start-weblogic.sh /home/oracle Starts the sample Oracle WebLogic AdminServer instance
stop-weblogic.sh /home/oracle Stops the Oracle WebLogic AdminServer instance
start-weblogic.log /home/oracle Log output from the most recent WebLogic start operation

Disabling the Initial Boot Update Script

The OS update script runs automatically on every reboot via crontab. If you prefer to manage updates manually, you can disable it:

rm -f /stage/scripts/initial_boot_update.sh

crontab -e
# DELETE THE BELOW LINE, SAVE AND EXIT THE FILE:
@reboot /stage/scripts/initial_boot_update.sh

Using the Administration Console

The WebLogic Administration Console is a web based interface for managing all aspects of your WebLogic domain.

Accessing the Console

Navigate to http://<PUBLIC_IP>:7001/console in your web browser and log in with the weblogic user.

Editing Configuration

The console operates in a lock and edit mode. To make changes:

  1. Click Lock & Edit in the Change Center panel on the left.
  2. Make your configuration changes.
  3. Click Release Configuration to save and apply.

This ensures that multiple administrators do not make conflicting changes simultaneously.

Key Console Sections

  • Domain Structure in the left panel shows the overall domain tree including Environment, Deployments, Services, Security Realms, and Diagnostics.
  • Environment > Servers displays all configured server instances.
  • Deployments allows you to deploy and manage Java EE applications and modules.
  • Services > Data Sources is where you configure JDBC connections to databases.
  • Security Realms manages users, groups, roles, and authentication providers.
  • Diagnostics provides access to log files, images, and performance data.

Deploying an Application

  1. Click Lock & Edit.
  2. Navigate to Deployments in the left panel.
  3. Click Install and browse to your WAR, EAR, or JAR file.
  4. Follow the wizard to select targeting options and deployment settings.
  5. Click Release Configuration to activate the deployment.

Troubleshooting

Cannot connect via SSH

  • Confirm the instance has reached 2/2 status checks in the EC2 console.
  • Verify your security group allows inbound TCP traffic on port 22 from your IP address.
  • Ensure you are using the correct key pair and connecting as ec2-user.
  • Check that the key file permissions are set correctly: chmod 400 /path/to/your-key.pem.

WebLogic Administration Console is not accessible

  • Confirm the WebLogic server is running by checking the start log: tail -f /home/oracle/start-weblogic.log.
  • Look for Server state changed to RUNNING in the log output.
  • Verify your security group allows inbound traffic on port 7001.
  • Ensure you are using http:// (not https://) and the correct port in the URL.

WebLogic fails to start

  • Ensure you are running the start script as the oracle user, not as root or ec2-user.
  • Check that you are sourcing the script correctly with . ./start-weblogic.sh (note the leading dot and space).
  • Review the start log for error messages: cat /home/oracle/start-weblogic.log.
  • Verify there is sufficient disk space on /u01: df -h /u01.
  • Check that port 7001 is not already in use: netstat -tlnp | grep 7001.

Cannot log in to the Administration Console

  • Verify you are using the username weblogic (case sensitive).
  • Retrieve the correct password from /stage/scripts/weblogic-credentials.txt.
  • If you have changed the password and forgotten it, you will need to reset it using WLST from the command line.

WebLogic server is slow or unresponsive

  • Check the instance has sufficient memory. WebLogic requires at least 1 GB but performs better with 4 GB or more.
  • Review the server logs for out of memory errors or long garbage collection pauses.
  • Consider increasing the JVM heap size in the WebLogic startup configuration.

Security Recommendations

Change the Default Password Immediately

After first login, change the WebLogic administrator password through the Administration Console as described in Step 9. Use a strong password with a mix of uppercase, lowercase, numbers, and special characters.

Restrict Administration Console Access

The Administration Console on port 7001 should only be accessible from trusted IP addresses. Configure your security group to limit access to specific CIDR ranges. Never expose port 7001 to 0.0.0.0/0.

Use SSH Tunnelling for the Console

Instead of opening port 7001 directly, use SSH tunnelling to securely access the console:

ssh -i /path/to/your-key.pem -L 7001:localhost:7001 ec2-user@<PUBLIC_IP>

Then access the console at http://localhost:7001/console from your local browser.

Enable HTTPS for the Administration Console

For production environments, configure WebLogic to use SSL/TLS on the administration port. This encrypts all traffic between your browser and the console.

Secure the Credentials File

After retrieving the password, consider removing or securing the credentials file:

sudo chmod 600 /stage/scripts/weblogic-credentials.txt

Or remove it entirely once you have changed the password:

sudo rm /stage/scripts/weblogic-credentials.txt

Apply Security Updates Regularly

Keep the operating system up to date:

sudo yum update -y

Monitor Oracle Critical Patch Updates (CPUs) for WebLogic Server security fixes and apply them according to Oracle's guidance.

Restrict OS User Access

The oracle OS user owns all WebLogic processes and files. Ensure only authorised administrators can switch to this user. Review sudoers configuration to limit access.

Backup Your Configuration

Regularly back up the WebLogic domain configuration and deployed applications. Use AWS EBS snapshots of the /u01 volume for complete backups:

# From the command line, you can also export the domain configuration
sudo su - oracle
. ./setEnv.sh

Support

If you encounter any issues not covered in this guide or need further assistance, the cloudimg support team is available 24/7.

Email: support@cloudimg.co.uk Phone: (+44) 02045382725 Website: www.cloudimg.co.uk Address: 3rd Floor, 86 90 Paul Street, London, EC2A 4NE

When contacting support, please include your EC2 instance ID, the AWS region, and a description of the issue along with any relevant log output.