APEX install on OCI – step by step guide on How To

Prerequisites
 Download Oracle APEX 18.2 version from
https://www.oracle.com/technetwork/developer-tools/apex/downloads/index.html
 Download Oracle REST Data Services (ORDS) 18.4 version
https://www.oracle.com/technetwork/developer-tools/rest-data-
services/downloads/index.html
 Provision a DBCS 18.3.0.0 Enterprise Edition on the OCI Cloud Account
Chapter 1 How to provision a DBCS – to be provided
For this exercise we used:
 DBCSOCI as DBCS name, host and DB system. If you want to use different
naming conventions, then you must be aware that you should replace them when
required.
 As password, we have: WElcome2019_# (but you may have another one as long
as you keep the password conventions)

Chapter 2 How to install Apex on DBCS – Oracle Cloud Infrastructure

1. Open WinSCP to transfer the zip files downloaded in the Prerequisites section.
 Click on New Site -> select SFTP as File protocol
 Provide the IP address as hostname and keep the port number as 22
 Type in ‘opc’ as username
 Click Advanced -> Session Advanced.. -> go to SSH Authentication and provide
the private key -> Click OK
 Click Save and then Login
 For the first login you may be required to provide also a password (most of the
cases, it’s ‘oracle’) -> Click Yes
 On the right side of the tool, click on the drop-down list and select ‘/ <root>’ -> go
through the list where you find ‘tmp’ folder -> click on it
 Drag and drop your zip files, both apex and ords, into the tmp folder
 Close WinSCP

2. Open Putty to set the following:

 Hostname (in this case the IP Address of the DBCS already provisioned)
 Type in the session name (Saved Sessions)
 If you require a proxy: Go to Connection -> Proxy -> set proxy type to HTTP and
provide proxy hostname

1
 Expand SSH -> click on Auth and assign the private key for authentication
 Go back to Session -> click Save
 Search for it in the above list -> click Load -> click Open
 On the new session, execute $ sudo su – oracle to change the user to
oracle
 Find the current path by using $ pwd (our current path should /home/oracle)
 Create in here 2 directories called apex and ords (one at a time)
$ mkdir apex
$ mkdir ords

 Exit the current user: $ exit

 Execute $ sudo su – root to change the user to root
 Change directory to tmp $ cd /tmp
 Display the files within the tmp folder $ ls –ltr
 The zip files we’re looking for are red colored; we need to move both of them on
a new path /home/oracle/ . For this we need to perform the following command:
$ cp apex_18.2_en.zip /home/oracle/apex/
$ cp ords-18.4.0.354.1002.zip /home/oracle/ords/

 In order to perform the installation, we need to change the files ownership to

oracle.

$ chown oracle:oinstall apex_18.2_en.zip

$ chown oracle:oinstall ords-18.4.0.354.1002.zip

 exit the current user: $ exit

 Change the user to oracle: $ sudo su – oracle
 Go to the apex directory $ cd /home/oracle/apex/
 Unzip the file: $ unzip apex_18.2_en.zip
 List the files within the apex subdirectory: $ ls -ltr
 Connect to the Database with sqlplus: $ sqlplus / as sysdba
 Change container to pdb1: alter session set container = pdb1;

 In order to get remove a resource limit and password management parameter in

a profile, perform the following command:
ALTER PROFILE DEFAULT LIMIT
PASSWORD_VERIFY_FUNCTION NULL;

 Exit: $ exit
 Locate tnsnames.ora file by running the following command:

2
 $ locate tnsnames.ora
 One of the paths available should be
/u01/app/oracle/product/18.0.0.0/dbhome_1/network/admin/tnsnames.ora
Change directory to:
$ cd /u01/app/oracle/product/18.0.0.0/dbhome_1/network/admin/

 List all the files: $ ls –ltr

 Perform the vi command to open tnsnames.ora: $ vi tnsnames.ora
Check if PDB1 is displayed there as service name. If not then, you should add it
within the file:
Click I to insert and then copy and paste the entry below and change the
following:
PDB1 =
(DESCRIPTION =
(ADDRESS = (PROTOCOL = TCP)(HOST = dbcsoci)(PORT =
1521))
(CONNECT_DATA =
(SERVER = DEDICATED)
(SERVICE_NAME =
pdb1.sub12130944270.vcndmteam.oraclevcn.com)
)
)

 Click Esc and then :wq! to save all the changes.

 Go back to the apex directory: $ cd /home/oracle/apex/apex/
 Connect again to the database and run the apex install:
$ sqlplus sys/your_password@pdb1 as sysdba @apexins sysaux sysaux temp /i/

 Change container to pdb1: alter session set container = pdb1;

 Unlock the APEX_PUBLIC_USER and change the password (for consistency

purposes, I kept the same password when creating the DBCS Instance)

$ alter user APEX_PUBLIC_USER identified by WElcome2019_# account unlock;

 Create the APEX Instance Administration user and set the password:

begin
apex_util.set_security_group_id( 10 );
apex_util.create_user(
p_user_name => 'ADMIN',
p_email_address => '[email protected]',
p_web_password => 'WElcome2019_#',

3
 p_developer_privs => 'ADMIN' );
apex_util.set_security_group_id( null );
commit;
end;
/

 Run APEX REST configuration, and set the passwords of

APEX_REST_PUBLIC_USER and APEX_LISTENER:

@apex_rest_config_core.sql WElcome2019_# WElcome2019_#

 Create a network ACE for APEX (this is used when consuming Web services or
sending outbound mail):
declare
l_acl_path varchar2(4000);
l_apex_schema varchar2(100);
begin
for c1 in (select schema
from sys.dba_registry
where comp_id = 'APEX') loop
l_apex_schema := c1.schema;
end loop;
sys.dbms_network_acl_admin.append_host_ace(
host => '*',
ace => xs$ace_type(privilege_list => xs$name_list('connect'),
principal_name => l_apex_schema,
principal_type => xs_acl.ptype_db));
commit;
end;
/
 Exit SQLPlus: $ exit .

Chapter 3 How to install ORDS on DBCS – Oracle Cloud Infrastructure

 Go to /home/oracle/ords : $ cd /home/oracle/ords
 List the files that are within ords directory: $ ls –ltr
 Unzip the ords file: $ unzip ords-18.4.0.354.1002.zip
 Check if ords.war file is in the current directory: $ ls –ltr
 Access params directory: $ cd params
 List the files: $ ls –ltr
 See the ords_params.properties file that we need to modify with our own
credentials:
$ vi ords_params.properties

4
  Remove the actual content by pressing Esc and then double D for each line.
 Copy and paste the following content (Replace the hostname, servicename,
password with your own ones):
db.hostname=130.61.121.174
db.port=1521
# CUSTOMIZE db.servicename
db.servicename=pdb1.sub12130944270.vcndmteam.oraclevcn.com
db.username=APEX_PUBLIC_USER
db.password=WElcome2019_#
migrate.apex.rest=false
plsql.gateway.add=true
rest.services.apex.add=true
rest.services.ords.add=true
schema.tablespace.default=SYSAUX
schema.tablespace.temp=TEMP
standalone.mode=TRUE
standalone.http.port=8080
standalone.use.https=false
# CUSTOMIZE standalone.static.images to point to the directory
# containing the images directory of your APEX distribution
standalone.static.images=/home/oracle/apex/apex/images
user.apex.listener.password=WElcome2019_#
user.apex.restpublic.password=WElcome2019_#
user.public.password=WElcome2019_#
user.tablespace.default=SYSAUX
user.tablespace.temp=TEMP

 Click Esc and then :wq! and press Enter.

 If you want to be sure that your credentials were saved perform:
$ cat ords_params.properties

5
  Go to the ords.war location, in our case /home/oracle/ords :
$ cd /home/oracle/ords

 Check if ords.war is located here:

$ ls –ltr

 If so, then configure and start ORDS in stand-alone mode. You'll be prompted
for the SYS username and SYS password:
$ nohup java -Dconfig.dir=/home/oracle/ords/ords_config -jar
ords.war install simple –-preserveParamFile &

Nohup is very helpful when you have to execute a shell-script or command that take a
long time to finish.

 After this step, we will move to the OCI platform to check the Security Rules.

Chapter 4 How to set up the Security Rules from both UI and server level
 Login to your OCI account. Click the Left Hand Side Menu to open the list. Select
Compute.
 Select Bare Metal, VM and Exadata from the Database list.
 Click on the DBCS you provisioned earlier. Within the DBCS details, you have
also the VCN used when creating the DBCS service. Click on it.
 On the next page, you have Resources and as a subcategory, Security Lists.
Click Security Lists.
 Click Default Security List for the VCN used in our exercise.
 Make sure that on the Ingress Rules you have 1521, 8080 and 8082 ports
opened.
 For the Egress Rules, it’s ok to have all the ports opened.
 Moving back to the Putty window, we need to enable the security rules on the
server level also.

 Connect as root: $ sudo su – root

 Perform the following command to enable the security rules:
$ iptables -I INPUT 8 -p tcp -m state --state NEW -m tcp --
dport 8080 -j ACCEPT -m comment --comment "ORDS"

 After this operation is done, we need to restart the ords.

 Change user to oracle: $ sudo su - oracle
 Go to the directory where ords was installed:
$ cd /home/oracle/ords

6
  Restart ords by performing the following command: $ java –jar ords.war

Chapter 5 Apex Console

 Access the Apex Console using the link below:
http:// 130.61.121.174:8080/ords/
Your URL will be different from this one! (http:hostname(IP Address):port/ords/)

Chapter 6 SSL Configuration (HTTPS)

If you do want direct access, or internal network traffic encryption, you will need to
configure Jetty to use HTTPS. If you have a proper CA certificate and key, make sure
they are in DER format and just do the "standalone.properties" file settings. In this case
we will manually create a new self-signed certificate and use that for the HTTPS
configuration. Remember to adjust the "dname" and passwords as required.

 Create a self-signed certificate in a JKS keystore:

$ /u01/app/oracle/product/18.0.0.0/dbhome_1/jdk/jre/bin/keytool
-genkey -keyalg RSA -alias selfsigned -keystore keystore.jks -
dname "CN='cert', OU=Example Department, O=Example Company,
L=Birmingham, ST=West Midlands, C=GB" -storepass WElcome2019_# -
validity 3600 -keysize 2048 -keypass WElcome2019_#

 Create a PKCS12 keystore from the JKS keystore:

$ /u01/app/oracle/product/18.0.0.0/dbhome_1/jdk/jre/bin/keytool
-importkeystore -srckeystore keystore.jks -srcalias selfsigned -
srcstorepass WElcome2019_# -destkeystore keystore.p12 -
deststoretype PKCS12 -deststorepass WElcome2019_# -destkeypass
WElcome2019_#

 Extract the key and certificate in PEM format:

$ openssl pkcs12 -in keystore.p12 -nodes -nocerts -out 'cert'-
key.pem
$ openssl pkcs12 -in keystore.p12 -nokeys -out 'cert'.pem

7
  Convert them to DER format:
$ openssl pkcs8 -topk8 -inform PEM -outform DER -in 'cert'-
key.pem -out 'cert'-key.der -nocrypt
$ openssl x509 -inform PEM -outform DER -in 'cert'.pem -out
'cert'.der

 List the key and certificate in DER format: $ ls *.der

 Go to /home/oracle/ords/ords_config/ords/standalone/ using the following
command:
$ cd /home/oracle/ords/ords_config/ords/standalone/
 List the files: $ ls –ltr
 We will update the standalone.properties file:
$ vi standalone.properties
 Remove the actual content by pressing Esc and then double D for each line.
 Copy and paste the following content (Replace the hostname, servicename,
password with your own ones):

jetty.secure.port=8082
ssl.cert=/home/oracle/keystore/cert.der
ssl.cert.key=/home/oracle/keystore/cert-key.der
ssl.host=yourhostname (from tnsnames.ora)
standalone.context.path=/ords
standalone.doc.root=/home/oracle/ords/ords_config/ords/stan
dalone/doc_root
standalone.scheme.do.not.prompt=true
standalone.static.context.path=/i
standalone.static.path=/home/oracle/apex/apex/images

 Click Esc and then :wq! and press Enter.

 If you want to be sure that your credentials were saved perform:
$ cat standalone.properties

 Connect to the Database with sqlplus: $ sqlplus / as sysdba

 Change container to pdb1: alter session set container = pdb1;
 Create user: create user schema_name identified by
WElcome2019_#;
 Assign the corresponding privileges to the user:
grant create session, connect, resource, dba to schema_name;
 Let’s connect using the user details: conn
schema_name/WElcome2019_#@pdb1

8
  In order to enable Oracle REST Data Services to access the named schema, use
the following command:
begin
ords.enable_schema;
end;
/

or

exec ords.enable_schema;

commit
/
 To check if the schema is enabled for the ORDS access, run the following
statement:
select id, parsing_schema from user_ords_schemas;

 Exit sqlplus: exit

 Go to /home/oracle/ords/ords_config/ords subdirectory:
$ cd /home/oracle/ords/ords_config/ords/

 List the files: $ ls -ltr

 You will have the defaults.xml file that needs to be updated in order to REST
Enable SQL service.
$ vi defaults.xml
 Append to the existing configuration the following row:
<entry key="restEnabledSql.active">true</entry>

 Exit the file by pressing Esc and then :wq!

 Exit: $ exit

 Connect as root: $ sudo su – root

 Perform the following command to enable the security rules:

9
 $ iptables -I INPUT 8 -p tcp -m state --state NEW -m tcp --
dport 8082 -j ACCEPT -m comment --comment "ORDS"

 After this operation is done, we need to restart the ords.

 Change user to oracle: $ sudo su - oracle
 Go to the directory where ords was installed:
$ cd /home/oracle/ords

 Restart ords by performing the following command: $ java –jar ords.war

 The REST Enabled SQL service is accessible by using the HTTPS POST
method. To test the REST Enabled SQL service, you can use the command-line
tool named cURL. This powerful tool is available for most platforms, and enables
you to test and control the data that is being sent to and received from a REST
Enabled SQL service.

$ curl -v -i -X POST --user 'sys:WElcome2019_#' --data-binary

"select sysdate from dual;" -H "Content-Type: application/sql" -
k https:// 130.61.121.174:8082/ords/pdb1/schema_name/_/sql

10