This document provides a step-by-step guide to installing APEX and ORDS on an Oracle Database Cloud Service (DBCS) on Oracle Cloud Infrastructure (OCI). It describes downloading prerequisites, provisioning a DBCS instance, using tools like WinSCP and Putty to transfer files to the instance and change users, running SQL scripts to install APEX, configuring ORDS, and setting security rules on both the OCI network level and individual server level.
This document provides a step-by-step guide to installing APEX and ORDS on an Oracle Database Cloud Service (DBCS) on Oracle Cloud Infrastructure (OCI). It describes downloading prerequisites, provisioning a DBCS instance, using tools like WinSCP and Putty to transfer files to the instance and change users, running SQL scripts to install APEX, configuring ORDS, and setting security rules on both the OCI network level and individual server level.
This document provides a step-by-step guide to installing APEX and ORDS on an Oracle Database Cloud Service (DBCS) on Oracle Cloud Infrastructure (OCI). It describes downloading prerequisites, provisioning a DBCS instance, using tools like WinSCP and Putty to transfer files to the instance and change users, running SQL scripts to install APEX, configuring ORDS, and setting security rules on both the OCI network level and individual server level.
This document provides a step-by-step guide to installing APEX and ORDS on an Oracle Database Cloud Service (DBCS) on Oracle Cloud Infrastructure (OCI). It describes downloading prerequisites, provisioning a DBCS instance, using tools like WinSCP and Putty to transfer files to the instance and change users, running SQL scripts to install APEX, configuring ORDS, and setting security rules on both the OCI network level and individual server level.
APEX install on OCI – step by step guide on How To
Prerequisites Download Oracle APEX 18.2 version from https://www.oracle.com/technetwork/developer-tools/apex/downloads/index.html Download Oracle REST Data Services (ORDS) 18.4 version https://www.oracle.com/technetwork/developer-tools/rest-data- services/downloads/index.html Provision a DBCS 18.3.0.0 Enterprise Edition on the OCI Cloud Account Chapter 1 How to provision a DBCS – to be provided For this exercise we used: DBCSOCI as DBCS name, host and DB system. If you want to use different naming conventions, then you must be aware that you should replace them when required. As password, we have: WElcome2019_# (but you may have another one as long as you keep the password conventions)
Chapter 2 How to install Apex on DBCS – Oracle Cloud Infrastructure
1. Open WinSCP to transfer the zip files downloaded in the Prerequisites section. Click on New Site -> select SFTP as File protocol Provide the IP address as hostname and keep the port number as 22 Type in ‘opc’ as username Click Advanced -> Session Advanced.. -> go to SSH Authentication and provide the private key -> Click OK Click Save and then Login For the first login you may be required to provide also a password (most of the cases, it’s ‘oracle’) -> Click Yes On the right side of the tool, click on the drop-down list and select ‘/ <root>’ -> go through the list where you find ‘tmp’ folder -> click on it Drag and drop your zip files, both apex and ords, into the tmp folder Close WinSCP
2. Open Putty to set the following:
Hostname (in this case the IP Address of the DBCS already provisioned) Type in the session name (Saved Sessions) If you require a proxy: Go to Connection -> Proxy -> set proxy type to HTTP and provide proxy hostname
1 Expand SSH -> click on Auth and assign the private key for authentication Go back to Session -> click Save Search for it in the above list -> click Load -> click Open On the new session, execute $ sudo su – oracle to change the user to oracle Find the current path by using $ pwd (our current path should /home/oracle) Create in here 2 directories called apex and ords (one at a time) $ mkdir apex $ mkdir ords
Exit the current user: $ exit
Execute $ sudo su – root to change the user to root Change directory to tmp $ cd /tmp Display the files within the tmp folder $ ls –ltr The zip files we’re looking for are red colored; we need to move both of them on a new path /home/oracle/ . For this we need to perform the following command: $ cp apex_18.2_en.zip /home/oracle/apex/ $ cp ords-18.4.0.354.1002.zip /home/oracle/ords/
In order to perform the installation, we need to change the files ownership to
oracle.
$ chown oracle:oinstall apex_18.2_en.zip
$ chown oracle:oinstall ords-18.4.0.354.1002.zip
exit the current user: $ exit
Change the user to oracle: $ sudo su – oracle Go to the apex directory $ cd /home/oracle/apex/ Unzip the file: $ unzip apex_18.2_en.zip List the files within the apex subdirectory: $ ls -ltr Connect to the Database with sqlplus: $ sqlplus / as sysdba Change container to pdb1: alter session set container = pdb1;
In order to get remove a resource limit and password management parameter in
a profile, perform the following command: ALTER PROFILE DEFAULT LIMIT PASSWORD_VERIFY_FUNCTION NULL;
Exit: $ exit Locate tnsnames.ora file by running the following command:
2 $ locate tnsnames.ora One of the paths available should be /u01/app/oracle/product/18.0.0.0/dbhome_1/network/admin/tnsnames.ora Change directory to: $ cd /u01/app/oracle/product/18.0.0.0/dbhome_1/network/admin/
List all the files: $ ls –ltr
Perform the vi command to open tnsnames.ora: $ vi tnsnames.ora Check if PDB1 is displayed there as service name. If not then, you should add it within the file: Click I to insert and then copy and paste the entry below and change the following: PDB1 = (DESCRIPTION = (ADDRESS = (PROTOCOL = TCP)(HOST = dbcsoci)(PORT = 1521)) (CONNECT_DATA = (SERVER = DEDICATED) (SERVICE_NAME = pdb1.sub12130944270.vcndmteam.oraclevcn.com) ) )
Click Esc and then :wq! to save all the changes.
Go back to the apex directory: $ cd /home/oracle/apex/apex/ Connect again to the database and run the apex install: $ sqlplus sys/your_password@pdb1 as sysdba @apexins sysaux sysaux temp /i/
Change container to pdb1: alter session set container = pdb1;
Unlock the APEX_PUBLIC_USER and change the password (for consistency
purposes, I kept the same password when creating the DBCS Instance)
$ alter user APEX_PUBLIC_USER identified by WElcome2019_# account unlock;
Create the APEX Instance Administration user and set the password:
Create a network ACE for APEX (this is used when consuming Web services or sending outbound mail): declare l_acl_path varchar2(4000); l_apex_schema varchar2(100); begin for c1 in (select schema from sys.dba_registry where comp_id = 'APEX') loop l_apex_schema := c1.schema; end loop; sys.dbms_network_acl_admin.append_host_ace( host => '*', ace => xs$ace_type(privilege_list => xs$name_list('connect'), principal_name => l_apex_schema, principal_type => xs_acl.ptype_db)); commit; end; / Exit SQLPlus: $ exit .
Chapter 3 How to install ORDS on DBCS – Oracle Cloud Infrastructure
Go to /home/oracle/ords : $ cd /home/oracle/ords List the files that are within ords directory: $ ls –ltr Unzip the ords file: $ unzip ords-18.4.0.354.1002.zip Check if ords.war file is in the current directory: $ ls –ltr Access params directory: $ cd params List the files: $ ls –ltr See the ords_params.properties file that we need to modify with our own credentials: $ vi ords_params.properties
4 Remove the actual content by pressing Esc and then double D for each line. Copy and paste the following content (Replace the hostname, servicename, password with your own ones): db.hostname=130.61.121.174 db.port=1521 # CUSTOMIZE db.servicename db.servicename=pdb1.sub12130944270.vcndmteam.oraclevcn.com db.username=APEX_PUBLIC_USER db.password=WElcome2019_# migrate.apex.rest=false plsql.gateway.add=true rest.services.apex.add=true rest.services.ords.add=true schema.tablespace.default=SYSAUX schema.tablespace.temp=TEMP standalone.mode=TRUE standalone.http.port=8080 standalone.use.https=false # CUSTOMIZE standalone.static.images to point to the directory # containing the images directory of your APEX distribution standalone.static.images=/home/oracle/apex/apex/images user.apex.listener.password=WElcome2019_# user.apex.restpublic.password=WElcome2019_# user.public.password=WElcome2019_# user.tablespace.default=SYSAUX user.tablespace.temp=TEMP
Click Esc and then :wq! and press Enter.
If you want to be sure that your credentials were saved perform: $ cat ords_params.properties
5 Go to the ords.war location, in our case /home/oracle/ords : $ cd /home/oracle/ords
Check if ords.war is located here:
$ ls –ltr
If so, then configure and start ORDS in stand-alone mode. You'll be prompted for the SYS username and SYS password: $ nohup java -Dconfig.dir=/home/oracle/ords/ords_config -jar ords.war install simple –-preserveParamFile &
Nohup is very helpful when you have to execute a shell-script or command that take a long time to finish.
After this step, we will move to the OCI platform to check the Security Rules.
Chapter 4 How to set up the Security Rules from both UI and server level Login to your OCI account. Click the Left Hand Side Menu to open the list. Select Compute. Select Bare Metal, VM and Exadata from the Database list. Click on the DBCS you provisioned earlier. Within the DBCS details, you have also the VCN used when creating the DBCS service. Click on it. On the next page, you have Resources and as a subcategory, Security Lists. Click Security Lists. Click Default Security List for the VCN used in our exercise. Make sure that on the Ingress Rules you have 1521, 8080 and 8082 ports opened. For the Egress Rules, it’s ok to have all the ports opened. Moving back to the Putty window, we need to enable the security rules on the server level also.
Connect as root: $ sudo su – root
Perform the following command to enable the security rules: $ iptables -I INPUT 8 -p tcp -m state --state NEW -m tcp -- dport 8080 -j ACCEPT -m comment --comment "ORDS"
After this operation is done, we need to restart the ords.
Change user to oracle: $ sudo su - oracle Go to the directory where ords was installed: $ cd /home/oracle/ords
6 Restart ords by performing the following command: $ java –jar ords.war
Chapter 5 Apex Console
Access the Apex Console using the link below: http:// 130.61.121.174:8080/ords/ Your URL will be different from this one! (http:hostname(IP Address):port/ords/)
Chapter 6 SSL Configuration (HTTPS)
If you do want direct access, or internal network traffic encryption, you will need to configure Jetty to use HTTPS. If you have a proper CA certificate and key, make sure they are in DER format and just do the "standalone.properties" file settings. In this case we will manually create a new self-signed certificate and use that for the HTTPS configuration. Remember to adjust the "dname" and passwords as required.
Create a self-signed certificate in a JKS keystore:
7 Convert them to DER format: $ openssl pkcs8 -topk8 -inform PEM -outform DER -in 'cert'- key.pem -out 'cert'-key.der -nocrypt $ openssl x509 -inform PEM -outform DER -in 'cert'.pem -out 'cert'.der
List the key and certificate in DER format: $ ls *.der
Go to /home/oracle/ords/ords_config/ords/standalone/ using the following command: $ cd /home/oracle/ords/ords_config/ords/standalone/ List the files: $ ls –ltr We will update the standalone.properties file: $ vi standalone.properties Remove the actual content by pressing Esc and then double D for each line. Copy and paste the following content (Replace the hostname, servicename, password with your own ones):
If you want to be sure that your credentials were saved perform: $ cat standalone.properties
Connect to the Database with sqlplus: $ sqlplus / as sysdba
Change container to pdb1: alter session set container = pdb1; Create user: create user schema_name identified by WElcome2019_#; Assign the corresponding privileges to the user: grant create session, connect, resource, dba to schema_name; Let’s connect using the user details: conn schema_name/WElcome2019_#@pdb1
8 In order to enable Oracle REST Data Services to access the named schema, use the following command: begin ords.enable_schema; end; /
or
exec ords.enable_schema;
commit / To check if the schema is enabled for the ORDS access, run the following statement: select id, parsing_schema from user_ords_schemas;
Exit sqlplus: exit
Go to /home/oracle/ords/ords_config/ords subdirectory: $ cd /home/oracle/ords/ords_config/ords/
List the files: $ ls -ltr
You will have the defaults.xml file that needs to be updated in order to REST Enable SQL service. $ vi defaults.xml Append to the existing configuration the following row: <entry key="restEnabledSql.active">true</entry>
Exit the file by pressing Esc and then :wq!
Exit: $ exit
Connect as root: $ sudo su – root
Perform the following command to enable the security rules:
After this operation is done, we need to restart the ords.
Change user to oracle: $ sudo su - oracle Go to the directory where ords was installed: $ cd /home/oracle/ords
Restart ords by performing the following command: $ java –jar ords.war
The REST Enabled SQL service is accessible by using the HTTPS POST method. To test the REST Enabled SQL service, you can use the command-line tool named cURL. This powerful tool is available for most platforms, and enables you to test and control the data that is being sent to and received from a REST Enabled SQL service.
$ curl -v -i -X POST --user 'sys:WElcome2019_#' --data-binary
"select sysdate from dual;" -H "Content-Type: application/sql" - k https:// 130.61.121.174:8082/ords/pdb1/schema_name/_/sql
