There are plenty of articles on the Internet, which describe how to make APEX social. I tried this one for my APEX at an Always Free ATP Database. Of course, I used my domain name to access my APEX application. Generally, it worked, but it somehow always redirected to those cryptic Oracle Cloud URLs away from my pretty domain application URL.
I decided to find out how I can have my domain name within my APEX app and Social Sign-On simultaneously at Oracle Free Tier. I have to say, that perhaps Oracle Cloud Vanity URL feature could work here, but at the moment it is technically available for paid tier only because private database endpoints are available only for paid ADBs.
So, the configuration I am going to describe is the following (all at Free Tier):
- - Autonomous Database 19c/21c
- - APEX 21.1.3 (current for Shared Autonomous DBs)
- - VM with Linux 7.9 Micro
- - Customer-managed ORDS 21.3
- - Load Balancer
Assuming registered domain name and Google account are already available.
I base my instruction here on two articles Running ORDS Against the Autonomous Database and Running ORDS Against the Autonomous Database - Part 2. Those almost worked for me. Almost perhaps because some details need to be changed due to many versions of the involved components passed since the publication.
Autonomous Database Setup
Assuming the database is already up and running, the only thing to do is
create user ords_public_user2 identified by "your_secure_password";
-- 2. Allow the user to connect to the database.
grant connect to ords_public_user2;
-- 3. Perform some magic.
begin
ords_admin.provision_runtime_role(
p_user => 'ORDS_PUBLIC_USER2'
, p_proxy_enabled_schemas => true
);
end;
/
VM Setup
Some details about Linux VM creation: I used VM.Standard.E2.1.Micro shape with Oracle-Linux-7.9-2021.10.04-0 image. VM has to reside in a subnet where Load Balancer will be deployed.
Here are some rules for the Default Security List of my subnet I found crucial for all this works properly.
The next steps are slightly modified steps from Running ORDS Against the Autonomous.
1. Copy APEX distributive and your Autonomous DB Wallet to the VM
scp -i <YOUR_PUB_KEY> /u01/Downloads/Wallet_<YOUR_DB>.zip opc@<VM_PUBLIC_IP>:/tmp
2. Get to the VM through SSH and execute commands:
- install ORDS
sudo yum install -y ords
- configure firewall
sudo firewall-cmd --zone=public --add-port 8080/tcp --permanent
sudo firewall-cmd --zone=public --add-port 443/tcp
sudo firewall-cmd --zone=public --add-port 443/tcp --permanent
- set configuration forlder for ORDS. Following commands are executed under oracle.
export JAVA_OPTIONS=-Xmx512M
ORDS_CONFIG_DIR=/opt/oracle/ords/config && mkdir -p $ORDS_CONFIG_DIR/ords/conf
ords configdir $ORDS_CONFIG_DIR
- create ORDS configuration files
ORDS_PASSWORD=your_secure_password
SERVICE_NAME=dbopas4_tp
WALLET_BASE64=`base64 -w 0 /tmp/Wallet_DBOPAS4.zip`
cat << EOF > $ORDS_CONFIG_DIR/ords/conf/apex_pu.xml
<?xml version="1.0" encoding="UTF-8" standalone="no"?>
<!DOCTYPE properties SYSTEM "http://java.sun.com/dtd/properties.dtd">
<properties>
<entry key="db.username">$ORDS_USER</entry>
<entry key="db.password">!$ORDS_PASSWORD</entry>
<entry key="db.wallet.zip.service">$SERVICE_NAME</entry>
<entry key="db.wallet.zip"><![CDATA[$WALLET_BASE64]]></entry>
</properties>
EOF
cat << EOF > $ORDS_CONFIG_DIR/ords/defaults.xml
<?xml version="1.0" encoding="UTF-8" standalone="no"?>
<!DOCTYPE properties SYSTEM "http://java.sun.com/dtd/properties.dtd">
<properties>
<entry key="plsql.gateway.enabled">true</entry>
<entry key="jdbc.InitialLimit">5</entry>
<entry key="jdbc.MaxLimit">10</entry>
</properties>
EOF
- deploy and configure APEX static files. An open question here still remains. Since Cloud APEX has patched version (higher than that available for download), it has newer APEX static files than those in the APEX installation archive (more details at APEX Download page). Fresher files are available at CDN. So far I do not know how to update static files in my configuration or how to make use of CDN here.
RELEASE=21.1.3
mkdir -p /opt/oracle/apex/images/$RELEASE
unzip $APEX_FILE -d /tmp/
cp -R /tmp/apex/images/* /opt/oracle/apex/images/$RELEASE/
rm -rf /tmp/apex
mkdir -p /opt/oracle/ords/config/ords/standalone/
cat << EOF > /opt/oracle/ords/config/ords/standalone/standalone.properties
standalone.static.context.path=/i
standalone.static.path=/opt/oracle/apex/images
EOF
mkdir -p /opt/oracle/ords/config/ords/standalone/doc_root
- edit ords.conf to add Java heap size configuration
add the following row
- starting ORDS for the first time
when prompted "Enter the HTTP port [8080]:" choose 8080
After ORDS is started, press Ctrl-C to exit
- get back to OPC user and enable ORDS for autostart
- reboot the VM
- after some time the VM is available check ORDS status and log
Load Balancer Setup
Basically steps from Running ORDS Against the Autonomous Database - Part 2 can be followed. Although, Cloud UI is quite different these days.
- when prompted "Select Load Balancer Type" choose "Load balancer".
- "Add details" screen - all defaults, choose VCN and Subnet where your VM resides.
- "Choose backends" - all defaults.
- "Configure Listeners" - all defaults. Add your SSL certificates created for your application domain name
- "Manage Logging" - up to you.
After the Load balancer is created, go to its detail page "Resources" section at the bottom left of the page.
- go to "Backend Sets", at the right side of the row of the created Backend Set press "..." and choose "Update Helath Check" and set
URL Path (URI): /i/21.1.3/apex_version.txt
- click at the name of the Backend Set, click on "Backends" at Resource section.
- create a backend: specify your VM private IP and port 8080
- go back to Load Balancer Details, go to Hostnames, add your application domain URL there
- go back to Load Balancer Details, go to Listeners, add one more listener for HTTP protocol and port 8080. Make sure both listeners are bound to Backend Set and Hostname you specified earlier.
- go back to Load Balancer Details, go to Path Routes. Add to routes like the following
At this point, Load Balancer status has to be green "Ok"
Take Load Balancer's public IP and bind it to your domain name. Wait until your domain name resolves to the Load Balancer public IP.
APEX application with Social Sign-on
In a meantime create and configure an APEX application using this article.
Use "https://<YOUR_DOMAIN_NAME>/ords/apex_authentication.callback" for "Authorized redirect URIs" in Google "Credential" configuration.
Once everything is ready, open your APEX application using your domain name, it has to direct you to Google authentication and eventually to your app with your domain name.
Update:
Just this to set up proper static files
apex_instance_admin.set_parameter(
p_parameter => 'IMAGE_PREFIX',
p_value => 'https://static.oracle.com/cdn/apex/21.1.2/' );
commit;
end;
/