I have created my own Wordpress website hosted in the same homelap. See here.
This blog will no longer get updated.
ORDs backends
High level infra design
Load Balancer Configurations
Nginx SSL
Nginx force WWW
DNS Records
I use Digital Ocean as my DNS management tool. One of the reasons that I choose Digital Ocean is that it can easily create wildcards SSL for you domain and subdomains.
In the DNS records, I created 3 A records, they all point to my IP address.
Notice that i created both www.domainname.nl and domainname.nl, I do that to avoid having create two sets of SSLs. Once wild card SSL is created, it only certificate *.domainname.nl. That is also the reason I do a force WWW.domainname.nl in my Nginx setting. We go there in the next section.
Request wildcard SSL
here is a wonderful link I have used to create the ssl for my domain. After you have followed the link, you should see some file in
cd /etc/letsencrypt/live/example.com/
Nginx Load Balancer, Nginx SSL, Nginx force WWW
all these topics are packed in one configuration file as following
user root; # it can be user Nginx
worker_processes auto;
error_log /var/log/nginx/error.log; # here is your error log file location, you can also have access log as well. we will discuss it in the forward proxy config file
events {
worker_connections 1024;
}
http {
upstream backend {
server 192.168.178.46:8080;
server 192.168.178.45:8080;
server 192.168.178.50:8080;
} # this is my backend set, 3 ORDS servers, they are running in standalone mode.
#www.chaoyu.nl
server {
listen 80;
server_name chaoyu.nl www.chaoyu.nl;
return 301 https://www.chaoyu.nl$request_uri;
} # redirect 80 traffic to 443 and force WWW
server {
listen 443 ssl;
server_name chaoyu.nl;
ssl_certificate "/etc/letsencrypt/live/chaoyu.nl/fullchain.pem"; # pointing at your file
ssl_certificate_key "/etc/letsencrypt/live/chaoyu.nl/privkey.pem"; # pointing at your file
return 301 https://www.chaoyu.nl$request_uri;
} # redirect none WWW traffic to 443 and force WWW
server {
listen 443 ssl;
server_name www.chaoyu.nl;
root /usr/share/nginx/html2;
ssl_certificate "/etc/letsencrypt/live/chaoyu.nl/fullchain.pem";
ssl_certificate_key "/etc/letsencrypt/live/chaoyu.nl/privkey.pem";
ssl_session_cache shared:SSL:1m;
ssl_session_timeout 10m;
ssl_ciphers PROFILE=SYSTEM;
ssl_prefer_server_ciphers on;
location / {
index index.html index.htm;
}
}# redirect 443 traffic handler
# apex.chaoyu.nl
server {
listen 80;
server_name apex.chaoyu.nl;
return 301 https://$server_name$request_uri;
}# redirect 80 traffic to 443
# Settings for a TLS enabled server.
server {
listen 443 ssl;
server_name apex.chaoyu.nl;
# root /usr/share/nginx/html;
ssl_certificate "/etc/letsencrypt/live/chaoyu.nl/fullchain.pem";
ssl_certificate_key "/etc/letsencrypt/live/chaoyu.nl/privkey.pem";
ssl_session_cache shared:SSL:1m;
ssl_session_timeout 10m;
ssl_ciphers PROFILE=SYSTEM;
ssl_prefer_server_ciphers on;
# Load configuration files for the default server block.
# include /etc/nginx/default.d/*.conf;
location / {
proxy_pass http://backend; # load balancer
proxy_set_header Origin "" ; # needed for apex
proxy_set_header X-Forwarded-Host $host:$server_port; # needed for apex
proxy_set_header X-Real-IP $remote_addr; # needed for apex
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; # needed for apex
proxy_set_header X-Forwarded-Proto $scheme; # needed for apex
}
}# SSL for apex.chaoyu.nl subdomain
}Load Balancer Common Issues:
You can read more here,
Basically, you need to run this command.
sudo setsebool -P httpd_can_network_connect 1Don't ask me why .
Database Server & APEX Installation
Oracle 21XE installation
Oracle APEX installation
Oracle 21XE installation
For oracle 21xe installation, i would suggest to follow this oracle official guide, it is pretty straight forward.
Oracle 21XE installation Common Issues
after installation sqlplus command not found:
nano ~/.bash_profleadd these lines at the end
export PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/root/bin:/opt/oracle/product/21c/dbhomeXE/bin
export ORACLE_HOME=/opt/oracle/product/21c/dbhomeXE
export ORACLE_SID=XEnotice that I am running db version 21c here, you need to change it to your db version accordingly.
Next, if you on ssh, exit current session and reconnect, sqlplus should now work ...
Also Do not forget to open port 1521 for db connection please!!!!!!
Oracle APEX installation
I have a mixed bag of feelings about APEX installations, there are lot of guide of how to do this, and all of them does it slightly different from each other. I will leave some links, you decide which one to follow.
It all involves
download apex.zip |
unzip file into a folder |
cd into this folder |
connect to Database with sql plus, switch to PDB |
run sql scripts from that folder |
Note that we don't need to do anything with the apex IMAGES folder, since we use ORDS on dedicated machines, we need to do it a little differently.
ORDs Backends
ORDs installation is very easy, use wget to download latest version of ords from oracle website.
mkdir -p /opt/oracle/ords
unzip ords-*.zip -d /opt/oracle/ords
# install ords
java -jar ords.war install
# or ords install, before that you need to add /opt/oracle/ords/bin in bash_profile in ~/.bash_profile we also need a folder to store APEX static files 'IMAGES' folder. Use wget to download apex.zip onto this server and unzip it to a folder. Copy all content within images into /var/www/apex/images
mkdir -p /var/www/apex/images
cp -a /opt/oracle/apex/images/. /var/www/apex/imagesThere will be some prompts for you to enter information to your Oracle DB 21xe we created earlier, you need
private IP to that DB |
port to db (normally 1521 ) |
sys user / sys password (the password you set during db installation ) |
pluggable SID name (normally XEPDB1) |
set STATIC location for apex IMAGES (/var/www/apex/images) |
Port for Ords to listen |
Dont forget to open Port 8080 via firewall-cmd;
Create systemd service to auto start ORDs on Linux startup
in this section we will create a systemd service to auto start ords on each linux startup.
step 1 : create a new service
nano /etc/systemd/system/ordsonboot.serviceenter the following content:
[Unit]
Description=Service description
[Service]
User=root
ExecStart=/bin/bash -c 'PATH=/opt/oracle/ords/bin:$PATH exec /root/start_up_script.sh'
[Install]
WantedBy=default.targetstep 2: create start_up_script.sh
nano start_up_script.shenter the following content:
cd /root && ords serve
#cd to root and execute "ords serve" see more from ords installation guide from oracleadd execute permision
chmod +x start_up_script.shexplanation :
you can also run cd /opt/oracle/ords/ && ords serve , in any folder you run "ords serve", two folders will be created, they are databases and global, in them, you can find some xml files with some settings. They can be changed according to you needs.
step3: prepare service and enable it and run it.
systemctl daemon-reload
systemctl start ordsonboot.service
systemctl status ordsonboot.service #check status
systemctl enable ordsonboot.service #to enable startup run
systemctl stop ordsonboot.service #to stop serviceThis is the last step for ORDs installations, we now can clone this VM and spin it into a new vm so we can create loaders in the load balancing.
PLSQL Rest Call with Forward Proxy, no wallet needed
Login to Oracle DB server and edit Host file on the server
Host file is the local DNS resolver, here we create a new host record. it can be something like this .
[root@OracleXE21 ~]# cat /etc/hosts
127.0.0.1 localhost localhost.localdomain localhost4 localhost4.localdomain4
::1 localhost localhost.localdomain localhost6 localhost6.localdomain6
192.168.178.51 proxy.local
# 192.168.178.51 is my forward proxy ip, i give it a name proxy.local
# if i would ping proxy.local on my db server, it will resolved into 192.168.178.51
#if you dont know the IP yet, first create the forward proxy and do this afterwards. Create a Nginx Forward Proxy