Tuesday, June 3, 2008

How To Configure Apache In R12 (10.1.3) To Listen On A Restricted Port (< 1024)

Print this post

 

To configure Apache (10.1.3) in Release 12 of EBS to run on a restricted port.  A port below 1024.

Solution

By default, Oracle HTTP Server runs as a non-root user (the user that installed Oracle Application Server). On UNIX systems, if you change the Oracle HTTP Server Listen port number to a value less than 1024, you must enable Oracle HTTP Server to run as root. 

For more info please reference: Oracle Application Server's Administrator Guide 10g Release 3

If one tries to start up the HTTP Server on a port below 1024 without the HTTP Server running as root, the following error message will be seen in the HTTP Server [ error_log ] file.

            "Error code: [crit] (13)Permission denied: make_sock: could not bind to port #"

Note(s):

             - The steps below require root access.

             - The file that needs to be modified is the hidden file .apachectl
                NOT the apachectl file that resides in the same directory.

Pre Steps

  1. Log into your middle (web) tier as the Applmgr user
  2. Source your Apps environment
  3. Backup your $CONTEXT_FILE on your middle (web) tier
  4. Log into Apps and through OAM modify the following parameters to reflect the new web port.
    • s_webport (web port value < 1024)
    • s_active_webport (s_webport value)
    • s_http_listen_parameter (s_webport value)
    • s_help_web_agent (url constructed with http protocol and s_webport value)
    • s_login_page (url constructed with http protocol and s_webport value)
    • s_external_url (url constructed with http protocol and s_webport value)

    5.   Shutdown Apps and run autoconfig to make the changes take affect.

 Steps

  1. echo $ORA_CONFIG_HOME  [ make note of the absolute path. ] 
  2. $ su root 
  3. Run the following commands on the middle (web) tier Oracle Config home:
         a. $ cd $ORA_CONFIG_HOME/10.1.3/Apache/Apache/bin
         b. $ ls -la     [verify that the file exists in the directory ] 
         c. $ chown root .apachectl
         d. $ chmod 6750 .apachectl
  4. Startup your Applications
  5. Test "Login" with the new port
Note(s):

            - After the changes the file listing should look similar to the following.

            $ ls -la
                        drwxr-xr-x  2  applmgr  appsdba      4096  May   8  17:25 .
                        drwxr-xr-x  4  applmgr  appsdba      4096  May   8  17:25 ..
                        -rwx------    1  applmgr  appsdba    14025  May 19  17:25 apachectl
                        -rwsr-s---   1  root        appsdba  421517  May 19  17:25 .apachectl

 

1 comment:

Anonymous said...

Great. Nicely explained.