How To Configure Apache In R12 (10.1.3) To Listen On A Restricted Port (< 1024)

 

To configure Apache (10.1.3) in Release 12 of EBS to run on a restricted port.  A port below 1024. Solution By default, Oracle HTTP Server runs as a non-root user (the user that installed Oracle Application Server). On UNIX systems, if you change the Oracle HTTP Server Listen port number to a value less than 1024, you must enable Oracle HTTP Server to run as root.  For more info please reference: Oracle Application Server's Administrator Guide 10g Release 3 If one tries to start up the HTTP Server on a port below 1024 without the HTTP Server running as root, the following error message will be seen in the HTTP Server [ error_log ] file.             "Error code: [crit] (13)Permission denied: make_sock: could not bind to port #" Note(s):              - The steps below require root access.              - The file that needs to be modified is the hidden file .apachectl                 NOT the apachectl file that resides in the same directory. Pre Steps Log into your middle (web) tier as the Applmgr user Source your Apps environment Backup your $CONTEXT_FILE on your middle (web) tier Log into Apps and through OAM modify the following parameters to reflect the new web port. s_webport (web port value < 1024) s_active_webport (s_webport value) s_http_listen_parameter (s_webport value) s_help_web_agent (url constructed with http protocol and s_webport value) s_login_page (url constructed with http protocol and s_webport value) s_external_url (url constructed with http protocol and s_webport value)     5.   Shutdown Apps and run autoconfig to make the changes take affect.  Steps echo $ORA_CONFIG_HOME  [ make note of the absolute path. ]  $ su root  Run the following commands on the middle (web) tier Oracle Config home:      a. $ cd $ORA_CONFIG_HOME/10.1.3/Apache/Apache/bin      b. $ ls -la     [verify that the file exists in the directory ]       c. $ chown root .apachectl      d. $ chmod 6750 .apachectl Startup your Applications Test "Login" with the new port Note(s):             - After the changes the file listing should look similar to the following.             $ ls -la                         drwxr-xr-x  2  applmgr  appsdba      4096  May   8  17:25 .                         drwxr-xr-x  4  applmgr  appsdba      4096  May   8  17:25 ..                         -rwx------    1  applmgr  appsdba    14025  May 19  17:25 apachectl                         -rwsr-s---   1  root        appsdba  421517  May 19  17:25 .apachectl

Using Virtual Hostname When Installing an Oracle AS Instance

 

How to force the Oracle Installer to use a virtual hostname rather than the 'real' hostname when installing an OracleAS instance? solution To ensure that the Oracle Installer picks up the desired hostname follow the steps below: In this example the virtual hostname is virtualhost.oracle.com, and the real hostname is realhost.oracle.com 1. Set the ORACLE_HOSTNAME environment variable ORACLE_HOSTNAME=virtualhost.oracle.com; export ORACLE_HOSTNAME 2. Edit the operating system hosts file and ensure that the virtual hostname is listed before the real host name (the file can be changed back after the install is complete) e.g /etc/hosts 127.0.0.1 localhost 10.3.3.333 virtualhost.oracle.com 10.4.4.444 realhost.oracle.com 3. Install OracleAS using the runInstaller command line: ./runInstaller OUI_HOSTNAME=virtualhost.oracle.com 4. During the install you may hit Bug 4290200 Abstract: OPMN CONFIG ASSISTANT FAILS WHEN INSTALLING "ON" A SECONDARY NIC Do not exit the installer, instead follow the advice in the Release Notes, for example: Oracle� Application Server Release Notes 10g Release 2 (10.1.2) 3.1.24 Additional Step Required When Installing OracleAS Web Cache on Multihomed (Multi-IP) Computers and change the hostname in webcache.xml. Once this is done, retry the failed assistant and the install should complete successfully. Important to note: 1. Setting OUI_HOSTNAME will change the ServerName HTTP Server directive to the value specified for OUI_HOSTNAME. You will still find, however, that the HTTP Server, Web Cache and AS Console components still listen on the ANY ip address, not just the particular IP address associated with the virtual hostname. It is expected behaviour and means that if you have 2 IP addresses on a machine, post install an OracleAS instance will be accessible via both IPs. The HTTP Server, Web Cache and AS Console can be re-configured post install to listen only on a specific IP address. a) HTTP Server: configure the Listen directive. Reference: Oracle� HTTP Server Administrator's Guide 10g Release 2 (10.1.2) Chapter 5 Managing the Network Connections b) Oracle Web Cache: configure the Listen Port section to specify a particular ip address Reference: Oracle� Application Server Web Cache Administrator's Guide 10g Release 2 (10.1. 2) Chapter 8 Setup and Configuration Task 6: Configure OracleAS Web Cache with Listening Ports for Client Requests  c) AS Console: The console is accessed via it's own 'oc4j-based' lightweight listener. To force the AS Console to listen for requests against a particular ip address. - Stop the AS Console - Back up and then edit [ORACLE_HOME]/sysman/j2ee/config/emd-web-site.xml - Change the line <web-site host="[ALL]" port="18100" display-name="Oracle Enterprise Manager iAS Console Website" secure="false"> to <web-site host="11.22.33.444" port="18100" display-name="Oracle Enterprise Manager iAS Console Website" secure="false"> where in this example the chosen ip address is 11.22.33.444. - Start the AS Console 2. Let's say a machine, configured with multiple network cards (NICs) / virtual hosts, is to host two OracleAS instances. The business requirement is to have one OracleAS instance configured against one virtual host and the other OracleAS instance configured against the other virtual host. In terms of the URLs the business would like to see the same listen ports number being used. Thus at install time the proposal is to use OUI_HOSTNAME and staticports.ini (the latter to ensure the same ports are used) Given that each OracleAS instance will be configured against a different virtual host / ip address can the instances have the same ports defined in staticports.ini at install time? The answer is no. The staticports.ini cannot be the same for both instances at install time. This is because using OUI_HOSTNAME at install time will only change the ServerName HTTP Server directive to the value specified for OUI_HOSTNAME. As stated above the HTTP Server, Web Cache and AS Console components listen on the ANY ip address, not a particular IP address. Consequently there is a potential for port conflict, for example: OracleAS instance1 - virtual host=inst1, OHS port =7777. Out of the box OHS will listen on 7777 on ANY ip address OracleAS instance2 - virtual host=inst2, OHS port =7777. Out of the box OHS will listen on 7777 on ANY ip address The installer 'recognizes' this behaviour and validates whether the ports given in the staticports.ini have been used before in a previous OracleAS install on the same machine. If staticports.ini is not used then the installer will dynamically allocate port numbers which have not been used in the previous install. Configuring components to listen on a specific ip address is, as described already above, has to be done post install. Therefore to allow the install of the second (and subsequent) OracleAS instances to be successful: - the ports in staticports.ini must be different from what was specified for the first OracleAS instance install OR - do not use staticports.ini and let the installer allocate the ports for you.

Relinking Oracle Application Server 10g R2 (10.1.2) and 10g R3 (10.1.3) on UNIX

All Oracle Application Server 10g processes from the Oracle Home to be relinked need to be stopped using normal

administrative steps prior to beginning the relink.

Setup your environment correctly. Since both OracleAS 10g R2 and R3 are based on Oracle 10.1 database software,

pick the environment variable settings that apply to this version.

Relink Oracle Application Server 10g R2 (10.1.2/10.1.4.0.1)

Relinking the Infrastructure (Identity Management (IM) + Metadata Repository (MR), or MR Only)

1. Relink Database software
   $ORACLE_HOME/bin/relink all
   cd $ORACLE_HOME/ldap/lib (Not required for MR Only)
   make -f ins_ldap.mk install
   make -f ins_ldap.mk hragentinstall
2. Relink Application Server Control
   cd $ORACLE_HOME/sysman/lib
   make -f ins_sysman.mk agent
3. As root execute $ORACLE_HOME/root.sh, and $ORACLE_HOME/root.sh.old if it exists.

This is needed to correctly set the permissions on the OID, and Application Server Control executables.

Relinking the Infrastructure (IM Only)

1. Relink Database software
   cd $ORACLE_HOME/network/lib
   make -f ins_net_client.mk client_sharedlib
   make -f ins_net_client.mk install
   cd $ORACLE_HOME/rdbms/lib
   make -f ins_rdbms.mk utilities
   cd $ORACLE_HOME/plsql/lib
   make -f ins_plsql.mk install
   cd $ORACLE_HOME/sqlplus/lib
   make -f ins_sqlplus.mk install
   cd $ORACLE_HOME/ldap/lib
   make -f ins_ldap.mk install
   make -f ins_ldap.mk hragentinstall
2. Relink Application Server Control
   cd $ORACLE_HOME/sysman/lib
   make -f ins_sysman.mk agent
3. As root execute $ORACLE_HOME/root.sh, and $ORACLE_HOME/root.sh.old if it exists.

This is needed to correctly set the permissions on the OID, and Application Server Control executables.

Relinking the Middle Tier

1. Relink Database software:
   cd $ORACLE_HOME/network/lib
   make -f ins_net_client.mk client_sharedlib
   make -f ins_net_client.mk install
   make -f ins_net_server.mk install (Business Intelligence & Forms only)
   cd $ORACLE_HOME/rdbms/lib (Not required for J2EE & Web Cache)
   make -f ins_rdbms.mk iexp
   make -f ins_rdbms.mk iimp
   make -f ins_rdbms.mk iloadpsp
   cd $ORACLE_HOME/plsql/lib (Not required for J2EE & Web Cache)
   make -f ins_plsql.mk install
   cd $ORACLE_HOME/sqlplus/lib
   make -f ins_sqlplus.mk install
   cd $ORACLE_HOME/ldap/lib (Not required for J2EE & Web Cache)
   make -f ins_ldap.mk toolsinstall
2. Relink Application Server Control
   cd $ORACLE_HOME/sysman/lib
   make -f ins_sysman.mk agent
3. Relink Web Cache
   cd $ORACLE_HOME/webcache/lib
   make -f ins_calypso.mk install
4. Relink Forms (Business Intelligence & Forms only)
   cd $ORACLE_HOME/forms/lib
   make -f ins_forms.mk frmweb_install
   make -f ins_forms.mk frmcmp_install
   make -f ins_forms.mk frmcmpb_install
5. Relink Reports (Business Intelligence & Forms only)
   cd $ORACLE_HOME/reports/lib
   make -f ins_reports.mk install
6. As root execute $ORACLE_HOME/root.sh, and $ORACLE_HOME/root.sh.old if it exists.

This is needed to correctly set the permissions on the Application Server Control executables.

If permissions were previously modified for Web Cache, you will need to re-run any scripts (or apply manual changes)

to obtain any original functionality. For more information about webcache_setuser.sh,

Please refer to the following documentation:
Oracle Application Server Web Cache Administrator's Guide 10g (10.1.2)
http://download.oracle.com/docs/cd/B14099_19/caching.1012/b14046/toc.htm
8 Setup and Configuration
Running webcached with Root Privilege

Relink Oracle Application Server 10g R3 (10.1.3)

Relinking the Middle Tier

1. Relink Database software:
   cd $ORACLE_HOME/network/lib
   make -f ins_net_client.mk client_sharedlib
   make -f ins_net_client.mk install
   cd $ORACLE_HOME/sqlplus/lib
   make -f ins_sqlplus.mk install

2. As root execute $ORACLE_HOME/root.sh, and $ORACLE_HOME/root.sh.old if it exists. This is needed to correctly

set the permissions on the newly relinked executables.