This is the final chapter of this big all-in-one guide, which will be covering optional additional configuration of the environment. By now, you should have a working installation of Oracle Database XE, APEX, ORDS, Tomcat and Apache httpd on your CentOS system without proceeding to these steps at all. But when it comes to a production environment, there're always security and performance issues which arise. And if you want to improve these aspects of your setup, keep reading.
It is a good idea to disable direct remote
root login. Users which need super user rights, should be able to escalate their rights instead using
su command. To do so, edit the SSHd config and reload it:
Add a line as below to the confg and save the file
Then, restart the service:
systemctl restart sshd
Apache httpd tweaks
First, disable the default welcome page by removing the corresponding config file:
rm -rf /etc/httpd/conf.d/welcome.conf
Then, add an additional configuration file
0-extra.conf in the
etc/httpd/conf.d/ directory with the contents as below:
This will enable traffic compression and client-side static files caching. On the other hand, it will disable displaying of the sensitive version data.
If you followed the steps from this guide, there's nothing to clean up in Tomcat. But, just to be sure, you can execute these command which are intended to remove all default Tomcat applications:
cd /usr/share/tomcat/webapps rm -rf examples/* rmdir examples rm -rf sample/* rmdir sample
Then, I noticed that despite the fact both
oracle-xe start on the system startup, APEX does not properly work without restarting of
tomcat. This happens because the
tomcat service starts before the
oracle-xe. To fix this, we need to edit the Tomcat service
systemd unit file:
Unit section should look like this:
[Unit] Description=Apache Tomcat Web Application Container After=syslog.target network.target oracle-xe.service Wants=oracle-xe.service
Save the file after making changes and invoke this command to reload the config:
Oracle XE tweaks
Now let's connect to the database using
rlwrap sqlplus /nolog command, clean it up and make some additional configuration:
-- connect to the database connect sys as sysdba -- anonymous user is not needed when we don't use XDB alter user anonymous account lock; -- dropping the demo schema drop user hr cascade; -- altering the default password policy (by default passwords will expire in 180 days) alter profile default limit password_life_time unlimited; -- some recommended values for the parameters alter system set sessions=250 scope=spfile; alter system set processes=200 scope=spfile; alter system set memory_target=1G scope=spfile; alter system set memory_max_target=1G scope=spfile; alter system set job_queue_processes=100 scope=spfile; -- creating a tablespace for our APEX workspaces create tablespace apex datafile '/u01/app/oracle/oradata/XE/apex.dbf' size 128M reuse autoextend on next 8M maxsize unlimited; -- creating a schema for our APEX workspaces create user apex identified by "YourPasswordHere" default tablespace apex temporary tablespace temp; alter user apex quota unlimited on apex; grant unlimited tablespace to apex; grant create session to apex; grant create cluster to apex; grant create dimension to apex; grant create indextype to apex; grant create job to apex; grant create materialized view to apex; grant create operator to apex; grant create procedure to apex; grant create sequence to apex; grant create snapshot to apex; grant create synonym to apex; grant create table to apex; grant create trigger to apex; grant create type to apex; grant create view to apex; -- restart database shutdown immediate startup
As you can see, I created a new schema
apex in a new tablespace
apex. I would recommend to use it for your
Note that If you plan to do any network calls from the database, for example to invoke web services or send emails, you need to configure Network Access Control List (ACL) to enable outgoing traffic to certain hosts/IP addresses and ports. Please see the special article, covering the topic in detail, for more information.
The default connection pool settings in the ORDS configuration are too small. You'll have to experiment to see what settings are the best for your workload, but the following seem should work well:
Find these parameters and set their values:
<entry key="jdbc.InitialLimit">10</entry> <entry key="jdbc.MinLimit">10</entry> <entry key="jdbc.MaxLimit">60</entry>
Restart Tomcat to take effect:
systemctl restart tomcat
Checking if everything works
I believe you are duying to open your browser and check how it works. Just do it!
APEX main page must be available on
yourdomain.tld/ords address, APEX administration services on
yourdomain.tld/ords/apex_admin repectively (where
yourdomain.tld is your domain name or the server IP address):
Let's check the headers to be sure that caching and traffic compression work:
Everything looks wonderful!
Surely, these are not all the moves which could be done. Consider also setting up SSL connection to your server, configuring backups, installing some monitoring tools and systems like influxdb+telegraf+grafana. This work can be endless and I'd rather stop here.
Now, I can finally say that we successfully installed and secured a reliable, nocely working APEX environment on a CentOS Linux server. Please, provide me with your feedback in the comments and do not hesitate to add anything, which would be great to add to this guide. I would really appreciate it if you corrected my english if I misused some words or structure - I should excuse for it in advance.
Thank you very much for reading and I wonder if this series of blog posts would do any better to the great APEX community. Stay tuned for other guides and stories!
In case you missed some previous steps, please, use the following links to catch up:
Subscribe to SELECT BLOG FROM DUAL
Get the latest posts delivered right to your inbox