The architecture includes:
- Oracle Autonomous Database (ADB) with Oracle APEX enabled
- NGINX as a reverse proxy for APEX
- Custom Domain & SSL/TLS configuration for secure access
Please note that the following points are not intended as a step-by-step guide but rather a collection of helpful reminders to refer to as needed.
See notes here.
Add a reverse proxy entry for the domain <my_domain>.
sudo nano /etc/nginx/conf.d/<my_domain>.conf
NOTE. Replace <my_domain> and <my_apex_url>.
server {
server_name <my_domain>;
location / {
rewrite ^/$ /ords permanent;
}
location /ords/ {
proxy_pass <my_apex_url>/ords/;
proxy_set_header Origin "" ;
proxy_set_header X-Forwarded-Host $host:$server_port;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-Proto $scheme;
}
location /i/ {
proxy_pass <my_apex_url>/i/;
proxy_set_header X-Forwarded-Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
}
}
Test NGINX configuration.
sudo nginx -t
Enable the EPEL repository.
sudo dnf install -y oracle-epel-release-el8
sudo dnf config-manager --set-enabled ol8_developer_EPEL
sudo dnf update -y
Install CertBot.
sudo dnf install -y certbot python3-certbot-nginx
Run CertBot.
sudo certbot --nginx
Create a new cronjob.
sudo crontab -e
Add the following entry.
0 0 * * * /bin/certbot renew --quiet --post-hook "systemctl restart nginx"
Check cronjob.
sudo crontab -l
Run this commands.
sudo cat /var/log/audit/audit.log | grep nginx | grep denied | audit2allow -M apex_proxy
sudo semodule -i apex_proxy.pp
Edit the NGINX configuration file.
sudo nano /etc/nginx/conf.d/<my_domain>.conf
NOTE. Replace <my_apex_workspace> and <my_apex_app>.
location / {
rewrite ^/$ /ords/r/<my_apex_workspace>/<my_apex_app> permanent;
}
Test NGINX configuration.
sudo nginx -t
Restart NGINX.
sudo nginx -s reload