======Install APEX Without Glassfish======
This page details how to install APEX 4.2.6 (Oracle Application Express) on a CentOS 6 x64Server running Oracle Database 11gR2.
These instructions are a modified version those contained in two videos posted by Przemysław Mazur on YouTube.
=====Prerequisites=====
You must have a CentOS 6 machine already set up in accordance with the the [[linux:install_centos6|Install CentOS 6]] guide and then set up the Oracle Database server in accordance with the "[[databases:install_oracle_11gr2|Install Oracle 11gR2]]" guide.
=====Download Installation Files=====
Having installed Oracle Standard One 11gR2 (11.2.0.3) on a CentOS 6 x64 machine, download the following
* Oracle APEX - 4.2.6 at the time of writing. We got the 'English' only download that was called "apex_4.2.6_en.zip") [[http://www.oracle.com/technetwork/developer-tools/apex/downloads/index.html|download]]
Once you have downloaded this file, upload it, as the 'oracle' user to the $ORACLE_HOME directory (/oracle/base/home) on the Oracle server. It is important to upload the file as the oracle user so that you have the right permissions on the file.
=====Install Nginx=====
Use [[linux:install_nginx|this guide]] to install Nginx. We use Nginx as a reverse web proxy to make it much easier to configure SSL. It also adds a layer between the Oracle httpd server and the internet.
You then need to run this command as SELinux should already be enabled and it will causes issues. This command fixes the issues without disabling SELinux.
setsebool -P httpd_can_network_connect 1
Create the folder we will log to
mkdir -p /var/log/nginx/log/
cat << EOF > /etc/nginx/reverse_proxy.conf
proxy_redirect off;
proxy_set_header Host $http_host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_max_temp_file_size 0;
client_max_body_size 10m;
client_body_buffer_size 128k;
proxy_connect_timeout 90;
proxy_send_timeout 90;
proxy_read_timeout 90;
proxy_buffer_size 4k;
proxy_buffers 4 32k;
proxy_busy_buffers_size 64k;
proxy_temp_file_write_size 64k;
END_OF_TEXT
cat > /etc/nginx/conf.d/default.conf <<'END_OF_TEXT'
server {
listen 80;
server_name apex.example.com;
return 301 https://$server_name$request_uri;
}
server {
listen 443;
server_name apex.example.com;
ssl on;
ssl_certificate /etc/nginx/conf.d/server.crt;
ssl_certificate_key /etc/nginx/conf.d/server.key;
ssl_session_timeout 5m;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
# DES-CBC3-SHA needed so that Internet Explorer 8 on Windows 2003 and some Windows 7 can access https.
ssl_ciphers AES256+EECDH:AES256+EDH:DES-CBC3-SHA;
ssl_prefer_server_ciphers on;
ssl_session_cache shared:SSL:10m;
merge_slashes on;
#charset koi8-r;
access_log /var/log/nginx/log/host.access.log main;
# This is only needed if you want compatibility with old APEX
# reverse proxying /pls/htmldb location
location /pls/htmldb {
rewrite ^/pls/htmldb(.*)$ $1 permanent;
return 301 https://$server_name/apex$request_uri;
}
# reverse proxying /apex location
location /apex {
proxy_pass http://localhost:8080/apex;
include /etc/nginx/reverse_proxy.conf;
}
location ~ ^/f(.*)$ {
return 301 https://$server_name/apex$request_uri;
}
# reverse proxying /i location
location /i/ {
proxy_pass http://localhost:8080/i/;
include /etc/nginx/reverse_proxy.conf;
proxy_pass_header Set-Cookie; # I want to cache logged-in users
proxy_ignore_headers X-Accel-Redirect;
proxy_ignore_headers X-Accel-Expires Expires Cache-Control;
if ($http_cache_control ~ "max-age=0") {set $eac 1;}
proxy_cache_bypass $eac;
}
# reverse proxying /apex location
location / {
proxy_pass http://localhost:8080/apex/;
include /etc/nginx/reverse_proxy.conf;
}
error_page 500 502 503 504 /50x.html;
location = /50x.html {
root /usr/share/nginx/html;
}
}
EOF
Restart Nginx to apply the config
service nginx restart
=====Configure Self Signed SSL=====
To generate a self signed certificate (e.g. for a test apex server), run the following commands as the user 'oracle'.
MACHINE=apex
openssl genrsa -des3 -out /etc/nginx/conf.d/$MACHINE.key 2048
openssl req -new -x509 -days 1825 -key /etc/nginx/conf.d/$MACHINE.key -out /etc/nginx/conf.d/$MACHINE.crt -subj "/C=GB/ST=County/L=City/O=Company/OU=IT/CN=$MACHINE.example.com"
We now strip the password out of the key so that Nginx can start without manual intervention.
cp /etc/nginx/conf.d/$MACHINE.key /etc/nginx/conf.d/$MACHINE.key.original
openssl rsa -in /etc/nginx/conf.d/$MACHINE.key.original -out /etc/nginx/conf.d/$MACHINE.key
Clean up and fix permissions
rm -f /etc/nginx/conf.d/$MACHINE.key.original
chmod 400 /etc/nginx/conf.d/$MACHINE.crt
chmod 400 /etc/nginx/conf.d/$MACHINE.key
chcon -h -t httpd_config_t /etc/nginx/conf.d/$MACHINE.crt
chcon -h -t httpd_config_t /etc/nginx/conf.d/$MACHINE.key
=====Create Database=====
Run the following as the user 'oracle'.
PASSWD=put-sys-passwd-here
echo "CREATE TABLESPACE APEX_SPACE datafile '/oracle/data/database/APEX_SPACE.DBF' SIZE 350M EXTENT MANAGEMENT LOCAL SEGMENT SPACE MANAGEMENT AUTO;" | sqlplus sys/${PASSWD}@database as sysdba
=====Unpack APEX Files=====
Run the following as the user 'oracle'. Change the value of FILENAME as appropriate.
FILENAME=apex_4.2.6_en.zip
# Extract the contents of the zip file to /oracle/base/home/apex and overwrite any existing files
unzip -uo $ORACLE_HOME/${FILENAME} -d $ORACLE_HOME
# Delete the zip file
rm -f $ORACLE_HOME/${FILENAME}
# Modify apxldimg.sql so that it runs properly when we call it later
sed -i "s;\^1;${ORACLE_HOME};g" $ORACLE_HOME/apex/apxldimg.sql
# Update the file properties
chmod -R 750 $ORACLE_HOME/apex/
find $ORACLE_HOME/apex -type f -print | xargs -I{} chmod 770 {}
=====Install APEX on the Database=====
Run the following as the user 'oracle'
Set the sys password to be used by the other commands that follow.
PASSWD=put-sys-passwd-here
This command takes about 20 minutes to run
sqlplus sys/$PASSWD@database @"$ORACLE_HOME/apex/apexins.sql APEX_SPACE APEX_SPACE TEMP /i/;"
This command takes about 3 minutes to run
sqlplus sys/$PASSWD@database @"$ORACLE_HOME/apex/apxldimg.sql;"
This command will ask you to set the ADMIN password. This must include at least one punctuation character (!"#$%&()``*+,-/:;?_).
When asked to specify a port, just press 'Enter' to accept the default port of 8080
sqlplus sys/$PASSWD@database @"$ORACLE_HOME/apex/apxconf.sql;"
echo "ALTER USER ANONYMOUS ACCOUNT UNLOCK;" | sqlplus sys/${PASSWD}@database as sysdba
echo "ALTER USER XDB ACCOUNT UNLOCK;" | sqlplus sys/${PASSWD}@database as sysdba
echo "ALTER USER APEX_040200 ACCOUNT UNLOCK;" | sqlplus sys/${PASSWD}@database as sysdba
echo "ALTER USER FLOWS_FILES ACCOUNT UNLOCK;" | sqlplus sys/${PASSWD}@database as sysdba
echo "ALTER USER APEX_PUBLIC_USER ACCOUNT UNLOCK;" | sqlplus sys/${PASSWD}@database as sysdba
The account APEX_040200 may need to be altered as time goes by and versions change. To get the account name you need, follow these steps
# In the enterprise manager web interface (https://server_name.example.com:1158/em/), go to the server tab and then click the 'users' link.
# Several (probably two) APEX_* users will be listed. One should have APEX_SPACE in the 'Default Tablespace' column. Take note of the value of its UserName and edit "APEX_040200" below as needed.
=====Allow APEX to Send Email=====
Before you can configure APEX to send email (using the web interface to configure it), you have to set up access control lists.
Run the following commands
Log in as sysdba. Open a command windows or SQL Plus.
SQL> begin
dbms_network_acl_admin.create_acl(acl => '/sys/acls/smtp.xml', description => 'SMTP ACL', principal => 'PUBLIC', is_grant => true, privilege => connect, start_date => sysdate, end_date => null);
end;
/
SQL> begin
dbms_network_acl_admin.assign_acl(acl => '/sys/acls/smtp.xml',host => 'mail.example.com');
end;
/
=====Test Install=====
Given that Nginx has already been setup, visit
https://server_name.example.com/apex/f?p=4550:10:0::NO:::
* Username - Admin
* Password - Whatever You Set Earlier when running @apxconf.sql. You will have to change it on first login.