This page details how to install APEX 4.2.6 (Oracle Application Express) on a CentOS 6 x64Server running Oracle Database 11gR2.

These instructions are a modified version those contained in two videos posted by Przemysław Mazur on YouTube.

You must have a CentOS 6 machine already set up in accordance with the the Install CentOS 6 guide and then set up the Oracle Database server in accordance with the “Install Oracle 11gR2” guide.

Having installed Oracle Standard One 11gR2 (11.2.0.3) on a CentOS 6 x64 machine, download the following

• Oracle APEX - 4.2.6 at the time of writing. We got the 'English' only download that was called “apex_4.2.6_en.zip”) download

Once you have downloaded this file, upload it, as the 'oracle' user to the $ORACLE_HOME directory (/oracle/base/home) on the Oracle server. It is important to upload the file as the oracle user so that you have the right permissions on the file.

Use this guide to install Nginx. We use Nginx as a reverse web proxy to make it much easier to configure SSL. It also adds a layer between the Oracle httpd server and the internet.

You then need to run this command as SELinux should already be enabled and it will causes issues. This command fixes the issues without disabling SELinux.

setsebool -P httpd_can_network_connect 1

Create the folder we will log to

mkdir -p /var/log/nginx/log/

cat << EOF > /etc/nginx/reverse_proxy.conf
proxy_redirect  off;
proxy_set_header   Host             $http_host;
proxy_set_header   X-Real-IP        $remote_addr;
proxy_set_header   X-Forwarded-For  $proxy_add_x_forwarded_for;
proxy_max_temp_file_size 0;

client_max_body_size       10m;
client_body_buffer_size    128k;

proxy_connect_timeout      90;
proxy_send_timeout         90;
proxy_read_timeout         90;

proxy_buffer_size          4k;
proxy_buffers              4 32k;
proxy_busy_buffers_size    64k;
proxy_temp_file_write_size 64k;
END_OF_TEXT

cat > /etc/nginx/conf.d/default.conf <<'END_OF_TEXT'
server {
    listen         80;
    server_name    apex.example.com;
    return         301 https://$server_name$request_uri;
}

server {
    listen       443;
    server_name  apex.example.com;
    ssl          on;
    ssl_certificate      /etc/nginx/conf.d/server.crt;
    ssl_certificate_key  /etc/nginx/conf.d/server.key;

    ssl_session_timeout  5m;

    ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
    # DES-CBC3-SHA needed so that Internet Explorer 8 on Windows 2003 and some Windows 7 can access https.
    ssl_ciphers AES256+EECDH:AES256+EDH:DES-CBC3-SHA;

    ssl_prefer_server_ciphers   on;
    ssl_session_cache shared:SSL:10m;

    merge_slashes on;

    #charset koi8-r;
    access_log  /var/log/nginx/log/host.access.log  main;

    # This is only needed if you want compatibility with old APEX
    # reverse proxying /pls/htmldb location
    location /pls/htmldb {
        rewrite ^/pls/htmldb(.*)$ $1 permanent;
        return 301 https://$server_name/apex$request_uri;
    }

    # reverse proxying /apex location
    location /apex {
        proxy_pass         http://localhost:8080/apex;
        include /etc/nginx/reverse_proxy.conf;
    }
    location ~ ^/f(.*)$ {
        return 301 https://$server_name/apex$request_uri;
    }


    # reverse proxying /i location
    location /i/ {
        proxy_pass         http://localhost:8080/i/;
        include /etc/nginx/reverse_proxy.conf;

        proxy_pass_header       Set-Cookie; # I want to cache logged-in users
        proxy_ignore_headers    X-Accel-Redirect;
        proxy_ignore_headers    X-Accel-Expires Expires Cache-Control;
        if ($http_cache_control ~ "max-age=0") {set $eac 1;}
        proxy_cache_bypass $eac;
    }

    # reverse proxying /apex location
    location / {
        proxy_pass         http://localhost:8080/apex/;
        include /etc/nginx/reverse_proxy.conf;
    }

    error_page   500 502 503 504  /50x.html;
    location = /50x.html {
       root   /usr/share/nginx/html;
    }
}
EOF

Restart Nginx to apply the config

service nginx restart

To generate a self signed certificate (e.g. for a test apex server), run the following commands as the user 'oracle'.

MACHINE=apex
openssl genrsa -des3 -out /etc/nginx/conf.d/$MACHINE.key 2048

openssl req -new -x509 -days 1825 -key /etc/nginx/conf.d/$MACHINE.key -out /etc/nginx/conf.d/$MACHINE.crt -subj "/C=GB/ST=County/L=City/O=Company/OU=IT/CN=$MACHINE.example.com"

We now strip the password out of the key so that Nginx can start without manual intervention.

cp /etc/nginx/conf.d/$MACHINE.key /etc/nginx/conf.d/$MACHINE.key.original
openssl rsa -in /etc/nginx/conf.d/$MACHINE.key.original -out /etc/nginx/conf.d/$MACHINE.key

Clean up and fix permissions

rm -f /etc/nginx/conf.d/$MACHINE.key.original
chmod 400 /etc/nginx/conf.d/$MACHINE.crt
chmod 400 /etc/nginx/conf.d/$MACHINE.key
chcon -h -t httpd_config_t /etc/nginx/conf.d/$MACHINE.crt
chcon -h -t httpd_config_t /etc/nginx/conf.d/$MACHINE.key

Run the following as the user 'oracle'.

PASSWD=put-sys-passwd-here
echo "CREATE TABLESPACE APEX_SPACE datafile '/oracle/data/database/APEX_SPACE.DBF' SIZE 350M EXTENT MANAGEMENT LOCAL SEGMENT SPACE MANAGEMENT AUTO;" | sqlplus sys/${PASSWD}@database as sysdba

Run the following as the user 'oracle'. Change the value of FILENAME as appropriate.

FILENAME=apex_4.2.6_en.zip

# Extract the contents of the zip file to /oracle/base/home/apex and overwrite any existing files
unzip -uo $ORACLE_HOME/${FILENAME} -d $ORACLE_HOME

# Delete the zip file
rm -f $ORACLE_HOME/${FILENAME}

# Modify apxldimg.sql so that it runs properly when we call it later
sed -i "s;\^1;${ORACLE_HOME};g" $ORACLE_HOME/apex/apxldimg.sql

# Update the file properties
chmod -R 750 $ORACLE_HOME/apex/
find $ORACLE_HOME/apex -type f -print | xargs -I{} chmod 770 {}

Run the following as the user 'oracle'

Set the sys password to be used by the other commands that follow.

PASSWD=put-sys-passwd-here

This command takes about 20 minutes to run

sqlplus sys/$PASSWD@database @"$ORACLE_HOME/apex/apexins.sql APEX_SPACE APEX_SPACE TEMP /i/;"

This command takes about 3 minutes to run

sqlplus sys/$PASSWD@database @"$ORACLE_HOME/apex/apxldimg.sql;"

This command will ask you to set the ADMIN password. This must include at least one punctuation character (!“#$%&()``*+,-/:;?_).

When asked to specify a port, just press 'Enter' to accept the default port of 8080

sqlplus sys/$PASSWD@database @"$ORACLE_HOME/apex/apxconf.sql;"

echo "ALTER USER ANONYMOUS ACCOUNT UNLOCK;" | sqlplus sys/${PASSWD}@database as sysdba
echo "ALTER USER XDB ACCOUNT UNLOCK;" | sqlplus sys/${PASSWD}@database as sysdba
echo "ALTER USER APEX_040200 ACCOUNT UNLOCK;" | sqlplus sys/${PASSWD}@database as sysdba
echo "ALTER USER FLOWS_FILES ACCOUNT UNLOCK;" | sqlplus sys/${PASSWD}@database as sysdba
echo "ALTER USER APEX_PUBLIC_USER ACCOUNT UNLOCK;" | sqlplus sys/${PASSWD}@database as sysdba

The account APEX_040200 may need to be altered as time goes by and versions change. To get the account name you need, follow these steps # In the enterprise manager web interface (https://server_name.example.com:1158/em/), go to the server tab and then click the 'users' link. # Several (probably two) APEX_* users will be listed. One should have APEX_SPACE in the 'Default Tablespace' column. Take note of the value of its UserName and edit “APEX_040200” below as needed.

Before you can configure APEX to send email (using the web interface to configure it), you have to set up access control lists.

Run the following commands

Log in as sysdba. Open a command windows or SQL Plus.

SQL> begin
dbms_network_acl_admin.create_acl(acl => '/sys/acls/smtp.xml', description => 'SMTP ACL', principal => 'PUBLIC', is_grant => true, privilege => connect, start_date => sysdate, end_date => null);
end;
/
SQL> begin
dbms_network_acl_admin.assign_acl(acl => '/sys/acls/smtp.xml',host => 'mail.example.com');
end;
/

Given that Nginx has already been setup, visit

https://server_name.example.com/apex/f?p=4550:10:0::NO:::

• Username - Admin
• Password - Whatever You Set Earlier when running @apxconf.sql. You will have to change it on first login.