Professional Documents
Culture Documents
Dietmar Aust
Opal-Consul9ng, Köln
www.opal-consul9ng.de
Opal Consul9ng
► Blog: h]p://daust.blogspot.com/
► 35 finalists
► WHAT?
► Characteris9cs
▪ Fits 80% of deployments
▪ Intranet usage mainly
▪ “Basic” security measures and good performance
► The proposed setup is flexible and can be extended in order to sa9sfy more
elaborate requirements for higher security and even be]er performance
► WHY?
Oracle
► The Webserver and PL/SQL gateway don’t need a lot of processing power,
most of the 9me idle
TNS Listener
ORDS 3.0
Oracle
https AJP JDBC
► Schemas ► Schemas
▪ APEX_040200 ▪ ORDS_METADATA
▪ APEX_LISTENER ▪ ORDS_PUBLIC_USER
▪ APEX_REST_PUBLIC_USER
► Configuration via
► Configuration via ▪ SQL Developer
▪ APEX SQL Workshop ▪ PL/SQL API
APEX_PUBLIC_USER
APEX / OWA main connec9on pool
Size according to number of concurrent apex users
ORDS 3.0
ORDS_METADATA
Stores REST Defini9ons
ORDS_PUBLIC_USER
REST Connec9on pool for all REST opera9ons
Size according to concurent REST calls
► Currently there is s9ll the need for the users APEX_LISTENER and
APEX_REST_PUBLIC_USER:
▪ The new download of sta9c applica9on files and sta9c workspace files require it
▪ So that you can con9nue to use the management interface in the SQL Workshop
(else you have to use SQL Developer)
Setting Up the Oracle APEX Listener (Now ORDS) for Production
Environments
23.06.2015 Page 14
Understanding the Architecture
Database Users
apex_rest_config.sql must
also be executed aRer the upgrade
to APEX 5.0 !!! Even if it was
installed in APEX 4.2.x !!!
► ORDS needs configura9on files for connec9on pools and standalone mode
▪ The command line installa9on will MODIFY the ords.war file and register a
reference to the directory containing the config files
► Configura9on Files
▪ defaults.xml
− All Common sevngs and defaults for all connec9on pools
▪ ords/standalone/standalone.proper9es
− Standalone mode configura9on for Je]y (/i/ loca9on and port #)
▪ conf/apex.xml (APEX_PUBLIC_USER)
▪ conf/apex_al.xml (APEX_LISTENER)
▪ conf/apex_rt.xml (APEX_REST_PUBLIC_USER)
▪ conf/apex_pu.xml (ORDS_PUBLIC_USER)
▪ role-mapping.xml
− Maps Webserver Roles into RESTful Roles
▪ url-mapping.xml
− Mul9ple database configura9ons
► A sample configura9on:
▪ jdbc.Ini9alLimit=15
− #sessions created in the connec9on pool at startup
▪ jdbc.MaxLimit=50
− max. number of concurrent sessions allowed
▪ jdbc.Inac9vityTimeout=1800
− Connec9on is not used for 1800 seconds => removed from pool
▪ jdbc.MinLimit=15
− Min. number of connec9ons in pool, even if inac9vityTimeout has passed
► Op9miza9on is always difficult, monitoring the current usage, then trial and
error
► Simple monitoring
SELECT username, status, COUNT (*) cnt
FROM v$session
WHERE username LIKE '%APEX%' OR username LIKE '%ORDS%'
GROUP BY username, status;
► If anything goes wrong during the installa9on - you can repeat the process,
but you have to clean up the config files beforehand
▪ All config files in c:\app\ords_3.0\conf (including the subdirectories)
▪ ords_params.properties (the installer will remember our previous prompt
and not ask again)
► Create a directory to hold the ORDS configura9on, i.e. the defini9on of the
different connec9on pools
▪ mkdir c:\app\ords_3.0\conf
► Test: http://localhost:8090/
► Sevngs:
▪ jdbc.Ini9alLimit=15
▪ jdbc.MaxLimit=50
▪ jdbc.MinLimit=15
► Restart ords.war standalone and test the configura9on again (verify syntax in
config file) : h]p://localhost:8090/
► Leave the defaults and provide a user for the administra9on via the web
manager applica9on
▪ Typically supports h]ps via ssl out of the box, comes with self signed cer9ficates
included for tes9ng / development purposes
− For produc9on sites you should a signed cer9ficate
− Fine for development and tes9ng environments
► APACHE_HOME\conf\extra\
h]pd-ahssl.conf
(specific to this distribu9on)
► You can also move the LoadModule direc9ves into the httpd.conf file
(they are all listed there at the beginning of the file)
► Bind Tomcat to localhost ONLY, so that only Apache h]pd server is allowed
to talk to it
► Modify TOMCAT_HOME\conf\server.xml:
<Connector port="8080" protocol="HTTP/1.1"
connec9onTimeout="20000"
address="127.0.0.1"
redirectPort="8443" />
...
<!-- Define an AJP 1.3 Connector on port 8009 -->
<Connector port="8009" protocol="AJP/1.3" redirectPort="8443"
address="127.0.0.1" />
▪ Prompts for all database setup parameters again and UPDATES all config files,
doesn’t create them from scratch
▪ Axer the change we need to reload the new configura9on in your Tomcat by
either:
1. Restart the Tomcat service
2. “touch” the webapps\ords.war file
− Update the 9mestamp, Tomcat will automa9cally redeploy
► Tomcat
▪ TOMCAT_HOME\logs
− catalina.log (includes messages from Tomcat itself but also all J2EE
applica9ons, i.e. ORDS):
► Problem displaying sta9c images in APEX 5.0 for workspaces created pre 4.1
▪ Solu9on: Upgrade to apex 5.0.2 or install patch
SELECT application_id,
page_id,
COUNT (*) AS hits,
COUNT (*) / 60 AS hits_pro_min,
MIN (elapsed_time) AS MIN,
AVG (elapsed_time) AS AVG,
MAX (elapsed_time) AS MAX,
AVG (elapsed_time) * COUNT (*) weight
FROM apex_workspace_activity_log
WHERE view_date > SYSDATE - 1 / 24 / 60 * 60 /* 1 hour */
GROUP BY application_id, page_id
ORDER BY AVG (elapsed_time) * COUNT (*) /* weight */ desc
► Apache + mod_auth_kerb
▪ Kerberos authen9ca9on with the Windows Ac9ve Directory
▪ h]p://www.apexsolu9ons.de/blog/allgemein/single-sign-on-for-apex-
applica9ons-using-kerberos/
► h]p://www.oracle-and-apex.com/human-readable-urls-in-oracle-apex-
part-2/
6
2
6
3
Q&A
Dietmar Aust
Opal-Consul9ng, Köln
www.opal-consul9ng.de
daust.blogspot.com
dietmar.aust@opal-consul9ng.de