I am using Free Tier Oracle Autonomous Database Workload type: Transaction Processing Serverless with Secure access from everywhere.
I created APEX app using that database.
I bought custom domain on Bluehost. I am also hosting it on Bluehost and have SSL/TLS Certificate. Hosting and custom domain name are paid.
Now, I want to publish that app on my custom domain FOR FREE using Oracle Cloud options.
If using A record I need Public IP address. My database does not have one because it is public.
I want my url to stay looking like www.mycustomdomain.com and still showing my APEX app.
Option 1. CNAME ---- Why yes/no CNAME?
When I connected using CNAME it worked and the whole process was free but my URL was changing in browser when opening app to my default link of the app. I know that CNAME does that but I had to check the process to verify that all steps are free.
How I did that?
I created API Gateway and its deployment. Generated deployment endpoint I put in my custom domain CNAME to connect.
In path prefix and path I entered /. In backend type HTTP URL I put my whole default URL of the apex app home page.
That all said, everything was free in Oracle Cloud. My apex app was public but URL was changing.
I can enter www.mycustomdomain.com in browser and it will basically just redirect to my app default url and show my app.
Conclusion: This works but it is not what I want. Maybe I can add something rule/feature extra to this approach to lock URL not to show default one and keep seeing custom when I open my app?
OPTION 2: Use A record.
For A record for now I tried:
Changed my database to the same settings except from Secure access from everywhere to pick Private Endpoint. The problem with that is that it will not be free anymore. I have to pay for that extra feature.
For this I followed link https://www.youtube.com/watch?v=2qSSm65y-oA&t=29s&ab_channel=OracleDevelopers
This works but it is expensive, I can't pay for it.
I tried creating Compute Instance. That will give me Public IP address that I will be able to connect to but
what I can see from my experience free version is not enough RAM storage for everything that I need. So I have to take compute instance with bigger RAM so it will not be free anymore.
While installing ORDS I do not have SYS rights so I can't install ORDS on my compute instance. When I try install it using Admin it still gives my message insufficient privileges.
I will write the steps I did for now using CMD in Windows10. My compute instance is in Linux 8:
1. In the Oracle Cloud Console. Created Virtual Cloud Network using VCN Wizard. Picked VCN with Internet Gateway. In VCN Created public_subnet. Created security list for that subnet. Create ingress rules
source type : CIDR source CIDR: 0.0.0.0/0 IP Protocol TCP Destination Port Range 80
source type : CIDR source CIDR: 0.0.0.0/0 IP Protocol TCP Destination Port Range 433
Create egress rules
Destination 0.0.0.0/0 IP Protocols: All Protocols Allows: All traffic for all ports.
2. Created Compute Instance connect it to that VCN. Saved private key locally on my computer in folder Myapp.
3. Saved my custom domain 3 SSLCertificate files in the same folder locally in Myapp - zipped these 3 files together.
4. uploaded these files on my compute instance, moved files to more safe folder, unzipped them and secure them
scp -i pathofmycomputeinstancekeyincludingit .key pathofmycomputeinstancesslcertificatezipfile.zip computeinstanceusername@computeinstancePublicIPaddress:/home/computeinstanceusername
ssh -i /path/to/your/private-key.pem opc@your_compute_instance_public_ip
5. install NginX and set it up to be able to access SSLCertificatefiles.
sudo dnf install nginx
set up listening
# HTTP server block (port 80) - Redirects to HTTPS
server {
listen 80;
server_name www.mycustomdomain.com mycustomdomain.com;
# Redirect all HTTP traffic to HTTPS
return 301 https://$host$request_uri;
}
# HTTPS server block (port 443)
server {
listen 443 ssl;
server_name www.mycustomdomain.com mycustomdomain.com ;
# SSL Configuration
ssl_certificate /etc/ssl/mycustomdomain/SSLCertificate/hm_certificate.crt;
ssl_certificate_key /etc/ssl/mycustomdomain/SSLCertificate/hm_privatekey.key;
ssl_trusted_certificate /etc/ssl/mycustomdomain/SSLCertificate/hm_cabundle.ca-bundle;
ssl_protocols TLSv1.2 TLSv1.3;
ssl_ciphers 'TLS_AES_128_GCM_SHA256:TLS_AES_256_GCM_SHA384:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384';
ssl_prefer_server_ciphers off;
# Security headers
add_header Strict-Transport-Security "max-age=31536000; includeSubDomains; preload" always;
add_header X-Content-Type-Options nosniff;
add_header X-Frame-Options SAMEORIGIN;
# Document root and other settings
root /var/www/html;
index index.html index.htm index.php;
# Proxy to Oracle APEX app
location / {
proxy_pass https://herepasteyouroracleapexappurl;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
}
}
set nginx to listen :
sudo firewall-cmd --permanent --add-service=http
sudo firewall-cmd --permanent --add-service=https
sudo firewall-cmd --reload
sudo firewall-cmd --list-all
After all i got error 502 Bad Gateway nginx/1.14.1. so I assumed I am missing ORDS now because I do not have any interaction with wallet and database so far.
I uploaded my wallet to compute instance and set security who can read/write. I downloaded java 11 and installed it.I downloaded ords and put its configuration folder to /home/opc/ords_config instead /home/opc/ords.
When I run ords --config /home/opc/ords_config install I connect with ADMIN name and password but
It returns me :
Retrieving information.
Connecting to database user: ORDS_PUBLIC_USER url: jdbc:oracle:thin:@MYDATABASE_HIGH?TNS_ADMIN=/home/opc/wallet_mydatabase
2024-11-20T08:43:24.403Z INFO The log file is defaulted to the current working directory located at /home/opc/logs/
ORA-01031: insufficient privileges
https://docs.oracle.com/error-help/db/ora-01031/
I do not have SYS privileges because Oracle Cloud is sys. I do not have DBA right also. I only have Admin but this is not working to go further with installation process.
I saw that in some versions you have to login to sqlplus and start script to give privileges.
SQL> @/home/opc/ords/scripts/installer/ords_installer_privileges.sql Admin
Did that but also not working properly because I can't give myself rights and also i tried to give it to some other user and no sys.user_… privilege was granted. That i logical because I am not sys.
I do not know if I have gone to far with this whole process because it is a lot of work. Am I on the right path? Is this even a good path? Is there a simpler path to reach my goal. Any advice would be very useful.
OPTION 3. YOU TELL ME - VERY GRATEFUL!