ORDS, SODA & JSON in the Database

Announcement

For appeals, questions and feedback about Oracle Forums, please email oracle-forums-moderators_us@oracle.com. Technical questions should be asked in the appropriate category. Thank you!

Load Balancer Health Check Critical (for one ORDS, other ORDS ok)

Jim DicksonMay 28 2025 — edited May 28 2025

I created one LB with 2 Backend Set each with one Backend = compute instance running ORDS on port 8080

Both Backend Sets configured the same (as far as I can tell)

In one,Health check is OK, in other Critical ( Critical - Status code mismatch )

I suspect I missed a step somewhere but cannot debug / find difference / and can't see a logical reason

Not 100% what this proves - but I see same Warning on Backend where Health is Ok

[opc@apex23c-ords ~]$ curl -v http://localhost:8080/ords/apex
*   Trying ::1...
* TCP_NODELAY set
* Connected to localhost (::1) port 8080 (#0)
> GET /ords/apex HTTP/1.1
> Host: localhost:8080
> User-Agent: curl/7.61.1
> Accept: */*
>
< HTTP/1.1 302 Found
< Strict-Transport-Security: max-age=10368000
< X-Content-Type-Options: nosniff
< X-Xss-Protection: 1; mode=block
< Referrer-Policy: strict-origin
< Warning: 199 APEX "HTTP request but need HTTPS"
< Location: https://localhost:8080/ords/f?p=4100:1:::
< Transfer-Encoding: chunked
<
* Connection #0 to host localhost left intact
[opc@apex23c-ords ~]$ client_loop: send disconnect: Connection reset

Firewall open

[opc@apex23c-ords ~]$ sudo firewall-cmd --zone=public --list-all
public (active)
  target: default
  icmp-block-inversion: no
  interfaces: enp0s6
  sources:
  services: dhcpv6-client ssh
  ports: 80/tcp 8080/tcp 8443/tcp
  protocols:
  forward: no
  masquerade: no
  forward-ports:
  source-ports:
  icmp-blocks:
  rich rules:

ORDS 25.1 (Critical one) :

Database pool: default

Setting                                  Value                                     Source
--------------------------------------   ---------------------------------------   -----------
database.api.enabled                     true                                      Global
db.password                              ******                                    Pool Wallet
db.username                              ORDS_PUBLIC_USER2                         Pool
db.wallet.zip.path                       /home/oracle/Wallets/Wallet_APEX23C.zip   Pool
db.wallet.zip.service                    APEX23C_LOW                               Pool
feature.sdw                              true                                      Pool
plsql.gateway.mode                       proxied                                   Pool
restEnabledSql.active                    true                                      Pool
security.externalSessionTrustedOrigins   www.transaction-matching.com              Pool
security.requestValidationFunction       ords_util.authorize_plsql_gateway         Pool
standalone.context.path                  /ords                                     Global
standalone.doc.root                      /etc/ords/config/global/doc_root          Global
standalone.http.port                     8080                                      Global

I think I still don't fully understand the whole http vs https on internet -> lb -> ords -> apex -> adb

to my mind only internet → lb needs to be https, once inside oci http ( on same subnet ) is ok.

For the healthy ORDS, the only certificate is on LB (listener 443) so all other traffic is http / unencrypted - just trying to copy that config.

This could be LB and/or ORDS and/or user-error but thought this forum was best.

This post has been answered by Jim Dickson on May 28 2025

Jump to Answer

Added on May 28 2025

4 comments

331 views