Archive for the ‘Apache’ Category

Changing the HTTP port Oracle uses

In a production environment your database server will be completely separate from your application server or at least it should be. So in theory you should never really need to change this setting unless its for your development environment.

In my case I needed to run both JBoss and Oracle on the same PC in order to test my environment. Why would I need to change the HTTP port of Oracle? Well Oracle has an HTML set of admin screens it uses as an interface to let users do DBA stuff rather than doing it from a prompt screen, on Oracle XE this is called Apex and for Oracle Enterprise, I think it’s just called Enterprise Manager or some such shit. Two different GUI’s but both  use and reserve the HTTP port on your computer. Since Oracle starts before JBoss, Apache then can’t use this port to talk to JBoss.

The easiest way around this is to set the HTTP port that Oracle uses and it’s really really simple. You’ll need to have the SYSDBA priviledges for this to work, so I’ll assume as much.

Start SQLPlus and login to your server connecting as SYSDBA. Normally by default the connection will be something like: connect SYS as SYSDBA@XE etc… where XE is your service identifier – for Enterprise it’s what ever you called it on install.

Once you’ve done this then just run this command: exec dbms_xdb.sethttpport(9090);

This sets my Oracle HTTP port to 9090, something JBoss shouldn’t be using. Now I can have everything running without conflict. Apache can now see JBoss and I can still get to Oracles admin screens.

Setting SSL with Apache 2.x on Windows

openssl req

Pretty similar to setting up SSL on unix/linux and actually not that hard to do. Just a few things to remember as a checklist.

If your Apache install didn’t include openSSL then you’ll need to download a few things:

Normally you can find mod_ssl.so in your apache install directory in modules.
In conf/extras you’ll find httpd_ssl.conf

Or just download Apache with openSSL here. Next step is to create a certificate. Only thing to look at really is your server name in your httpd.conf file (found in the conf/ directory). You use your server name in your certificate setup – these must match otherwise you’ll get errors (it’ll still work though).

Ok first thing to do for the  certificate is to download the program for generating your certificate and key. If you go to http://code.google.com/p/openssl-for-windows/downloads/list and download the zip file that you need – I used openssl-0.9.8k_WIN32.zip. Next unzip this to you computer and extract all files, I normally just make a directory in my Apache install e.g. C:/[Apache Dir]/openssl/

Next you’ll need a configuration file, openssl.cnf, for this program to basically tell it how to behave – you can download the file here. Place this file into your [Openssl Install Dir]/bin directory. Windows by default will call this file SpeedDial just in case you need to find it.

Now from this bin directory you should see to .dll files: libeay32.dll and ssleay32.dll. These files should be included with your openssl download. Copy these files to your windows/system32 directory. Ok now that’s all done we can actually create our certificate!

Start up a command prompt (start menu/accessories/command prompt) or run cmd.exe. Now navigate to your openssl install bin directory in your prompt screen.

Start openssl:

openssl-start

To generate the PEM password phrase type and run the following:

req -config openssl.cnf -new -out myName.csr -keyout myName.pem

openssl-req

If you’ve done the previous steps correctly this should start prompting you for information. You can skip stuff by using a period (.) but make sure to set a password and set the common name as your domain e.g. www.luckylarry.co.uk – whatever your server name is in your apache httpd config!

Now we create a key by typing the following:

rsa -in myName.pem -out myName.key

This will ask you for the password you previously set. Finally we create the certificate by running the following:

x509 -in myName.csr -out myName.crt -req -signkey myName.key -days 365

openssl-bin

So if you now look in your openssl/bin directory you will see a few files have now been made. You just need to copy the .crt and .key file to your apache/conf directory – I find its easier to refer to this location in my config. Delete the .rnd file as this can be used against you should anyone have access to it

Finally we just need to enable SSL on Apache. First copy the example httpd-ssl.conf from conf/extras to conf/ directory Open this up and check a few things. Firstly look in there for your server name (line 78) – make sure this is setup. Next look for the path to the .crt and .key file (line 99 and 107) – make sure these are pointing to where ever you put your key and certificate files.

Now we just need to set our main config. Go to conf/httpd.conf and first make sure this line is added:

LoadModule ssl_module modules/mod_ssl.so

Now we add a bit of config after the list of modules.


Include conf/httpd_ssl.conf

And thats it! All done.

Now we can start Apache. Look for any errors, they’ll be for a wrong directory/ path or you haven’t copied the .dll files.

Also check your error.log and ssl_request.log in your/logs directory to check that you’re getting no errors. Now you should be able to use https on your domain. One last word of caution to properly use SSL make sure you have a static, unique and un-shared IP address.