Avoid password prompt when using startComponent.sh–12c

With 12c release, identity management components like OID, OUD, OHS when installed and configured in collocated mode are started using startComponent.sh and stoped using stopComponent.sh scripts located in $DOMAIN_HOME/bin

However, when starting or stopping script prompts for node manager password.

image

Above prompt can be avoided by adding storeUserConfig option. This stores the password.

[oracle@oel1 bin]$ ./startComponent.sh oid1 storeUserConfig

image

Once the password is stored, you can execute start or stop without password prompt.

[oracle@oel1 bin]$ ./stopComponent.sh oid1
[oracle@oel1 bin]$ ./startComponent.sh oid1

image

Advertisements

Oracle Access Management WebGate on OHS 12c

Pre- Requisite:
– OAM 12c installed and configured : https://oraidam.wordpress.com/2018/03/10/oracle-access-manager-12c-12-2-1-3-in-collocated-mode/
– OHS 12c installed and configured : https://oraidam.wordpress.com/2018/03/10/oracle-http-server-12c-12-2-1-3-in-collocated-mode/

Configure WebGate on OHS 12c

[oracle@oel1 deployWebGate]$ cd /u01/oracle/product/Oracle_Home/webgate/ohs/tools/deployWebGate

[oracle@oel1 deployWebGate]$ ./deployWebGateInstance.sh -w /u01/oracle/config/Domain_Home/ODS_Domain/config/fmwconfig/components/OHS/ohs1 -oh /u01/oracle/product/Oracle_Home

image

Verify webgate directory

[oracle@oel1 deployWebGate]$ cd /u01/oracle/config/Domain_Home/ODS_Domain/config/fmwconfig/components/OHS/ohs1
[oracle@oel1 ohs1]$ ll

image

Edit HTTP conf file

[oracle@oel1 InstallTools]$ export LD_LIBRARY_PATH=$LD_LIBRARY_PATH:/u01/oracle/product/Oracle_Home/lib

[oracle@oel1 InstallTools]$ cd /u01/oracle/product/Oracle_Home/webgate/ohs/tools/setup/InstallTools/

[oracle@oel1 InstallTools]$ ./EditHttpConf -w /u01/oracle/config/Domain_Home/ODS_Domain/config/fmwconfig/components/OHS/ohs1 -oh /u01/oracle/product/Oracle_Home

image

Register the WebGate with OAM

Login to OAM console
http://oel1.mylab.com:7011/oamconsole

Click on SSO Agent Registration

XWin_MobaX_2018-03-06_15-12-08
Specify Agent Type as Webgate and click Next.
Fill in the details for webgate as shown below
image
Click Finish.
Then click on download and save the file.
XWin_MobaX_2018-03-06_15-15-51

Copy the zip file to ohs_instance/webgate/config and unzip

[oracle@oel1 Downloads]$ cp OHS12c_WebGate.zip /u01/oracle/config/Domain_Home/ODS_Domain/config/fmwconfig/components/OHS/ohs1/webgate/config/
[oracle@oel1 Downloads]$ unzip OHS12c_WebGate.zip

Restart Servers

[oracle@oel1 Downloads]$ cd /u01/oracle/config/Domain_Home/ODS_Domain/bin/
[oracle@oel1 bin]$ ./stopComponent.sh ohs1
[oracle@oel1 bin]$ ./stopManagedWebLogic.sh oam_policy_mgr1
[oracle@oel1 bin]$ ./stopManagedWebLogic.sh oam_server1
[oracle@oel1 bin]$ ./stopWeblogic.sh

[oracle@oel1 bin]$ ./startWeblogic.sh
[oracle@oel1 bin]$ ./startManagedWebLogic.sh oam_server1
[oracle@oel1 bin]$ ./startManagedWebLogic.sh oam_policy_mgr1
[oracle@oel1 bin]$ ./startComponent.sh ohs1

Test
Access OHS : http://oel1.mylab.com:7777
User will be redirected to OAM login page

XWin_MobaX_2018-03-06_15-59-05XWin_MobaX_2018-03-06_15-59-31

Oracle HTTP Server 12c 12.2.1.3 in collocated mode

Installing OHS 12c in collocated mode requires installing Oracle fusion middleware infrastructure followed by OHS 12c installation and configuration.

Check below post section “Install Infrastructure 12c” for installing Oracle fusion middleware
https://oraidam.wordpress.com/2018/03/08/oracle-internet-directory-12c-12-2-1-3-in-collocated-mode/

then follow below steps for installing and configuring OHS 12c.

Install OHS 12c

[oracle@oel1 OHS12c]$ unzip fmw_12.2.1.3.0_ohs_linux64_Disk1_1of1.zip
[oracle@oel1 OHS12c]$ ./fmw_12.2.1.3.0_ohs_linux64.bin

image
image
image
image
image
image

Configure HTTP Server

[oracle@oel1 OHS12c]$ cd /u01/oracle/product/Oracle_Home/oracle_common/common/bin/
[oracle@oel1 bin]$ ./config.sh

I am going to update existing domain which I created for OID in below post.
https://oraidam.wordpress.com/2018/03/08/oracle-internet-directory-12c-12-2-1-3-in-collocated-mode/

However, if you don’t have one you can create new domain. (Note: You need to create schemas if you are creating a new domain)

image
Select Oracle HTTP Server (Collocated)
image
image
image
image
Add new components ohs1 and specify component type as OHS
XWin_MobaX_2018-03-06_14-25-02XWin_MobaX_2018-03-06_14-26-37
XWin_MobaX_2018-03-06_14-27-09XWin_MobaX_2018-03-06_14-27-38XWin_MobaX_2018-03-06_14-28-30
image
image

Start Servers

Start Node manager

[oracle@oel1 bin]$ cd /u01/oracle/config/Domain_Home/ODS_Domain/bin
[oracle@oel1 bin]$ nohup ./startNodeManager.sh &

image

Start Admin server

[oracle@oel1 bin]$ cd /u01/oracle/config/Domain_Home/ODS_Domain/bin
[oracle@oel1 bin]$ nohup ./startWebLogic.sh &

image

Start OHS

[oracle@oel1 bin]$ cd /u01/oracle/config/Domain_Home/ODS_Domain/bin[oracle@oel1 bin]$ ./startComponent.sh ohs1

image

Verify
http://oel1.mylab.com:7777/
image

OHS Add X-Content-Type-Options Header

Missing X-Content-Type-Options header increases exposure to drive-by download attacks.

This post covers adding X-Content-Type-Options header to OHS.

Edit $INSTANCE_HOME/INSTANCE_NAME/config/OHS/INSTANCE_NAME/httpd.conf

Ensure mod_headers.so is enabled

LoadModule headers_module “${ORACLE_HOME}/ohs/modules/mod_headers.so”

Add below line

Header set X-Content-Type-Options nosniff

Restart OHS

Verify
1

OHS Add X-XSS-Protection Header

Missing X-XSS-Protection header may allow Cross-Site Scripting attacks.

This post covers adding X-XSS-Protection header to OHS.

Edit $INSTANCE_HOME/INSTANCE_NAME/config/OHS/INSTANCE_NAME/httpd.conf

Add below line

Header set X-XSS-Protection “1; mode=block”

Restart OHS

Verify
2

OHS HSTS – Add Strict-Transport-Security Header

Missing Strict-Transport-Security header may opens the potential for a man-in-the-middle attack, where the redirect could be exploited to direct a user to a malicious site instead of the secure version of the original page.

This post covers adding Strict-Transport-Security header to OHS.

Edit $INSTANCE_HOME/INSTANCE_NAME/config/OHS/INSTANCE_NAME/httpd.conf

Add below line

Header set Strict-Transport-Security “max-age=63072000; includeSubdomains;”

Restart OHS

Verify
3

And to redirect visitors to https, you can add below line

Redirect permanent / https://example.com/

Oracle web tier apply patch set 11.1.1.9 to existing 11.1.1.7

Backup complete 11.1.1.7 home

cd $MW_HOME

tar -cvf Oracle_WT1_backup.tar Oracle_WT1

Note: run tar as root to backup all files

Download 11.1.1.9 patchset – patch 20995453

Unzip and go to Disk1 folder

unzip p20995453_111190_Linux-x86-64.zip

Run the installer

cd Disk1

./runInstaller

Choose “Install software – Do Not Configure
XWin_MobaX_2018-02-27_11-00-23

specify Installation Location
XWin_MobaX_2018-02-27_11-03-23

chrome_2018-02-27_11-04-08
XWin_MobaX_2018-02-27_11-12-54

Verify

$ORACLE_HOME/OPatch/opatch lsinventory

Oracle Interim Patch Installer version 11.1.0.11.0
Copyright (c) 2018, Oracle Corporation.  All rights reserved.

Oracle Home       : /u01/product/oracle/Middleware_Webtier/Oracle_WT1
Central Inventory : /u01/app/oraInventory
    from           : /u01/product/oracle/Middleware_Webtier/Oracle_WT1/oraInst.loc
OPatch version    : 11.1.0.11.0
OUI version       : 11.1.0.9.0
Log file location : /u01/product/oracle/Middleware_Webtier/Oracle_WT1/cfgtoollogs/opatch/opatch2018-02-27_11-15-21AM_1.log

OPatch detects the Middleware Home as “/u01/product/oracle/Middleware_Webtier”

Lsinventory Output file location : /u01/product/oracle/Middleware_Webtier/Oracle_WT1/cfgtoollogs/opatch/lsinv/lsinventory2018-02-27_11-15-21AM.txt

——————————————————————————–
Installed Top-level Products (1):

Oracle WebTier and Utilities CD                                      11.1.1.9.0
There are 1 products installed in this Oracle Home.

start OHS instance

$INSTANCE_HOME/bin/opmnctl startall

$INSTANCE_HOME/bin/opmnctl status

Processes in Instance: ohs1
———————————+——————–+———+———
ias-component                    | process-type       |     pid | status
———————————+——————–+———+———
ohs1                             | OHS                |   33731 | Alive

If web tier is associated to weblogic domain follow below step

cd ORACLE_HOME/opmn/bin

./upgradenonj2eeapp.sh
-oracleInstance Instance_Home_Location
-adminHost WebLogic_Server_Host_Name
-adminPort administration_server_port_number
-adminUsername administration_server_user

MobaXterm_Personal_10.5_2018-02-27_11-26-15