Oracle® Collaboration Suite Security Guide 10g Release 1 (10.1.2) Part Number B25494-10 |
|
|
View PDF |
The sections in this chapter illustrate how to change the ports used by Oracle Collaboration Suite for the Web components. It contains the following topics:
The examples in this chapter illustrate how to change the port numbers to 8080.
In a single-computer installation of Oracle Collaboration Suite, you can direct Single-Sign On (SSO) traffic from the Oracle HTTP Server on the Applications tier to the Infrastructure using the mod_proxy
module's ProxyPass
directive. To do this, append the following after the port in the URL syntax, which is used to direct the SSO traffic to the infrastructure:
/pls/orasso
(for Microsoft Windows: \pls\orasso
)
/oiddas
(for Microsoft Windows: \oiddas
)
/sso
(for Microsoft Windows: \sso
)
/wirelesssso
(for Microsoft Windows: \wirelesssso
)
The syntax for the ProxyPass
directives, which are located in $ORACLE_HOME/Apache/Apache/conf/mod_proxy.conf
(for Microsoft Windows: %ORACLE_HOME%\Apache\Apache\conf\mod_proxy.conf), is as follows:
ProxyPass/pls/orasso
(for Microsoft Windows: ProxyPass\pls\orasso
) http://your_host.your_domain:7777/pls/orasso
ProxyPass/oiddas
(for Microsoft Windows: ProxyPass\oiddas
) http://your_host.your_domain:7777/oiddas
P
roxyPass/sso
(for Microsoft Windows: P
roxyPass\sso
) http://your_host.your_domain:7777/sso
ProxyPass/wirelesssso
(for Microsoft Windows: ProxyPass\wirelesssso
) http://your_host.your_domain:7777/wirelesssso
Because the Applications tier is set up with the mod_sso
module, the sso.conf
script, which is created on the Applications tier, is then copied to the Infrastructure tier. The ssotransfer.<sh|bat>
script then runs, which enables the infrastructure to use the same URL as the Applications tier. The Oracle Collaboration Suite script, infra_ssotrans.<sh|bat>
, completes the task.
Note: Oracle Collaboration Suite uses thessotransfer.<sh|bat> script to enable multiple Applications tiers to use the same URLs and to work with a load balancer.
For single-computer installation of Oracle Collaboration Suite, this script performs the same tasks, but performs them for the Applications tier and the Infrastructure. |
Perform the following to change the ports:
Obtain the ports used on the Infrastructure and Applications tiers using the portslist.ini
file. This file is located at $ORACLE_HOME/install/portslist.ini
(for Microsoft Windows: %ORACLE_HOME%\install\portslist.ini) and displays the default port numbers assigned during installation.
Example 8-1 lists the port numbers in the porlist.ini
file for the Infrastructure tier before any updates.
Example 8-1 Port Numbers Listed in the Infrastructure Tier portslist.ini File Before Port Updates
[Ports] Oracle HTTP Server port = 7777 Oracle HTTP Server Listen port = 7777 Oracle HTTP Server SSL port = 443 Oracle HTTP Server Listen (SSL) port = 4443 Oracle Internet Directory port = 389 Oracle Internet Directory (SSL) port = 636
Example 8-2 lists the port numbers in the porlist.ini
file for the Applications tier before any updates.
Example 8-2 Port Numbers Listed in the Applications Tier portslist.ini File Before Port Updates
{Ports] Oracle HTTP Server port = 80 Oracle HTTP Server Listen port = 7778 Oracle HTTP Server SSL port = 443 Oracle HTTP Server Listen (SSL) port = 4444 Web Cache HTTP Listen port = 443 Web Cache HTTP Listen (SSL) port = 443 Web Cache Invalidation port = 9401
On the Infrastructure tier, run the ssocfg.<sh
|bat
>
to change the port of the Single Sign-On Server (SSO) to 8080
. This script, which is located at $ORACLE_HOME/sso/bin/
(for Microsoft Windows: %ORACLE_HOME%
\sso\bin\
), uses the following syntax to set the protocol, host name, and port of the SSO server:
ssocfg.<sh|bat> protocol host port
To change the port to 8080
on UNIX-based platforms, run the following command:
$ORACLE_HOME/sso/bin/ssocfg.sh http cesolcb6.us.oracle.com 8080
The equivalent command for Microsoft Windows platform is:
%ORACLE_HOME\sso\bin\ssocfg.bat http cesolcb6.us.oracle.com 8080
If the script terminates successfully, it returns exit status 0
.
Commit the change by stopping and then restarting all of the Infrastructure processes managed by Oracle Process Manager and Notification (OPMN) Server. To do this, run the OPMN utility (opmnctl
) as follows:
$ORACLE_HOME/opmn/bin/opmnctl stopall $ORACLE_HOME/opmn/bin/opmnctl startall
The Microsoft Windows equivalent of the commands is:
%ORACLE_HOME%\opmn\bin\opmnctl stopall %ORACLE_HOME%\opmn\bin\opmnctl startall
You change the port numbers using the SSL Configuration tool (SSLConfigTool.sh
(for UNIX-based platforms) or SSLConfigTool.bat
(for Windows)). If you use this tool in silent mode (that is, you use the -config_w_file <configuration_file.xml>
option), you must first create an input file before you run SSLConfigTool.sh
or SSLConfigTool.bat
.
Perform the following steps to change the ports on the Applications tier:
Run the SSL Configuration Tool to Set the Ports for Applications Tier
Note: You can also run the SSL Configuration Tool for Applications tier in interactive mode. Refer to Run the SSL Configuration Tool to Set the Ports for the Applications Tier in Interactive Mode for more information. |
On the Applications tier, create the input file used by the SSL Configuration tool. This input file, sslct_config.xml
(Example 8-3), which is located at $ORACLE_HOME/bin/
(for Microsoft Windows: %ORACLE_HOME%\bin\
), automatically sets the following:
HTTP (ssl="off"
)
Virtual host name (host
)
Virtual host port number (port
)
Invalidation port (inv_port
)
OracleAS Portal for both the Applications tier (defined within the <mid_tier>
element) and the Infrastructure (defined within the <infra>
element)
Example 8-3 also includes wc loopback_port
, which sets the OracleAS Webcache loopback port number, which is used when there is no load balancer in the topology and OracleAS Webcache acts the load balancer. This attribute is valid for OracleAS Portal installations only.
Example 8-3 $ORACLE_HOME/bin/sslct_config.xml (for Microsoft Windows: %ORACLE_HOME%\bin\sslct_config.xml)
sslconfig> <mid_tier> <virtual_address ssl="off" host="cesolcb6.us.oracle.com" port="8080" inv_port="9401" /> <wc loopback_port="8080"/> <ohs> <servers> <server host="cesolcb6.us.oracle.com" port="7778" /> </servers> </ohs> </mid_tier> <infra> <virtual_address ssl="off" host="cesolcb6.us.oracle.com" port="80" inv_port="9401" /> <ohs> <servers> <server host="cesolcb6.us.oracle.com" port="7777" /> </servers> </ohs> </infra> </sslconfig>
Run the SSL Configuration tool for Applications tier (midtierSSLConfigTool.sh
(for UNIX-based plaforms) or midtierSSLConfigTool.bat
(for Windows)). This script is located at $ORACLE_HOME/bin/
(for Microsoft Windows: %ORACLE_HOME%
\bin\
).
On UNIX-based platforms, run the tool as follows:
$ORACLE_HOME/bin/SSLConfigTool -config_w_file sslct_config.xml -opwd $4 -ptl_dad portal -ptl_inv_pwd $4
On Microsoft Windows, run the tool as follows:
%ORACLE_HOME%\bin\SSLConfigTool -config_w_file sslct_config.xml -opwd $4 -ptl_dad portal -ptl_inv_pwd $4
When the Applications tier SSL Configuration Tool runs, it updates all of the Service Registry entries and then runs a script that uses sslct_config.xml
to configure the ports.
See Chapter 14 of Oracle Application Server Administrator's Guide for more information the SSL Configuration Tool. This guide is available at
http://www.oracle.com/technology/documentation
Run the SSL Configuration Tool to Set the Ports for the Applications Tier in Interactive Mode
On the Applications tier, run the SSL Configuration tool in interactive mode by using the -config_w_prompt
option. The answers to the prompts are enclosed in brackets (< ... >).
$ORACLE_HOME/bin/midtierSSLConfigTool.sh <oid hostname> <oid port> \ <oid admin dn> <oid admin password> <apps SSL port> https <hostname> <oid ssl flag (true | false)> <rollback|ocs_config>
On Microsoft Windows:
%ORACLE_HOME\bin\midtierSSLConfigTool.bat <oid hostname> <oid port> \ <oid admin dn> <oid admin password> <apps SSL port> https <hostname> <oid ssl flag (true | false)> <rollback|ocs_config>
For example, On UNIX-based platforms:
$ORACLE_HOME/bin/midtierSSLConfigTool.sh cesolcb6.us.oracle.com 389 Òcn=orcladminÓ manager1 8080 http cesolcb6.us.oracle.com false rollback
From the Applications tier, run the following command on UNIX-based platforms:
$ORACLE_BASE/install/infra_ssotrans.sh
On Microsoft Windows, run the following command from the Applications tier:
%ORACLE_BASE\install\infra_ssotrans.bat
You must now update the orcldasurlbase
attribute (the URL for Delegated Administration Services). Use the following commands to do so:
setenv LD_LIBRARY_PATH=$ORACLE_HOME/lib32:$ORACLE_HOME/lib:$ORACLE_HOME/network/lib32:$ORACLE_HOME/network/lib $ORACLE_HOME/jdk/bin/java -classpath $ORACLE_HOME/jlib/ldapjclnt10.jar:$ORACLE_HOME/jlib/ojmisc.jar:$ORACLE_HOME/jlib DasUrlBaseUpdate cesolcb6.us.oracle.com 389 Òcn=orcladminÓ manager1 8080 http cesolcb6.us.oracle.com false
Commit the change by stopping and then restarting all of the Infrastructure processes managed by Oracle Process Manager and Notification (OPMN) Server. To do this, run the OPMN utility (opmnctl
) as follows:
$ORACLE_HOME/opmn/bin/opmnctl stopall $ORACLE_HOME/opmn/bin/opmnctl startall
The equivalent command on Microsoft Windows is:
%ORACLE_HOME%\opmn\bin\opmnctl stopall %ORACLE_HOME%\opmn\bin\opmnctl startall
Example 8-4 lists the port numbers in the porlist.ini
file for the Infrastructure tier after updates:
Example 8-4 Port Numbers Listed in the Infrastructure Tier portslist.ini File After Port Updates
[Ports] Oracle HTTP Server port = 8080 Oracle HTTP Server Listen port = 7777 Oracle Internet Directory port = 389 Oracle Internet Directory (SSL) port = 636
Example 8-5 lists the port numbers in the porlist.ini
file for the Applications tier after any update: