4 Changing the HTTP Listener Ports

This chapter describes how to change the port numbers. It contains the following topics:

• Changing the HTTP Server Listen Port on Middle-Tier Instances

• Changing the HTTP Server Listen Port on Identity Management Installations

See Also: Refer to Section 1.3, "Checking Your Port Numbers" to view port numbers

4.1 Changing the HTTP Server Listen Port on Middle-Tier Instances

This section describes how to change port numbers in middle-tier instances and update any other affected components. It contains the procedure to change the Oracle HTTP Server listen port (SSL or Non-SSL).

When you change the Oracle HTTP Server Listen directive, there are often dependencies that must also be set. For example, if you are using OracleAS Web Cache to improve the performance of your Oracle Application Server instance, then you must modify the OracleAS Web Cache origin server settings whenever you modify the Oracle HTTP Server Listen ports.

To be sure the port dependencies are modified correctly, you can use a single command to change the Oracle HTTP Server Listen port. The portconfig command automatically modifies the necessary configuration files within the Oracle home and optionally restarts the required components within the Oracle home.

The following sections describe how to define the portconfig command and then use it to modify the Oracle HTTP Server Listen SSL or non-SSL port:

• Enabling Oracle HTTP Server to Run as Root for Ports Set to Less Than 1024 (UNIX only)

• Using the portconfig Command to Change the Oracle HTTP Server Listen Port

4.1.1 Enabling Oracle HTTP Server to Run as Root for Ports Set to Less Than 1024

If you are on a UNIX system and you are changing the Listen port to a number less than 1024, perform these steps before you change the Oracle HTTP Server Listen port.

By default, Oracle HTTP Server runs as a non-root user (the user that installed Oracle Application Server). On UNIX systems, if you change the Oracle Application Server HTTPS Listen port number to a value less than 1024, then you must enable Oracle Application Server to run as root, as follows:

1. Log in as the root user.

2. Run the following commands in the middle tier Oracle home:

   cd ORACLE_HOME/Apache/Apache/bin
   chown root .apachectl
   chmod 6750 .apachectl
   

4.1.2 Using the portconfig Command to Change the Oracle HTTP Server Listen Port

Use the following procedure to change the Oracle HTTP Server SSL or non-SSL Listen port:

1. Set the ORACLE_HOME environment variable to the home directory of the Oracle Application Server instance where the Oracle HTTP Server resides.

   For example:

   (UNIX) setenv ORACLE_HOME /dev0/private/oracle/appserv1/ 
   (Windows) set ORACLE_HOME=D:\oracle\appserv1\ 
   
   

2. On UNIX systems, set the LD_LIBRARY_PATH, LD_LIBRARY_PATH_64, LIB_PATH, or SHLIB_PATH environment variables to the proper values, as shown in Table 1-1. The actual environment variables and values that you must set depend on the type of your UNIX operating system.

3. Create an alias (on UNIX systems) or a DOSKEY macro (on Windows systems) to represent the portconfig command.

   For example, to execute the command as an alias on UNIX systems, enter the following command:

   alias portconfig '$ORACLE_HOME/jdk/bin/java -cp 
   $ORACLE_HOME/sysman/webapps/emd/WEB-INF/lib/emd.jar:
   $ORACLE_HOME/dcm/lib/dcm.jar:
   $ORACLE_HOME/sso/lib/ossoreg.sh 
   oracle.sysman.ias.sta.tools.PortConfigCmdLine \!*'
   
   

   Similarly, to execute the command as DOSKEY macro on Windows systems, enter the following at the DOS command line:

   doskey portconfig=%ORACLE_HOME%\jdk\bin\java -cp 
   %ORACLE_HOME%/sysman/webapps/emd/WEB-INF/lib/emd.jar;
   %ORACLE_HOME%/dcm/lib/dcm.jar;
   %ORACLE_HOME%/sso/lib/ossoreg.bat 
   oracle.sysman.ias.sta.tools.PortConfigCmdLine $*
   
   

4. Use the newly created portconfig command as follows:

   portconfig -oracleHome ORACLE_HOME 
   -oldPort old_port 
   -newPort new_port 
   [-sso -url http://sso_host:port -user http_server_admin_user 
     [-site name_of_sso_partner_application]
     [-admin mod_osso_admin_user]
     [-vHost path_to_mod_osso_configuration_file]]
   [-webCache] 
   {-start | -restart}
   
   

   For example, on UNIX systems:

   portconfig -oracleHome $ORACLE_HOME -oldPort 7777 -newPort 7778 -webCache
   
   

   For example, on Windows systems:

   portconfig -oracleHome %ORACLE_HOME% -oldPort 7777 -newPort 7778 -webCache
   
   

   Table 4-1 describes the arguments available when you use the portconfig command to automatically change the Oracle HTTP Server Listen port.

   Table 4-1 Arguments for the portconfig Command

   Argument	Description
   -oracleHome	The Oracle home of the Oracle Application Server instance. The portconfig command modifies only components that are part of the selected Oracle home. You can use an environment variable to represent the Oracle home.
   -oldPort	The old (current) value of the Oracle HTTP Server Listen port.
   -newPort	The new value for the Oracle HTTP Server Listen port.
   -webCache	Use this optional argument if you are using OracleAS Web Cache to improve the performance and reliability of your Web server. When this argument is included on the command line, the dependent OracleAS Web Cache port assignment is changed automatically. Specifically, the port number of the origin server is updated automatically so that it points to the new Oracle HTTP Server listen port. Note: The portconfig command updates the OracleAS Web Cache instance only if it resides in the current Oracle home.
   -start	Use this optional argument to stop and start the application server instance after the portconfig command performs the configuration changes. The Oracle Application Server instance must be stopped and started—or restarted—before the port changes take effect. Note that during startup, all enabled components of the application server are started, even those that were originally down before you ran the portconfig command to change the Oracle HTTP Server Listen port. Compare with the -restart argument. Each time you run the command you can use the -restart or -start options, but not both.
   -restart	Use this optional argument to stop and start the application server instance after the portconfig command performs the configuration changes. The Oracle Application Server instance must be restarted—or stopped and started—before the port changes take effect. With this option, only already running components are restarted after the configuration changes are complete. Components that were down before you ran the portconfig command to change the Oracle HTTP Server Listen port will remain down. Compare with the -start argument. Each time you run the command you can use the -restart or -start options, but not both.
   -debug	Use this optional argument to display debugging information as the command executes. This argument can be useful if you are troubleshooting a problem or working with Oracle Support.
   -sso	Use this optional argument when the Listen port you are changing is protected by OracleAS Single Sign-On. When you use this argument, the portconfig command re-registers mod_osso with the new Oracle HTTP Server Listen port value. When you use the -sso argument, then you must include the -url and -user arguments. In addition, you can optionally use the -site, -admin, and -vHost arguments. For more information about registering mod_osso, see "Configuring and Administering Partner Applications" in the Oracle Application Server Single Sign-On Administrator's Guide.
   -url	This argument is required when you use the -sso argument. Use this argument to provide the new Oracle HTTP Server URL, which is also used by OracleAS Single Sign-On and uses the new Listen port. For example: http://sso42.acme.com:7778 This URL is passed as the -mod_osso_url parameter in the ssoreg.sh and ssoreg.bat scripts.
   -user	This argument is required when you use the -sso argument. Use this argument to enter the name of the account that is used to start Oracle HTTP Server. On UNIX systems, this is usually root. On Windows, it is usually SYSTEM. The value provided with this argument is passed as the -u parameter in the ssoreg.sh and ssoreg.bat scripts.
   -site	This argument is optional; however, it can be used only when you use the -sso argument. Use this argument to enter the site name of OracleAS Single Sign-On partner application. The site name is displayed by the OracleAS Single Sign-On administration pages. The value of this argument is passed as the -site_name parameter in the ssoreg.sh and ssoreg.bat scripts. If the -site argument is not specified, the application server instance name is passed to ssoreg.sh and ssoreg.bat scripts as the value of the -site_name parameter.
   -admin	This argument is optional; however, it can be used only when you use the -sso argument. Use this argument to enter the account name of the mod_osso administrator. This value is displayed in the OracleAS Single Sign-On administration pages. In most cases, this value should be the same as the distinguished name (dn) of the user who installed Oracle Application Server. The value of this argument is passed as the -admin_info parameter in the ssoreg.sh and ssoreg.bat scripts.
   -vHost	This argument is optional; however, it can be used only when you use the -sso argument. Use this argument to enter the path to the osso.conf file for the virtual host being configured. For example: $ORACLE_HOME/Apache/Apache/conf/osso/vh_name/osso.conf Use this argument only when you are registering an HTTP virtual host with the OracleAS Single Sign-On server. The value of this argument is passed as the -config_file parameter, along with the -virtualhost parameter, in the ssoreg.sh and ssoreg.bat scripts.

   
   

5. Restart the application server instance:

   UNIX:
   ORACLE_HOME/bin/emctl stop iasconsole
   ORACLE_HOME/opmn/bin/opmnctl stopall
   ORACLE_HOME/opmn/bin/opmnctl startall
   ORACLE_HOME/bin/emctl start iasconsole
   
   Windows:
   ORACLE_HOME\bin\emctl stop iasconsole
   ORACLE_HOME\opmn\bin\opmnctl stopall
   ORACLE_HOME\opmn\bin\opmnctl startall
   ORACLE_HOME\bin\emctl start iasconsole
   

4.2 Changing the HTTP Server Listen Port on Identity Management Installations

This section describes how to change the Oracle HTTP Server HTTP or HTTPS listen port on an Identity Management installation. When you change this port number, you also effectively change the OracleAS Single Sign-On port number. This means you must update any middle-tier instances that use the OracleAS Single Sign-On port.

Task 1: Prepare the Middle-Tier Instances

Perform this task only if the Identity Management installation is being used by middle-tier instances. On each middle-tier instance that uses Oracle Identity Management, stop the middle-tier instance as follows:

1. On the Application Server Home page of the Application Server Control Console, click Stop All.

2. Leave the Application Server Control Console running.

It is important that you leave the Application Server Control Console running in each of the middle-tier instances while you perform this procedure.

Task 2: Prepare the Infrastructure Instances

1. Ensure that Oracle Identity Management and its associated OracleAS Metadata Repository are started on the infrastructure whose port number you are changing.

2. If any middle-tier instances use different Metadata Repositories for their product metadata and DCM repositories, then ensure that those are up. In short, ensure all Metadata Repositories in your environment are up.

Task 3: Modify the Oracle HTTP Server Listen and Port Directives

If you are changing the HTTP port, change both the non-SSL Listen and Port directives to the new port number. Perform the following steps:

1. Navigate to the Application Server Home page and click Ports.

2. On the Ports page, locate the Oracle HTTP Server Listen port and click the icon in the Configure column.

3. On the Server Properties page:

   • Enter the new port number in the Default Port field. This is for the Port directive.

   • Enter the new port number in the Listening Port column. This is for the Listen directive. There may be more than one listening port listed. The only way to tell which is the non-SSL listen port is to choose the one with the old non-SSL listen port value.

4. At the bottom of the page, click Apply.

5. On the Confirmation page, click No, you would not like to restart now.

Note: You can manually update the port numbers in the httpd.conf file. Update the non-SSL listen and port directives that are not enclosed in an SSL virtual host container with the same new port number. Save the file, and then run the following command: dcmctl updateConfig -ct ohs

If you are changing the HTTPS port, change both the SSL Listen and SSL Port directives to the new port number, perform the following steps:

1. Edit the following file:

   (UNIX) ORACLE_HOME/Apache/Apache/conf/ssl.conf
   (Windows) ORACLE_HOME\Apache\Apache\conf\ssl.conf
   
   

2. Update the SSL Listen and SSL Port directives with the new port number. The value for Listen and Port must be the same port number.

3. Save and close the file.

4. Run the following command:

   (UNIX) ORACLE_HOME/dcm/bin/dcmctl updateConfig -ct ohs
   (Windows) ORACLE_HOME\dcm\bin\dcmctl updateConfig -ct ohs
   

Task 4: Enable Oracle HTTP Server to Run as Root for Ports Less Than 1024 on UNIX

By default, Oracle HTTP Server runs as a non-root user (the user that installed Oracle Application Server). On UNIX systems, if you change the Oracle Application Server non-SSL listen port number to a value less than 1024, then you must enable Oracle HTTP Server to run as root, as follows:

1. Log in as root.

2. Run the following commands in the middle tier Oracle home:

   cd ORACLE_HOME/Apache/Apache/bin
   chown root .apachectl
   chmod 6750 .apachectl
   

Task 5: Update the Application Server Control Console

Update the Application Server Control Console with the new port number:

1. Edit the following file:

   (UNIX) ORACLE_HOME/sysman/emd/targets.xml
   (Windows) ORACLE_HOME\sysman\emd\targets.xml
   
   

2. Update each occurrence of the old Oracle HTTP Server listen port number with the new port number.

3. Save and close the file.

4. Reload the Application Server Control Console:

   (UNIX) ORACLE_HOME/bin/emctl reload
   (Windows) ORACLE_HOME\bin\emctl reload
   

Task 6: UpdateOracleAS Single Sign-On

In the example, hostname is the host on which OracleAS Single Sign-On is running and new_port_number is the new SSL Oracle HTTP Server listen port number.

Perform this task if OracleAS Single Sign-On is configured to use the Oracle HTTP Server HTTP listen port in the installation where you are changing the port.

1. On UNIX systems, set the LD_LIBRARY_PATH, LD_LIBRARY_PATH_64, LIB_PATH, or SHLIB_PATH environment variables to the proper values, as shown in Table 1-1. The actual environment variables and values that you must set depend on the type of your UNIX operating system.

2. Run one or both of the following commands in the OracleAS Single Sign-On Oracle home:

   To change the non-SSL port:

   (UNIX) ORACLE_HOME/sso/bin/ssocfg.sh http hostname new_non_ssl_port_number
   (Windows) ORACLE_HOME\sso\bin\ssocfg.bat http hostname new_non_ssl_port_number
   
   

   To change the SSL port:

   (UNIX) ORACLE_HOME/sso/bin/ssocfg.sh https hostname new_ssl_port_number
   (Windows) ORACLE_HOME\sso\bin\ssocfg.bat https hostname new_ssl_port_number
   
   

   In the examples:

   • hostname is the host on which OracleAS Single Sign-On is running.

   • new_non_ssl_port_number is the new non-SSL Oracle HTTP Server listen port number.

   • new_ssl_port_number is the new SSL Oracle HTTP Server listen port number.

Task 7: Re-register mod_osso

To re-register mod_osso, perform the following steps:

1. On UNIX systems, set the LD_LIBRARY_PATH, LD_LIBRARY_PATH_64, LIB_PATH, or SHLIB_PATH environment variables to the proper values, as shown in Table 1-1.

2. On Windows systems, set the path, for example: PATH=%PATH%;%ORACLE_HOME%\bin;%ORACLE_HOME%\lib.

3. If you are changing the non-SSL listen port, then re-register mod_osso to take care of the default partner applications by running the following command in Oracle Identity Management Oracle home:

   UNIX:

   ORACLE_HOME/sso/bin/ssoreg.sh
   -oracle_home_path identity_management_oracle_home
   -site_name identity_management_hostname:new_port_number
   -config_mod_osso TRUE
   -mod_osso_url mod_osso_url
   
   

   Windows:

   ORACLE_HOME\sso\bin\ssoreg.bat
   -oracle_home_path middle_tier_oracle_home
   -site_name identity_management_hostname:new_port_number
   -config_mod_osso TRUE
   -mod_osso_url mod_osso_url
   
   

   For example, to change the Oracle HTTP Server listen port to 7779 on host myhost:

   ORACLE_HOME/jdk/bin/java -jar $ORACLE_HOME/sso/lib/ossoreg.jar
   -oracle_home_path /disk1/oracleas
   -site_name myhost:7779
   -config_mod_osso TRUE
   -mod_osso_url http://myhost.mydomain:7779
   -u oracle
   
   

4. If you are changing the Oracle HTTP Server SSL listen port, perform the following steps.

   1. Re-register mod_osso with the new port number by running the following command in the middle-tier Oracle home:

      UNIX:

      ORACLE_HOME/sso/bin/ssoreg.sh
      -oracle_home_path identity_management_oracle_home
      -site_name identity_management_hostname:new_port_number
      -config_mod_osso TRUE
      -mod_osso_url mod_osso_url
      -config_file path/osso-https.conf
      
      

      Windows:

      ORACLE_HOME\sso\bin\ssoreg.bat
      -oracle_home_path identity_management_oracle_home
      -site_name identity_management_hostname:new_port_number
      -config_mod_osso TRUE
      -mod_osso_url mod_osso_url
      -config_file path\osso-https.conf
      
      

      For example, if you want to change the Oracle HTTP Server SSL listen port to 7778 on myhost on UNIX:

      $ORACLE_HOME/sso/bin/ssoreg.sh
      -oracle_home_path /disk1/oracleas
      -site_name myhost:4445
      -config_mod_osso TRUE
      -mod_osso_url http://myhost.mydomain:7778
      -config_file $ORACLE_HOME/Apache/Apache/conf/osso/osso-https.conf
      
      

   2. Edit the mod_osso.conf file, which is located at:

      (UNIX) ORACLE_HOME/Apache/Apache/conf/mod_osso.conf
      (Windows) ORACLE_HOME\Apache\Apache\conf\mod_osso.conf
      
      

      In the mod_osso.conf file, comment the following directive, if you have not previously done so:

      On UNIX:

      LoadModule osso_module libexec/mod_osso.so
      
      

      On Windows:

      LoadModule osso_module modules\ApacheModuleOsso.dll
      
      

   3. In the httpd.conf file, which is found in the same (conf) directory, add the directive that you just commented in the preceding step (if you have not previously done so). In a default setup, place the directive right after:

      LoadModule wchandshake_module libexec/mod_wchandshake.so
      
      

5. Restart the Oracle HTTP Server:

   (UNIX) ORACLE_HOME/opmn/bin/opmnctl restartproc process-type=HTTP_Server
   (Windows) ORACLE_HOME\opmn\bin\opmnctl restartproc process-type=HTTP_Server
   
   

6. Re-register any additional partner applications that you configured or modified.

   
   

   See Also: Oracle Application Server Single Sign-On Administrator's Guide for more information about registering mod_osso

   
   

Task 8: Update Oracle Delegated Administration Services

If you have Oracle Delegated Administration Services configured, and Oracle Delegated Administration Services uses the SSL and non-SSL port numbers, take the following steps to update the Oracle Delegated Administration Services URL entry in Oracle Internet Directory.

Note: To find out what port Oracle Delegated Administration Services uses, enter the following command: ldapsearch -h oid_host -p oid_port -D "cn=orcladmin" -w "password" -b "cn=OperationURLs,cn=DAS,cn=Products,cn=OracleContext" -s base "objectclass=*" orcldasurlbase

1. Create a file named mod.ldif with the following contents (you can create the file in any directory):

   dn:cn=OperationURLs,cn=DAS,cn=Products,cn=OracleContext
   changetype:modify
   replace:orcldasurlbase
   orcldasurlbase:http://hostname:new_http_port_number/
   
   

   Note the slash at the end of the orcldasurlbase URL.

2. Run the following command:

   ldapmodify -D cn=orcladmin -w password -p oid_port -f mod.ldif
   

Task 9: Update Oracle Application Server Certificate Authority

If you are using OracleAS Certificate Authority:

1. Re-register OracleAS Certificate Authority with the OracleAS Single Sign-On server by running the following command in the OracleAS Certificate Authority Oracle home:

   (UNIX) ORACLE_HOME/oca/bin/ocactl changesecurity -server_auth_port portnum
   (Windows) ORACLE_HOME\oca\bin\ocactl changesecurity -server_auth_port portnum
   
   

   In the example, port_number is the OracleAS Certificate Authority Server Authentication Virtual Host (SSL) port. The default value is 4400.

   
   

   See Also: Oracle Application Server Certificate Authority Administrator's Guide for more information

   
   

2. If OracleAS Certificate Authority is located in a different Oracle home than the OracleAS Single Sign-On server, then restart Oracle HTTP Server and the oca instance in the OracleAS Certificate Authority Oracle home. For example, on UNIX:

   ORACLE_HOME/opmn/bin/opmnctl stopproc ias-component=HTTP_Server
   ORACLE_HOME/opmn/bin/opmnctl stopproc process-type=oca
   ORACLE_HOME/opmn/bin/opmnctl startproc ias-component=HTTP_Server
   ORACLE_HOME/opmn/bin/opmnctl startproc process-type=oca
   

Task 10: Restart the Identity Management Instance

Restart the Identity Management instance. For example, on UNIX:

ORACLE_HOME/bin/emctl stop iasconsole
ORACLE_HOME/opmn/bin/opmnctl stopall
ORACLE_HOME/opmn/bin/opmnctl startall
ORACLE_HOME/bin/emctl start iasconsole

Task 11: Restart OracleAS Certificate Authority

If OracleAS Certificate Authority is configured in this instance, then restart it:

(UNIX) ORACLE_HOME/oca/bin/ocactl start
(Windows) ORACLE_HOME\oca\bin\ocactl start

Task 12: Update the Middle-Tier Instances to Use the New Port Number

After you change the Oracle HTTP Server non-SSL port on the Identity Management installation, you must update all middle-tier instances to use the new port number.

1. Update each middle-tier instance using the Change Identity Management wizard in the Application Server Control Console.

   On each middle-tier instance that uses Identity Management:

   1. Using the Application Server Control Console, navigate to the Application Server Home page for the middle-tier instance.

   2. Click the Infrastructure link.

   3. On the Infrastructure page, in the Identity Management section, click Change.

   4. Follow the steps in the wizard.

   5. When the wizard is finished, navigate to the Application Server Home page and start the middle-tier instance by clicking Start All.

2. Refresh the Oracle Internet Directory cache in your applications:

   1. Log in to the Portal.

   2. Click the global settings link.

   3. Click the SSO/OID tab.

   4. Check the refresh Oracle Internet Directory cache settings and click Apply.