After installing OHTTP Server (Oracle HTTP Server), or OHS, configure as follows:
- Modify the $ORACLE_INSTANCE/ config/ OHS/ ohs1/httpd.conf file as follows:
- Change the default listen port from 7777 to 80.
Note: Before making the above change, disable or turn-off any other application that is using port 80 (such as IIS or Windows).
- Add settings after DocumentRoot as follows:
DocumentRoot <Unifier_Home>/apps/ROOT - Add parameters between <Directory ></Directory> so it appears as follows:
<Directory "<Unifier_Home>/apps/ROOT">Options Includes FollowSymLinksAllowOverride NoneRequire all grantedDirectoryIndex index.html</Directory><Directory "<Unifier_Home>/apps/ROOT/WEB-INF">Require all denied</Directory> #Support Http method GET/POST onlyRewriteEngine OnRewriteCond %{REQUEST_METHOD} !^(GET|POST)RewriteRule .* - [F]Header set Content-Security-Policy "default-src 'self'; frame-src *; child-src *; script-src 'self' 'unsafe-inline' 'unsafe-eval' http://elocation.oracle.com https://elocation.oracle.com *.oracle.com; style-src 'self' 'unsafe-inline';img-src 'self' data: http://elocation.oracle.com https://elocation.oracle.com *.oracle.com"<Location /bp/sys/dm/jvue/viewer>Header set Content-Security-Policy "connect-src 'self' http://localhost:2345 http://localhost:7575 http://localhost:8888 http://localhost:9999 https://localhost:2345 https://localhost:7575 https://localhost:8888 https://localhost:9999"</Location><Location /bp/dm/project_documents>Header set Content-Security-Policy "connect-src 'self' http://localhost:2345 http://localhost:7575 http://localhost:8888 http://localhost:9999 https://localhost:2345 https://localhost:7575 https://localhost:8888 https://localhost:9999"</Location><Location /bp/sys/dm/bp/attachment/viewer>Header set Content-Security-Policy "connect-src 'self' http://localhost:2345 http://localhost:7575 http://localhost:8888 http://localhost:9999 https://localhost:2345 https://localhost:7575 https://localhost:8888 https://localhost:9999"</Location><Location /bp/dm/unpublished_documents/log>Header set Content-Security-Policy "connect-src 'self' http://localhost:2345 http://localhost:7575 http://localhost:8888 http://localhost:9999 https://localhost:2345 https://localhost:7575 https://localhost:8888 https://localhost:9999"</Location><Location /bp/studio/share/open_attachments>Header set Content-Security-Policy "connect-src 'self' http://localhost:2345 http://localhost:7575 http://localhost:8888 http://localhost:9999 https://localhost:2345 https://localhost:7575 https://localhost:8888 https://localhost:9999"</Location><Location /bp/share/editGCWithoutWorkFlow>Header set Content-Security-Policy "connect-src 'self' http://localhost:2345 http://localhost:7575 http://localhost:8888 http://localhost:9999 https://localhost:2345 https://localhost:7575 https://localhost:8888 https://localhost:9999"</Location><Location /bp/share/draftGC/new>Header set Content-Security-Policy "connect-src 'self' http://localhost:2345 http://localhost:7575 http://localhost:8888 http://localhost:9999 https://localhost:2345 https://localhost:7575 https://localhost:8888 https://localhost:9999"</Location><Location /bp/share/draftGC/edit>Header set Content-Security-Policy "connect-src 'self' http://localhost:2345 http://localhost:7575 http://localhost:8888 http://localhost:9999 https://localhost:2345 https://localhost:7575 https://localhost:8888 https://localhost:9999"</Location><Location /bp/share/commentGC/new>Header set Content-Security-Policy "connect-src 'self' http://localhost:2345 http://localhost:7575 http://localhost:8888 http://localhost:9999 https://localhost:2345 https://localhost:7575 https://localhost:8888 https://localhost:9999"</Location><Location /bp/share/commentGC/edit>Header set Content-Security-Policy "connect-src 'self' http://localhost:2345 http://localhost:7575 http://localhost:8888 http://localhost:9999 https://localhost:2345 https://localhost:7575 https://localhost:8888 https://localhost:9999"</Location><Location /bp/share/editGC>Header set Content-Security-Policy "connect-src 'self' http://localhost:2345 http://localhost:7575 http://localhost:8888 http://localhost:9999 https://localhost:2345 https://localhost:7575 https://localhost:8888 https://localhost:9999"</Location><Location /bp/share/commentGC/copyFrom>Header set Content-Security-Policy "connect-src 'self' http://localhost:2345 http://localhost:7575 http://localhost:8888 http://localhost:9999 https://localhost:2345 https://localhost:7575 https://localhost:8888 https://localhost:9999"</Location><Location /bp/share/draftGC/copyFrom>Header set Content-Security-Policy "connect-src 'self' http://localhost:2345 http://localhost:7575 http://localhost:8888 http://localhost:9999 https://localhost:2345 https://localhost:7575 https://localhost:8888 https://localhost:9999"</Location><Location /bp/studio/bp/document/copylineitem>Header set Content-Security-Policy "connect-src 'self' http://localhost:2345 http://localhost:7575 http://localhost:8888 http://localhost:9999 https://localhost:2345 https://localhost:7575 https://localhost:8888 https://localhost:9999"</Location><Location /bp/studio/bp/document/itemopen>Header set Content-Security-Policy "connect-src 'self' http://localhost:2345 http://localhost:7575 http://localhost:8888 http://localhost:9999 https://localhost:2345 https://localhost:7575 https://localhost:8888 https://localhost:9999"</Location>Notes:
<Unifier_Home>is the unifier installation directory.- The session about Supporting Http method GET/POST only can be (or may be) added at the end of http.conf file.
- Change the default listen port from 7777 to 80.
- Add the following to the $ORACLE_INSTANCE/ config/ OHS/ ohs1/mod_wl_ohs.conf file:
<LocationMatch /(bp|bluedoor|g|pub|m|portal|unifier|viewbp|ws|VueServlet|VueJNLPServlet|jvueDMS|xdespellchecker)($|/)>SetHandler weblogic-handlerWebLogicHost localhostWebLogicPort 7001</LocationMatch><LocationMatch /(dojo|gs|studio|unifier_js|webant|x)($|/)>ExpiresActive onExpiresDefault "access plus 6 month"
Header set X-Content-Type-Options "nosniff"
Header set X-XSS-Protection "1; mode=block"
</LocationMatch>
LoadModule deflate_module "${ORACLE_HOME}/ohs/modules/mod_deflate.so"
<LocationMatch /(bp|bluedoor|g|pub|portal|unifier|viewbp)($|/)>
SetOutputFilter DEFLATE
</LocationMatch>
DeflateBufferSize 20000
Note: Modify the enteries (#2) under <Location /> as necessary:
- WebLogicHost: Weblogic server hostname or IP address.
- For WebLogicPort: Weblogic server port number.
- The "deflate_module" must be loaded before "<LocationMatch /(bp|bluedoor|g|pub|portal|unifier|viewbp)($|/)>".
- If the browser displays the error message, "...js MIME type ('text/plain') is not executable, and strict MIME type checking is enabled," then add "text/javascript js" to this file: <OHS Installation path>/instances/instance1/config/OHS/ohs1/mime.types
3. Modify the $ORACLE_INSTANCE/ config/ OHS/ ohs1/ssl.conf file as follows:
For OHTTP, or OHS, version:
Note: For the full list of system requirements, applications, and application version levels refer to the Primavera Unifier Tested Configurations in the Primavera Unifier Documentation Library.
Replace: SSLProtocol nzos_Version_1_0 nzos_Version_3_0
With: SSLProtocol -all +TLSv1.2
Replace: SSLCipherSuite
SSL_RSA_WITH_RC4_128_MD5,SSL_RSA_WITH_RC4_128_SHA,SSL_RSA_WITH_3DES_EDE_CBC_SH
A,SSL_RSA_WITH_DES_CBC_SHA,TLS_RSA_WITH_AES_128_CBC_SHA,TLS_RSA_WITH_AES_256_C BC_SHA
With: SSLCipherSuite HIGH
Note: Oracle recommends the SSLv3 protocol for OHS 11g version and the TLSv1.2 for OHS 12c version.
4. On Windows: Run startNodeManager.cmd and startComponent.cmd ohs1
On Linux: Run ./startNodeManager.sh and ./startCOmponent.sh ohs1
Note: If OAM is used to setup Unifier then login into OAMconsole, navigate to resources tab and add 3 resources in it: /jVue/**, /VueServlet/** and /jvueDMS/**. The Protection level should be excluded for the newly created resources. If any other SSO server is used then perform the similar steps in this server.