Configuring the OHTTP Server (OHS)

After installing OHTTP Server (Oracle HTTP Server), or OHS, configure as follows:

Modify the $ORACLE_INSTANCE/ config/ OHS/ ohs1/httpd.conf file as follows:
1. Change the default listen port from 7777 to 80.
  Note: Before making the above change, disable or turn-off any other application that is using port 80 (such as IIS or Windows).
2. Add settings after DocumentRoot as follows:
  DocumentRoot <Unifier_Home>/apps/ROOT
3. Add parameters between <Directory ></Directory> so it appears as follows:
  <Directory "<Unifier_Home>/apps/ROOT">
  
  Options Includes FollowSymLinks
  
  AllowOverride None
  
  Require all granted
  
  DirectoryIndex index.html
  
  </Directory>
  
  <Directory "<Unifier_Home>/apps/ROOT/WEB-INF">
  
  Require all denied
  
  </Directory>
4. #Support Http method GET/POST only
  RewriteEngine On
  
  RewriteCond %{REQUEST_METHOD} !^(GET|POST)
  
  RewriteRule .* - [F]
5. Header set Content-Security-Policy "default-src 'self'; frame-src *; child-src *; script-src 'self' 'unsafe-inline' 'unsafe-eval' http://elocation.oracle.com https://elocation.oracle.com *.oracle.com; style-src 'self' 'unsafe-inline';img-src 'self' data: http://elocation.oracle.com https://elocation.oracle.com *.oracle.com"
  
  <Location /bp/sys/dm/jvue/viewer>
  
  Header set Content-Security-Policy "connect-src 'self' http://localhost:2345 http://localhost:7575 http://localhost:8888 http://localhost:9999 https://localhost:2345 https://localhost:7575 https://localhost:8888 https://localhost:9999"
  
  </Location>
  
  <Location /bp/dm/project_documents>
  
  Header set Content-Security-Policy "connect-src 'self' http://localhost:2345 http://localhost:7575 http://localhost:8888 http://localhost:9999 https://localhost:2345 https://localhost:7575 https://localhost:8888 https://localhost:9999"
  
  </Location>
  
  <Location /bp/sys/dm/bp/attachment/viewer>
  
  Header set Content-Security-Policy "connect-src 'self' http://localhost:2345 http://localhost:7575 http://localhost:8888 http://localhost:9999 https://localhost:2345 https://localhost:7575 https://localhost:8888 https://localhost:9999"
  
  </Location>
  
  <Location /bp/dm/unpublished_documents/log>
  
  Header set Content-Security-Policy "connect-src 'self' http://localhost:2345 http://localhost:7575 http://localhost:8888 http://localhost:9999 https://localhost:2345 https://localhost:7575 https://localhost:8888 https://localhost:9999"
  
  </Location>
  
  <Location /bp/studio/share/open_attachments>
  
  Header set Content-Security-Policy "connect-src 'self' http://localhost:2345 http://localhost:7575 http://localhost:8888 http://localhost:9999 https://localhost:2345 https://localhost:7575 https://localhost:8888 https://localhost:9999"
  
  </Location>
  
  <Location /bp/share/editGCWithoutWorkFlow>
  
  Header set Content-Security-Policy "connect-src 'self' http://localhost:2345 http://localhost:7575 http://localhost:8888 http://localhost:9999 https://localhost:2345 https://localhost:7575 https://localhost:8888 https://localhost:9999"
  
  </Location>
  
  <Location /bp/share/draftGC/new>
  
  Header set Content-Security-Policy "connect-src 'self' http://localhost:2345 http://localhost:7575 http://localhost:8888 http://localhost:9999 https://localhost:2345 https://localhost:7575 https://localhost:8888 https://localhost:9999"
  
  </Location>
  
  <Location /bp/share/draftGC/edit>
  
  Header set Content-Security-Policy "connect-src 'self' http://localhost:2345 http://localhost:7575 http://localhost:8888 http://localhost:9999 https://localhost:2345 https://localhost:7575 https://localhost:8888 https://localhost:9999"
  
  </Location>
  
  <Location /bp/share/commentGC/new>
  
  Header set Content-Security-Policy "connect-src 'self' http://localhost:2345 http://localhost:7575 http://localhost:8888 http://localhost:9999 https://localhost:2345 https://localhost:7575 https://localhost:8888 https://localhost:9999"
  
  </Location>
  
  <Location /bp/share/commentGC/edit>
  
  Header set Content-Security-Policy "connect-src 'self' http://localhost:2345 http://localhost:7575 http://localhost:8888 http://localhost:9999 https://localhost:2345 https://localhost:7575 https://localhost:8888 https://localhost:9999"
  
  </Location>
  
  <Location /bp/share/editGC>
  
  Header set Content-Security-Policy "connect-src 'self' http://localhost:2345 http://localhost:7575 http://localhost:8888 http://localhost:9999 https://localhost:2345 https://localhost:7575 https://localhost:8888 https://localhost:9999"
  
  </Location>
  
  <Location /bp/share/commentGC/copyFrom>
  
  Header set Content-Security-Policy "connect-src 'self' http://localhost:2345 http://localhost:7575 http://localhost:8888 http://localhost:9999 https://localhost:2345 https://localhost:7575 https://localhost:8888 https://localhost:9999"
  
  </Location>
  
  <Location /bp/share/draftGC/copyFrom>
  
  Header set Content-Security-Policy "connect-src 'self' http://localhost:2345 http://localhost:7575 http://localhost:8888 http://localhost:9999 https://localhost:2345 https://localhost:7575 https://localhost:8888 https://localhost:9999"
  
  </Location>
  
  <Location /bp/studio/bp/document/copylineitem>
  
  Header set Content-Security-Policy "connect-src 'self' http://localhost:2345 http://localhost:7575 http://localhost:8888 http://localhost:9999 https://localhost:2345 https://localhost:7575 https://localhost:8888 https://localhost:9999"
  
  </Location>
  
  <Location /bp/studio/bp/document/itemopen>
  
  Header set Content-Security-Policy "connect-src 'self' http://localhost:2345 http://localhost:7575 http://localhost:8888 http://localhost:9999 https://localhost:2345 https://localhost:7575 https://localhost:8888 https://localhost:9999"
  
  </Location>
  
  Notes:
  - <Unifier_Home> is the unifier installation directory.
  - The session about Supporting Http method GET/POST only can be (or may be) added at the end of http.conf file.
Add the following to the $ORACLE_INSTANCE/ config/ OHS/ ohs1/mod_wl_ohs.conf file:
<LocationMatch /(bp|bluedoor|g|pub|m|portal|unifier|viewbp|ws|VueServlet|VueJNLPServlet|jvueDMS|xdespellchecker)($|/)>

SetHandler weblogic-handler

WebLogicHost localhost

WebLogicPort 7001

</LocationMatch>

<LocationMatch /(dojo|gs|studio|unifier_js|webant|x)($|/)>

ExpiresActive on

ExpiresDefault "access plus 6 month"

Header set X-Content-Type-Options "nosniff"

Header set X-XSS-Protection "1; mode=block"

</LocationMatch>

LoadModule deflate_module "${ORACLE_HOME}/ohs/modules/mod_deflate.so"

SetOutputFilter DEFLATE

</LocationMatch>

DeflateBufferSize 20000

Note: Modify the enteries (#2) under <Location /> as necessary:

WebLogicHost: Weblogic server hostname or IP address.
For WebLogicPort: Weblogic server port number.
The "deflate_module" must be loaded before "<LocationMatch /(bp|bluedoor|g|pub|portal|unifier|viewbp)($|/)>".
If the browser displays the error message, "...js MIME type ('text/plain') is not executable, and strict MIME type checking is enabled," then add "text/javascript js" to this file: <OHS Installation path>/instances/instance1/config/OHS/ohs1/mime.types

3. Modify the $ORACLE_INSTANCE/ config/ OHS/ ohs1/ssl.conf file as follows:

For OHTTP, or OHS, version:

Note: For the full list of system requirements, applications, and application version levels, refer to Primavera Unifier Tested Configurations in the Primavera Unifier Documentation Library.

Replace: SSLProtocol nzos_Version_1_0 nzos_Version_3_0

With: SSLProtocol -all +TLSv1.2

Replace: SSLCipherSuite

SSL_RSA_WITH_RC4_128_MD5,SSL_RSA_WITH_RC4_128_SHA,SSL_RSA_WITH_3DES_EDE_CBC_SH

A,SSL_RSA_WITH_DES_CBC_SHA,TLS_RSA_WITH_AES_128_CBC_SHA,TLS_RSA_WITH_AES_256_C BC_SHA

With: SSLCipherSuite HIGH

Note: Oracle recommends the SSLv3 protocol for OHS 11g version and the TLSv1.2 for OHS 12c version.

4. On Windows: Run startNodeManager.cmd and startComponent.cmd ohs1

On Linux: Run ./startNodeManager.sh and ./startCOmponent.sh ohs1

Note: If OAM is used to set up Unifier, log into OAMconsole, navigate to resources tab and add 3 resources in it: /jVue/**, /VueServlet/** and /jvueDMS/**. The Protection level should be excluded for the newly created resources. If any other SSO server is used then perform the similar steps in this server.

Related Topics