Upgrade and Patch App Gateway

Learn how to upgrade and patch App Gateway.

When an App Gateway release is available in the Oracle Identity Cloud Service Downloads page, you can execute the following procedure to upgrade your App Gateway server with the latest release.

If you are perfomring a patch upgrade, the App Gateway patch will be installed when you run the script. You don't need to download patch releases from the downloads page.

Note:

The following applies only to App Gateway version 19.3.3 onwards. If you are running App Gateway version 19.2.1, then download and install a new App Gateway 19.3.3 (or newer version) server and replace the old-version server with this new-version server.

App Gateway versioning uses the following convention: <release version>-<major version>.<minor version>.<build number>. For example, App Gateway version 19.3.3-1.0.1, means release 19.3.3, major version 1, minor version 0, and patch version 1.

If you have multiple App Gateway instances, then repeat the following procedure for each App Gateway server.

  1. Use a SSH client such as PuTTY to log in to the App Gateway server.
  2. Execute cd /scratch/oracle/cloudgate, and verify two information in this folder:
    • In the command prompt, execute the following command cat /scratch/oracle/cloudgate/INSTALLED_VERSION to verify the version of the App Gateway.

      The following example shows that the version of the App Gateway is 19.3.3-1.0.0:
      $ cd /scratch/oracle/cloudgate
      $ cat INSTALLED_VERSION
      OVA Base Version: 19.3.3-1.0.0
      OVA Patch Version:
      Cloud Gate Version: 19.3.3-1910012252
    • Run the following command ls -la and verify that the home folder links to the folder named the App Gateway version:

      The following example shows that the home folder is linked to the 19.3.3.-1.0.0 folder:
      $ cd /scratch/oracle/cloudgate
      $ ls -la
      total 16
      drwx------. 6 oracle oracle 4096 Oct  2 00:23 19.3.3-1.0.0
      lrwxrwxrwx. 1 oracle oracle   38 Oct  2 01:38 home -> /scratch/oracle/cloudgate/19.3.3-1.0.0
      -rw-------. 1 oracle oracle   89 Oct  2 01:38 INSTALLED_VERSION
      drwx------. 3 oracle oracle 4096 Oct  2 01:38 ova
      drwxr-x---. 2 oracle oracle 4096 Oct  7 09:45 wallet
  3. Execute cd /scratch/oracle/cloudgate/home/bin, and then ./cg-upgrade to start the upgrade process.
    During the upgrade process, App Gateway contacts Oracle Identity Cloud Service to verify if a patch for your App Gateway is available. If so, then the process downloads the patch and applies the patch to your App Gateway server.
  4. After the upgrade process finishes, execute the commands described in step 2 and verify whether their return refers to the App Gateway patch or the upgraded version.
  5. Optional: Configure App Gateway in SSL mode. If you ran the cg-upgrade script, and App Gateway was configured in non-SSL mode, then after running the cg-upgrade script, complete the following steps. Note: If App Gateway was already configured in SSL mode, then don't complete the following steps.
    1. Get the SSL certificates.
    2. Log in to App Gateway and copy the certificates, for example, to /scratch/certificates/.
    3. Log in to the Oracle Identity Cloud Service Admin console, navigate to App Gateway, Hosts, and then open the required host and select Enable SSL.
    4. Navigate to App Gateway, Hosts, and then open the required host, navigate to Additional Properties and then add the path of the certificates and other information, such as ssl_protocols and ssl_ciphers.
      ssl_certificate /scratch/certificates/myappgateway.example.com.cert;
      ssl_certificate_key /scratch/certificates/myappgateway.example.com.key;
      ssl_protocols TLSv1 TLSv1.1 TLSv1.2; ssl_ciphers HIGH:!aNULL:!MD5;
      
    5. Open /usr/local/nginx/conf/cloudgate.config, search for callbackPrefix and change its value from HTTP to HTTPS.
    6. Execute the following commands so that you can see all changes reflected in App Gateway:
      1. cg-stop
      2. cg-start
      3. agent-stop
      4. agent-start
    Now the application can be accessed only through the HTTPS protocol and not the HTTP protocol.
During this procedure App Gateway restarts. Access to your application through this App Gateway server may be affected.