B Disabling Transport Layer Security (TLS) in Graph Server
For demonstration or evaluation purposes, it is possible to turn off transport layer security (TLS) of the graph server.
Caution:
This is not recommended for production. In a secure configuration, the server must always have TLS enabled.The following instructions only apply if you installed the graph server via the RPM
package.
Note:
If you deployed the graph server into your own web server (such as Weblogic or Apache Tomcat), please refer to the manual of your web server for TLS configuration.- Edit
/etc/oracle/graph/server.confto changeenable_tlstofalse. - Optionally, if you are using Graph Server REST API Version 1 (cookie-based authentication), then perform the following by
editing the
WEB-INF/web.xmlfile inside the/opt/oracle/graph/pgx/server/graph-server-webapp-24.2.0.warfile:- Replace `
https` with `http` for the `pgx.base_url` property. For example:<context-param> <param-name>pgx.base_url</param-name> <param-value>http://localhost:7007</param-value> </context-param> - Configure the cookies to be sent over non-secure connections by
setting
<secure>false</secure>as follows:<session-config> <tracking-mode>COOKIE</tracking-mode> <cookie-config> <secure>false</secure> </cookie-config> ... </session-config>
- Replace `
- Restart the
server.
sudo systemctl restart pgx
The graph server now accepts connections over HTTP instead of HTTPS.
On Oracle Linux 7, you can execute the following script to perform the preceding
four steps all at
once:
echo "$(jq '.enable_tls = false' /etc/oracle/graph/server.conf)" > /etc/oracle/graph/server.conf
WAR=$(find /opt/oracle/graph/pgx/server -name '*.war')
TMP=$(mktemp -d)
cd $TMP
unzip $WAR WEB-INF/web.xml
sed -i 's|<secure>true</secure>|<secure>false</secure>|' WEB-INF/web.xml
sed -i 's|https://|http://|' WEB-INF/web.xml
sudo zip $WAR WEB-INF/web.xml
rm -r $TMP
sudo systemctl restart pgxParent topic: Supplementary Information for Property Graph Support