Oracle 支持使用内置 Jetty Web 服务器以独立模式运行的 Oracle REST 数据服务 (ORDS),因此无需担心安装 Tomcat 或 WebLogic,除非您有令人信服的理由。删除这个额外的层意味着要学习的层减少了一层,要修补的层也减少了一层。
这些说明适用于 ORDS 22.1 版以后。
目录
安装
无论使用何种应用服务器,ORDS 安装过程都是相似的,因此您应该按照此处描述的安装
在本文中引用路径时,我们将使用以下环境变量。请注意,我们正在将ORDS_HOME/bin目录添加到我们的PATH中,因此我们不必在每次使用ords命令时都明确说明路径。
export JAVA\_HOME=/u01/java/latest
export ORDS\_HOME=/u01/ords
export ORDS\_CONFIG=/u01/config/ords
export PATH=${ORDS\_HOME}/bin:${PATH}
Setting the ORDS_CONFIG environment variable means we don’t need to explicitly use 设置ORDS_CONFIG环境变量意味着我们不需要–config在下面的命令中显式使用参数ords,但我们仍然会包含它。
在独立模式下启动/停止 ORDS
默认的Java堆大小会导致失败,所以我们需要使用_JAVA_OPTIONS环境变量来设置堆大小。然后我们可以使用该serve命令以独立模式启动 ORDS。
export \_JAVA\_OPTIONS="-Xms1126M -Xmx1126M"
ords --config ${ORDS\_CONFIG} serve
现在可以从以下 URL 获得资源,并根据需要调整您的主机名。
http://localhost:8080/ords/
独立模式将捕获控制台并将所有日志信息推送到它。我们可以使用 CTRL+C 停止 ORDS。
对于生产部署,我们应该将 ORDS 作为后台进程启动并将输出推送到日志文件。例如,我们可以创建一个名为“~/scripts/start_ords.sh”的文件,其内容如下。请记住根据需要调整路径。
#!/bin/bash
export PATH=/usr/sbin:/usr/local/bin:/usr/bin:/usr/local/sbin:$PATH
export JAVA\_HOME=/u01/java/latest
export ORDS\_HOME=/u01/ords
export ORDS\_CONFIG=/u01/config/ords
LOGFILE=/home/oracle/scripts/logs/ords-\`date +"%Y""%m""%d"\`.log
export \_JAVA\_OPTIONS="-Xms1126M -Xmx1126M"
nohup ${ORDS\_HOME}/bin/ords --config ${ORDS\_CONFIG} serve >> $LOGFILE 2>&1 &
echo "View log file with : tail -f $LOGFILE"
我们可以通过杀死后台进程来杀死 ORDS。我们创建一个名为“~/scripts/stop_ords.sh”的脚本,其内容如下。
#!/bin/bash
export PATH=/usr/sbin:/usr/local/bin:/usr/bin:/usr/local/sbin:$PATH
kill \`ps -ef | grep \[o\]rds.war | awk '{print $2}'\`
我们创建日志目录并使脚本可执行。
mkdir -p ~/scripts/logs
chmod u+x ~/scripts/\*.sh
然后,我们可以使用脚本轻松停止和启动 ORDS。
~/scripts/stop\_ords.sh
~/scripts/start\_ords.sh
自动 SSL (HTTPS)
默认情况下,ORDS 在端口 8080 上使用 HTTP。我们可以使用–port参数更改端口。我们可以通过添加参数使 ORDS 使用 HTTPS --secure,这会将端口默认为 8443,但我们可以使用–port参数来更改它。在此示例中,我们将端口显式设置为默认 HTTPS 值。
export \_JAVA\_OPTIONS="-Xms1126M -Xmx1126M"
ords --config ${ORDS\_CONFIG} serve --secure --port 8443
如果您未指定有效的证书和密钥,ORDS 将自动创建用于 SSL 的自签名证书。证书和密钥存储在“$ORDS_CONFIG/global/standalone”目录中。现在可以从以下 URL 获得资源,并根据需要调整您的主机名。
https://localhost:8443/ords/
我们可以使用以下命令将其设置为默认操作。HTTPS 端口的存在意味着 ORDS 正在安全模式下运行。
ords --config ${ORDS\_CONFIG} config set standalone.https.port 8443
这些设置被添加到“$ORDS_CONFIG/global/settings.xml”文件中。
我们现在可以通过以下命令使用 HTTPS 运行 ORDS。
export \_JAVA\_OPTIONS="-Xms1126M -Xmx1126M"
ords --config ${ORDS\_CONFIG} serve
如果您使用命令行参数,请记住修改您的“start_ords.sh”脚本。
SSL 配置 (HTTPS)
您可能应该在 ORDS 前面使用反向代理或负载均衡器,这是您的证书颁发机构 (CA) 证书所在的位置。即便如此,您可能还希望您的内部流量也使用 HTTPS,因此您需要将 Jetty 配置为使用 HTTPS。如果您有正确的 CA 证书和密钥,请确保它们是 DER 格式。在这种情况下,我们将手动创建一个新的自签名证书并将其用于 HTTPS 配置。请记住根据需要调整“dname”和密码。
mkdir ~/keystore
cd ~/keystore
# Create a self-signed certificate in a JKS keystore.
$JAVA\_HOME/bin/keytool -genkey -keyalg RSA -alias selfsigned -keystore keystore.jks \\
-dname "CN=\`hostname\`, OU=Example Department, O=Example Company, L=Birmingham, ST=West Midlands, C=GB" \\
-storepass password1 -validity 3600 -keysize 2048 -keypass password1
# Create a PKCS12 keystore from the JKS keystore.
$JAVA\_HOME/bin/keytool -importkeystore -srckeystore keystore.jks -srcalias selfsigned -srcstorepass password1 \\
-destkeystore keystore.p12 -deststoretype PKCS12 -deststorepass password1 -destkeypass password1
# Extract the key and certificate in PEM format.
openssl pkcs12 -in keystore.p12 -nodes -nocerts -out \`hostname\`-key.pem
openssl pkcs12 -in keystore.p12 -nokeys -out \`hostname\`.pem
# Convert them to DER format.
openssl pkcs8 -topk8 -inform PEM -outform DER -in \`hostname\`-key.pem -out \`hostname\`-key.der -nocrypt
openssl x509 -inform PEM -outform DER -in \`hostname\`.pem -out \`hostname\`.der
如果一切顺利,您现在拥有 DER 格式的密钥和证书。该文件名基于您的主机名,因此它们可能看起来不同。
$ ls \*.der
localhost.localdomain.der localhost.localdomain-key.der
$
我们现在可以使用此证书和密钥启动 ORDS,如下所示。
export \_JAVA\_OPTIONS="-Xms1126M -Xmx1126M"
ords --config ${ORDS\_CONFIG} serve --certificate ~/keystore/localhost.localdomain.der --key ~/keystore/localhost.localdomain-key.der
–secure和设置是隐含的–port,因为我们使用的是证书,但我们可以显式设置它们并获得相同的结果。
export \_JAVA\_OPTIONS="-Xms1126M -Xmx1126M"
ords --config ${ORDS\_CONFIG} serve --secure --port 8443 --certificate ~/keystore/localhost.localdomain.der --key ~/keystore/localhost.localdomain-key.der
现在可以从以下 URL 获得资源,并根据需要调整您的主机名。
https://localhost:8443/ords/
我们可以使用以下命令将其设置为默认值。HTTPS 端口的存在意味着 ORDS 正在安全模式下运行。
ords --config ${ORDS\_CONFIG} config set standalone.https.port 8443
ords --config ${ORDS\_CONFIG} config set standalone.https.cert ~/keystore/localhost.localdomain.der
ords --config ${ORDS\_CONFIG} config set standalone.https.cert.key ~/keystore/localhost.localdomain-key.der
这些设置被添加到“$ORDS_CONFIG/global/settings.xml”文件中。
我们现在可以使用 HTTPS 和我们的证书使用以下命令运行 ORDS。
export \_JAVA\_OPTIONS="-Xms1126M -Xmx1126M"
ords --config ${ORDS\_CONFIG} serve
如果您使用命令行参数,请记住修改您的“start_ords.sh”脚本。
APEX 静态图像
将 ORDS 用于前端 APEX 应用程序时,应将 ORDS 配置为提供 APEX 静态文件。
export APEX\_IMAGES=/u01/software/apex/images
ords --config ${ORDS\_CONFIG} config set standalone.static.path ${APEX\_IMAGES}
这些设置被添加到“$ORDS_CONFIG/global/settings.xml”文件中。
我们必须重新启动 ORDS 才能使更改生效。
~/scripts/stop\_ords.sh
~/scripts/start\_ords.sh
静态资源(文档根目录)
ORDS 可用于像常规 Web 服务器一样提供静态内容。默认位置需要以下路径。
mkdir -p ${ORDS\_CONFIG}/global/doc\_root
–document-root可以使用命令行上的参数或修改以下默认设置来更改默认位置。
ords --config ${ORDS\_CONFIG} config set standalone.doc.root ${ORDS\_CONFIG}/global/doc\_root
如果您更改了默认设置,则需要重新启动 ORDS 才能使其生效。
~/scripts/stop\_ords.sh
~/scripts/start\_ords.sh
自定义错误页面
ORDS 将自动处理典型的 HTTP 错误。如果您在 ORDS 前面使用负载均衡器,您可能希望使用它来处理自定义错误消息,而不是更改 ORDS 配置。如果您需要,ORDS 可以处理自定义错误页面。error.externalPath使用自定义错误页面的位置修改设置。
ords --config ${ORDS\_CONFIG} config set error.externalPath ~/error-pages
创建所需的自定义错误文件。我刚刚创建了一些简单的测试。
mkdir -p ~/error-pages
echo "404 Error: Whoops" > ~/error-pages/404.html
echo "500 Error: Whoops" > ~/error-pages/500.html
重新启动 ORDS。
~/scripts/stop\_ords.sh
~/scripts/start\_ords.sh
访问日志
如果您想知道谁在访问您的 Web 服务器,访问日志非常重要。我们使用该standalone.access.log设置来确定 ORDS 将访问日志写入的位置。
ords --config ${ORDS\_CONFIG} config set standalone.access.log ${ORDS\_CONFIG}/logs
重启 ORDS 使设置生效。
~/scripts/stop\_ords.sh
~/scripts/start\_ords.sh
一旦我们访问 ORDS,我们将看到在我们指定的目录中创建了一个访问日志。访问日志的名称格式为“ords_YYYY_MM_DD.log”。
所有设置
可以使用以下命令显示完整的设置列表。
$ **ords config info**
ORDS: Release 22.1 Production on Fri Apr 22 10:16:02 2022
Copyright (c) 2010, 2022, Oracle.
Configuration:
/u01/config/ords/
Settings:
apex.security.administrator.rolesComma de-limited list of
additional roles to assign
authenticated APEX
administrator type users.
apex.security.developer.roles Comma de-limited list of
additional roles to assign
authenticated APEX developer
type users.
apex.security.user.roles Comma de-limited list of
additional roles to assign
authenticated regular APEX
users.
autoupgrade.api.aulocation A configuration setting for
AutoUpgrade.jar location.
autoupgrade.api.enabled A configuration setting to
enable AutoUpgrade REST API
features.
autoupgrade.api.jvmlocation A configuration setting for
AutoUpgrade REST API JVM
location.
autoupgrade.api.loglocation A configuration setting for
AutoUpgrade REST API log
location.
cache.metadata.enabled Specifies the setting to
enable or disable metadata
caching.
cache.metadata.timeout Specifies the setting to
determine for how long a
metadata record remains in
the cache. Longer duration
means, it takes longer to
view the applied changes. The
formats accepted are based on
the ISO-8601 duration format.
database.api.enabled Enable Database API feature.
database.api.management.services.disabledDisable the Database API
administration related
services. Only applicable
when Database API is enabled.
db.adminUser The username for the database
account that ORDS will use
for administration operations
in the database.
db.adminUser.password The password for the database
account that ORDS will use
for administration operations
in the database.
db.cdb.adminUser The username for the database
account that ORDS will use
for Pluggable Database
Lifecycle Management.
db.cdb.adminUser.password The password for the database
account that ORDS will use
for Pluggable Database
Lifecycle Management.
db.connectionType The database connection type.
Specify one of the values:
basic, tns, customurl.
db.credentialsSource Specifies the source for
database credentials when
creating a direct connection
for running SQL statements.
Value can be one of: pool or
request. If pool is used, the
credentials defined in this
pool will be used to create a
JDBC connection. If request
is used, the credentials in
the request will be used to
create a JDBC connection and
if successful grant the
requestor SQL Developer role.
The default value is pool.
db.customURL The JDBC URL connection to
connect to the database.
db.hostname The host name of the database
server.
db.invalidPoolTimeout Specifies how long to wait
before retrying an invalid
pool.
db.password The database password.
db.poolDestroyTimeout Indicates how long to wait to
gracefully destroy a pool,
before moving to forcefully
destroy all connections
including borrowed ones.
db.port The port of the database
server listener.
db.serviceNameSuffix The service name suffix for
PDBs connected to the CDB.
db.servicename The database service name.
db.tnsAliasName The TNS alias name that
matches the name in the
tnsnames.ora file.
db.tnsDirectory The directory location of
your tnsnames.ora file.
db.username The database user name.
db.wallet.zip The wallet archive (provided
in BASE64 encoding)
containing connection details
for the pool.
db.wallet.zip.path The path to a wallet archive
containing connection details
for the pool.
db.wallet.zip.service Specifies the service name in
the wallet archive for the
pool.
debug.printDebugToScreen Specifies whether to display
error messages in the browser.
debug.trackResources Enable tracking of JDBC
resources that if not
released will cause resource
leaks/exhaustion in the
database. Tracking imposes a
performance overhead.
error.externalPath The path to the external
error pages.
error.responseFormat Specifies in what format
error responses should be
rendered. Possible values:
HTTP, JSON, AUTO. Defaults to
AUTO.
feature.openservicebroker.excludeTo disable the Open Service
Broker services available for
the pool.
feature.sdw Enable Database Actions
feature.
http.cookie.filter A comma separated list of
HTTP Cookies to exclude when
initializing an Oracle Web
Agent environment.
icap.port Specifies the Internet
Content Adaptation Protocol
(ICAP) port to virus scan
files. Either icap.port or
icap.secure.port are required
to have a value when
icap.server is set.
icap.secure.port Specifies the Internet
Content Adaptation Protocol
(ICAP) secure port to virus
scan files. Either icap.port
or icap.secure.port are
required to have a value when
icap.server is set.
icap.server Specifies the Internet
Content Adaptation Protocol
(ICAP) server name or IP
address to virus scan files.
jdbc.DriverType The Oracle JDBC URL subtype
that can have one of the
values: thin, oci8. Defaults
to thin.
jdbc.InactivityTimeout Specify how long an available
connection can remain idle
before it is closed. The
inactivity connection timeout
is in seconds. Defaults to
1800.
jdbc.InitialLimit The initial size for the
number of connections that
will be created. Defaults to
10.
jdbc.MaxConnectionReuseCount Specify the maximum number of
times to reuse a connection
before it is discarded and
replaced with a new
connection.
jdbc.MaxLimit The maximum number of
connections. Defaults to 10.
jdbc.MaxStatementsLimit The maximum number of
statements to cache for each
connection. Defaults to 10.
jdbc.MinLimit The minimum number of
connections. Defaults to 2.
jdbc.auth.admin.role Identifies the database role
that signifies the database
user should get the SQL
Administrator role.
jdbc.auth.enabled Specifies if the PL/SQL
Gateway calls can be
authenticated using database
users. Defaults to false. Set
to true to enable feature.
Oracle recommends not to use
this feature. This feature
used only to facilitate
customers migrating from
mod\_plsql.
jdbc.cleanup.mode Specifies how a pooled JDBC
connection, and corresponding
database session, is released
when a request has been
processed.
jdbc.driverName The name of the JDBC driver
to use.
jdbc.statementTimeout Specify how long a borrowed
(in use) connection can
remain unused before it is
considered as abandoned and
reclaimed. The abandoned
connection timeout is in
seconds.
json.sdo.geometry.output.geojson Specify that SDO Geometry
data should be returned in
GeoJSON format.
misc.defaultPage Default page (PL/SQL
procedure) to invoke if the
URL points to the context
root of a database pool.
Default value is apex.
misc.pagination.maxRows Specifies the maximum number
of rows that will be returned
from a query when processing
a RESTful service and that
will be returned from a
nested cursor in a result
set. Affects all RESTful
services generated through a
SQL query, regardless of
whether the resource is
paginated. Defaults to 10000.
owa.trace.sql Boolean property that if true
causes a trace of the SQL
statements performed by
Oracle Web Agent to be echoed
to the log.
plsql.gateway.mode Indicates if the PL/SQL
Gateway functionality should
be available for a pool or
not. Value can be one of:
disabled, direct or proxied.
If direct is used, the pool
will serve PL/SQL Gateway
requests directly. If proxied
is used, PLSQL\_GATEWAY\_CONFIG
view is used to determine the
user to proxy to.
procedure.rest.preHook Name of a stored PL/SQL
function that should be
invoked prior to dispatching
any REST request.
request.traceHeaderName Denotes the name of the HTTP
request header that uniquely
identifies the request end to
end as it passes through the
various layers of the
application stack. In Oracle
this header is commonly
referred to as the ECID
(Entity Context ID).
resource.templates.enabled Deprecated. Configuration
property indicating if the
legacy resource templates
(APEX based REST) should be
enabled or not. False by
default. The
resource-templates code base
is not compatible with the
single pool
(ORDS\_PUBLIC\_USER)
architecture so must be
disabled.
restEnabledSql.active Enable REST-Enabled SQL
feature.
security.credentials.attempts The maximum number of
unsuccessful password
attempts allowed. Enabled by
setting a positive integer
value. Defaults to -1.
security.credentials.file The file where credentials
are stored.
security.credentials.lock.time The period to lock account
that has exceeded maximum
attempts. Defaults to 10
minutes.
security.requestValidationFunctionSpecifies a validation
function to determine if the
requested procedure in the
URL should be allowed or
disallowed for processing.
The function should return
true if the procedure is
allowed; otherwise, return
false.
security.validationFunctionType Indicate what type the
security.requestValidationFunc
ion is: javascript or plsql.
Defaults to plsql.
security.verifySSL Indicate whether HTTPS is
available in your environment.
standalone.access.log Path to the folder to store
HTTP request access logs. If
not specified then no access
log will be generated.
standalone.binds Comma separated list of host
names or IP addresses to
identify a specific network
interface on which to listen,
default 0.0.0.0.
standalone.context.path The context path where {0} is
located, defaults to /ords
standalone.doc.root Points to the location where
static resources, to be
served under the / root
server path are located.
standalone.http.port HTTP listen port, default 8080
standalone.https.cert SSL certificate path. If you
are providing the SSL
certificate, you must specify
the certificate location.
standalone.https.cert.key SSL certificate key path. If
you are providing the SSL
certificate, you must specify
the certificate key location.
standalone.https.host SSL certificate hostname
standalone.https.port HTTPS listen port, default
8443
standalone.static.context.path The Context path where
Application Express static
resources are located,
defaults to /i
standalone.static.path Path to the folder containing
static resources required by
APEX
standalone.stop.timeout The period for Standalone
Mode to wait to gracefully
shutdown.
$
文章来源:https://oracle-base.com/articles/misc/oracle-rest-data-services-ords-standalone-mode-22-onward
「喜欢这篇文章,您的关注和赞赏是给作者最好的鼓励」
关注作者
【版权声明】本文为墨天轮用户原创内容,转载时必须标注文章的来源(墨天轮),文章链接,文章作者等基本信息,否则作者和墨天轮有权追究责任。如果您发现墨天轮中有涉嫌抄袭或者侵权的内容,欢迎发送邮件至:contact@modb.pro进行举报,并提供相关证据,一经查实,墨天轮将立刻删除相关内容。
