Oracle APEXの環境作成
ubuntu@ordsmcp2:~$ sh prepare-ubuntu-for-apex-and-ords.sh
37 packages can be upgraded. Run 'apt list --upgradable' to see them.
The following NEW packages will be installed:
hwdata libnuma1 libpython3.12t64 libslang2 libtraceevent1 linux-headers-6.17.0-1007-oracle
linux-image-6.17.0-1007-oracle linux-modules-6.17.0-1007-oracle linux-modules-extra-6.17.0-1007-oracle
linux-oracle-6.17-headers-6.17.0-1007 linux-oracle-6.17-tools-6.17.0-1007 linux-tools-6.17.0-1007-oracle
linux-tools-common wireless-regdb
The following packages will be upgraded:
base-files cloud-init curl fwupd gcc-14-base gir1.2-glib-2.0 initramfs-tools initramfs-tools-bin
initramfs-tools-core libc-bin libc6 libcurl3t64-gnutls libcurl4t64 libdrm-common libdrm2 libexpat1
libfwupd2 libgcc-s1 libglib2.0-0t64 libgnutls30t64 libldap2 libpng16-16t64 libpython3.12-minimal
libpython3.12-stdlib libssh-4 libssl3t64 libstdc++6 linux-headers-oracle linux-image-oracle linux-oracle
openssl python-apt-common python3-apt python3-distupgrade python3.12 python3.12-minimal
ubuntu-release-upgrader-core
37 upgraded, 14 newly installed, 0 to remove and 0 not upgraded.
20 standard LTS security updates
Need to get 228 MB of archives.
After this operation, 331 MB of additional disk space will be used.
debconf: delaying package configuration, since apt-utils is not installed
(Reading database ... 48207 files and directories currently installed.)
Preparing to unpack .../gcc-14-base_14.2.0-4ubuntu2~24.04.1_amd64.deb ...
Unpacking gcc-14-base:amd64 (14.2.0-4ubuntu2~24.04.1) over (14.2.0-4ubuntu2~24.04) ...
Setting up gcc-14-base:amd64 (14.2.0-4ubuntu2~24.04.1) ...
(Reading database ... 48207 files and directories currently installed.)
[中略]
update-alternatives: using /usr/bin/vim.basic to provide /usr/bin/vim (vim) in auto mode
update-alternatives: using /usr/bin/vim.basic to provide /usr/bin/vimdiff (vimdiff) in auto mode
Setting up nginx (1.24.0-2ubuntu7.6) ...
* Upgrading binary nginx [ OK ]
Setting up libnginx-mod-http-headers-more-filter (1:0.37-2build1) ...
Setting up docker.io (28.2.2-0ubuntu1~24.04.1) ...
debconf: unable to initialize frontend: Dialog
debconf: (No usable dialog-like program is installed, so the dialog based frontend cannot be used. at /usr/share/perl5/Debconf/FrontEnd/Dialog.pm line 79.)
debconf: falling back to frontend: Readline
info: Selecting GID from range 100 to 999 ...
info: Adding group `docker' (GID 107) ...
Created symlink /etc/systemd/system/multi-user.target.wants/docker.service → /usr/lib/systemd/system/docker.service.
Created symlink /etc/systemd/system/sockets.target.wants/docker.socket → /usr/lib/systemd/system/docker.socket.
Setting up perl (5.38.2-3.2ubuntu0.2) ...
Setting up python3-acme (2.9.0-1) ...
Setting up python3-certbot (2.9.0-1) ...
Setting up certbot (2.9.0-1) ...
Created symlink /etc/systemd/system/timers.target.wants/certbot.timer → /usr/lib/systemd/system/certbot.timer.
Setting up liberror-perl (0.17029-2) ...
Setting up git (1:2.43.0-1ubuntu7.3) ...
Processing triggers for dbus (1.14.10-4ubuntu4.1) ...
Processing triggers for libc-bin (2.39-0ubuntu8.7) ...
Processing triggers for nginx (1.24.0-2ubuntu7.6) ...
Triggering nginx reload ...
Synchronizing state of nginx.service with SysV service script with /usr/lib/systemd/systemd-sysv-install.
Executing: /usr/lib/systemd/systemd-sysv-install disable nginx
Removed "/etc/systemd/system/multi-user.target.wants/nginx.service".
Rules updated
Rules updated (v6)
Rules updated
Rules updated (v6)
Rules updated
Rules updated (v6)
Rules updated
Rules updated (v6)
Rules updated
Rules updated (v6)
Rules updated
Rules updated (v6)
Rules updated
Rules updated (v6)
Firewall is active and enabled on system startup
Firewall reloaded
ubuntu@ordsmcp2:~$
ubuntu@ordsmcp2:~$ sudo shutdown -r now
Broadcast message from root@ordsmcp2 on pts/1 (Wed 2026-02-25 03:31:17 UTC):
The system will reboot now!
スクリプト内で作成しているユーザーoracleに切り替えて作業します。
sudo su - oracle
ubuntu@ordsmcp2:~$ sudo su - oracle
$
これ以降の作業はほとんどOracle Linux 10と同じですが、podmanの代わりにDockerを使用します。
Oracle APEXの最新のアーカイブをダウンロードし解凍します。その他に、データファイルを保管するディレクトリoradataと、ORDSの構成ファイルを保管するディレクトリords_configを作成します。
curl -OL https://download.oracle.com/otn_software/apex/apex-latest.zip
unzip -q apex-latest.zip
mkdir oradata
mkdir ords_config
$ curl -OL https://download.oracle.com/otn_software/apex/apex-latest.zip
% Total % Received % Xferd Average Speed Time Time Time Current
Dload Upload Total Spent Left Speed
100 289M 100 289M 0 0 123M 0 0:00:02 0:00:02 --:--:-- 123M
$ unzip -q apex-latest.zip
$ mkdir oradata
$ mkdir ords_config
$
docker pull container-registry.oracle.com/database/ords:latest
$ docker pull container-registry.oracle.com/database/free:latest
latest: Pulling from database/free
41fec24cd635: Pull complete
3bf32880b451: Pull complete
2194ce8eea01: Pull complete
422548fea3d3: Pull complete
ec2d2b9967e0: Pull complete
8b259ba4c4d9: Pull complete
76262a11b33d: Pull complete
1b5d06dc2c49: Pull complete
991ed18434dd: Pull complete
f25c6654bf3b: Pull complete
ea29ae69235f: Pull complete
3a95ca5b8cd0: Pull complete
d46a44facb7d: Pull complete
cc817f3645bb: Pull complete
45768b398726: Pull complete
7e9be3b296e9: Pull complete
e02d6fb066f3: Pull complete
2d032c198665: Pull complete
8a5b38f9ede2: Pull complete
da072ef4f3b2: Pull complete
aeed28bf05ac: Pull complete
29c59e2aad04: Pull complete
Digest: sha256:8a8084193724b95bc62247e3af4218b357e4f172c78925551b2181dbe2566232
Status: Downloaded newer image for container-registry.oracle.com/database/free:latest
container-registry.oracle.com/database/free:latest
$ docker pull container-registry.oracle.com/database/ords:latest
latest: Pulling from database/ords
ac06ceafe5b9: Pull complete
7199b16c8c4a: Pull complete
2d59a8c44230: Pull complete
4577ec524291: Pull complete
a1247073a683: Pull complete
0c76fee24ccd: Pull complete
b91daf9676e0: Pull complete
4f4fb700ef54: Pull complete
Digest: sha256:c8b7713edbd9394d304b936be91d6ffe3251586f45352bc918e4cb56faabe852
Status: Downloaded newer image for container-registry.oracle.com/database/ords:latest
container-registry.oracle.com/database/ords:latest
$
$ echo "ORACLE_PWD=*******" > .env
$ docker compose up -d
[+] Running 3/3
✔ Network ubuntu-oracle-apex_oracle-net Created 0.1s
✔ Container apex-db Healthy 253.3s
✔ Container apex-ords Started 253.5s
$
$ docker logs -f apex-ords
Testing database connection...
INFO : Attempt 1: Connecting to sys/*****@apex-db:1521/FREEPDB1 as sysdba...
INFO : Database connection successful.
INFO : The Oracle REST Data Services are not installed on your database.
INFO : Installing The Oracle REST Data Services 25.4.0.
INFO : The ORACLE_USER_PWD variable was not supplied.
A temporary password was generated for ORACLE_USER_PWD.
Execute this command to get the generated password:
docker exec <ORDS_container_name> ords config get --secret db.password
INFO : The Oracle REST Data Services 25.4.0 has been installed correctly on your database.
INFO : The container found Oracle APEX version 24.2.0 in the mounted volume.
INFO : Installing Oracle APEX on your DB, please be patient.
INFO : The APEX_PWD variable was not supplied.
A new password must be set to complete the configuration.
To do this, connect as SYS with SYSDBA privileges and run:
ALTER USER APEX_PUBLIC_USER IDENTIFIED BY "<new_password>";
INFO : The Oracle APEX has been installed. You can create an APEX Workspace in Database Actions APEX Workspaces section.
INFO : Set plsql.gateway.mode proxied after Oracle APEX was installed.
INFO : Setup standalone.static.path /opt/oracle/apex/images.
INFO : Starting the Oracle REST Data Services instance.
2026-02-25T04:05:22Z INFO ORDS has not detected the option '--config' and this will be set up to the default directory.
[中略]
2026-02-25T04:05:31.006Z WARNING *** jdbc.MaxLimit in configuration |default|lo| is using a value of 10, this setting may not be sized adequately for a production environment ***
2026-02-25T04:05:31.368Z INFO Created Pool: |default|lo|-2026-02-25T04-05-30.167143688Z at: 2026-02-25T04:05:30.167143688Z
2026-02-25T04:05:31.554Z INFO
Mapped local pools from /etc/ords/config/databases:
/ords/ => default => VALID
2026-02-25T04:05:31.572Z INFO Oracle REST Data Services initialized
Oracle REST Data Services version : 25.4.0.r3641739
Oracle REST Data Services server info: jetty/12.0.25
Oracle REST Data Services java info: Java HotSpot(TM) 64-Bit Server VM GraalVM EE 21.3.10 (build 17.0.11+7-LTS-jvmci-21.3-b51 mixed mode, sharing)
2026-02-25T04:05:31.767Z INFO CursorMonitor 1
2026-02-25T04:05:31.768Z INFO RequestMonitor 1
2026-02-25T04:05:31.769Z INFO AccessLogMonitor 1 0
2026-02-25T04:05:31.769Z INFO TransactionMonitor 1
2026-02-25T04:05:31.773Z INFO WatchdogMonitor 1
2026-02-25T04:25:37.924Z WARNING Bad Authority: [/]
129.212.188.167 - [25/Feb/2026:04:25:37 +0000] "GET /badMessage HTTP/1.0" 400 - "" "" 27 - - -
198.235.24.2 - [25/Feb/2026:04:25:49 +0000] "GET /badMessage HTTP/1.0" 400 - "" "" 2 - - -
198.235.24.2 - [25/Feb/2026:04:25:49 +0000] "GET /badMessage HTTP/1.0" 400 - "" "" 1 - - -
2026-02-25T04:05:31.006Z WARNING *** jdbc.MaxLimit in configuration |default|lo| is using a value of 10, this setting may not be sized adequately for a production environment ***
2026-02-25T04:05:31.368Z INFO Created Pool: |default|lo|-2026-02-25T04-05-30.167143688Z at: 2026-02-25T04:05:30.167143688Z
2026-02-25T04:05:31.554Z INFO
Mapped local pools from /etc/ords/config/databases:
/ords/ => default => VALID
2026-02-25T04:05:31.572Z INFO Oracle REST Data Services initialized
Oracle REST Data Services version : 25.4.0.r3641739
Oracle REST Data Services server info: jetty/12.0.25
Oracle REST Data Services java info: Java HotSpot(TM) 64-Bit Server VM GraalVM EE 21.3.10 (build 17.0.11+7-LTS-jvmci-21.3-b51 mixed mode, sharing)
2026-02-25T04:05:31.767Z INFO CursorMonitor 1
2026-02-25T04:05:31.768Z INFO RequestMonitor 1
2026-02-25T04:05:31.769Z INFO AccessLogMonitor 1 0
2026-02-25T04:05:31.769Z INFO TransactionMonitor 1
2026-02-25T04:05:31.773Z INFO WatchdogMonitor 1
^C$
日本語リソースのロードと管理者ユーザーのパスワードを設定します。
データベースのコンテナに接続します。データベースのコンテナapex-dbの/home/oracle/apexにはAPEXのメディアの解凍先がマウントされています。 /home/oracle/apexに移動します。
$ docker exec -it apex-db bash
bash-4.4$ cd ~/apex
bash-4.4$
export NLS_LANG=American_America.AL32UTF8
sqlplus / as sysdba
alter session set container = freepdb1;
bash-4.4$ export NLS_LANG=American_America.AL32UTF8
bash-4.4$ sqlplus / as sysdba
SQL*Plus: Release 23.26.1.0.0 - Production on Wed Feb 25 04:50:35 2026
Version 23.26.1.0.0
Copyright (c) 1982, 2025, Oracle. All rights reserved.
Connected to:
Oracle AI Database 26ai Free Release 23.26.1.0.0 - Develop, Learn, and Run for Free
Version 23.26.1.0.0
SQL> alter session set container = freepdb1;
Session altered.
SQL>
@load_trans JAPANESE
SQL> @load_trans JAPANESE
PL/SQL procedure successfully completed.
Installing Oracle APEX translation - JAPANESE
. ORACLE
.
. Oracle APEX Hosted Development Service Installation.
..............................................................
PL/SQL procedure successfully completed.
PL/SQL procedure successfully completed.
--application/set_environment
API Last Extended:20241130
Your Current Version:20241130
This import is compatible with version: 20241130
COMPATIBLE (You should be able to run this import without issues.)
ID offset during import: 0
New ID offset for application: 0
APPLICATION 4420 - Oracle APEX Builder, Wizard Messages and Native Plug-Ins
--application/delete_application
--application/create_application
--application/user_interfaces
--application/shared_components/navigation/lists/spotlight_custom_entries_global
--application/shared_components/navigation/lists/spotlight_custom_entries_app_level
--application/shared_components/navigation/lists/spotlight_custom_entries_page_designer
--application/shared_components/navigation/listentry
--application/plugin_settings
[中略」
--application/pages/page_00203
--application/pages/page_00204
--application/pages/page_00205
--application/pages/page_00206
--application/deployment/definition
--application/deployment/checks
--application/deployment/buildoptions
--application/end_environment
... elapsed: 4.34 sec
...done
Adjust instance settings
PL/SQL procedure successfully completed.
SQL>
@apxchpwd
SQL> @apxchpwd
...set_appun.sql
================================================================================
This script can be used to change the password of an Oracle APEX
instance administrator. If the user does not yet exist, a user record will be
created.
================================================================================
Enter the administrator's username [ADMIN]
User "ADMIN" does not yet exist and will be created.
Enter ADMIN's email [ADMIN]
Enter ADMIN's password [] *********
Created instance administrator ADMIN.
SQL>
nginxによるリバース・プロキシの構成
http://ホスト名:8080/ords/apex_admin
nginxはコンテナではなくホストで実行します。作業はrootユーザーにて実施します。
コンピュート・インスタンスにユーザーubuntuで接続し、rootユーザーに切り替えます。
sudo -s
cd ~
ubuntu@ordsmcp2:~$ sudo -s
root@ordsmcp2:/home/ubuntu# cd ~
root@ordsmcp2:~#
以下の例ではホスト名にords.example.comを指定していますが、作業の際には割り当てているホスト名に置き換えます。
certbot certonly --standalone -d ホスト名
root@ordsmcp2:~# certbot certonly --standalone -d ords.example.com
Saving debug log to /var/log/letsencrypt/letsencrypt.log
Enter email address (used for urgent renewal and security notices)
(Enter 'c' to cancel): メール・アドレス
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Please read the Terms of Service at
https://letsencrypt.org/documents/LE-SA-v1.6-August-18-2025.pdf. You must agree
in order to register with the ACME server. Do you agree?
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
(Y)es/(N)o: Y
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Would you be willing, once your first certificate is successfully issued, to
share your email address with the Electronic Frontier Foundation, a founding
partner of the Let's Encrypt project and the non-profit organization that
develops Certbot? We'd like to send you email about our work encrypting the web,
EFF news, campaigns, and ways to support digital freedom.
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
(Y)es/(N)o: N
Account registered.
Requesting a certificate for ords.example.com
Successfully received certificate.
Certificate is saved at: /etc/letsencrypt/live/ords.example.com/fullchain.pem
Key is saved at: /etc/letsencrypt/live/ords.example.com/privkey.pem
This certificate expires on 2026-05-26.
These files will be updated when the certificate renews.
Certbot has set up a scheduled task to automatically renew this certificate in the background.
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
If you like Certbot, please consider supporting our work by:
* Donating to ISRG / Let's Encrypt: https://letsencrypt.org/donate
* Donating to EFF: https://eff.org/donate-le
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
root@ordsmcp2:~#
root@ordsmcp2:~# mkdir /etc/nginx/default.d/
root@ordsmcp2:~#
- nginx.confはuserをnginxからwww-dataに変更します。変更したファイルを、/etc/nginx/nginx.confとして配置します。
- 01-server.confは、http2およびssl_ciphersの指定をコメントアウトし、server_nameおよびssl_certificate、ssl_certificate_keyに含まれるホスト名を変更します。変更したファイルを、/etc/nginx/conf.d/01-server.confとして配置します。
- 10-root.conf、50-ords.conf、60-apex-static-files.conf、90-error.confを/etc/nginx/default.d以下に配置します。
root@ordsmcp2:~# nginx -t
nginx: the configuration file /etc/nginx/nginx.conf syntax is ok
nginx: configuration file /etc/nginx/nginx.conf test is successful
root@ordsmcp2:~#
systemctl enable nginx
systemctl start nginx
root@ordsmcp2:~# systemctl enable nginx
Synchronizing state of nginx.service with SysV service script with /usr/lib/systemd/systemd-sysv-install.
Executing: /usr/lib/systemd/systemd-sysv-install enable nginx
Created symlink /etc/systemd/system/multi-user.target.wants/nginx.service → /usr/lib/systemd/system/nginx.service.
root@ordsmcp2:~# systemctl start nginx
root@ordsmcp2:~#
ユーザーoracleに切り替えコンテナapex-ordsに接続して、ordsコマンドを実行します。
構成を更新したのち、コンテナを再起動します。
su - oracle
docker exec apex-ords ords --config /etc/ords/config config set security.httpsHeaderCheck "X-Forwarded-Proto: https"
docker restart apex-ords
root@ordsmcp2:~# su - oracle
$ docker exec apex-ords ords --config /etc/ords/config config set security.httpsHeaderCheck "X-Forwarded-Proto: https"
ORDS: Release 25.4 Production on Wed Feb 25 05:31:03 2026
Copyright (c) 2010, 2026, Oracle.
Configuration:
/etc/ords/config
The global setting named: security.httpsHeaderCheck was set to: X-Forwarded-Proto: https
$ docker restart apex-ords
apex-ords
$
以上でnginxによるリバース・プロキシが構成できました。Oracle APEXにHTTPSで接続できます。
