Oracle Database 19cを実行するコンピュート・インスタンスの作成
ssh -i ssh-key-2026-04-07.key opc@ホスト名
apex-arm % ssh -i ssh-key-2026-04-07.key opc@**************
** WARNING: connection is not using a post-quantum key exchange algorithm.
** This session may be vulnerable to "store now, decrypt later" attacks.
** The server may need to be upgraded. See https://openssh.com/pq.html
Web console: https://apex-arm:9090/ or https://10.0.0.246:9090/
Last login: Tue Apr 7 10:57:00 2026 from 122.26.56.5
[opc@apex-arm ~]$
Oracle Databaseはユーザーoracleでインストールされています。SIDはORCL、PDBとしてORCLPDB1が作成済みです。
sudo su - oracle
[opc@apex-arm ~]$ sudo su - oracle
最終ログイン: 2026/04/07 (火) 10:57:06 JST日時 pts/0
[oracle@apex-arm ~]$
export NLS_LANG=American_America.AL32UTF8
[oracle@apex-arm ~]$ export NLS_LANG=American_America.AL32UTF8
[oracle@apex-arm ~]$ . oraenv
ORACLE_SID = [oracle] ? ORCL
The Oracle base has been set to /opt/oracle
[oracle@apex-arm ~]$ lsnrctl start
LSNRCTL for Linux: Version 19.0.0.0.0 - Production on 07-APR-2026 11:02:20
Copyright (c) 1991, 2023, Oracle. All rights reserved.
Starting /opt/oracle/product/19c/dbhome/bin/tnslsnr: please wait...
TNSLSNR for Linux: Version 19.0.0.0.0 - Production
System parameter file is /opt/oracle/product/19c/dbhome/network/admin/listener.ora
Log messages written to /opt/oracle/diag/tnslsnr/apex-arm/listener/alert/log.xml
Listening on: (DESCRIPTION=(ADDRESS=(PROTOCOL=tcp)(HOST=127.0.0.1)(PORT=1521)))
Listening on: (DESCRIPTION=(ADDRESS=(PROTOCOL=ipc)(KEY=EXTPROC1521)))
Connecting to (DESCRIPTION=(ADDRESS=(PROTOCOL=TCP)(HOST=localhost)(PORT=1521)))
STATUS of the LISTENER
------------------------
Alias LISTENER
Version TNSLSNR for Linux: Version 19.0.0.0.0 - Production
Start Date 07-APR-2026 11:02:20
Uptime 0 days 0 hr. 0 min. 0 sec
Trace Level off
Security ON: Local OS Authentication
SNMP OFF
Listener Parameter File /opt/oracle/product/19c/dbhome/network/admin/listener.ora
Listener Log File /opt/oracle/diag/tnslsnr/apex-arm/listener/alert/log.xml
Listening Endpoints Summary...
(DESCRIPTION=(ADDRESS=(PROTOCOL=tcp)(HOST=127.0.0.1)(PORT=1521)))
(DESCRIPTION=(ADDRESS=(PROTOCOL=ipc)(KEY=EXTPROC1521)))
The listener supports no services
The command completed successfully
[oracle@apex-arm ~]$ sqlplus / as sysdba
SQL*Plus: Release 19.0.0.0.0 - Production on Tue Apr 7 11:02:24 2026
Version 19.19.0.0.0
Copyright (c) 1982, 2023, Oracle. All rights reserved.
Connected to an idle instance.
SQL> startup
ORACLE instance started.
Total System Global Area 4664063784 bytes
Fixed Size 9172776 bytes
Variable Size 855638016 bytes
Database Buffers 3791650816 bytes
Redo Buffers 7602176 bytes
Database mounted.
Database opened.
SQL> exit
Disconnected from Oracle Database 19c Enterprise Edition Release 19.0.0.0.0 - Production
Version 19.19.0.0.0
[oracle@apex-arm ~]$ lsnrctl status
LSNRCTL for Linux: Version 19.0.0.0.0 - Production on 07-APR-2026 11:02:42
Copyright (c) 1991, 2023, Oracle. All rights reserved.
Connecting to (DESCRIPTION=(ADDRESS=(PROTOCOL=TCP)(HOST=localhost)(PORT=1521)))
STATUS of the LISTENER
------------------------
Alias LISTENER
Version TNSLSNR for Linux: Version 19.0.0.0.0 - Production
Start Date 07-APR-2026 11:02:20
Uptime 0 days 0 hr. 0 min. 22 sec
Trace Level off
Security ON: Local OS Authentication
SNMP OFF
Listener Parameter File /opt/oracle/product/19c/dbhome/network/admin/listener.ora
Listener Log File /opt/oracle/diag/tnslsnr/apex-arm/listener/alert/log.xml
Listening Endpoints Summary...
(DESCRIPTION=(ADDRESS=(PROTOCOL=tcp)(HOST=127.0.0.1)(PORT=1521)))
(DESCRIPTION=(ADDRESS=(PROTOCOL=ipc)(KEY=EXTPROC1521)))
(DESCRIPTION=(ADDRESS=(PROTOCOL=tcps)(HOST=apex-arm)(PORT=5500))(Security=(my_wallet_directory=/opt/oracle/admin/ORCL/xdb_wallet))(Presentation=HTTP)(Session=RAW))
Services Summary...
Service "49f9aea3b11956b4e065000000000001" has 1 instance(s).
Instance "ORCL", status READY, has 1 handler(s) for this service...
Service "ORCL" has 1 instance(s).
Instance "ORCL", status READY, has 1 handler(s) for this service...
Service "ORCLXDB" has 1 instance(s).
Instance "ORCL", status READY, has 1 handler(s) for this service...
Service "orclpdb1" has 1 instance(s).
Instance "ORCL", status READY, has 1 handler(s) for this service...
The command completed successfully
[oracle@apex-arm ~]$
Oracle NetのTLS暗号化
Oracle Database 19c EEをTLS有効にしてEntra IDでユーザー認証できるように設定する
cd tls
sh setup_selfsigned_cert.sh ホスト名
sh setup_oracle_wallet.sh パスワード
[oracle@apex-arm ~]$ mkdir tls
[oracle@apex-arm ~]$ cd tls
[oracle@apex-arm tls]$ curl -O https://gist.githubusercontent.com/ujnak/7f99a1d3255b8ac8a8db0c335532cc57/raw/1e7666f128e6df11ace6abffdb8d58063b417474/setup_selfsigned_cert.sh
% Total % Received % Xferd Average Speed Time Time Time Current
Dload Upload Total Spent Left Speed
100 1815 100 1815 0 0 20166 0 --:--:-- --:--:-- --:--:-- 20166
[oracle@apex-arm tls]$ curl -O https://gist.githubusercontent.com/ujnak/ae330cf39cc05337dbdc265d8f1cc04a/raw/d40b23684010bd988dfa428afb7bd4326bc926da/setup_oracle_wallet.sh
% Total % Received % Xferd Average Speed Time Time Time Current
Dload Upload Total Spent Left Speed
100 867 100 867 0 0 11876 0 --:--:-- --:--:-- --:--:-- 11876
[oracle@apex-arm tls]$ sh setup_selfsigned_cert.sh ホスト名
Generating self-signed certificate for: ホスト名
1. Generating Root CA...
Generating a RSA private key
................................................................................................................................................................................................................++++
......................................................................................................++++
writing new private key to 'rootCA.key'
-----
2. Generating server key...
Generating RSA private key, 2048 bit long modulus (2 primes)
.............+++++
................................................................................................................................................+++++
e is 65537 (0x010001)
3. Generating CSR...
4. Signing certificate...
Signature ok
subject=CN = ***************
Getting CA Private Key
5. Verifying certificate...
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
08:a7:e7:fe:de:27:53:c6:ee:bb:aa:37:95:ca:66:52:a5:17:95:20
Signature Algorithm: sha256WithRSAEncryption
Issuer: C = JP, O = Development, CN = My Root CA
Validity
Not Before: Apr 7 02:22:20 2026 GMT
Not After : May 9 02:22:20 2027 GMT
Subject: CN = ****************
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:ad:fd:44:3f:c5:d0:af:b8:6a:b7:3e:fb:f1:b5:
c0:f3:5e:10:f5:96:a4:7f:7e:f4:78:7d:9b:81:41:
24:13:3a:2d:32:ae:72:a1:b3:f5:75:3c:4d:69:43:
ee:64:43:a8:94:39:bf:a7:f1:7b:43:f5:e1:02:1e:
2f:84:3f:b1:5f:ef:55:20:a5:4c:1a:e7:d8:c3:a3:
93:e0:ef:8f:57:38:0f:4a:b6:7d:eb:e3:d8:4f:e8:
54:5a:0e:36:b9:f4:52:b4:68:60:36:4c:7c:51:5b:
20:92:89:ce:00:fc:7c:36:ad:cc:17:a0:9d:ad:26:
9a:c5:7a:fa:b8:ae:b5:f2:fd:3f:f8:85:09:5e:8f:
2b:fc:f9:a7:14:ce:c4:a9:4e:a7:30:9d:89:ec:9f:
32:49:c0:47:94:4e:bb:85:4a:66:54:8e:3f:10:66:
eb:97:d3:ff:e9:05:40:cc:71:79:c6:66:fd:c8:56:
c9:c5:3b:22:1f:59:f1:48:b5:50:cd:7b:0b:06:77:
3b:34:70:eb:b1:bd:3a:25:8c:9a:1a:ac:34:d8:ab:
1a:1e:aa:31:65:3d:01:71:7b:5c:ec:7e:17:e0:fe:
2e:72:8e:b6:7e:36:36:f6:46:58:5f:16:68:b6:1f:
ae:f2:62:89:47:69:8e:3e:9d:86:a4:96:ef:fc:a4:
66:af
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Basic Constraints:
CA:FALSE
X509v3 Key Usage:
Digital Signature, Key Encipherment
X509v3 Extended Key Usage:
TLS Web Server Authentication
X509v3 Subject Alternative Name:
DNS:*************, DNS:localhost, IP Address:127.0.0.1
Signature Algorithm: sha256WithRSAEncryption
03:b5:3b:1b:38:c2:a1:f2:66:be:3b:03:d0:51:e4:e6:5c:e3:
4b:77:5e:31:a6:dc:98:1a:1c:c3:88:ad:b3:87:e6:7b:c1:5d:
ce:3b:53:c5:a4:98:56:29:f3:a3:6d:6b:90:97:0c:3b:fa:88:
f2:d3:46:46:f8:8c:3a:13:30:7f:d7:75:9e:c5:4a:c6:38:e5:
69:70:35:66:c2:69:5d:56:77:a5:6e:66:e1:96:97:f7:24:ec:
0a:99:d5:52:54:db:31:25:04:af:42:c2:e0:76:d8:7d:5c:0a:
d8:4d:58:99:83:f4:1d:13:d9:9d:47:23:9c:1e:a4:22:4f:db:
cc:57:1c:cc:93:ea:76:0c:0f:4c:c8:4a:76:77:75:51:45:d5:
97:e7:8d:53:cb:51:13:83:06:06:71:1f:fa:e8:06:9a:78:f3:
9b:7b:02:95:bd:5c:89:02:1e:53:df:a1:40:16:4b:1d:d7:17:
96:e4:3c:31:21:6f:d6:ab:e2:7b:4b:86:35:f7:60:df:bb:df:
a3:a0:82:12:29:d8:ce:a9:d1:c1:92:13:5d:e7:fb:95:df:29:
bf:fb:16:38:81:22:84:2a:a1:ff:f4:68:76:b7:7e:49:51:c5:
10:f0:7d:0f:80:0e:0a:49:2f:95:b8:c8:cf:3e:22:ab:98:54:
d7:f5:77:cc:5f:f2:cf:5e:39:a6:40:5b:cd:4e:7e:dd:0c:21:
6e:48:02:af:31:db:e5:d3:a4:85:b2:1a:d1:50:4d:ee:c9:de:
08:d2:9d:70:e2:48:86:c7:7f:4a:64:c1:ec:11:83:b5:0e:e8:
d7:7e:5f:4c:c6:2b:fb:0a:1d:29:3d:9c:50:6c:87:8b:60:0e:
fb:6c:0e:61:21:da:6f:b3:eb:12:18:41:e4:3c:35:8e:cf:03:
7a:a8:34:1b:ca:56:5e:c8:08:16:31:de:91:c4:e9:d1:d1:15:
10:d0:b8:0a:be:0a:e2:66:ba:45:84:eb:ae:37:00:da:e8:12:
be:93:c3:36:46:f6:99:17:43:b9:52:fb:66:d3:3e:28:cb:05:
d2:3c:2a:83:8c:da:f3:5c:ac:ff:2b:31:95:e8:e0:f9:38:6e:
44:77:d5:4e:c8:79:a1:48:2a:d0:97:5b:ae:fc:4b:4f:38:fd:
0f:0a:44:24:cf:b2:60:dc:ec:cc:24:32:bc:fe:2e:3d:ad:f1:
1f:0f:27:6f:06:2f:3f:7c:40:93:27:f4:fd:f2:56:55:e7:81:
9f:d2:f3:bd:84:59:8e:ff:e7:bc:8b:e2:8f:46:82:8c:12:e2:
77:07:0d:75:3f:13:c1:f6:7c:a4:d5:74:d4:61:69:3f:d5:ba:
ca:37:38:93:3b:bc:6d:0a
6. Creating PKCS12 bundle...
Done! Generated files:
- rootCA.crt / rootCA.key (Root CA - import rootCA.crt to your browser/system)
- server.p12 (PKCS12 bundle)
[oracle@apex-arm tls]$ sh setup_oracle_wallet.sh パスワード
Oracle PKI Tool Release 19.0.0.0.0 - Production
19.4.0.0.0: バージョン{1}
Copyright (c) 2004, 2023, Oracle and/or its affiliates. All rights reserved.
操作は正常に完了しました。
Oracle PKI Tool Release 19.0.0.0.0 - Production
19.4.0.0.0: バージョン{1}
Copyright (c) 2004, 2023, Oracle and/or its affiliates. All rights reserved.
操作は正常に完了しました。
Oracle PKI Tool Release 19.0.0.0.0 - Production
19.4.0.0.0: バージョン{1}
Copyright (c) 2004, 2023, Oracle and/or its affiliates. All rights reserved.
orapki command import_pkcs12 executed successfully.
Oracle PKI Tool Release 19.0.0.0.0 - Production
19.4.0.0.0: バージョン{1}
Copyright (c) 2004, 2023, Oracle and/or its affiliates. All rights reserved.
Requested Certificates:
User Certificates:
Subject: CN=***************
Trusted Certificates:
Subject: CN=My Root CA,O=Development,C=JP
[oracle@apex-arm tls]$
[oracle@apex-arm tls]$ ls /opt/oracle/admin/ORCL/wallet
cwallet.sso cwallet.sso.lck ewallet.p12 ewallet.p12.lck
[oracle@apex-arm tls]$
ネットワーク設定を更新します。
[oracle@apex-arm tls]$ cd $ORACLE_HOME/network/admin
[oracle@apex-arm admin]$
LISTENER =
(DESCRIPTION_LIST =
(DESCRIPTION =
(ADDRESS = (PROTOCOL = TCP)(HOST = localhost)(PORT = 1521))
(ADDRESS = (PROTOCOL = TCPS)(HOST = 10.0.0.246)(PORT = 1522))
(ADDRESS = (PROTOCOL = IPC)(KEY = EXTPROC1521))
)
)
SSL_CLIENT_AUTHENTICATION = FALSE
WALLET_LOCATION =
(SOURCE =
(METHOD = FILE)
(METHOD_DATA =
(DIRECTORY = /opt/oracle/admin/ORCL/wallet)
)
)NAMES.DIRECTORY_PATH= (TNSNAMES, EZCONNECT)
WALLET_LOCATION =
(SOURCE =
(METHOD = FILE)
(METHOD_DATA =
(DIRECTORY = /opt/oracle/admin/ORCL/wallet)
)
)[oracle@apex-arm admin]$ lsnrctl stop
LSNRCTL for Linux: Version 19.0.0.0.0 - Production on 07-APR-2026 11:39:08
Copyright (c) 1991, 2023, Oracle. All rights reserved.
Connecting to (DESCRIPTION=(ADDRESS=(PROTOCOL=TCP)(HOST=localhost)(PORT=1521)))
The command completed successfully
[oracle@apex-arm admin]$ lsnrctl start
LSNRCTL for Linux: Version 19.0.0.0.0 - Production on 07-APR-2026 11:39:12
Copyright (c) 1991, 2023, Oracle. All rights reserved.
Starting /opt/oracle/product/19c/dbhome/bin/tnslsnr: please wait...
TNSLSNR for Linux: Version 19.0.0.0.0 - Production
System parameter file is /opt/oracle/product/19c/dbhome/network/admin/listener.ora
Log messages written to /opt/oracle/diag/tnslsnr/apex-arm/listener/alert/log.xml
Listening on: (DESCRIPTION=(ADDRESS=(PROTOCOL=tcp)(HOST=127.0.0.1)(PORT=1521)))
Listening on: (DESCRIPTION=(ADDRESS=(PROTOCOL=tcps)(HOST=10.0.0.246)(PORT=1522)))
Listening on: (DESCRIPTION=(ADDRESS=(PROTOCOL=ipc)(KEY=EXTPROC1521)))
Connecting to (DESCRIPTION=(ADDRESS=(PROTOCOL=TCP)(HOST=localhost)(PORT=1521)))
STATUS of the LISTENER
------------------------
Alias LISTENER
Version TNSLSNR for Linux: Version 19.0.0.0.0 - Production
Start Date 07-APR-2026 11:39:12
Uptime 0 days 0 hr. 0 min. 0 sec
Trace Level off
Security ON: Local OS Authentication
SNMP OFF
Listener Parameter File /opt/oracle/product/19c/dbhome/network/admin/listener.ora
Listener Log File /opt/oracle/diag/tnslsnr/apex-arm/listener/alert/log.xml
Listening Endpoints Summary...
(DESCRIPTION=(ADDRESS=(PROTOCOL=tcp)(HOST=127.0.0.1)(PORT=1521)))
(DESCRIPTION=(ADDRESS=(PROTOCOL=tcps)(HOST=10.0.0.246)(PORT=1522)))
(DESCRIPTION=(ADDRESS=(PROTOCOL=ipc)(KEY=EXTPROC1521)))
The listener supports no services
The command completed successfully
[oracle@apex-arm admin]$
sqlplus / as sysdba
alter system register;
exit
[oracle@apex-arm ~]$ sqlplus / as sysdba
SQL*Plus: Release 19.0.0.0.0 - Production on Tue Apr 7 11:41:05 2026
Version 19.19.0.0.0
Copyright (c) 1982, 2023, Oracle. All rights reserved.
Connected to:
Oracle Database 19c Enterprise Edition Release 19.0.0.0.0 - Production
Version 19.19.0.0.0
SQL> alter system register;
System altered.
SQL> exit
Disconnected from Oracle Database 19c Enterprise Edition Release 19.0.0.0.0 - Production
Version 19.19.0.0.0
[oracle@apex-arm ~]$
firewalldにて1522/tcpへの接続を許可します。一旦ユーザーopcに戻って作業します。
sudo firewall-cmd --add-port=1522/tcp
sudo firewall-cmd --runtime-to-permanent
[opc@apex-arm ~]$ sudo firewall-cmd --add-port=1522/tcp
success
[opc@apex-arm ~]$ sudo firewall-cmd --runtime-to-permanent
success
[opc@apex-arm ~]$
cd /opt/oracle/admin/ORCL/
tar cvf /tmp/wallet.tar wallet
[opc@apex-arm ~]$ sudo su - oracle
最終ログイン: 2026/04/07 (火) 11:48:07 JST日時 pts/0
[oracle@apex-arm ~]$ cd /opt/oracle/admin/ORCL/
[oracle@apex-arm ORCL]$ tar cvf /tmp/wallet.tar wallet
wallet/
wallet/ewallet.p12.lck
wallet/ewallet.p12
wallet/cwallet.sso.lck
wallet/cwallet.sso
[oracle@apex-arm ORCL]$
scp -i ssh-key-2026-04-07.key opc@ホスト名:/tmp/wallet.tar .
apex-arm % scp -i ssh-key-2026-04-07.key opc@ホスト名:/tmp/wallet.tar .
** WARNING: connection is not using a post-quantum key exchange algorithm.
** This session may be vulnerable to "store now, decrypt later" attacks.
** The server may need to be upgraded. See https://openssh.com/pq.html
wallet.tar 100% 20KB 36.4KB/s 00:00
apex-arm % tar xvf wallet.tar
x wallet/
x wallet/ewallet.p12.lck
x wallet/ewallet.p12
x wallet/cwallet.sso.lck
x wallet/cwallet.sso
apex-arm % ssh -i ssh-key-2026-04-07.key opc@ordsmcp0331.f5.si sudo rm /tmp/wallet.tar
** WARNING: connection is not using a post-quantum key exchange algorithm.
** This session may be vulnerable to "store now, decrypt later" attacks.
** The server may need to be upgraded. See https://openssh.com/pq.html
apex-arm %
sqlnet.oraを以下の内容で作成します。DIRECTORYには、Oracle Walletの解凍先となったディレクトリwalletをフルパスで指定します。
SSL_CLIENT_AUTHENTICATION = FALSE
WALLET_LOCATION =
(SOURCE =
(METHOD = FILE)
(METHOD_DATA =
(DIRECTORY = /Users/**********/wallet)
)
)ORCLPDB1_TLS =
(DESCRIPTION =
(ADDRESS = (PROTOCOL = TCPS)(HOST = ホスト名)(PORT = 1522))
(CONNECT_DATA =
(SERVER = DEDICATED)
(SERVICE_NAME = ORCLPDB1)
)
(SECURITY =
(SSL_SERVER_DN_MATCH=TRUE)
(SSL_SERVER_CERT_DN="CN=ホスト名")
)
)
ORCL_TLS =
(DESCRIPTION =
(ADDRESS = (PROTOCOL = TCPS)(HOST = ホスト名)(PORT = 1522))
(CONNECT_DATA =
(SERVER = DEDICATED)
(SERVICE_NAME = ORCL)
)
(SECURITY =
(SSL_SERVER_DN_MATCH=TRUE)
(SSL_SERVER_CERT_DN="CN=ホスト名")
)
)oracle.net.wallet_location=(SOURCE=(METHOD=FILE)(METHOD_DATA=(DIRECTORY=${TNS_ADMIN}/wallet)))export TNS_ADMIN=$PWD
apex-arm % export TNS_ADMIN=$PWD
apex-arm %
SQLclでデータベースに接続します。
sql sys@orcl_tls as sysdba
apex-arm % sql sys@orcl_tls as sysdba
SQLcl: 火 4月 07 12:07:34 2026のリリース25.4 Production
Copyright (c) 1982, 2026, Oracle. All rights reserved.
パスワード (**********?) ******
接続先:
Oracle Database 19c Enterprise Edition Release 19.0.0.0.0 - Production
Version 19.19.0.0.0
SQL> exit
Oracle Database 19c Enterprise Edition Release 19.0.0.0.0 - Production
Version 19.19.0.0.0から切断されました
apex-arm %
PDBに接続します。
apex-arm % sql sys@orclpdb1_tls as sysdba
SQLcl: 火 4月 07 12:09:33 2026のリリース25.4 Production
Copyright (c) 1982, 2026, Oracle. All rights reserved.
パスワード (**********?) ******
接続先:
Oracle Database 19c Enterprise Edition Release 19.0.0.0.0 - Production
Version 19.19.0.0.0
SQL> exit
Oracle Database 19c Enterprise Edition Release 19.0.0.0.0 - Production
Version 19.19.0.0.0から切断されました
apex-arm %
以上で、Oracle NetのTLS暗号化とSQLclからの接続ができるようになりました。
OpenRestyによるリバース・プロキシの実装
[opc@apex-arm ~]$ sudo -s
[root@apex-arm opc]# cd ~
[root@apex-arm ~]#
[root@apex-arm ~]# curl -O https://raw.githubusercontent.com/ujnak/mcp-app/refs/heads/main/nginx/prepare-ol10.sh
% Total % Received % Xferd Average Speed Time Time Time Current
Dload Upload Total Spent Left Speed
100 6776 100 6776 0 0 143k 0 --:--:-- --:--:-- --:--:-- 147k
[root@apex-arm ~]# export IS_ADB=false
[root@apex-arm ~]# export INSTALL_APEX=false
[root@apex-arm ~]# sh prepare-ol10.sh
IS_ADB = false
INSTALL_APEX = false
IS_ORACLE_LINUX = true
RedHat EL Release = 8
アップグレード済み:
[中略]
インストール済み:
[中略]
インストール済み:
[中略]
% Total % Received % Xferd Average Speed Time Time Time Current
Dload Upload Total Spent Left Speed
100 263 100 263 0 0 659 0 --:--:-- --:--:-- --:--:-- 659
Official OpenResty Open Source Repository for R 156 kB/s | 107 kB 00:00
メタデータの期限切れの最終確認: 0:00:06 前の 2026年04月07日 12時35分27秒 に実施しました。
依存関係が解決しました。
================================================================================
パッケージ Arch バージョン リポジトリー サイズ
================================================================================
インストール:
openresty aarch64 1.29.2.3-1.el8 openresty 1.3 M
依存関係のインストール:
openresty-openssl3 aarch64 3.5.5-1.el8 openresty 2.9 M
openresty-pcre2 aarch64 10.47-1.el8 openresty 455 k
openresty-zlib aarch64 1.3.2-1.el8 openresty 58 k
トランザクションの概要
================================================================================
インストール 4 パッケージ
ダウンロードサイズの合計: 4.6 M
インストール後のサイズ: 14 M
パッケージのダウンロード:
(1/4): openresty-pcre2-10.47-1.el8.aarch64.rpm 831 kB/s | 455 kB 00:00
(2/4): openresty-openssl3-3.5.5-1.el8.aarch64.r 4.6 MB/s | 2.9 MB 00:00
(3/4): openresty-zlib-1.3.2-1.el8.aarch64.rpm 618 kB/s | 58 kB 00:00
(4/4): openresty-1.29.2.3-1.el8.aarch64.rpm 1.9 MB/s | 1.3 MB 00:00
--------------------------------------------------------------------------------
合計 6.8 MB/s | 4.6 MB 00:00
Official OpenResty Open Source Repository for R 19 kB/s | 1.6 kB 00:00
GPG 鍵 0xD5EDEB74 をインポート中:
Userid : "OpenResty Admin <admin@openresty.com>"
Fingerprint: E522 18E7 0878 97DC 6DEA 6D6D 97DB 7443 D5ED EB74
From : https://openresty.org/package/pubkey.gpg
鍵のインポートに成功しました
トランザクションを確認しています
トランザクションの確認に成功しました。
トランザクションをテストしています
トランザクションのテストに成功しました。
トランザクションを実行しています
準備中 : 1/1
インストール中 : openresty-zlib-1.3.2-1.el8.aarch64 1/4
インストール中 : openresty-openssl3-3.5.5-1.el8.aarch64 2/4
インストール中 : openresty-pcre2-10.47-1.el8.aarch64 3/4
インストール中 : openresty-1.29.2.3-1.el8.aarch64 4/4
scriptletの実行中: openresty-1.29.2.3-1.el8.aarch64 4/4
検証中 : openresty-1.29.2.3-1.el8.aarch64 1/4
検証中 : openresty-openssl3-3.5.5-1.el8.aarch64 2/4
検証中 : openresty-pcre2-10.47-1.el8.aarch64 3/4
検証中 : openresty-zlib-1.3.2-1.el8.aarch64 4/4
インストール済み:
openresty-1.29.2.3-1.el8.aarch64 openresty-openssl3-3.5.5-1.el8.aarch64
openresty-pcre2-10.47-1.el8.aarch64 openresty-zlib-1.3.2-1.el8.aarch64
完了しました!
% Total % Received % Xferd Average Speed Time Time Time Current
Dload Upload Total Spent Left Speed
100 1606 100 1606 0 0 22619 0 --:--:-- --:--:-- --:--:-- 22619
% Total % Received % Xferd Average Speed Time Time Time Current
Dload Upload Total Spent Left Speed
100 774 100 774 0 0 10184 0 --:--:-- --:--:-- --:--:-- 10184
% Total % Received % Xferd Average Speed Time Time Time Current
Dload Upload Total Spent Left Speed
100 81 100 81 0 0 1372 0 --:--:-- --:--:-- --:--:-- 1372
% Total % Received % Xferd Average Speed Time Time Time Current
Dload Upload Total Spent Left Speed
100 202 100 202 0 0 3060 0 --:--:-- --:--:-- --:--:-- 3060
% Total % Received % Xferd Average Speed Time Time Time Current
Dload Upload Total Spent Left Speed
100 1655 100 1655 0 0 30090 0 --:--:-- --:--:-- --:--:-- 30090
% Total % Received % Xferd Average Speed Time Time Time Current
Dload Upload Total Spent Left Speed
100 1994 100 1994 0 0 32688 0 --:--:-- --:--:-- --:--:-- 32161
% Total % Received % Xferd Average Speed Time Time Time Current
Dload Upload Total Spent Left Speed
100 436 100 436 0 0 7032 0 --:--:-- --:--:-- --:--:-- 7032
% Total % Received % Xferd Average Speed Time Time Time Current
Dload Upload Total Spent Left Speed
100 321 100 321 0 0 5262 0 --:--:-- --:--:-- --:--:-- 5262
Relabeled /etc/nginx from unconfined_u:object_r:etc_t:s0 to unconfined_u:object_r:httpd_config_t:s0
Relabeled /etc/nginx/conf.d from unconfined_u:object_r:etc_t:s0 to unconfined_u:object_r:httpd_config_t:s0
Relabeled /etc/nginx/conf.d/01-server.conf from unconfined_u:object_r:etc_t:s0 to unconfined_u:object_r:httpd_config_t:s0
Relabeled /etc/nginx/default.d from unconfined_u:object_r:etc_t:s0 to unconfined_u:object_r:httpd_config_t:s0
Relabeled /etc/nginx/default.d/10-root.conf from unconfined_u:object_r:etc_t:s0 to unconfined_u:object_r:httpd_config_t:s0
Relabeled /etc/nginx/default.d/90-error.conf from unconfined_u:object_r:etc_t:s0 to unconfined_u:object_r:httpd_config_t:s0
Relabeled /etc/nginx/default.d/30-mcp.conf from unconfined_u:object_r:etc_t:s0 to unconfined_u:object_r:httpd_config_t:s0
Relabeled /etc/nginx/default.d/40-www-auth.conf from unconfined_u:object_r:etc_t:s0 to unconfined_u:object_r:httpd_config_t:s0
Relabeled /etc/nginx/default.d/50-ords.conf from unconfined_u:object_r:etc_t:s0 to unconfined_u:object_r:httpd_config_t:s0
Relabeled /etc/nginx/default.d/60-apex-static-files.conf from unconfined_u:object_r:etc_t:s0 to unconfined_u:object_r:httpd_config_t:s0
Warning: ALREADY_ENABLED: 'http' already in 'public'
success
Warning: ALREADY_ENABLED: 'https' already in 'public'
success
success
public (active)
target: default
icmp-block-inversion: no
interfaces: enp0s6
sources:
services: cockpit dhcpv6-client http https ssh
ports: 1521/tcp 1522/tcp
protocols:
forward: no
masquerade: no
forward-ports:
port=443:proto=tcp:toport=8443:toaddr=
port=80:proto=tcp:toport=8080:toaddr=
source-ports:
icmp-blocks:
rich rules:
[root@apex-arm ~]#
firewall-cmd --remove-forward-port=port=443:proto=tcp:toport=8443:toaddr=
firewall-cmd --remove-forward-port=port=80:proto=tcp:toport=8080:toaddr=
firewall-cmd --runtime-to-permanent
[root@apex-arm ~]# firewall-cmd --remove-forward-port=port=443:proto=tcp:toport=8443:toaddr=
success
[root@apex-arm ~]# firewall-cmd --remove-forward-port=port=80:proto=tcp:toport=8080:toaddr=
success
[root@apex-arm ~]# firewall-cmd --runtime-to-permanent
success
[root@apex-arm ~]#
[root@apex-arm ~]# certbot certonly --standalone -d ords.example.com
Saving debug log to /var/log/letsencrypt/letsencrypt.log
Enter email address (used for urgent renewal and security notices)
(Enter 'c' to cancel): メール・アドレス
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Please read the Terms of Service at
https://letsencrypt.org/documents/LE-SA-v1.6-August-18-2025.pdf. You must agree
in order to register with the ACME server. Do you agree?
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
(Y)es/(N)o: Y
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Would you be willing, once your first certificate is successfully issued, to
share your email address with the Electronic Frontier Foundation, a founding
partner of the Let's Encrypt project and the non-profit organization that
develops Certbot? We'd like to send you email about our work encrypting the web,
EFF news, campaigns, and ways to support digital freedom.
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
(Y)es/(N)o: N
Account registered.
Requesting a certificate for ords.example.com
Successfully received certificate.
Certificate is saved at: /etc/letsencrypt/live/ords.example.com/fullchain.pem
Key is saved at: /etc/letsencrypt/live/ords.example.com/privkey.pem
This certificate expires on 2026-07-06.
These files will be updated when the certificate renews.
Certbot has set up a scheduled task to automatically renew this certificate in the background.
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
If you like Certbot, please consider supporting our work by:
* Donating to ISRG / Let's Encrypt: https://letsencrypt.org/donate
* Donating to EFF: https://eff.org/donate-le
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
[root@apex-arm ~]#
su - oracle
cd /etc/ords/config
ords --config /etc/ords/config config set security.httpsHeaderCheck "X-Forwarded-Proto: https"
exit
systemctl restart ords
[root@apex-arm ~]# su - oracle
最終ログイン: 2026/04/07 (火) 12:15:18 JST日時 pts/0
[oracle@apex-arm ~]$ cd /etc/ords/config
[oracle@apex-arm config]$ ords --config /etc/ords/config config set security.httpsHeaderCheck "X-Forwarded-Proto: https"
ORDS: 火 4月 07 04:27:32 2026のリリース25.4 本番
Copyright (c) 2010, 2026, Oracle.
構成:
/etc/ords/config
グローバル設定: security.httpsHeaderCheckはX-Forwarded-Proto: httpsに設定されました
[oracle@apex-arm config]$ exit
ログアウト
[root@apex-arm ~]# systemctl restart ords
[root@apex-arm ~]#
サーバーの設定ファイルに記載されているホスト名を変更した後に、OpenRestyを起動します。
sed -i 's/ords.example.com/ホスト名/g' /etc/nginx/conf.d/01-server.conf
systemctl enable openresty
systemctl start openresty
[root@apex-arm ~]# sed -i 's/ords.example.com/**********/g' /etc/nginx/conf.d/01-server.conf
[root@apex-arm ~]# systemctl enable openresty
Created symlink /etc/systemd/system/multi-user.target.wants/openresty.service → /usr/lib/systemd/system/openresty.service.
[root@apex-arm ~]# systemctl start openresty
[root@apex-arm ~]#
以上でOpenRestyによるリバース・プロキシが構成できました。
リモートMCPサーバーの実装
sql sys@orclpdb1_tls as sysdba
grant create any context to apexdev;
grant select on dba_xs_sessions to apexdev;
grant select on v_$session to apexdev;
apex-arm % sql sys@orclpdb1_tls as sysdba
SQLcl: 火 4月 07 13:58:30 2026のリリース25.4 Production
Copyright (c) 1982, 2026, Oracle. All rights reserved.
パスワード (**********?) ******
接続先:
Oracle Database 19c Enterprise Edition Release 19.0.0.0.0 - Production
Version 19.19.0.0.0
SQL> grant create any context to apexdev;
Grantが正常に実行されました。
SQL> grant select on dba_xs_sessions to apexdev;
Grantが正常に実行されました。
SQL> grant select on v_$session to apexdev;
Grantが正常に実行されました。
SQL>
スキーマAPEXDEVをREST有効に切り替えます。
begin
ords_admin.enable_schema(
p_schema => 'APEXDEV',
p_url_mapping_pattern => 'apexdev'
);
commit;
end;
/SQL> begin
2 ords_admin.enable_schema(
3 p_schema => 'APEXDEV',
4 p_url_mapping_pattern => 'apexdev'
5 );
6 commit;
7 end;
8* /
PL/SQLプロシージャが正常に完了しました。
SQL> exit
Oracle Database 19c Enterprise Edition Release 19.0.0.0.0 - Production
Version 19.19.0.0.0から切断されました
apex-arm %
git clone https://github.com/United-Codes/uc_ai.git
apex-arm % git clone https://github.com/United-Codes/uc_ai.git
Cloning into 'uc_ai'...
remote: Enumerating objects: 2723, done.
remote: Counting objects: 100% (441/441), done.
remote: Compressing objects: 100% (304/304), done.
remote: Total 2723 (delta 187), reused 222 (delta 123), pack-reused 2282 (from 1)
Receiving objects: 100% (2723/2723), 6.28 MiB | 15.23 MiB/s, done.
Resolving deltas: 100% (1780/1780), done.
apex-arm %
クローンしたリポジトリに移動します。
cd uc_ai
sql apexdev@orclpdb1_tls
exit
apex-arm % cd uc_ai
uc_ai % sql apexdev@orclpdb1_tls
SQLcl: 火 4月 07 14:10:17 2026のリリース25.4 Production
Copyright (c) 1982, 2026, Oracle. All rights reserved.
パスワード (**********?) ******
接続先:
Oracle Database 19c Enterprise Edition Release 19.0.0.0.0 - Production
Version 19.19.0.0.0
SQL> @install_with_logger
Installing UC AI with logger
_____________________________________________________________________________
User has all required privileges, installation will continue.
_____________________________________________________________________________
PL/SQLプロシージャが正常に完了しました。
tables/logger_logs.sql
PL/SQLプロシージャが正常に完了しました。
[中略]
Package Body UC_AIがコンパイルされました
Running post-installation scripts...
Logger package detected. Setting USE_LOGGER flag to TRUE.
Successfully compiled uc_ai_logger package with USE_LOGGER flag.
PL/SQLプロシージャが正常に完了しました。
===================================================
UC AI installation complete!
Refer to the documentation for usage instructions: https://www.united-codes.com/products/uc-ai/docs/
===================================================
Installation Complete!
SQL> exit
Oracle Database 19c Enterprise Edition Release 19.0.0.0.0 - Production
Version 19.19.0.0.0から切断されました
uc_ai %
ひとつ上のディレクトリへ戻り、リモートMCPサーバーを実装したリポジトリをクローンします。
cd ..
git clone https://github.com/ujnak/mcp-app.git
uc_ai % cd ..
apex-arm % git clone https://github.com/ujnak/mcp-app.git
Cloning into 'mcp-app'...
remote: Enumerating objects: 555, done.
remote: Counting objects: 100% (150/150), done.
remote: Compressing objects: 100% (102/102), done.
remote: Total 555 (delta 85), reused 98 (delta 48), pack-reused 405 (from 1)
Receiving objects: 100% (555/555), 224.22 KiB | 3.62 MiB/s, done.
Resolving deltas: 100% (320/320), done.
apex-arm %
リモートMCPサーバーを実装します。
cd mcp-app
apex-arm % cd mcp-app
mcp-app % sql apexdev@orclpdb1_tls
SQLcl: 火 4月 07 14:20:58 2026のリリース25.4 Production
Copyright (c) 1982, 2026, Oracle. All rights reserved.
パスワード (**********?) ******
接続先:
Oracle Database 19c Enterprise Edition Release 19.0.0.0.0 - Production
Version 19.19.0.0.0
SQL> @install-all-onp
Sessionが変更されました。
PL/SQLプロシージャが正常に完了しました。
PL/SQLプロシージャが正常に完了しました。
PL/SQLプロシージャが正常に完了しました。
[中略]
Table AUTH_USERSは作成されました。
Package OJ_MCP_RAS_CONFIGがコンパイルされました
Package Body OJ_MCP_RAS_CONFIGがコンパイルされました
Oracle Database 19c Enterprise Edition Release 19.0.0.0.0 - Production
Version 19.19.0.0.0から切断されました
mcp-app %
サンプルのリモートMCPサーバーsampleserverに紐づくように、APEXアプリケーションの別名をsampleserverに変更します。
アプリケーションの編集を実行します。
動作確認
npx @modelcontextprotocol/inspector
Transport TypeにStreamable HTTP、URLに以下を指定します。
https://ホスト名/ords/apexdev/sampleserver/mcp
Connect を実行します。
MCP Appsとしてリソースが定義されているツールget_current_userがリストされます。
get_current_userをクリックすると、ユーザー・インターフェースが表示されます。
ツールget_current_userが呼び出され、ユーザー名として(ユーザー認証を実装していないため)スキーマ名APEXDEVが表示されます。
パッチ適用作業
scp -i ssh-key-2026-04-07.key p37366599_2420_Generic.zip opc@ホスト名:/tmp/
apex-arm % scp -i ssh-key-2026-04-07.key p37366599_2420_Generic.zip opc@**************:/tmp/
** WARNING: connection is not using a post-quantum key exchange algorithm.
** This session may be vulnerable to "store now, decrypt later" attacks.
** The server may need to be upgraded. See https://openssh.com/pq.html
p37366599_2420_Generic.zip 100% 40MB 3.4MB/s 00:11
apex-arm %
apex-arm % ssh -i ssh-key-2026-04-07.key opc@********
** WARNING: connection is not using a post-quantum key exchange algorithm.
** This session may be vulnerable to "store now, decrypt later" attacks.
** The server may need to be upgraded. See https://openssh.com/pq.html
Activate the web console with: systemctl enable --now cockpit.socket
Last login: Tue Apr 7 12:26:58 2026 from 122.26.56.5
[opc@apex-arm ~]$ sudo su - oracle
最終ログイン: 2026/04/07 (火) 13:27:16 JST日時 pts/0
[oracle@apex-arm ~]$
unzip -q /tmp/p37366599_2420_Generic.zip
cd 37366599/
[oracle@apex-arm ~]$ unzip -q /tmp/p37366599_2420_Generic.zip
[oracle@apex-arm ~]$ cd 37366599/
[oracle@apex-arm 37366599]$
cp -r images/* ../i/24.2.0/
cat ../i/24.2.0/apex_version.js
[oracle@apex-arm 37366599]$ cp -r images/* ../i/24.2.0/
[oracle@apex-arm 37366599]$ cat ../i/24.2.0/apex_version.js
var gApexVersion = "24.2.15";
[oracle@apex-arm 37366599]$
catpatch.sqlを実行します。
. oraenv
ORCL
sqlplus sys@localhost/orclpdb1 as sysdba
@catpatch
[oracle@apex-arm 37366599]$ export NLS_LANG=American_America.AL32UTF8
[oracle@apex-arm 37366599]$ . oraenv
ORACLE_SID = [oracle] ? ORCL
The Oracle base has been set to /opt/oracle
[oracle@apex-arm 37366599]$ sqlplus sys@localhost/orclpdb1 as sysdba
SQL*Plus: Release 19.0.0.0.0 - Production on Tue Apr 7 15:56:14 2026
Version 19.19.0.0.0
Copyright (c) 1982, 2023, Oracle. All rights reserved.
Enter password:
Connected to:
Oracle Database 19c Enterprise Edition Release 19.0.0.0.0 - Production
Version 19.19.0.0.0
SQL> @catpatch
. ORACLE
.
. Oracle APEX 24.2.%
. Patch Set Exception 37366599
........................................
APEX_VERSION
------------------------------
APEX_SCHEMA
--------------------------------------------------------------------------------
24.2.0
APEX_240200
PL/SQL procedure successfully completed.
Session altered.
[中略]
PL/SQL procedure successfully completed.
...Validating APEX
...(15:57:03) Starting validate_apex for APEX_240200
...(15:57:03) Checking missing privileges for APEX_240200
...(15:57:04) Checking missing privileges for APEX_GRANTS_FOR_NEW_USERS_ROLE
...(15:57:04) Re-generating APEX_240200.wwv_flow_db_version
... wwv_flow_db_version is up to date
...(15:57:04) Checking for sys.wwv_flow_cu_constraints
...(15:57:04) Checking invalid public synonyms
...(15:57:04) Key object existence check
...(15:57:05) Post-ORDS updates
...(15:57:05) calling wwv_util_apex_240200.post_ords_upgrade
...enabled_schema
...define_module
...define_template
...define_handler
...set_module_origins_allowed
...(15:57:05) Setting DBMS Registry for APEX to valid
...(15:57:05) Exiting validate_apex
PL/SQL procedure successfully completed.
...Recompiling invalid public synonyms
PL/SQL procedure successfully completed.
PL/SQL procedure successfully completed.
timing for: Complete Patch 37366599
Elapsed: 00:00:39.76
Disconnected from Oracle Database 19c Enterprise Edition Release 19.0.0.0.0 - Production
Version 19.19.0.0.0
[oracle@apex-arm 37366599]$
以上でパッチ適用は完了です。
