Oracle REST Data ServicesのREST API呼び出しをカスタマイズするためにリバース・プロキシをORDSの前に配置しますが、Oracle APEXではリバース・プロキシを使った構成はサポートされていません。Oracle APEXおよびORDSの動作に問題がある場合は、リバース・プロキシを経由しない構成で事象を再現させる必要があります。
Oracle APEXの実行環境を構築する手順は概ね以下の記事に沿っていますが、スクリプトとして一度に実行します。
Oracle APEXの環境作成
[opc@ordsmcp ~]$ sh config-os-for-apex-and-ords.sh
Volume Group: ocivolume
Volume Path: /dev/ocivolume/root
Mountpoint Data
---------------
mountpoint: /
source: /dev/mapper/ocivolume-root
filesystem type: xfs
source size: 24.4G
type: lvm
size: 24.5G
physical devices: ['/dev/sda3']
physical volumes: ['/dev/sda', '/dev/sda']
partition number: ['3']
volume group name: ocivolume
volume group path: /dev/ocivolume/root
Partition dry run expansion "/dev/sda3" succeeded.
CHANGE: partition=3 start=4401152 old: size=93325312 end=97726463 new: size=205314015 end=209715166
Expanding partition /dev/sda3: Confirm? Partition expand expansion "/dev/sda3" succeeded.
update-partition set to true
FLOCK: try exec open fd 9, on failure exec exits this program
FLOCK: /dev/sda: obtained exclusive lock
resizing 3 on /dev/sda using resize_sfdisk_gpt
209715200 sectors of 512. total size=107374182400 bytes
## sfdisk --unit=S --dump /dev/sda
label: gpt
label-id: 592D6E20-A76D-4106-BF2A-5B0CACDFC8E2
device: /dev/sda
unit: sectors
first-lba: 34
last-lba: 97727250
sector-size: 512
/dev/sda1 : start= 2048, size= 204800, type=C12A7328-F81F-11D2-BA4B-00A0C93EC93B, uuid=798D431A-B0CD-4C6D-8B8D-316BC9A98166, name="EFI System Partition"
/dev/sda2 : start= 206848, size= 4194304, type=0FC63DAF-8483-4772-8E79-3D69D8477DE4, uuid=17DD7565-BDC4-432A-AB0F-CF00A38D56EB
/dev/sda3 : start= 4401152, size= 93325312, type=E6D6D379-F507-44C2-A23C-238F2A3DF928, uuid=A54AD5B4-7A44-4C39-A514-592292684FB0
padding 33 sectors for gpt secondary header
max_end=209715166 tot=209715200 pt_end=97726463 pt_start=4401152 pt_size=93325312
resize of /dev/sda returned 0.
FLOCK: /dev/sda: releasing exclusive lock
CHANGED: partition=3 start=4401152 old: size=93325312 end=97726463 new: size=205314015 end=209715166
Extending /dev/sda3 succeeded.
Device /dev/sda3 extended successfully.
Logical volume /dev/ocivolume/root extended successfully.
Upgraded:
[省略]
Installed:
[省略]
Upgraded:
python3-pyOpenSSL-25.0.0-1.el10_1.noarch
Installed:
aardvark-dns-2:1.16.0-2.el10.x86_64
buildah-2:1.41.8-1.0.1.el10_1.x86_64
catatonit-5:0.2.1-1.el10.x86_64
certbot-4.2.0-1.el10_1.noarch
cockpit-bridge-344-1.0.1.el10.noarch
cockpit-podman-111-1.el10.noarch
conmon-3:2.1.13-1.el10.x86_64
container-selinux-4:2.240.0-1.el10.noarch
container-tools-1-16.0.1.el10.noarch
containers-common-5:0.64.0-5.0.1.el10_1.noarch
containers-common-extra-5:0.64.0-5.0.1.el10_1.noarch
criu-4.1-1.el10.x86_64
criu-libs-4.1-1.el10.x86_64
crun-1.23.1-1.el10_0.x86_64
fontawesome4-fonts-1:4.7.0-23.el10.noarch
fuse-overlayfs-1.16-1.el10_1.x86_64
libnet-1.3-7.el10.x86_64
libslirp-4.7.0-10.el10.x86_64
netavark-2:1.16.0-1.el10.x86_64
nginx-2:1.26.3-1.0.1.el10.x86_64
nginx-core-2:1.26.3-1.0.1.el10.x86_64
nginx-filesystem-2:1.26.3-1.0.1.el10.noarch
nginx-mod-headers-more-0.39-1.el10_1.x86_64
oracle-logos-httpd-100.1-1.0.3.el10.noarch
passt-0^20250512.g8ec1341-4.el10_1.x86_64
passt-selinux-0^20250512.g8ec1341-4.el10_1.noarch
podman-7:5.6.0-11.0.1.el10_1.x86_64
podman-docker-7:5.6.0-11.0.1.el10_1.noarch
python3-acme-4.2.0-1.el10_1.noarch
python3-certbot-4.2.0-1.el10_1.noarch
python3-configargparse-1.7.1-1.el10_1.noarch
python3-josepy-2.0.0-2.el10_1.noarch
python3-parsedatetime-2.6-1.el10_0.noarch
python3-podman-3:5.5.0-1.el10.noarch
python3-pyrfc3339-1.1-20.el10_0.noarch
shadow-utils-subid-2:4.15.0-8.el10.x86_64
skopeo-2:1.20.0-2.el10_1.x86_64
slirp4netns-1.3.3-1.el10.x86_64
udica-0.2.8-6.el10.noarch
unzip-6.0-69.el10.x86_64
success
success
success
success
success
success
success
public (default, active)
target: default
ingress-priority: 0
egress-priority: 0
icmp-block-inversion: no
interfaces: enp0s5
sources:
services: dhcpv6-client ssh
ports: 8080/tcp 8443/tcp 27017/tcp 1521/tcp
protocols:
forward: yes
masquerade: no
forward-ports:
port=80:proto=tcp:toport=8080:toaddr=
port=443:proto=tcp:toport=8443:toaddr=
source-ports:
icmp-blocks:
rich rules:
* Applying /usr/lib/sysctl.d/01-unprivileged-bpf.conf ...
* Applying /usr/lib/sysctl.d/10-default-yama-scope.conf ...
* Applying /usr/lib/sysctl.d/10-map-count.conf ...
* Applying /usr/lib/sysctl.d/50-coredump.conf ...
* Applying /usr/lib/sysctl.d/50-default.conf ...
* Applying /usr/lib/sysctl.d/50-libkcapi-optmem_max.conf ...
* Applying /usr/lib/sysctl.d/50-pid-max.conf ...
* Applying /usr/lib/sysctl.d/50-redhat.conf ...
* Applying /usr/lib/sysctl.d/50-scsi-logging.conf ...
* Applying /etc/sysctl.d/60-disable-ipv6.conf ...
* Applying /etc/sysctl.d/99-sysctl.conf ...
* Applying /etc/sysctl.conf ...
kernel.unprivileged_bpf_disabled = 1
kernel.yama.ptrace_scope = 0
vm.max_map_count = 1048576
kernel.core_pattern = |/usr/lib/systemd/systemd-coredump %P %u %g %s %t %c %h
kernel.core_pipe_limit = 16
fs.suid_dumpable = 2
kernel.sysrq = 16
kernel.core_uses_pid = 1
net.ipv4.conf.default.rp_filter = 2
net.ipv4.conf.enp0s5.rp_filter = 2
net.ipv4.conf.lo.rp_filter = 2
net.ipv4.conf.default.accept_source_route = 0
net.ipv4.conf.enp0s5.accept_source_route = 0
net.ipv4.conf.lo.accept_source_route = 0
net.ipv4.conf.default.promote_secondaries = 1
net.ipv4.conf.enp0s5.promote_secondaries = 1
net.ipv4.conf.lo.promote_secondaries = 1
net.ipv4.ping_group_range = 0 2147483647
net.core.default_qdisc = fq_codel
fs.protected_hardlinks = 1
fs.protected_symlinks = 1
fs.protected_regular = 1
fs.protected_fifos = 1
net.core.optmem_max = 81920
kernel.pid_max = 4194304
kernel.kptr_restrict = 1
net.ipv4.conf.default.rp_filter = 1
net.ipv4.conf.enp0s5.rp_filter = 1
net.ipv4.conf.lo.rp_filter = 1
dev.scsi.logging_level = 68
net.ipv6.conf.all.disable_ipv6 = 1
net.ipv6.conf.default.disable_ipv6 = 1
kernel.unknown_nmi_panic = 1
kernel.unknown_nmi_panic = 1
[opc@ordsmcp ~]$
[opc@ordsmcp ~]$ sudo shutdown -r now
Broadcast message from root@localhost.localdomain on pts/1 (Fri 2026-02-20 02:33:58 GMT):
The system will reboot now!
ユーザーoracleに切り替えて作業します。
sudo su - oracle
[opc@ordsmcp ~]$ sudo su - oracle
[oracle@ordsmcp ~]$
Oracle APEXの最新のアーカイブをダウンロードし解凍します。その他に、データファイルを保管するディレクトリoradataと、ORDSの構成ファイルを保管するディレクトリords_configを作成します。
[oracle@ordsmcp ~]$ curl -OL https://download.oracle.com/otn_software/apex/apex-latest.zip
% Total % Received % Xferd Average Speed Time Time Time Current
Dload Upload Total Spent Left Speed
100 289M 100 289M 0 0 126M 0 0:00:02 0:00:02 --:--:-- 126M
[oracle@ordsmcp ~]$ unzip -q apex-latest.zip
[oracle@ordsmcp ~]$ mkdir oradata
[oracle@ordsmcp ~]$ mkdir ords_config
[oracle@ordsmcp ~]$
[oracle@ordsmcp ~]$ podman pull container-registry.oracle.com/database/free:latest
Trying to pull container-registry.oracle.com/database/free:latest...
Getting image source signatures
Copying blob 8b259ba4c4d9 skipped: already exists
Copying blob 3bf32880b451 skipped: already exists
Copying blob 41fec24cd635 skipped: already exists
Copying blob 422548fea3d3 skipped: already exists
Copying blob 2194ce8eea01 skipped: already exists
Copying blob ec2d2b9967e0 skipped: already exists
Copying blob ea29ae69235f skipped: already exists
Copying blob 76262a11b33d skipped: already exists
Copying blob 991ed18434dd skipped: already exists
Copying blob f25c6654bf3b skipped: already exists
Copying blob 1b5d06dc2c49 skipped: already exists
Copying blob d46a44facb7d skipped: already exists
Copying blob cc817f3645bb skipped: already exists
Copying blob 45768b398726 skipped: already exists
Copying blob 7e9be3b296e9 skipped: already exists
Copying blob e02d6fb066f3 skipped: already exists
Copying blob aeed28bf05ac skipped: already exists
Copying blob 8a5b38f9ede2 skipped: already exists
Copying blob da072ef4f3b2 skipped: already exists
Copying blob 2d032c198665 skipped: already exists
Copying blob 29c59e2aad04 skipped: already exists
Copying blob 3a95ca5b8cd0 skipped: already exists
Copying config 7c044a242a done |
Writing manifest to image destination
7c044a242a1c6b1d7f0d6bcf145a96b1dc5265d4d9610c70302ece0d067cf670
[oracle@ordsmcp ~]$ podman pull container-registry.oracle.com/database/ords:latest
Trying to pull container-registry.oracle.com/database/ords:latest...
Getting image source signatures
Copying blob 7199b16c8c4a skipped: already exists
Copying blob 0c76fee24ccd skipped: already exists
Copying blob 2d59a8c44230 skipped: already exists
Copying blob 4577ec524291 skipped: already exists
Copying blob a1247073a683 skipped: already exists
Copying blob b91daf9676e0 skipped: already exists
Copying blob 4f4fb700ef54 skipped: already exists
Copying blob ac06ceafe5b9 skipped: already exists
Copying config 3f853d6c8f done |
Writing manifest to image destination
3f853d6c8ffd32021b3154789d719170e3d5c3b61b48ac5d703281a67ba7d8fe
[oracle@ordsmcp ~]$
更新した構成ファイルから、一気にポッドapexを作成します。
sed -e 's/$ORASYSPWD/[パスワード]/g' apex.yml > apex-cnt.yml
[oracle@ordsmcp ~]$ sed -e 's/$ORASYSPWD/********/g' apex.yml > apex-cnt.yml
[oracle@ordsmcp ~]$ podman play kube apex-cnt.yml
Pod:
baa73eca2cb117f0447d5ee80e926860364e0369f6639fbfbc7dc3f3e5e54759
Containers:
6f161d69b2b40a07a2f156ac0e26de29506c39f99cc507461bf26f7d5bbfe002
dc649dccf7ed0275c93422cf6c1a8164c7b2dcd5535008039ec89a83039030c6
[oracle@ordsmcp ~]$
ORDSのコンテナをログから、ORDSの起動を確認します。APEXのインストールも実施されるため、ORDSが起動するまでに10分程度の時間がかかります。
[oracle@ordsmcp ~]$ podman logs -f apex-ords
Testing database connection...
INFO : Attempt 1: Connecting to sys/*****@localhost:1521/freepdb1 as sysdba...
INFO : Database not ready (attempt 1 of 60). Retrying in 10s...
INFO : Attempt 2: Connecting to sys/*****@localhost:1521/freepdb1 as sysdba...
INFO : Database not ready (attempt 2 of 60). Retrying in 10s...
INFO : Attempt 3: Connecting to sys/*****@localhost:1521/freepdb1 as sysdba...
INFO : Database not ready (attempt 3 of 60). Retrying in 10s...
INFO : Attempt 4: Connecting to sys/*****@localhost:1521/freepdb1 as sysdba...
[中略]
2026-02-19T13:36:50.579Z WARNING *** jdbc.MaxLimit in configuration |default|lo| is using a value of 10, this setting may not be sized adequately for a production environment ***
2026-02-19T13:36:50.831Z INFO Created Pool: |default|lo|-2026-02-19T13-36-49.967118441Z at: 2026-02-19T13:36:49.967118441Z
2026-02-19T13:36:50.950Z INFO
Mapped local pools from /etc/ords/config/databases:
/ords/ => default => VALID
2026-02-19T13:36:50.960Z INFO Oracle REST Data Services initialized
Oracle REST Data Services version : 25.4.0.r3641739
Oracle REST Data Services server info: jetty/12.0.25
Oracle REST Data Services java info: Java HotSpot(TM) 64-Bit Server VM GraalVM EE 21.3.10 (build 17.0.11+7-LTS-jvmci-21.3-b51 mixed mode, sharing)
2026-02-19T13:36:51.050Z INFO CursorMonitor 1
2026-02-19T13:36:51.050Z INFO RequestMonitor 1
2026-02-19T13:36:51.051Z INFO TransactionMonitor 1
2026-02-19T13:36:51.051Z INFO AccessLogMonitor 1 0
2026-02-19T13:36:51.052Z INFO WatchdogMonitor 1
[oracle@ordsmcp ~]$
ORDSが起動すると、APEXのインストールは完了です。
podman exec -it apex-db bash
cd ~/apex
[oracle@ordsmcp ~]$ podman exec -it apex-db bash
bash-4.4$ cd ~/apex
bash-4.4$
export NLS_LANG=American_America.AL32UTF8
sqlplus / as sysdba
alter session set container = freepdb1;
bash-4.4$ export NLS_LANG=American_America.AL32UTF8
bash-4.4$ sqlplus / as sysdba
SQL*Plus: Release 23.26.1.0.0 - Production on Thu Feb 19 13:50:49 2026
Version 23.26.1.0.0
Copyright (c) 1982, 2025, Oracle. All rights reserved.
Connected to:
Oracle AI Database 26ai Free Release 23.26.1.0.0 - Develop, Learn, and Run for Free
Version 23.26.1.0.0
SQL> alter session set container = freepdb1;
Session altered.
SQL>
@load_trans JAPANESE
SQL> @load_trans JAPANESE
PL/SQL procedure successfully completed.
Installing Oracle APEX translation - JAPANESE
. ORACLE
.
. Oracle APEX Hosted Development Service Installation.
..............................................................
PL/SQL procedure successfully completed.
PL/SQL procedure successfully completed.
--application/set_environment
API Last Extended:20241130
Your Current Version:20241130
This import is compatible with version: 20241130
COMPATIBLE (You should be able to run this import without issues.)
ID offset during import: 0
New ID offset for application: 0
APPLICATION 4420 - Oracle APEX Builder, Wizard Messages and Native Plug-Ins
--application/delete_application
--application/create_application
--application/user_interfaces
--application/shared_components/navigation/lists/spotlight_custom_entries_global
--application/shared_components/navigation/lists/spotlight_custom_entries_app_level
[中略]
--application/pages/page_00203
--application/pages/page_00204
--application/pages/page_00205
--application/pages/page_00206
--application/deployment/definition
--application/deployment/checks
--application/deployment/buildoptions
--application/end_environment
... elapsed: 2.37 sec
...done
Adjust instance settings
PL/SQL procedure successfully completed.
SQL>
@apxchpwd
SQL> @apxchpwd
...set_appun.sql
================================================================================
This script can be used to change the password of an Oracle APEX
instance administrator. If the user does not yet exist, a user record will be
created.
================================================================================
Enter the administrator's username [ADMIN]
User "ADMIN" does not yet exist and will be created.
Enter ADMIN's email [ADMIN]
Enter ADMIN's password [] ********
Created instance administrator ADMIN.
SQL> exit
Disconnected from Oracle AI Database 26ai Free Release 23.26.1.0.0 - Develop, Learn, and Run for Free
Version 23.26.1.0.0
bash-4.4$ exit
exit
[oracle@ordsmcp ~]$
以上で、Oracle APEXの管理サービスに、日本語でサインインできるようになりました。
nginxによるリバース・プロキシの構成
sudo firewall-cmd --remove-forward-port=port=80:proto=tcp:toport=8080
sudo firewall-cmd --remove-forward-port=port=443:proto=tcp:toport=8443
sudo firewall-cmd --add-service=http
sudo firewall-cmd --add-service=https
sudo firewall-cmd --runtime-to-permanent
sudo firewall-cmd --list-all
[opc@ordsmcp ~]$ sudo firewall-cmd --remove-forward-port=port=80:proto=tcp:toport=8080
sudo firewall-cmd --remove-forward-port=port=443:proto=tcp:toport=8443
sudo firewall-cmd --add-service=http
sudo firewall-cmd --add-service=https
sudo firewall-cmd --runtime-to-permanent
sudo firewall-cmd --list-all
success
success
success
success
success
public (default, active)
target: default
ingress-priority: 0
egress-priority: 0
icmp-block-inversion: no
interfaces: enp0s5
sources:
services: dhcpv6-client http https ssh
ports: 8080/tcp 8443/tcp 27017/tcp 1521/tcp
protocols:
forward: yes
masquerade: no
forward-ports:
source-ports:
icmp-blocks:
rich rules:
[opc@ordsmcp ~]$
sudo -s
[opc@ordsmcp ~]$ sudo -s
[root@ordsmcp opc]# cd ~
[root@ordsmcp ~]#
以下の例ではホスト名にords.example.comを指定していますが、作業の際には割り当てているホスト名に置き換えます。
certbot certonly --standalone -d ホスト名
[root@ordsmcp ~]# certbot certonly --standalone -d ords.example.com
Saving debug log to /var/log/letsencrypt/letsencrypt.log
Enter email address or hit Enter to skip.
(Enter 'c' to cancel): メール・アドレス
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Please read the Terms of Service at:
https://letsencrypt.org/documents/LE-SA-v1.6-August-18-2025.pdf
You must agree in order to register with the ACME server. Do you agree?
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
(Y)es/(N)o: Y
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Would you be willing, once your first certificate is successfully issued, to
share your email address with the Electronic Frontier Foundation, a founding
partner of the Let's Encrypt project and the non-profit organization that
develops Certbot? We'd like to send you email about our work encrypting the web,
EFF news, campaigns, and ways to support digital freedom.
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
(Y)es/(N)o: N
Account registered.
Requesting a certificate for ords.example.com
Successfully received certificate.
Certificate is saved at: /etc/letsencrypt/live/ords.example.com/fullchain.pem
Key is saved at: /etc/letsencrypt/live/ords.example.com/privkey.pem
This certificate expires on 2026-05-21.
These files will be updated when the certificate renews.
Certbot has set up a scheduled task to automatically renew this certificate in the background.
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
If you like Certbot, please consider supporting our work by:
* Donating to ISRG / Let's Encrypt: https://letsencrypt.org/donate
* Donating to EFF: https://eff.org/donate-le
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
[root@ordsmcp ~]#
nginxの構成ファイルを置き換えます。
デバッグ用途に、ORDSへ送信されるヘッダーやリクエスト本体をログに出力する設定を含めています(有効にはしていません)。
TLSを有効にしたサーバーの設定ファイルを、/etc/nginx/conf.d/01-server.confとして作成します。ホスト名のords.example.comの部分は、適切なホスト名に置き換えます。
systemctl enable nginx
systemctl start nginx
[root@ordsmcp ~]# systemctl enable nginx
Created symlink '/etc/systemd/system/multi-user.target.wants/nginx.service' → '/usr/lib/systemd/system/nginx.service'.
[root@ordsmcp ~]# systemctl start nginx
[root@ordsmcp ~]#
nginxではhttpsからhttpへのリバース・プロキシを構成しているため、Oracle REST Data Servicesのsecurity.httpsHeaderCheckに"X-Forwarded-Proto: https"を設定します。
ユーザーoracleに切り替えコンテナapex-ordsに接続して、ordsコマンドを実行します。
su - oracle
podman exec apex-ords ords --config /etc/ords/config config set security.httpsHeaderCheck "X-Forwarded-Proto: https"
[root@ordsmcp ~]# su - oracle
Last login: Fri Feb 20 07:23:57 GMT 2026 on pts/1
[oracle@ordsmcp ~]$ podman exec apex-ords ords --config /etc/ords/config config set security.httpsHeaderCheck "X-Forwarded-Proto: https"
ORDS: Release 25.4 Production on Fri Feb 20 08:23:34 2026
Copyright (c) 2010, 2026, Oracle.
Configuration:
/etc/ords/config
The global setting named: security.httpsHeaderCheck was set to: X-Forwarded-Proto: https
[oracle@ordsmcp ~]$ podman restart apex-ords
WARN[0010] StopSignal SIGTERM failed to stop container apex-ords in 10 seconds, resorting to SIGKILL
apex-ords
[oracle@ordsmcp ~]$
