An APEX Vanity URL for Load Balanced Dockerized Customer Managed ORDS for ADB on OCI

An APEX Vanity URL for Load Balanced Dockerized Customer Managed ORDS for ADB on OCI

In this guide we will add a Vanity URL to our Customer Managed ORDS. We have to do a bit of network setup first however. This is to get the compute VCN and Load Balancer VCN talking to each other.

Prerequisites

You cannot do this on Always Free ADB because the Network Access cannot be updated to a Private Endpoint.

You have completed the following steps:

  1. You have created an OCI Load Balancer - see guide and moved ADB to a Private End Point & followed all steps

  2. You have created a Dockerized Customer Managed ORDS for ADB on OCI - see guide

Steps

  1. Create a Local Peering Gateway as described here - use the examples provided in the linked blog

  2. Find your Load Balancer (lb), click Create Path Analysis > Create as source

  3. Set Destination to Find OCI Source > Compute Instance, Find your Custom ORDS Compute Instance.

  4. Set the IP to your local one (starts with 10) and the Port to your Docker Compute Port i.e 9643 and click Run Analysis

  5. When its complete both the Outbound and Return Paths should Succeed. If not, double check your Local Peering Gateway settings or read more about solving Route Analyzer problems here.

  6. In your Load Balancer (lb) click Backend set > bs-lb > Backends > Add Backend

  7. Choose the Compute Instance that the Custom ORDS is and ensure that the port is correct (9643) and that it will Automatically create the Security List Rules for that same port ← there’s a delay of a few seconds before it updates, watch out for this.

  8. If you didn’t know this already…. When you moved your ADB to a Private end point, you must re-download the wallet. This new wallet contains a FQDN to the ADB which is resolvable by private views (more on this next). You have to stop ORDS, add the new wallet and start it again. Before you restart it… also use the opportunity to Terminate SSL in ORDS (credits: Jon)

     su - <<'EOSU'
     export ORDS_CONFIG=/etc/ords/config
     ords --config $ORDS_CONFIG config set security.externalSessionTrustedOrigins https://0code.io
     ords --config $ORDS_CONFIG config set security.httpsHeaderCheck "X-Forwarded-Proto: https"
     EOSU
    
  9. Now go to your Compute’s VCN (e.g 1639) and click the DNS Resolver

  10. Click Associated private views > Manage Private Views > Choose vcn-lb and click Save Changes. This allows the DNS in the ADB certificate to be resolved

  11. Find the nsg-lb (Network Security Group) of the vcn-lb and add an Ingress CIDR rule from 10.0.0.0/16 (i.e the CIDR of the VNC of your compute) to port 1522. This will allow DB connections from ORDS to your ADB

  12. If you ever feel the need to add a Public IP to your ADB (i.e Update Network Access > Allow Public Access) then you are doing this wrong 😛

  13. For the Healthcheck, there are three approaches. Basically, the way I understand it is that for each IP in the backend, the healthcheck prods it with the healthcheck port (not the backend port) to see if its alive. Therefore you can use some HTTP hello-world page that will always respond on a test-port, or use TCP port of the ORDS box.

    For some reason, I’m unable to get a HTTP response from ORDS itself - beause the SNI error pops up (which is the first approach - i.e to get a bounce off the SNI) . I have no idea why this differs from Oracle Managed ORDS approach - but it does - let me know how I can bounce the health check off port 9643.

Set up to the Health Check to bounce off the SNI error with Status Code 400

  1. Start a new Docker Container on the same compute

            docker run -P -d \
            -p 6080:80 \
            -p 6443:443 \
            --network opc_default \
            --name hello-world \
            nginxdemos/hello
    
  2. Set the Health Check exactly like this

    This will bounce off the HTTP port 6080 and enable the backend.

TCP approach (best of the 3)

  1. Set the Health check exactly like this; however all backends will need this same port

Setup Domain Registrar DNS

  1. Click on Load Balancer Details in your Breadcrumb and find the public IP Address

  2. In your Cloudflare Dashboard go to DNS > Records

  3. Add a domain or subdomain to redirect to your Load Balancer IP Addess

  4. Give it a go

Want it to redirect to a custom Application or Landing Page instead? - see this guide

Example multiple backends

I’m just going to create another ORDS from my image. Its on the same machine as my first customords - but now I have 2. Yeah, this isn’t a great idea to max out my compute box with multiple ORDS… consider this a proof of concept.

First I stop ORDS

sudo sh /home/oracle/scripts/stop_ords.sh

Then I exit out and commit a new image and then I make a new container on port 9644

docker commit customords customords-clone-image
docker run -d -it --name customords2 -p 8624:8080 -p 9644:8443 -p 9624:22 customords-clone-image

Then I restart both to get ORDS booted up

docker restart customords
docker restart customords2

I’ll add the backend as before and now I have 2 (BTW, I use the Hello-world example here for the healthcheck)

If I offline the 9644 one - which I know works - and then refresh the page.. it kicks over to the 9643 one.

I tested all this.. works fine and dandy.. APEX will even continue the users session ID whichever ORDS is being used.

ENJOY!

What’s the picture? Well, I was walking down this footpath in Wetherby and there seemed to be people living around these rocks, so I took this picture and scarpered quickly. Visit Yorkshire! (but don’t go here)