An APEX Vanity URL for Load Balanced Dockerized Customer Managed ORDS for ADB on OCI
In this guide we will add a Vanity URL to our Customer Managed ORDS. We have to do a bit of network setup first however. This is to get the compute VCN and Load Balancer VCN talking to each other.
Prerequisites
You cannot do this on Always Free ADB because the Network Access cannot be updated to a Private Endpoint.
You have completed the following steps:
You have created an OCI Load Balancer - see guide and moved ADB to a Private End Point & followed all steps
You have created a Dockerized Customer Managed ORDS for ADB on OCI - see guide
Steps
Create a Local Peering Gateway as described here - use the examples provided in the linked blog
Find your Load Balancer (lb), click Create Path Analysis > Create as source
Set Destination to Find OCI Source > Compute Instance, Find your Custom ORDS Compute Instance.
Set the IP to your local one (starts with 10) and the Port to your Docker Compute Port i.e 9643 and click Run Analysis
When its complete both the Outbound and Return Paths should Succeed. If not, double check your Local Peering Gateway settings or read more about solving Route Analyzer problems here.
In your Load Balancer (lb) click Backend set > bs-lb > Backends > Add Backend
Choose the Compute Instance that the Custom ORDS is and ensure that the port is correct (9643) and that it will Automatically create the Security List Rules for that same port ← there’s a delay of a few seconds before it updates, watch out for this.
If you didn’t know this already…. When you moved your ADB to a Private end point, you must re-download the wallet. This new wallet contains a FQDN to the ADB which is resolvable by private views (more on this next). You have to stop ORDS, add the new wallet and start it again. Before you restart it… also use the opportunity to Terminate SSL in ORDS (credits: Jon)
su - <<'EOSU' export ORDS_CONFIG=/etc/ords/config ords --config $ORDS_CONFIG config set security.externalSessionTrustedOrigins https://0code.io ords --config $ORDS_CONFIG config set security.httpsHeaderCheck "X-Forwarded-Proto: https" EOSU
Now go to your Compute’s VCN (e.g 1639) and click the DNS Resolver
Click Associated private views > Manage Private Views > Choose vcn-lb and click Save Changes. This allows the DNS in the ADB certificate to be resolved
Find the nsg-lb (Network Security Group) of the vcn-lb and add an Ingress CIDR rule from 10.0.0.0/16 (i.e the CIDR of the VNC of your compute) to port 1522. This will allow DB connections from ORDS to your ADB
If you ever feel the need to add a Public IP to your ADB (i.e Update Network Access > Allow Public Access) then you are doing this wrong 😛
For the Healthcheck, there are three approaches. Basically, the way I understand it is that for each IP in the backend, the healthcheck prods it with the healthcheck port (not the backend port) to see if its alive. Therefore you can use some HTTP hello-world page that will always respond on a test-port, or use TCP port of the ORDS box.
For some reason, I’m unable to get a HTTP response from ORDS itself - beause the SNI error pops up (which is the first approach - i.e to get a bounce off the SNI) . I have no idea why this differs from Oracle Managed ORDS approach - but it does - let me know how I can bounce the health check off port 9643.
SNI Approach (not recommended)
Set up to the Health Check to bounce off the SNI error with Status Code 400
HTTP approach (not recommended)
Start a new Docker Container on the same compute
docker run -P -d \ -p 6080:80 \ -p 6443:443 \ --network opc_default \ --name hello-world \ nginxdemos/hello
Set the Health Check exactly like this
This will bounce off the HTTP port 6080 and enable the backend.
TCP approach (best of the 3)
Set the Health check exactly like this; however all backends will need this same port
Setup Domain Registrar DNS
Click on Load Balancer Details in your Breadcrumb and find the public IP Address
In your Cloudflare Dashboard go to DNS > Records
Add a domain or subdomain to redirect to your Load Balancer IP Addess
Give it a go
Want it to redirect to a custom Application or Landing Page instead? - see this guide
Example multiple backends
I’m just going to create another ORDS from my image. Its on the same machine as my first customords - but now I have 2. Yeah, this isn’t a great idea to max out my compute box with multiple ORDS… consider this a proof of concept.
First I stop ORDS
sudo sh /home/oracle/scripts/stop_ords.sh
Then I exit out and commit a new image and then I make a new container on port 9644
docker commit customords customords-clone-image
docker run -d -it --name customords2 -p 8624:8080 -p 9644:8443 -p 9624:22 customords-clone-image
Then I restart both to get ORDS booted up
docker restart customords
docker restart customords2
I’ll add the backend as before and now I have 2 (BTW, I use the Hello-world example here for the healthcheck)
If I offline the 9644 one - which I know works - and then refresh the page.. it kicks over to the 9643 one.
I tested all this.. works fine and dandy.. APEX will even continue the users session ID whichever ORDS is being used.
ENJOY!
What’s the picture? Well, I was walking down this footpath in Wetherby and there seemed to be people living around these rocks, so I took this picture and scarpered quickly. Visit Yorkshire! (but don’t go here)