Oracle® Application Server Quick Administration Guide
10g Release 2 (10.1.2) B14126-02 |
|
Previous |
Next |
This chapter describes how to change the port numbers. It contains the following topics:
Changing the HTTP Server Listen Port on Middle-Tier Instances
Changing the HTTP Server Listen Port on Identity Management Installations
This section describes how to change port numbers in middle-tier instances and update any other affected components. It contains the procedure to change the Oracle HTTP Server listen port (SSL or Non-SSL).
When you change the Oracle HTTP Server Listen directive, there are often dependencies that must also be set. For example, if you are using OracleAS Web Cache to improve the performance of your Oracle Application Server instance, then you must modify the OracleAS Web Cache origin server settings whenever you modify the Oracle HTTP Server Listen ports.
To be sure the port dependencies are modified correctly, you can use a single command to change the Oracle HTTP Server Listen port. The portconfig
command automatically modifies the necessary configuration files within the Oracle home and optionally restarts the required components within the Oracle home.
The following sections describe how to define the portconfig
command and then use it to modify the Oracle HTTP Server Listen SSL or non-SSL port:
Enabling Oracle HTTP Server to Run as Root for Ports Set to Less Than 1024 (UNIX only)
Using the portconfig Command to Change the Oracle HTTP Server Listen Port
If you are on a UNIX system and you are changing the Listen port to a number less than 1024, perform these steps before you change the Oracle HTTP Server Listen port.
By default, Oracle HTTP Server runs as a non-root user (the user that installed Oracle Application Server). On UNIX systems, if you change the Oracle Application Server HTTPS Listen port number to a value less than 1024, then you must enable Oracle Application Server to run as root, as follows:
Log in as the root
user.
Run the following commands in the middle tier Oracle home:
cd ORACLE_HOME/Apache/Apache/bin
chown root .apachectl
chmod 6750 .apachectl
Use the following procedure to change the Oracle HTTP Server SSL or non-SSL Listen port:
Set the ORACLE_HOME
environment variable to the home directory of the Oracle Application Server instance where the Oracle HTTP Server resides.
For example:
(UNIX) setenv ORACLE_HOME /dev0/private/oracle/appserv1/ (Windows) set ORACLE_HOME=D:\oracle\appserv1\
On UNIX systems, set the LD_LIBRARY_PATH, LD_LIBRARY_PATH_64, LIB_PATH, or SHLIB_PATH environment variables to the proper values, as shown in Table 1-1. The actual environment variables and values that you must set depend on the type of your UNIX operating system.
Create an alias (on UNIX systems) or a DOSKEY macro (on Windows systems) to represent the portconfig
command.
For example, to execute the command as an alias on UNIX systems, enter the following command:
alias portconfig '$ORACLE_HOME/jdk/bin/java -cp $ORACLE_HOME/sysman/webapps/emd/WEB-INF/lib/emd.jar: $ORACLE_HOME/dcm/lib/dcm.jar: $ORACLE_HOME/sso/lib/ossoreg.sh oracle.sysman.ias.sta.tools.PortConfigCmdLine \!*'
Similarly, to execute the command as DOSKEY macro on Windows systems, enter the following at the DOS command line:
doskey portconfig=%ORACLE_HOME%\jdk\bin\java -cp %ORACLE_HOME%/sysman/webapps/emd/WEB-INF/lib/emd.jar; %ORACLE_HOME%/dcm/lib/dcm.jar; %ORACLE_HOME%/sso/lib/ossoreg.bat oracle.sysman.ias.sta.tools.PortConfigCmdLine $*
Use the newly created portconfig
command as follows:
portconfig -oracleHome ORACLE_HOME -oldPort old_port -newPort new_port [-sso -url http://sso_host:port -user http_server_admin_user [-site name_of_sso_partner_application] [-admin mod_osso_admin_user] [-vHost path_to_mod_osso_configuration_file]] [-webCache] {-start | -restart}
For example, on UNIX systems:
portconfig -oracleHome $ORACLE_HOME -oldPort 7777 -newPort 7778 -webCache
For example, on Windows systems:
portconfig -oracleHome %ORACLE_HOME% -oldPort 7777 -newPort 7778 -webCache
Table 4-1 describes the arguments available when you use the portconfig
command to automatically change the Oracle HTTP Server Listen port.
Table 4-1 Arguments for the portconfig Command
Argument | Description |
---|---|
|
The Oracle home of the Oracle Application Server instance. The |
|
The old (current) value of the Oracle HTTP Server Listen port. |
|
The new value for the Oracle HTTP Server Listen port. |
|
Use this optional argument if you are using OracleAS Web Cache to improve the performance and reliability of your Web server. When this argument is included on the command line, the dependent OracleAS Web Cache port assignment is changed automatically. Specifically, the port number of the origin server is updated automatically so that it points to the new Oracle HTTP Server listen port. Note: The |
|
Use this optional argument to stop and start the application server instance after the Note that during startup, all enabled components of the application server are started, even those that were originally down before you ran the Compare with the |
|
Use this optional argument to stop and start the application server instance after the With this option, only already running components are restarted after the configuration changes are complete. Components that were down before you ran the Compare with the |
|
Use this optional argument to display debugging information as the command executes. This argument can be useful if you are troubleshooting a problem or working with Oracle Support. |
|
Use this optional argument when the Listen port you are changing is protected by OracleAS Single Sign-On. When you use this argument, the When you use the For more information about registering mod_osso, see "Configuring and Administering Partner Applications" in the Oracle Application Server Single Sign-On Administrator's Guide. |
|
This argument is required when you use the Use this argument to provide the new Oracle HTTP Server URL, which is also used by OracleAS Single Sign-On and uses the new Listen port. For example: http://sso42.acme.com:7778 This URL is passed as the |
|
This argument is required when you use the Use this argument to enter the name of the account that is used to start Oracle HTTP Server. On UNIX systems, this is usually The value provided with this argument is passed as the |
|
This argument is optional; however, it can be used only when you use the Use this argument to enter the site name of OracleAS Single Sign-On partner application. The site name is displayed by the OracleAS Single Sign-On administration pages. The value of this argument is passed as the |
|
This argument is optional; however, it can be used only when you use the Use this argument to enter the account name of the |
|
This argument is optional; however, it can be used only when you use the Use this argument to enter the path to the $ORACLE_HOME/Apache/Apache/conf/osso/vh_name/osso.conf
Use this argument only when you are registering an HTTP virtual host with the OracleAS Single Sign-On server. The value of this argument is passed as the |
Restart the application server instance:
UNIX: ORACLE_HOME/bin/emctl stop iasconsole ORACLE_HOME/opmn/bin/opmnctl stopall ORACLE_HOME/opmn/bin/opmnctl startall ORACLE_HOME/bin/emctl start iasconsole Windows: ORACLE_HOME\bin\emctl stop iasconsole ORACLE_HOME\opmn\bin\opmnctl stopall ORACLE_HOME\opmn\bin\opmnctl startall ORACLE_HOME\bin\emctl start iasconsole
This section describes how to change the Oracle HTTP Server HTTP or HTTPS listen port on an Identity Management installation. When you change this port number, you also effectively change the OracleAS Single Sign-On port number. This means you must update any middle-tier instances that use the OracleAS Single Sign-On port.
Task 1: Prepare the Middle-Tier Instances
Perform this task only if the Identity Management installation is being used by middle-tier instances. On each middle-tier instance that uses Oracle Identity Management, stop the middle-tier instance as follows:
On the Application Server Home page of the Application Server Control Console, click Stop All.
Leave the Application Server Control Console running.
It is important that you leave the Application Server Control Console running in each of the middle-tier instances while you perform this procedure.
Task 2: Prepare the Infrastructure Instances
Ensure that Oracle Identity Management and its associated OracleAS Metadata Repository are started on the infrastructure whose port number you are changing.
If any middle-tier instances use different Metadata Repositories for their product metadata and DCM repositories, then ensure that those are up. In short, ensure all Metadata Repositories in your environment are up.
Task 3: Modify the Oracle HTTP Server Listen and Port Directives
If you are changing the HTTP port, change both the non-SSL Listen and Port directives to the new port number. Perform the following steps:
Navigate to the Application Server Home page and click Ports.
On the Ports page, locate the Oracle HTTP Server Listen port and click the icon in the Configure column.
On the Server Properties page:
Enter the new port number in the Default Port field. This is for the Port
directive.
Enter the new port number in the Listening Port column. This is for the Listen
directive. There may be more than one listening port listed. The only way to tell which is the non-SSL listen port is to choose the one with the old non-SSL listen port value.
At the bottom of the page, click Apply.
On the Confirmation page, click No, you would not like to restart now.
Note: You can manually update the port numbers in thehttpd.conf file. Update the non-SSL listen and port directives that are not enclosed in an SSL virtual host container with the same new port number. Save the file, and then run the following command:
dcmctl updateConfig -ct ohs
|
If you are changing the HTTPS port, change both the SSL Listen and SSL Port directives to the new port number, perform the following steps:
Edit the following file:
(UNIX) ORACLE_HOME/Apache/Apache/conf/ssl.conf (Windows) ORACLE_HOME\Apache\Apache\conf\ssl.conf
Update the SSL Listen
and SSL Port
directives with the new port number. The value for Listen
and Port
must be the same port number.
Save and close the file.
Run the following command:
(UNIX) ORACLE_HOME/dcm/bin/dcmctl updateConfig -ct ohs (Windows) ORACLE_HOME\dcm\bin\dcmctl updateConfig -ct ohs
Task 4: Enable Oracle HTTP Server to Run as Root for Ports Less Than 1024 on UNIX
By default, Oracle HTTP Server runs as a non-root user (the user that installed Oracle Application Server). On UNIX systems, if you change the Oracle Application Server non-SSL listen port number to a value less than 1024, then you must enable Oracle HTTP Server to run as root, as follows:
Log in as root.
Run the following commands in the middle tier Oracle home:
cd ORACLE_HOME/Apache/Apache/bin
chown root .apachectl
chmod 6750 .apachectl
Task 5: Update the Application Server Control Console
Update the Application Server Control Console with the new port number:
Edit the following file:
(UNIX) ORACLE_HOME/sysman/emd/targets.xml (Windows) ORACLE_HOME\sysman\emd\targets.xml
Update each occurrence of the old Oracle HTTP Server listen port number with the new port number.
Save and close the file.
Reload the Application Server Control Console:
(UNIX) ORACLE_HOME/bin/emctl reload (Windows) ORACLE_HOME\bin\emctl reload
Task 6: UpdateOracleAS Single Sign-On
In the example, hostname
is the host on which OracleAS Single Sign-On is running and new_port_number
is the new SSL Oracle HTTP Server listen port number.
Perform this task if OracleAS Single Sign-On is configured to use the Oracle HTTP Server HTTP listen port in the installation where you are changing the port.
On UNIX systems, set the LD_LIBRARY_PATH, LD_LIBRARY_PATH_64, LIB_PATH, or SHLIB_PATH environment variables to the proper values, as shown in Table 1-1. The actual environment variables and values that you must set depend on the type of your UNIX operating system.
Run one or both of the following commands in the OracleAS Single Sign-On Oracle home:
To change the non-SSL port:
(UNIX) ORACLE_HOME/sso/bin/ssocfg.sh http hostname new_non_ssl_port_number (Windows) ORACLE_HOME\sso\bin\ssocfg.bat http hostname new_non_ssl_port_number
To change the SSL port:
(UNIX) ORACLE_HOME/sso/bin/ssocfg.sh https hostname new_ssl_port_number (Windows) ORACLE_HOME\sso\bin\ssocfg.bat https hostname new_ssl_port_number
In the examples:
hostname
is the host on which OracleAS Single Sign-On is running.
new_non_ssl_port_number
is the new non-SSL Oracle HTTP Server listen port number.
new_ssl_port_number
is the new SSL Oracle HTTP Server listen port number.
To re-register mod_osso, perform the following steps:
On UNIX systems, set the LD_LIBRARY_PATH, LD_LIBRARY_PATH_64, LIB_PATH, or SHLIB_PATH environment variables to the proper values, as shown in Table 1-1.
On Windows systems, set the path, for example: PATH=%PATH%;%ORACLE_HOME%\bin;%ORACLE_HOME%\lib
.
If you are changing the non-SSL listen port, then re-register mod_osso
to take care of the default partner applications by running the following command in Oracle Identity Management Oracle home:
UNIX:
ORACLE_HOME/sso/bin/ssoreg.sh -oracle_home_path identity_management_oracle_home -site_name identity_management_hostname:new_port_number -config_mod_osso TRUE -mod_osso_url mod_osso_url
Windows:
ORACLE_HOME\sso\bin\ssoreg.bat -oracle_home_path middle_tier_oracle_home -site_name identity_management_hostname:new_port_number -config_mod_osso TRUE -mod_osso_url mod_osso_url
For example, to change the Oracle HTTP Server listen port to 7779 on host myhost
:
ORACLE_HOME/jdk/bin/java -jar $ORACLE_HOME/sso/lib/ossoreg.jar
-oracle_home_path /disk1/oracleas
-site_name myhost:7779
-config_mod_osso TRUE
-mod_osso_url http://myhost.mydomain:7779
-u oracle
If you are changing the Oracle HTTP Server SSL listen port, perform the following steps.
Re-register mod_osso
with the new port number by running the following command in the middle-tier Oracle home:
UNIX:
ORACLE_HOME/sso/bin/ssoreg.sh -oracle_home_path identity_management_oracle_home -site_name identity_management_hostname:new_port_number -config_mod_osso TRUE -mod_osso_url mod_osso_url -config_file path/osso-https.conf
Windows:
ORACLE_HOME\sso\bin\ssoreg.bat -oracle_home_path identity_management_oracle_home -site_name identity_management_hostname:new_port_number -config_mod_osso TRUE -mod_osso_url mod_osso_url -config_file path\osso-https.conf
For example, if you want to change the Oracle HTTP Server SSL listen port to 7778 on myhost
on UNIX:
$ORACLE_HOME/sso/bin/ssoreg.sh -oracle_home_path /disk1/oracleas -site_name myhost:4445 -config_mod_osso TRUE -mod_osso_url http://myhost.mydomain:7778 -config_file $ORACLE_HOME/Apache/Apache/conf/osso/osso-https.conf
Edit the mod_osso.conf
file, which is located at:
(UNIX) ORACLE_HOME/Apache/Apache/conf/mod_osso.conf (Windows) ORACLE_HOME\Apache\Apache\conf\mod_osso.conf
In the mod_osso.conf
file, comment the following directive, if you have not previously done so:
On UNIX:
LoadModule osso_module libexec/mod_osso.so
On Windows:
LoadModule osso_module modules\ApacheModuleOsso.dll
In the httpd.conf
file, which is found in the same (conf
) directory, add the directive that you just commented in the preceding step (if you have not previously done so). In a default setup, place the directive right after:
LoadModule wchandshake_module libexec/mod_wchandshake.so
Restart the Oracle HTTP Server:
(UNIX) ORACLE_HOME/opmn/bin/opmnctl restartproc process-type=HTTP_Server (Windows) ORACLE_HOME\opmn\bin\opmnctl restartproc process-type=HTTP_Server
Re-register any additional partner applications that you configured or modified.
See Also: Oracle Application Server Single Sign-On Administrator's Guide for more information about registeringmod_osso
|
Task 8: Update Oracle Delegated Administration Services
If you have Oracle Delegated Administration Services configured, and Oracle Delegated Administration Services uses the SSL and non-SSL port numbers, take the following steps to update the Oracle Delegated Administration Services URL entry in Oracle Internet Directory.
Note: To find out what port Oracle Delegated Administration Services uses, enter the following command:ldapsearch -h oid_host -p oid_port -D "cn=orcladmin" -w "password" -b "cn=OperationURLs,cn=DAS,cn=Products,cn=OracleContext" -s base "objectclass=*" orcldasurlbase |
Create a file named mod.ldif
with the following contents (you can create the file in any directory):
dn:cn=OperationURLs,cn=DAS,cn=Products,cn=OracleContext changetype:modify replace:orcldasurlbase orcldasurlbase:http://hostname:new_http_port_number/
Note the slash at the end of the orcldasurlbase
URL.
Run the following command:
ldapmodify -D cn=orcladmin -w password -p oid_port -f mod.ldif
Task 9: Update Oracle Application Server Certificate Authority
If you are using OracleAS Certificate Authority:
Re-register OracleAS Certificate Authority with the OracleAS Single Sign-On server by running the following command in the OracleAS Certificate Authority Oracle home:
(UNIX) ORACLE_HOME/oca/bin/ocactl changesecurity -server_auth_port portnum (Windows) ORACLE_HOME\oca\bin\ocactl changesecurity -server_auth_port portnum
In the example, port_number
is the OracleAS Certificate Authority Server Authentication Virtual Host (SSL) port. The default value is 4400
.
If OracleAS Certificate Authority is located in a different Oracle home than the OracleAS Single Sign-On server, then restart Oracle HTTP Server and the oca
instance in the OracleAS Certificate Authority Oracle home. For example, on UNIX:
ORACLE_HOME/opmn/bin/opmnctl stopproc ias-component=HTTP_Server ORACLE_HOME/opmn/bin/opmnctl stopproc process-type=oca ORACLE_HOME/opmn/bin/opmnctl startproc ias-component=HTTP_Server ORACLE_HOME/opmn/bin/opmnctl startproc process-type=oca
Task 10: Restart the Identity Management Instance
Restart the Identity Management instance. For example, on UNIX:
ORACLE_HOME/bin/emctl stop iasconsole ORACLE_HOME/opmn/bin/opmnctl stopall ORACLE_HOME/opmn/bin/opmnctl startall ORACLE_HOME/bin/emctl start iasconsole
Task 11: Restart OracleAS Certificate Authority
If OracleAS Certificate Authority is configured in this instance, then restart it:
(UNIX) ORACLE_HOME/oca/bin/ocactl start (Windows) ORACLE_HOME\oca\bin\ocactl start
Task 12: Update the Middle-Tier Instances to Use the New Port Number
After you change the Oracle HTTP Server non-SSL port on the Identity Management installation, you must update all middle-tier instances to use the new port number.
Update each middle-tier instance using the Change Identity Management wizard in the Application Server Control Console.
On each middle-tier instance that uses Identity Management:
Using the Application Server Control Console, navigate to the Application Server Home page for the middle-tier instance.
Click the Infrastructure link.
On the Infrastructure page, in the Identity Management section, click Change.
Follow the steps in the wizard.
When the wizard is finished, navigate to the Application Server Home page and start the middle-tier instance by clicking Start All.
Refresh the Oracle Internet Directory cache in your applications: