How to Set Up Reverse Proxy with Windows IIS for Oracle APEX?
Reverse Proxy for Oracle APEX
Introduction
In this tutorial, we will discuss the steps to set up a reverse proxy for Oracle APEX using Microsoft IIS (Internet Information Service).
Please note that this guide is intended for educational purposes only. In a production environment, additional steps may be necessary to adequately secure the applications.
Use Case
Your organization hosts an APEX application, and you aim to enhance its security by implementing SSL encryption and obscuring the actual port numbers on which the application runs.
Assumptions
ORDS is running either in standalone mode or deployed in Apache Tomcat.
ORDS is accessible on port 8080.
The DNS record for your domain has already been added and is pointed to the reverse proxy server.
Video Tutorial
Steps
Setting up a reverse proxy with IIS involves five steps, as listed below.
Install IIS
Install Microsoft Application Request Routing Module
Install Microsoft URL Rewrite Module
Enable Reverse Proxy
Configure Trusted Origins
Watch the video tutorial and follow the steps to set up a reverse proxy.
Install IIS
Open Server Manager
Select "Add roles and features"
Click Next and select "Role-based or feature-based installation" and click Next.
Select "Web Server (IIS)" from Server Roles
Click Next and Click "Add Features"
Click 'Next' until you reach the last step of the wizard, and the installation will commence.
Once the installation is complete, check the server status by opening 'localhost' in a browser.
Install Microsoft Application Request Routing Module
Download Microsoft Application Request Routing from https://www.iis.net/downloads/microsoft/application-request-routing
Install the module.
Verify the installation by opening the IIS Manager
Install Microsoft URL Rewrite Module
Download the URL Rewrite module and install it. https://www.iis.net/downloads/microsoft/url-rewrite
Verify the installation from the IIS Manager.
Enable Reverse Proxy
Open IIS Manager
Open your site
Open URL Rewrite module
Click "Add Rules" under actions.
Select "Reverse Proxy" and click OK.
Set the rules as shown in the screenshot.
You have enabled Reverse Proxy. Let's verify by typing the domain in the browser. You will see that the APEX application is loading without the need to specify the port number.
Configure Trusted Origins
If you attempt to log in to Oracle APEX, you may encounter the following error. To resolve this, add your domain to the trusted origins in the ORDS configuration file.
Open the ORDS configuration file from {ORDS Config Directory}/global/settings.xml
Add your domain to the trusted origins list and save the file.
<entry key="security.externalSessionTrustedOrigins">http://example.com,https://example.com:443</entry>
Restart ORDS and verify the setup by logging into Oracle APEX Workspace.
References
https://learn.microsoft.com/en-us/iis/get-started/introduction-to-iis/iis-web-server-overview
Application Request Routing: https://www.iis.net/downloads/microsoft/application-request-routing
URL Rewrite: https://www.iis.net/downloads/microsoft/url-rewrite
ORDS Configuration File: https://docs.oracle.com/en/database/oracle/oracle-rest-data-services/23.4/ordig/about-REST-configuration-files.html#GUID-006F916B-8594-4A78-B500-BB85F35C12A0