Introduction

In this tutorial, we will discuss the steps to set up a reverse proxy for Oracle APEX using Microsoft IIS (Internet Information Service).

Please note that this guide is intended for educational purposes only. In a production environment, additional steps may be necessary to adequately secure the applications.

Use Case

Your organization hosts an APEX application, and you aim to enhance its security by implementing SSL encryption and obscuring the actual port numbers on which the application runs.

Assumptions

• ORDS is running either in standalone mode or deployed in Apache Tomcat.

• ORDS is accessible on port 8080.

• The DNS record for your domain has already been added and is pointed to the reverse proxy server.

Video Tutorial

Steps

Setting up a reverse proxy with IIS involves five steps, as listed below.

1. Install IIS

2. Install Microsoft Application Request Routing Module

3. Install Microsoft URL Rewrite Module

4. Enable Reverse Proxy

5. Configure Trusted Origins

Watch the video tutorial and follow the steps to set up a reverse proxy.

1. Install IIS

• Open Server Manager

• Select "Add roles and features"

• 

• Click Next and select "Role-based or feature-based installation" and click Next.

  

• Select "Web Server (IIS)" from Server Roles

  

• Click Next and Click "Add Features"

  

• Click 'Next' until you reach the last step of the wizard, and the installation will commence.

  

Once the installation is complete, check the server status by opening 'localhost' in a browser.

2. Install Microsoft Application Request Routing Module

• Download Microsoft Application Request Routing from https://www.iis.net/downloads/microsoft/application-request-routing

• Install the module.

  

Verify the installation by opening the IIS Manager

3. Install Microsoft URL Rewrite Module

• Download the URL Rewrite module and install it. https://www.iis.net/downloads/microsoft/url-rewrite

  

• Verify the installation from the IIS Manager.

4. Enable Reverse Proxy

• Open IIS Manager

  

• Open your site

• Open URL Rewrite module

  

• Click "Add Rules" under actions.

  

• Select "Reverse Proxy" and click OK.

  

• Set the rules as shown in the screenshot.

  

• You have enabled Reverse Proxy. Let's verify by typing the domain in the browser. You will see that the APEX application is loading without the need to specify the port number.

  

5. Configure Trusted Origins

• If you attempt to log in to Oracle APEX, you may encounter the following error. To resolve this, add your domain to the trusted origins in the ORDS configuration file.

  

• Open the ORDS configuration file from {ORDS Config Directory}/global/settings.xml

• Add your domain to the trusted origins list and save the file.

  

    <entry key="security.externalSessionTrustedOrigins">http://example.com,https://example.com:443</entry>
  

• Restart ORDS and verify the setup by logging into Oracle APEX Workspace.

  

  

References

• https://learn.microsoft.com/en-us/iis/get-started/introduction-to-iis/iis-web-server-overview

• Application Request Routing: https://www.iis.net/downloads/microsoft/application-request-routing

• URL Rewrite: https://www.iis.net/downloads/microsoft/url-rewrite

• ORDS Configuration File: https://docs.oracle.com/en/database/oracle/oracle-rest-data-services/23.4/ordig/about-REST-configuration-files.html#GUID-006F916B-8594-4A78-B500-BB85F35C12A0