Re: ***UNCHECKED*** Oracle Cloud APEX and Lets Encrypt

From: Ethan Post <post.ethan_at_gmail.com>
Date: Thu, 5 Mar 2020 15:09:13 -0600
Message-ID: <CAMNhnU1-UaOWoXyS2eiuWnHi8c19rhrifxoYxhHfSM7_PuLCEQ_at_mail.gmail.com>



OK, thanks for confirming. I have the vanity url routing to APEX but once it gets there APEX url shows up. I know the setting for this is in APEX service settings someplace, working on finding now. Maybe clearer in your article, I will check it out.

On Thu, Mar 5, 2020 at 1:02 PM Tim Hall <tim_at_oracle-base.com> wrote:

> Sorry. I hit send a little early...
>
> Let's Encrypt works on a challenge-response type thing, so the location
> you end up at must be valid for read/write, which is why most people do it
> with Apache or Nginx acting like a proxy. You do get a key and a cert, so
> you could put them somewhere else, but it needs to be refreshed every 30
> days, so this is going to be a pain unless you can automate that yourself,
> and you need to make sure the challenge gets routed to the correct place.
>
> Cheers
>
> Tim...
>
> On Thu, Mar 5, 2020 at 6:58 PM Tim Hall <tim_at_oracle-base.com> wrote:
>
>> Hi.
>>
>> Currently, you have to put something in front. Either a compute instance
>> acting as a reverse proxy, or a load balancer I guess. From what you've
>> said I assume you already know how to do this, but this is an example of
>> using Let's Encrypt.
>>
>>
>> https://oracle-base.com/articles/linux/letsencrypt-free-certificates-on-oracle-linux
>>
>>
>> I recently did this myself on the free tier. :)
>>
>> I've heard tell that allowing a vanity URL for APEX is something in the
>> pipeline for the cloud database services, but I'm not sure how far the line
>> that is, and I'm not sure if it will support Let's Encrypt. I'm guessing
>> not.
>>
>> Cheers
>>
>> Tim...
>>
>> On Thu, Mar 5, 2020 at 5:43 PM Ethan Post <post.ethan_at_gmail.com> wrote:
>>
>>> Chicken-egg problem here.
>>>
>>> To use vanity urls in oracle cloud APEX I need a cert for the load
>>> balancer. I can't generate a cert with Lets Encrypt unless I own the web
>>> server. I could possibly generate a cert on another platform and then use
>>> it. Maybe that is solution but not sure if cert is somehow tied to anything
>>> I don't know about. Then refreshing the cert still becomes issue.
>>>
>>> Is there a way to do above that I am missing? Maybe another free cert
>>> provider?
>>>
>>> The other option is to stand up a compute instance and install a web
>>> server and use as reverse proxy to APEX. I see Dmitri Gielis's articles on
>>> this and can do if required.
>>>
>>> Thanks,
>>> Ethan
>>> e-t-h-a-n.com
>>>
>>

--
http://www.freelists.org/webpage/oracle-l
Received on Thu Mar 05 2020 - 22:09:13 CET

Original text of this message