Easy Custom Domain Mapping for Oracle APEX on Autonomous Database Using Nginx

Kanan VadgamaKanan Vadgama
4 min read

Table of contents

Introduction

Setting up a custom domain for your Oracle APEX application running on an Autonomous Database (ADB) helps provide a professional look and improves accessibility. In this guide, we will walk through the process of mapping a custom domain to an Oracle APEX application using Nginx as a reverse proxy and securing it with Let's Encrypt SSL.

Prerequisites

  • An Oracle Cloud Infrastructure (OCI) Free Tier VM running Oracle Linux.

  • A registered domain (e.g., ex.example.com).

  • DNS Access: Ability to update DNS settings for your domain (to add an A record).

  • Oracle APEX application URL from your ADB instance.

  • Security list and NSG (Network Security Group) configured to allow HTTP (port 80) and HTTPS (port 443).

Step 1: Set Up the Oracle Linux VM

Launch a free-tier VM in OCI with the following configuration:

  • OS: Oracle Linux (I am using VM.Standard.A1.Flex)

  • Subnet: Public Subnet

  • Ports Open: 80 (HTTP) and 443 (HTTPS)

Once the VM is running, connect via SSH and switch to the root user:

sudo su -

Update system packages: This might take some time, So sip a coffee !

dnf update -y

Install Nginx:

dnf install nginx -y

Start and enable Nginx:

systemctl start nginx
systemctl enable nginx

Verify Nginx is running:

systemctl status nginx

Allow HTTP and HTTPS traffic in the firewall:

firewall-cmd --permanent --zone=public --add-service=http
firewall-cmd --permanent --zone=public --add-service=https
firewall-cmd --reload

Note: Before moving to next steps, go to your domain provider and add an "A" record in the DNS settings with the Public IP address of the compute instance so that the VM is mapped to the domain.

Note: DNS changes may take a few hours to propagate.

Step 2: Configure Nginx as a Reverse Proxy

Create a new configuration file for your domain:

vi /etc/nginx/conf.d/example.conf

Add the following configuration: (with this configuration you will get ORDS landing page and for the particular APEX app I have added a location /domain block in the next steps after letsencrypt setup.)

server {
    server_name ex.example.com; # Replace domain name e.g : apex.yourcompany.com 

    location / {
        rewrite ^/$ /ords permanent;
    }

    location /ords/ {
        proxy_pass https://your-apex-adb-url/ords/; # Replace e.g: abc123.db.eu-frankfurt-1.oraclecloudapps.com 
        proxy_set_header Origin "";
        proxy_set_header X-Forwarded-Host $host:$server_port;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_set_header X-Real-IP $remote_addr;
        proxy_set_header X-Forwarded-Proto $scheme;
    }

    location /i/ {
        proxy_pass https://your-apex-adb-url/i/; # Replace e.g: abc123.db.eu-frankfurt-1.oraclecloudapps.com 
        proxy_set_header X-Forwarded-Host $host;
        proxy_set_header X-Real-IP $remote_addr;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
    }
}

Check the configuration:

nginx -t

Restart Nginx:

systemctl restart nginx

Step 3: Secure the Domain with Let's Encrypt SSL

Install Certbot and the Nginx plugin:

pip3 install certbot
pip3 install certbot-nginx

Important: Ensure your domain’s A record has propagated (use ping ex.example.com to verify the IP resolves correctly).

Run Certbot to obtain and install an SSL certificate:

certbot --nginx

This will automatically update your Nginx configuration to include SSL certificates. The final configuration file will look like this: (note: I have added a location /domain/ block for my apex app)

server {
    server_name ex.example.com; # Replace domain name e.g : apex.yourcompany.com

    location / {
        rewrite ^/$ /ords permanent;
    }

    location /ords/ {
        proxy_pass https://your-apex-adb-url/ords/; 
        proxy_set_header Origin "";
        proxy_set_header X-Forwarded-Host $host:$server_port;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_set_header X-Real-IP $remote_addr;
        proxy_set_header X-Forwarded-Proto $scheme;
    }
# Optional: Custom path for your APEX app (e.g., https://ex.example.com/ex/ redirects to your app’s login)
# Replace "your-adb-name" and "apex-app-name" with your actual ADB and APEX app details.
    location /ex/ {
        proxy_pass https://your-apex-adb-url/ords/r/your-adb-name/apex-app-name/login/;
        proxy_set_header Origin "";
        proxy_set_header X-Forwarded-Host $host:$server_port;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_set_header X-Real-IP $remote_addr;
        proxy_set_header X-Forwarded-Proto $scheme;
    }

    location /i/ {
        proxy_pass https://your-apex-adb-url/i/;
        proxy_set_header X-Forwarded-Host $host;
        proxy_set_header X-Real-IP $remote_addr;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
    }

    listen 443 ssl; # managed by Certbot
    ssl_certificate /etc/letsencrypt/live/ex.example.com/fullchain.pem;
    ssl_certificate_key /etc/letsencrypt/live/ex.example.com/privkey.pem;
    include /etc/letsencrypt/options-ssl-nginx.conf;
    ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem;
}

server {
    if ($host = ex.example.com) {
        return 301 https://$host$request_uri;
    }
    server_name ex.example.com;
    listen 80;
    return 404;
}

Restart Nginx to apply the changes:

systemctl restart nginx

Step 4: Fix 502 Bad Gateway Error (If Needed)

If you encounter a 502 Bad Gateway error, check the audit logs:

cat /var/log/audit/audit.log | grep nginx | grep denied | audit2allow -M apex_proxy

Apply the SELinux policy module: SELinux might block Nginx from proxying requests. This command creates a policy to allow it.

semodule -i apex_proxy.pp

Restart Nginx:

systemctl restart nginx

Conclusion

You have successfully configured Nginx as a reverse proxy for an Oracle APEX application hosted on an Autonomous Database. Additionally, you secured your application with an SSL certificate from Let's Encrypt. Your APEX application is now accessible using your custom domain!

If you encounter any issues, check the logs:

journalctl -u nginx --no-pager | tail -50

Enjoy your custom domain setup for Oracle APEX!

0
Subscribe to my newsletter

Read articles from Kanan Vadgama directly inside your inbox. Subscribe to the newsletter, and don't miss out.

Custom Domain#oracle-apexOracle Autonomous DatabasenginxLet's Encrypt

Written by

Kanan Vadgama
Kanan Vadgama

My name is Kanan and I’m an AWS Cloud Architect. My journey in the world of cloud computing began with a fascination for technology and a passion for problem-solving. The cloud landscape is ever-evolving, and I thrive on the challenges and opportunities it presents. I am passionate about helping organizations leverage the full potential of AWS to innovate, scale, and achieve their goals.