ssh免密,改端口,禁用root登录
防火墙配置
添加用户,赋权
Oracle 数据库本次是四个对应不同连接
Oracle 19c数据库 test162 (非CDB/PDB模式)
Oracle 19c数据库 testdb (CDB/PDB模式 165)
Oracle 19c数据库 test163 (CDB/PDB模式)
Oracle 19c数据库 test164 (CDB/PDB模式)
Oracle 驱动环境Oracle Client 下载 - 官方安装参考
SQLcl (可选) 官方文档
jdk-16 Oracle JDK 下载
tomcat-9.0.45 Tomcat 9 下载
nginx-1.19.9 下载 wget http://nginx.org/download/nginx-1.19.10.tar.gz
检查 Oracle字符集 NLS_CHARACTERSET AL32UTF8 后面会涉及到中文乱码
select * from nls_database_parameters where parameter like '%CHARACTERSET%';
配置多个数据库
test162 对应url http://xxxx.com/edex/test162/f?p=4000
testdb 对应url http://xxxx.com/edex/testdb/f?p=4000
test163 对应url http://xxxx.com/edex/test163/f?p=4000
test164 对应url http://xxxx.com/edex/test164/f?p=4000
Oracle
rpm -ivh jdk-16_linux-x64_bin.rpm
find / -name jav*
...
/usr/java/jdk-16/bin/java
...
<!--设置环境变量-->
vim /etc/profile
...
export JAVA_HOME="/usr/java/jdk-16"
export JAVA_BIN=$JAVA_HOME/bin
export PATH=$JAVA_BIN:$JAVA_HOME:$PATH
unzip apache-tomcat-9.0.45.zip
<!--创建tomcat运行用户-->
useradd -d /opt/tomcat -s /bin/nologin tomcat
mv ./apache-tomcat-9.0.45 /opt/tomcat
chown -R tomcat:tomcat /opt/tomcat
<!--设置环境变量-->
vim /etc/profile
...
export CATALINA_HOME=/opt/tomcat
export CATALINA_BASE=/opt/tomcat
1.设置tomcat后台进程及自启 参考
vim /etc/systemd/system/tomcat.service
TODO 参数可能要改
[Unit]
Description=Apache Tomcat 9 Servlet Container
Wants=network.target
After=network.target
[Service]
User=tomcat
Group=tomcat
Type=forking
UMask=0007
RestartSec=10
Environment=CATALINA_PID=/opt/tomcat/tomcat.pid
Environment=CATALINA_HOME=/opt/tomcat
Environment=CATALINA_BASE=/opt/tomcat
Environment=JAVA_HOME=/usr/java/jdk-16
Environment='CATALINA_OPTS=-Xms512M -Xmx1G -Djava.net.preferIPv4Stack=true'
Environment='JAVA_OPTS=-server -Xms4096m -Xmx4096m -XX:PermSize=256M -XX:MaxNewSize=512m -XX:MaxPermSize=512m -Djava.awt.headless=true'
ExecStart=/u01/tomcat/bin/startup.sh
ExecStart=/opt/tomcat/bin/startup.sh
ExecStop=/opt/tomcat/bin/shutdown.sh
SuccessExitStatus=143
Restart=on-failure
[Install]
WantedBy=multi-user.target
优化
rm -rf /opt/tomcat/webapps/manager /opt/tomcat/webapps/host-manager
rm -rf ../webapps/docs ../webapps/examples
Server.xml 配置 vim /opt/tomcat/conf/server.xml
...
<Service name="Catalina">
<Connector port="8080" protocol="HTTP/1.1"
connectionTimeout="20000"
scheme="https"
redirectPort="8443" /> <!--奇奇怪怪的oauth2回调跳转 -->
...
<Host name="localhost" appBase="webapps"
unpackWARs="true" autoDeploy="true">
<Valve className="org.apache.catalina.valves.AccessLogValve" directory="logs"
prefix="localhost_access_log" suffix=".txt"
pattern="%h %l %u %t "%r" %s %b" />
<!-- nginx配置-->
<Valve className="org.apache.catalina.valves.RemoteIpValve"
remoteIpHeader="X-Forwarded-For"
protocolHeader="X-Forwarded-Proto"
internalProxies="127\.0\.0\.1|10\.x\.x\.x"/> <!--nginx服务器地址 -->
</Host>
...
Oracle Client 下载 - 官方安装参考 - Oracle Client Sqlplus 下载
mkdir /opt/oracle_client
mv /home/xxxx/instantclient-basic-linux.x64-21.1.0.0.0.zip /opt/oracle_client
<!-- sqlplus-->
mv /home/xxxx/instantclient-sqlplus-linux.x64-21.1.0.0.0.zip /opt/oracle_client
unzip instantclient-basic-linux.x64-21.1.0.0.0.zip
unzip instantclient-sqlplus-linux.x64-21.1.0.0.0.zip
yum install libaio
sh -c "echo /opt/oracle_client/instantclient_21_1 >/etc/ld.so.conf.d/oracle-instantclient.conf"
ldconfig
<!--设置环境变量-->
vim /etc/profile
...
export PATH=$JAVA_BIN:$JAVA_HOME:$PATH:/opt/oracle_client/instantclient_21_1
官方文档 - Oracle-base 文档 - SQLcl这个可爱的小工具,来了解一下呀~ 微信
unzip sqlcl-20.4.2.35.2359.zip
mv sqlcl /opt/sqlcl
<!--设置环境变量-->
vim /etc/profile
...
export PATH=$JAVA_BIN:$JAVA_HOME:$PATH:/opt/oracle_client/instantclient_21_1:/opt/sqlcl/bin
<!--test-->
sql sys/我是密码@x.x.x.x:x/testpdb as SYSDBA
<!--或者-->
sql hr/我是密码@x.x.x.x:x/testpdb
CDB/PDB模式 PBD 本地安装apex
<!--创建pdb-->
CREATE PLUGGABLE DATABASE testdb ADMIN USER admin IDENTIFIED BY "w}RZJVCrzd" FILE_NAME_CONVERT=('pdbseed','testdb');
<!--打开pdb-->
ALTER PLUGGABLE DATABASE testdb OPEN;
<!--删除CDB中的apex-->
@apxremov.sql
<!--激活pdb-->
ALTER SESSION SET CONTAINER = testdb;
<!--PDB安装apex-->
@apexins.sql SYSAUX SYSAUX TEMP /i/
<!--验证apex安装结果-->
begin
sys.dbms_utility.compile_schema( 'APEX_190200', false );
sys.dbms_utility.compile_schema( 'FLOWS_FILES', false );
end;
select app_name, app_version, app_status from dba_applications where app_name = 'APEX';
select app_name, app_statement, errornum, errormsg from dba_app_errors where app_name = 'APEX';
用户 | 环境 | 密码 | 备注 |
---|---|---|---|
APEX_PUBLIC_USER | testdb(165) | S9dFCaUaC | 最低特权帐户用于通过ords和Oracle进行Application Express配置mod_plsql。 |
非CDB/PDB模式安装apex
<!--非PDB模式 安装apex -->
@apexins.sql SYSAUX SYSAUX TEMP /i/
<!--验证apex安装结果-->
<!-- 设置 APEX_PUBLIC_USER -->
ALTER USER APEX_PUBLIC_USER IDENTIFIED BY S9dFCaUa ACCOUNT UNLOCK;
用户 | 环境 | 密码 | 备注 |
---|---|---|---|
APEX_PUBLIC_USER | test162 | S9dFCaUaC | 最低特权帐户。 |
设置internal工作区admin用户,配置RESTful服务
<!-- PDB模式切换SESSION-->
ALTER SESSION SET CONTAINER = testdb;
<!--设置 INTERNAL 工作区的admin用户及密码-->
@apxchpwd.sql
<!-- PDB模式关闭SESSION-->
ALTER SESSION SET CONTAINER = testdb;
<!--配置RESTful服务-->
@apex_rest_config.sql
安装中文支持
<!--如果需要 PDB模式 切换库(PDB)-->
ALTER SESSION SET CONTAINER = xxxxxxx;
############################ 注意 是APEX_190200用户 ############################
<!--PDB模式 切换SCHEMA -->
ALTER SESSION SET CURRENT_SCHEMA = APEX_190200;
<!--安装中文支持-->
@/u01/apex/builder/zh-cn/load_zh-cn.sql
APEX打补丁
unzip p30392181_1920_Generic.zip
cat 30392181/README.txt
按照说明执行
...
sqlplus "sys/ as sysdba"
<!--切SESSION -->
<!--以下任选其一-->
1. @catpatch.sql -- 适用于Oracle数据库11.2及更早版本,适用于非CDB,以及APEX没有安装在根目录下的CDB
2. @catpatch_con.sql -- for CDB where Application Express is installed in the root
3. @catpatch_appcon.sql -- for installations where Application Express is installed in an application container
...
验证补丁
select APEX_INSTANCE_ADMIN.GET_PARAMETER( 'APEX_19_2_0_PATCH_30392181' ) from dual;
备注留用
<!--删除Apex-->
@apxremov.sql
<!--执行后必须关闭SQL*Plus 重新打开-->
<!--关闭pdb-->
ALTER PLUGGABLE DATABASE testdb CLOSE;
<!--删除pdb-->
DROP PLUGGABLE DATABASE testdb INCLUDING DATAFILES;
Apex ACl 配置
ALTER SESSION SET CONTAINER = testDB;
declare
l_acl_name varchar2(30) := 'HttpsServiceACLConfig.xml';
l_principal varchar2(20) := 'APEX_190200';
begin
begin
dbms_network_acl_admin.drop_acl(acl => l_acl_name);
exception
when others then
null; -- ACL does not exist yet
end;
dbms_network_acl_admin.create_acl(
acl => l_acl_name
, description => 'ding ding https'
, principal => l_principal
, is_grant => true
, privilege => 'connect'
, start_date => systimestamp
, end_date => null
);
dbms_network_acl_admin.add_privilege(
acl => l_acl_name
, principal => l_principal
, is_grant => true
, privilege => 'resolve'
, start_date => systimestamp
, end_date => null
);
-- 添加钉钉
dbms_network_acl_admin.assign_acl(
acl => l_acl_name
, host => '*.dingtalk.com'
, lower_port => 443
, upper_port => 443
);
-- 添加
dbms_network_acl_admin.assign_acl(
acl => l_acl_name
, host => '*.oracle.com'
, lower_port => 443
, upper_port => 443
);
-- 删除
-- DBMS_NETWORK_ACL_ADMIN.UNASSIGN_ACL(host =>'*.oracle.com');
commit;
end;
Apex wallet 配置
cd $ORACLE_HOME
pwd
<!--创建wallet目录-->
mkdir wallets
<!--创建wallet-->
orapki wallet create -wallet /xx/xx/xx/xx/xxx/xxx/wallets/https_wallet -pwd xxxxxxxx -auto_login
<!--复制证书--> # 可以参考 7. 服务器验证证书 第一个 ---BEGIN CERTIFICATE---END CERTIFICATE---
<!--授权-->
chown -R oracle:oinstall /u01/ssl
<!--添加证书-->
orapki wallet add -wallet /xx/xx/xx/xx/xxx/xxx/wallets/https_wallet -trusted_cert -cert "/u01/ssl/sts.cer" -pwd xxxxxxxx
<!--查看wallet-->
orapki wallet display -wallet /xx/xx/xx/xx/xxx/xxx/wallets/https_wallet
<!--清空wallet-->
orapki wallet remove -wallet /xx/xx/xx/xx/xxx/xxx/wallets/https_wallet -trusted_cert_all -pwd xxxxx
验证https
select
apex_web_service.make_rest_request(p_url=>'https://xxxxx.xxxx.com/adfs/oauth2/token',
p_http_method => 'GET',
p_wallet_path => 'file:/xx/xx/xx/xx/xxx/xxx/wallets/https_wallet')
from dual;
8.1. 正常请求post接口
```sql
declare
l_clob1 clob;
l_response_json_clob clob;
L_1 clob := '';
begin
apex_json.initialize_clob_output;
apex_json.open_object;
apex_json.write('AppId', '');
apex_json.write('AppSecret', 'B');
apex_json.open_array('Email');
for i in 1..2
loop
apex_json.open_object;
apex_json.write('from', '@.com');
apex_json.write('to', '@.com');
apex_json.write('subject', '下');
apex_json.write('body', L_1);
apex_json.close_object;
end loop;
apex_json.close_array;
apex_json.close_object;
l_clob1 := apex_json.get_clob_output;
apex_json.free_output;
apex_web_service.g_request_headers(1).name := 'Content-Type';
apex_web_service.g_request_headers(1).VALUE := 'application/json';
l_response_json_clob := apex_web_service.make_rest_request(
p_url => 'http://xxxx/api/EmailSender/SendEmail',
p_http_method => 'POST',
p_body => l_clob1);
apex_debug.warn(l_response_json_clob);
end;
```
服务器验证证书
openssl s_client -connect www.dingtalk.com:443 -tls1 -showcerts
...
CONNECTED(00000003)
depth=2 C = BE, O = GlobalSign nv-sa, OU = Root CA, CN = GlobalSign Root CA
verify return:1
depth=1 C = BE, O = GlobalSign nv-sa, CN = GlobalSign Organization Validation CA - SHA256 - G2
verify return:1
depth=0 C = CN, ST = ZheJiang, L = HangZhou, O = "Alibaba (China) Technology Co., Ltd.", CN = *.dingtalk.com
verify return:1
---
Certificate chain
0 s:/C=CN/ST=ZheJiang/L=HangZhou/O=Alibaba (China) Technology Co., Ltd./CN=*.dingtalk.com
i:/C=BE/O=GlobalSign nv-sa/CN=GlobalSign Organization Validation CA - SHA256 - G2
-----BEGIN CERTIFICATE-----
MIIGYDCCBUigAwIBAgIMCZwLPIt+KS8mrSqZMA0GCSqGSIb3DQEBCwUAMGYxCzAJ
......
Dn6XwwJTuLDHvdZhE54cswjBpc0OizT63hRg6X+C5syJB8CKLSJxJGmPThWuNbpI
MVUwRA==
-----END CERTIFICATE-----
1 s:/C=BE/O=GlobalSign nv-sa/CN=GlobalSign Organization Validation CA - SHA256 - G2
i:/C=BE/O=GlobalSign nv-sa/OU=Root CA/CN=GlobalSign Root CA
-----BEGIN CERTIFICATE-----
MIIEaTCCA1GgAwIBAgILBAAAAAABRE7wQkcwDQYJKoZIhvcNAQELBQAwVzELMAkG
.....
SOlCdjSXVWkkDoPWoC209fN5ikkodBpBocLTJIg1MGCUF7ThBCIxPTsvFwayuJ2G
K1pp74P1S8SqtCr4fKGxhZSM9AyHDPSsQPhZSZg=
-----END CERTIFICATE-----
---
Server certificate
subject=/C=CN/ST=ZheJiang/L=HangZhou/O=Alibaba (China) Technology Co., Ltd./CN=*.dingtalk.com
issuer=/C=BE/O=GlobalSign nv-sa/CN=GlobalSign Organization Validation CA - SHA256 - G2
---
No client certificate CA names sent
Server Temp Key: ECDH, P-256, 256 bits
---
SSL handshake has read 3453 bytes and written 315 bytes
---
New, TLSv1/SSLv3, Cipher is ECDHE-RSA-AES128-SHA
Server public key is 2048 bit
Secure Renegotiation IS supported
Compression: NONE
Expansion: NONE
No ALPN negotiated
SSL-Session:
Protocol : TLSv1
Cipher : ECDHE-RSA-AES128-SHA
Session-ID: 795C7128D1F65CD328662802B1DCD0DC2D753A185568EE1A9BC9ED8172078942
Session-ID-ctx:
Master-Key: B5BE8CAF4C8CE29D0945324B39FEDC3E40B293DD7A5B8395248169B8AAC3587134E6D3B9D0ADFA75E3ADFB251233185D
Key-Arg : None
Krb5 Principal: None
PSK identity: None
PSK identity hint: None
TLS session ticket lifetime hint: 600 (seconds)
TLS session ticket:
0000 - 86 a7 5b 81 b5 e0 db 84-29 fd 41 bd cb 2c 65 fc ..[.....).A..,e.
Start Time: 1585991577
Timeout : 7200 (sec)
Verify return code: 0 (ok)
-1. 注意如果是多个环境需要验证下ords的版本 java -jar edex.war version
设置URL前缀
<!--xxxx.com/ords 将变成 xxxx.com/edex-->
cp ords.war edex.war
0.1. 安装或升级 ordsjava -jar edex.war schema --database test162
添加数据库 test162 官方提示说明
<!--配置ords连接数据库 test162-->
java -jar edex.war setup --database test162
[root@xxxxx ords]# java -jar edex.war setup --database test162
Specify the database connection type to use.
Enter number for [1] Basic [2] TNS [3] Custom URL [1]:
Enter the name of the database server [localhost]:10.x.x.x
Enter the database listen port [1521]:xxxx
Enter 1 to specify the database service name, or 2 to specify the database SID [1]:
Enter the database service name:edextest164
Enter 1 if you want to verify/install Oracle REST Data Services schema or 2 to skip this step [1]:
Enter the database password for ORDS_PUBLIC_USER:
Confirm password:
Requires to login with administrator privileges to verify Oracle REST Data Services schema.
Enter the administrator username:sys
Enter the database password for SYS AS SYSDBA:
Confirm password:
Connecting to database user: SYS AS SYSDBA url: jdbc:oracle:thin:@//10.x.x.x:xxxx/edextest164
Retrieving information.
Enter the default tablespace for ORDS_METADATA [SYSAUX]:
Enter the temporary tablespace for ORDS_METADATA [TEMP]:
Enter the default tablespace for ORDS_PUBLIC_USER [SYSAUX]:
Enter the temporary tablespace for ORDS_PUBLIC_USER [TEMP]:
Enter 1 if you want to use PL/SQL Gateway or 2 to skip this step.
If using Oracle Application Express or migrating from mod_plsql then you must enter 1 [1]:
Enter the PL/SQL Gateway database user name [APEX_PUBLIC_USER]:
Enter the database password for APEX_PUBLIC_USER:
Confirm password:
Enter 1 to specify passwords for Application Express RESTful Services database users (APEX_LISTENER, APEX_REST_PUBLIC_USER) or 2 to skip this step [1]:
Enter the database password for APEX_LISTENER:
Confirm password:
Enter the database password for APEX_REST_PUBLIC_USER:
Confirm password:
Enter a number to select a feature to enable:
[1] SQL Developer Web (Enables all features)
[2] REST Enabled SQL
[3] Database API
[4] REST Enabled SQL and Database API
[5] None
Choose [1]:
2021-04-15T07:36:18.280Z INFO reloaded pools: [|test162||, |test162|al|, |test162|pu|, |test162|rt|, |test163||, |test163|al|, |test163|pu|, |test163|rt|, |test164||, |test164|al|, |test164|rt|, |test164|pu|]
Installing Oracle REST Data Services version 20.4.3.r0501904
... Log file written to /root/ords_install_core_2021-04-15_153618_00432.log
... Verified database prerequisites
... Created Oracle REST Data Services proxy user
... Created Oracle REST Data Services schema
... Granted privileges to Oracle REST Data Services
... Created Oracle REST Data Services database objects
... Log file written to /root/ords_install_datamodel_2021-04-15_153629_00290.log
... Log file written to /root/ords_install_apex_2021-04-15_153630_00155.log
Completed installation for Oracle REST Data Services version 20.4.3.r0501904. Elapsed time: 00:00:12.659
配置指向 如:xxx.com/edex/test162
将指向 test162这个数据库
java -jar edex.war map-url --type base-path /test162 test162
添加Ords相关配置(实测影响挺大的.) 官方文档
ls /opt/ords/conf/ords/
conf/ credentials defaults.xml standalone/
vim /opt/ords/conf/ords/defaults.xml
...
<entry key="debug.printDebugToScreen">false</entry>
<entry key="feature.sdw">true</entry>
<entry key="apex.jdbc.AbandonedConnectionTimeout">1900</entry>
<entry key="apex.jdbc.DriverType">thin</entry>
<entry key="apex.jdbc.InactivityTimeout">2000</entry>
<entry key="apex.jdbc.InitialLimit">16</entry>
<entry key="apex.jdbc.MaxConnectionReuseCount">50000</entry>
<entry key="jdbc.MaxLimit">300</entry>
<entry key="jdbc.MinLimit">130</entry>
<entry key="jdbc.cleanup.mode">recycle</entry>
<entry key="plsql.gateway.add">true</entry>
<entry key="restEnabledSql.active">true</entry>
<entry key="instance.api.enabled">true</entry>
...
安装基础环境
GCC编辑器 yum install -y gcc
gcc-c++ 自定义Nginx Http模块yum install -y gcc-c++
PCRE 函数库支持正则表达式 yum install -y pcre pcre-devel
zlib HTTP包gzip压缩yum install -y zlib zlib-devel
OpenSSL 开发库Https支持 yum install -y openssl openssl-devel
解压tar -zxvf nginx-1.19.10.tar.gz
参数说明见官网文档
--with-debug
--with-http_ssl_module
--with-http_v2_module
--with-http_realip_module
--with-http_gzip_static_module
--with-http_stub_status_module
--with-http_sub_module
cd nginx-1.19.10
<!--编译三部曲-->
./configure --with-debug --with-http_ssl_module --with-http_v2_module --with-http_realip_module --with-http_gzip_static_module --with-http_stub_status_module --with-http_sub_module
<!--查看编译后的插件-->
cat auto/options | grep YES --color
make
4.1. 升级
备份旧版本和配置文件(可选)
mv /usr/local/nginx/sbin/nginx /usr/local/nginx/sbin/nginx_old mv /usr/local/nginx/conf/nginx.conf /usr/local/nginx/conf/nginx.conf.old
拷贝新版本 cp ./objs/nginx /usr/local/nginx/sbin/nginx
验证配置文件 /usr/local/nginx/sbin/nginx -t
通知正在运行的Nginx kill -s SIGUSR2
退出旧版本 kill -s SIGQUIT <旧版本Nginx master pid>
清理旧版本
4.2. 新安装 make install
nginx配置
user nginx;
worker_processes auto;
error_log logs/error.log error;
#error_log logs/error.log notice;
#error_log logs/error.log info;
pid logs/nginx.pid;
events {
worker_connections 5000;
}
http {
server_tokens off;# 隐藏版本号
charset UTF-8;
include mime.types;
default_type application/octet-stream;
log_format main '$remote_addr - $remote_user [$time_local] "$request" '
'$status $body_bytes_sent "$http_referer" '
'"$http_user_agent" "$http_x_forwarded_for"';
log_format timing '$remote_addr - $remote_user [$time_local] $request'
'upstream_response_time $upstream_response_time'
'msec $msec request_time $request_time';
log_format up_head '$remote_addr - $remote_user [$time_local] $request'
'upstream_http_content_type $upstream_http_content_type';
access_log logs/access.log main;
sendfile on;
#tcp_nopush on;
client_max_body_size 64M;
#keepalive_timeout 0;
keepalive_timeout 65;
gzip on;
gzip_min_length 1k;
gzip_buffers 4 16k;
#gzip_http_version 1.0;
gzip_comp_level 2;
gzip_types application/javascript text/plain application/-javascript image/jpeg image/gif image/png application/css text/css application/xml text/javascript
gzip_vary off;
gzip_disable "MSIE [1-6]\.";
gzip_static on;
gzip_proxied expired no-cache no-store private auth;
upstream backend {
ip_hash; # 文档 http://nginx.org/en/docs/http/ngx_http_upstream_module.html#ip_hash
server 10.x.x.x:8080;
server 10.x.x.x:8080 down;
server 10.x.x.x:8080;
}
server {
listen 80;
# 兼容旧的连接
location ^~ /ords/ {
rewrite ^/ords(.*)$ /edex/test162$1 redirect;
}
location ^~ /edex/ {
proxy_pass http://backend/edex/;
proxy_set_header Host $host;
proxy_set_header Origin "";
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Real-Port $remote_port;
#proxy_set_header Host $host;
proxy_set_header X-Forwarded-Server $host;
#proxy_redirect http://$host/ords/ https://$host/ords/;
#proxy_redirect off;
proxy_set_header X-Forwarded-Host $server_port;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
}
location /i/ {
root html;
}
error_page 500 502 503 504 /50x.html;
error_page 404 /404.html;
location = /50x.html {
root html;
}
}
}
拷贝apex静态文件 cp -fr /opt/tomcat/webapps/i /usr/local/nginx/html
SSL配置
server {
listen 443 ssl http2;
ssl_certificate /etc/nginx/certificate/crt_2021/wcom.crt;
ssl_certificate_key /etc/nginx/certificate/crt_2021/wcom.key;
ssl_session_cache shared:SSL:1m;
ssl_prefer_server_ciphers on;
使用Oauth2 认证时出现奇奇怪怪的重定向 如:redirect_uri=https://xx.xx.com:80/ords
解决办法 tomcat server.xml 配置 添加scheme="https"
<Connector port="8080" protocol="HTTP/1.1"
connectionTimeout="20000"
proxyPort="443"
scheme="https"
redirectPort="8443" />
本文章使用limfx的vscode插件快速发布