Home -> Mailing Lists -> Oracle-L -> Re: ***UNCHECKED*** Oracle Cloud APEX and Lets Encrypt

Re: ***UNCHECKED*** Oracle Cloud APEX and Lets Encrypt

From: Tim Hall <tim_at_oracle-base.com>
Date: Thu, 5 Mar 2020 19:02:32 +0000
Message-ID: <CAP=5zEiNetKkpNwMaY-A1dk_3NgRCvzH=JmZWPyxQeT4gZdE4g_at_mail.gmail.com> 








Sorry. I hit send a little early...



Let's Encrypt works on a challenge-response type thing, so the location you
end up at must be valid for read/write, which is why most people do it with
Apache or Nginx acting like a proxy. You do get a key and a cert, so you
could put them somewhere else, but it needs to be refreshed every 30 days,
so this is going to be a pain unless you can automate that yourself, and
you need to make sure the challenge gets routed to the correct place.



Cheers



Tim...



On Thu, Mar 5, 2020 at 6:58 PM Tim Hall <tim_at_oracle-base.com> wrote:



> Hi.

>

> Currently, you have to put something in front. Either a compute instance


> acting as a reverse proxy, or a load balancer I guess. From what you've

> said I assume you already know how to do this, but this is an example of

> using Let's Encrypt.

>

>

> https://oracle-base.com/articles/linux/letsencrypt-free-certificates-on-oracle-linux

>

>

> I recently did this myself on the free tier. :)

>

> I've heard tell that allowing a vanity URL for APEX is something in the

> pipeline for the cloud database services, but I'm not sure how far the line

> that is, and I'm not sure if it will support Let's Encrypt. I'm guessing

> not.

>

> Cheers

>

> Tim...

>

> On Thu, Mar 5, 2020 at 5:43 PM Ethan Post <post.ethan_at_gmail.com> wrote:

>

>> Chicken-egg problem here.

>>

>> To use vanity urls in oracle cloud APEX I need a cert for the load

>> balancer. I can't generate a cert with Lets Encrypt unless I own the web

>> server. I could possibly generate a cert on another platform and then use

>> it. Maybe that is solution but not sure if cert is somehow tied to anything

>> I don't know about. Then refreshing the cert still becomes issue.

>>

>> Is there a way to do above that I am missing? Maybe another free cert

>> provider?

>>

>> The other option is to stand up a compute instance and install a web

>> server and use as reverse proxy to APEX. I see Dmitri Gielis's articles on

>> this and can do if required.

>>

>> Thanks,

>> Ethan

>> e-t-h-a-n.com

>>

>



--
http://www.freelists.org/webpage/oracle-l


Received on Thu Mar 05 2020 - 20:02:32 CET












Original text of this message