Running Oracle HTTP Server 12c with Privileged Port

Posted by Dirk Nachbar on Tuesday, November 08, 2016 with No comments
In some cases you need to configure a privileged port (less than 1024, typically port 80) within your Oracle HTTP Server 12c Instance.

At first create your Oracle HTTP Server Instance with the wlst tool:

cd $ORACLE_HOME/oracle_common/common/bin
Initializing WebLogic Scripting Tool (WLST) ...

Welcome to WebLogic Server Administration Scripting Shell

Type help() for help on available commands
# Connect to the WebLogic Domain with your weblogic user,
# password and correct host and port
wls:/offline>connect('weblogic','welcome01', 'localhost:7001')
Connecting to t3://localhost:7001 with userid weblogic ...
Successfully connected to Admin Server "FRAdminServer" that belongs to domain "fr_domain".

Warning: An insecure protocol was used to connect to the server. 
To ensure on-the-wire security, the SSL port or Admin port should be used instead.

# Provide a unique name for the instanceName and
# provide the Machine Name of your WebLogic Server Domain
# The Machine Name be found within the WebLogic Server Console
# under "Environment / Machine"
wls:/fr_domain/serverConfig/> ohs_createInstance(instanceName='ohs2', machine='AdminServerMachine')
Location changed to edit custom tree. This is a writable tree with No root.
For more help, use help('editCustom')

Starting an edit session ...
Started edit session, be sure to save and activate your changes once you are done.
Saving all your changes ...
Saved all your changes successfully.
Activating all your changes, this may take a while ... 
The edit lock associated with this edit session is released once the activation is completed.
Activation completed
OHS instance "ohs2" was successfully created.
wls:/fr_domain/serverConfig/> exit()

As next navigate to your $DOMAIN_HOME/config/fmwconfig/components/OHS/instances/<Your_OHS_InstanceName>/ directory and modify the httpd.conf file as follows:

# Search for the Listen Directive and align to port 80
Listen 80

The next step will be to change the permissions of the $ORACLE_HOME/ohs/bin/launch executable, login as root user to your Server and perform following steps

# Do a backup copy of the current launch executable
cd $ORACLE_HOME/ohs/bin
cp -p launch
# Change ownership to root
chown root launch
# Change permissions to 4750
chmod 4750 launch
ls -la launch
-rwsr-x---. 1 root oinstall 34073 Oct  5  2015 launch

Now we can start the Oracle HTTP Server Instance, connect as oracle user to your server and perform following steps:

# Start the above created Oracle HTTP Server Instance
# First time startup use the option "storeUserConfig"
# and provide the Node Manager password
# Afterwards you will not be prompted again,
# when you startup your Oracle HTTP Server Instance
./ ohs2 storeUserConfig
Starting system Component ohs2 ...

Initializing WebLogic Scripting Tool (WLST) ...

Welcome to WebLogic Server Administration Scripting Shell

Type help() for help on available commands

Reading domain from /u00/app/oracle/user_projects/domains/fr_domain
. . .
. . .
Successfully Connected to Node Manager.
Starting server ohs2 ...
Successfully started server ohs2 ...
Successfully disconnected from Node Manager.

Exiting WebLogic Scripting Tool.


Now your Oracle HTTP Server Instance is using a privileged port under UNIX.

Important Notice : If you are running multiple Oracle HTTP Server Instances from one ORACLE_HOME, lets say ohs1 Instance is running on a non privileged port 7777 and ohs2 is running on a privileged port 80, both Oracle HTTP Server Instances are running under root !!! As there is only one launch executable which is now under ownership root.