Question

我在docker中设置了一个Oracle SSL实例。

我正在使用此泊坞窗图片： https://hub.docker.com/r/rafaelmariotti/oracle-ee-11g/

设置好docker机器等后，运行如下的实例： $ docker run -d -p 1521：1521 -p 2484：2484 d03c4f0a4743

然后我进入docker实例： $ docker exec -it xxxxxxxxxx / bin / bash

修改了listener.ora文件：

LISTENER =

  (DESCRIPTION_LIST =

    (DESCRIPTION =
      (ADDRESS = (PROTOCOL = IPC)(KEY = EXTPROC1521))
      (ADDRESS = (PROTOCOL = TCP)(HOST = )(PORT = 1521))
    )
    #(DESCRIPTION =
    #  (ADDRESS = (PROTOCOL = TCPS)(HOST = )(PORT = 2484))
    #)
)

ADR_BASE_LISTENER = /home/oracle/app/oracle

该行以我添加的＃行开头，但未在实际文件中注释掉。

如果我连接到实例，端口1521返回正确，但端口2484直接返回： IO错误：连接重置 java.net.SocketException：连接重置

但如果我通过将TCPS替换为TCP

来更改添加的行

(ADDRESS = (PROTOCOL = TCP)(HOST = )(PORT = 2484))

然后错误就像ORA-xxxxx

所以似乎PROTOCOL = TCPS带来了问题

有人可以帮忙吗？

谢谢！

Answer 1

最后我找到了解决方案：

我需要添加正确的钱包位置并正确设置钱包内容。这就是全部

Answer 2

我使用

为12c运行了docker实例

docker run -t -p 1532:1532 -p 1521:1521 -e ORACLE_SID=APITST -e ORACLE_PWD=pswd -v /Users/apuliyeril/anilfolder/docker/mounts/oracle:/opt/oracle/oradata oracle/database:12.1.0.2-ee

使用

连接到实例

docker exec -it friendly_khorana /bin/bash

追随创建钱包

orapki wallet create -wallet /opt/oracle/admin/APITST/xdb_wallet -pwd WalletPasswd123 -auto_login_local
orapki wallet add -wallet /opt/oracle/admin/APITST/xdb_wallet  -pwd WalletPasswd123   -dn "CN=`hostname`" -keysize 1024 -self_signed -validity 3650
orapki wallet display -wallet /opt/oracle/admin/APITST/xdb_wallet -pwd WalletPasswd123
orapki wallet export -wallet /opt/oracle/admin/APITST/xdb_wallet -pwd WalletPasswd123 -dn "CN=`hostname`" -cert /tmp/15e31b633912-certificate.crt

将.ora文件编辑为

==> listener.ora <==

SSL_CLIENT_AUTHENTICATION = FALSE

WALLET_LOCATION =
  (SOURCE =
    (METHOD = FILE)
    (METHOD_DATA =
      (DIRECTORY = /opt/oracle/admin/APITST/xdb_wallet)
    )
  )

LISTENER =
(DESCRIPTION_LIST =
  (DESCRIPTION =
    (ADDRESS = (PROTOCOL = IPC)(KEY = EXTPROC1))
    (ADDRESS = (PROTOCOL = TCP)(HOST = 0.0.0.0)(PORT = 1521))
  )
  (DESCRIPTION =
     (ADDRESS = (PROTOCOL = TCPS)(HOST = 0.0.0.0)(PORT = 1532))
   )
)

DEDICATED_THROUGH_BROKER_LISTENER=ON
DIAG_ADR_ENABLED = off

==> sqlnet.ora <==

WALLET_LOCATION =
   (SOURCE =
     (METHOD = FILE)
     (METHOD_DATA =
       (DIRECTORY = /opt/oracle/admin/APITST/xdb_wallet)
     )
   )

SQLNET.AUTHENTICATION_SERVICES = (TCPS,NTS,BEQ)
SSL_CLIENT_AUTHENTICATION = FALSE
SSL_CIPHER_SUITES = (SSL_RSA_WITH_AES_256_CBC_SHA, SSL_RSA_WITH_3DES_EDE_CBC_SHA)

==> tnsnames.ora <==

APITST=
(DESCRIPTION =
  (ADDRESS = (PROTOCOL = TCPS)(HOST = 0.0.0.0)(PORT = 1521))
  (CONNECT_DATA =
    (SERVER = DEDICATED)
    (SERVICE_NAME = APITST)
  )
)

与sqldeveloper连接

keytool -import -trustcacerts -alias oracle3 -file 15e31b633912-certificate.crt -keystore /u01/keystore/OracleTrustStore.jks

更新SqlDeveloper.conf /Applications/SQLDeveloper.app/Contents/Resources/sqldeveloper/sqldeveloper/bin/sqldeveloper.conf

AddVMOption -Djavax.net.ssl.trustStore=/u01/keystore/OracleTrustStore.jks
AddVMOption -Djavax.net.ssl.trustStorePassword=welcome1234
AddVMOption -Djavax.net.ssl.trustStoreType=JKS

要从sqldevloper连接，请重新启动sqldeveloper并在sqldeveloper中使用进阶选项

连接重置：在docker中设置Oracle SSL

2 个答案: