Set Up a Vanity Domain for Oracle Content Management Itself
You can configure a friendly management domain, a vanity domain to be used to access your Oracle Content Management web client, the desktop app, and the mobile apps. When you define a friendly management domain, users will still be able to access the web client using the original URL, but will be redirected to your friendly management domain automatically.
Complete the following steps to configure a friendly management domain:
- Depending on whether you use a CDN or a private instance, you'll configure your tenancy in different ways:
- Configure Oracle Content Management with Your Friendly Management Domain
- If you use a custom sign-in page, your friendly management domain must also be configured as an instance-level vanity domain.
- If you want to use your friendly management domain to access Oracle Content Management sites, your friendly management domain must also be configured as an instance-level vanity domain or a site-level vanity domain.
Configure Your CDN for Your Friendly Management Domain
Before your Oracle Content Management instance can function using your friendly management domain, your CDN needs to be configured to route those requests back to the Oracle Content Management origin unaltered.
Once Oracle Content Management is properly configured and ready to accept them, requests made using the friendly management domain will be routed according to the DNS entries to the CDN, and the CDN will forward the requests to Oracle Content Management properly. This is usually done using a CNAME entry in your DNS records. Consult your CDN for specific instructions.
For example, if your Oracle Content Management instance is accessed at a URL like https://myinstance.cec.ocp.oraclecloud.com/documents/home
and you want to access that site at https://www.example.com/documents/home
, the CDN must be configured to:
- Recognize the vanity domain:
https://www.example.com/
- Specify the origin Oracle Content Management instance using the vanity domain:
https://myinstance.cec.ocp.oraclecloud.com/
- Ensure the Forward Host Header matches the friendly management domain (details below)
- Ensure all calls to the server function by enabling the HTTP DELETE (with Body enabled), POST, PUT, and PATCH methods, which are often not enabled by default in CDN configurations
- Send the full request path to the origin Oracle Content Management instance:
https://myinstance.cec.ocp.oraclecloud.com/documents/home
After the CDN is configured properly, Oracle Content Management receives the request and responds to the CDN, which satisfies the request to the visitor's browser, showing only the friendly management domain and path: https://www.example.com/documents/home
.
The Forward Host Header is included on all requests made by your client. By default, it contains your instance's original host name (the origin domain). When you configure a friendly management domain, you must change the Forward Host Header so that your CDN knows to route requests to the friendly management domain back to the origin domain.
Depending on which CDN you use, this process will be done differently. Generally, you alter the rules that define your origin or you apply a behavior to requests passing through the CDN. Consult your CDN’s documentation for additional details.
Your CDN may provide you the option to hard code a custom Forward Host Header or simply pass through the Incoming Host Header that was sent by the client, Best practice is to hard code the custom Forward Host Header to the vanity domain you have selected. Although the pass through option will work, it may trigger warnings if you run a vulnerability test. Such a test may see this as an opportunity for a malicious user to alter the Forward Host Header and facilitate an attack. Oracle Content Management protects itself from this type of attack, but it's best to avoid the confusion such a finding may cause.
Next, configure Oracle Content Management with your friendly management domain.
Using a Friendly Management Domain in a Private Instance
This method works for a friendly management domain or an instance level vanity domain using standard paths. It doesn't work for an instance level vanity domain using short paths or for site level vanity domains, as both of those situations require a CDN to modify paths, and this method doesn't use a CDN.
You must complete the following prerequisites before you can set up a friendly management domain in your private instance:
- Create your private instance.
- Obtain an SSL certificate for your friendly management domain. For more information, see SSL Certificate for Load Balancers.
- Create a front-end public load balancer in your tenancy.
To set up a friendly management domain in your private instance:
- Create a private load balancer in your tenancy. This load balancer will be added as a backend to handle traffic for your friendly management domain.
- In the Create Load Balancer dialog, use the following settings for the Add Details section:
Field Setting Load Balancer Name Specify a friendly name. Choose Visibility Type Private Choose IP Address Type Leave the default—Ephemeral IP Address. Bandwidth Flexible Shapes Set the minimum and maximum bandwidths. The Oracle Content Management back-end private load balancer supports up to 400Mbps bandwidth.
Choose Networking - Select an available Virtual Cloud Network (VCN) or have the system create one for you.
- Select a regional subnet that has network access to the private load balancer IP through LPG peering.
Use Network Security Groups to Control Traffic Leave unchecked. Show Advanced Options Skip the advanced options. - Use the following settings for the Choose Backends section:
Field Setting Specify a Load Balancing Policy Weighted Round Robin Select Backend Servers Skip this setting. Specify Health Check Policy - Protocol : TCP
- Port: 443
- Interval in ms: 30000
- Timeout in ms: 10000
- Number of retries: 3
Use SSL Select this option to apply SSL. - SSL Certificate: Paste the full certificate chain for your friendly management domain certificate in PEM format.
- Specify CA Certificate: Paste the root CA certificate in PEM format.
- Specify Private Key: Paste the private key in PEM format.
Show Advanced Options Skip the advanced options. - Use the following settings for the Configure Listener section:
Field Setting Listener Name Specify a friendly name Specify the type of traffic your listener handles TCP Specify the port your listener monitors for ingress traffic 443 Use SSL Select this option to apply SSL. - SSL Certificate: Paste the full certificate chain for your friendly management domain certificate in PEM format.
- Specify CA Certificate: Paste the root CA certificate in PEM format.
- Specify Private Key: Paste the private key in PEM format.
Show Advanced Options Skip the advanced options. - Submit the settings to create the load balancer.
- After the private load balancer is created, note its IP address for the next step.
- In the Create Load Balancer dialog, use the following settings for the Add Details section:
- Add the private load balancer as a backend server to your front-end public load balancer.
- In the Add Backends dialog, choose IP Addresses, and enter the following settings:
Field Setting IP Address The IP address of the private load balancer you just created Port 443 Weight 100 - Add the backend.
- In the Add Backends dialog, choose IP Addresses, and enter the following settings:
- Check the health of the front-end public load balancer and the back-end private load balancer, making sure both are good.
- Add a DNS record for the friendly management domain.
- In the Add Record dialog, select type A.
- Enter the IP address of the private load balancer you just created.
- Submit and publish your changes.
- Update your firewall settings to ensure that any clients using this private instance of Oracle Content Management can reach
static.ocecdn.oraclecloud.com
. This domain is used to load common files for the web client, so if users don't have access to this domain, they won't be able to utilize the web client.
Next, configure Oracle Content Management with your friendly management domain.
Configure Oracle Content Management with Your Friendly Management Domain
After you've configured your tenancy, you're ready to configure Oracle Content Management with your friendly management domain.
-
After you sign in to the Oracle Content Management web application as a service administrator, click System in the Administration area of the navigation menu.
- In the System Settings drop-down menu, choose Domain.
- In the Friendly Management Domain box, enter the URL (for example,
content.example.com
) you want users to use to access Oracle Content Management. - It can take up to 30 minutes for Oracle Content Management to make the necessary back-end changes. During this time you won't be able to edit the setting, but users can continue to access your instance on the original domain. You must complete the next step before your friendly management domain will be available to users.
- When the process has completed, you'll receive an email notification with
the status of the change.
If the change was successful, the email will include a link to confirm that the redirect to the friendly management domain works as expected. You must validate the domain within 60 minutes or the change will be reverted. Once you validate the domain, Oracle Content Management will send an email to all users informing them that they can access your instance through the new friendly management domain.
If the change wasn't successful or doesn't work as expected, you can revert the change through the notification email or on the Domain page.
If necessary, perform these additional steps:
- If you use a custom sign-in page, your friendly management domain must also be configured as an instance-level vanity domain.
- If you want to use your friendly management domain to access Oracle Content Management sites, your friendly management domain must also be configured as an instance-level vanity domain or a site-level vanity domain.
To delete the friendly management domain, click Remove. Oracle Content Management will send an email to all users informing them that they should now access your instance through the original domain.