I am new to working with JBoss and I'm working on setting up a cluster to test with. I followed the directions from middleware to setup a JBoss Domain cluster on a single Linux VM using JBoss EAP 7.1.6. I am now trying to deploy a web application to my cluster using the admin console to test that the cluster is working.
I have created a simple hello world web app using liweinan's cluster demo source code that should display the current time. I tested the app and it displays correctly on a standalone cluster, but when I test my domain cluster I am seeing the page telling me that I need to disable the welcome content. What am I doing wrong? Is there something that also needs to be configured on the slaves?
Here is my jboss-web.xml in my application war:
<jboss-web>
<context-root>/</context-root>
</jboss-web>
In the host-master.xml the domain controller is:
<domain-controller>
<local/>
</domain-controller>
In the domain.xml file I have updated the interfaces to match the address of my machine. I also commented out the welcome content in the undertow.
<subsystem xmlns="urn:jboss:domain:undertow:4.0">
<buffer-cache name="default"/>
<server name="default-server">
<ajp-listener name="ajp" socket-binding="ajp"/>
<http-listener name="default" socket-binding="http" redirect-socket="https" enable-http2="true"/>
<https-listener name="https" socket-binding="https" security-realm="ApplicationRealm" enable-http2="true"/>
<host name="default-host" alias="localhost">
<!--<location name="/" handler="welcome-content"/>-->
<filter-ref name="server-header"/>
<filter-ref name="x-powered-by-header"/>
<http-invoker security-realm="ApplicationRealm"/>
</host>
</server>
<servlet-container name="default">
<jsp-config/>
<websockets/>
</servlet-container>
<handlers>
<!--<file name="welcome-content" path="${jboss.home.dir}/welcome-content"/>-->
</handlers>
<filters>
<response-header name="server-header" header-name="Server" header-value="JBoss-EAP/7"/>
<response-header name="x-powered-by-header" header-name="X-Powered-By" header-value="Undertow/1"/>
</filters>
</subsystem>
In both of the host-slave.xml files I have updated the socket interface management port, the interface inet-address, and added an offset for the servers.
Any help or suggestions would be greatly appreciated. I've been researching this for days without success.
It turns out the issue wasn't with my configuration. When you deploy the application you can't change the name. I was changing it from ClusterDemo.war to ClusterDemo. When I left the .war on the name, the app ran with no issues.
Related
I'm trying to replace the Wildfly 10 default homepage (accessed from http://hostname:port) by one of my own web application.
I found a good way to do it by removing some parts of the undertow subsystem of the standalone.xml of my wildfly and by adding a war to the default-web-module.
My problem is that I don't have a war, I have a ear (with a war in it), and it doesn't work with that.
Hereunder is the undertow part of my standalone.xml file :
<subsystem xmlns="urn:jboss:domain:undertow:3.1">
<buffer-cache name="default"/>
<server name="default-server">
<http-listener name="default" socket-binding="http" redirect-socket="https" enable-http2="true"/>
<https-listener name="https" socket-binding="https" security-realm="ApplicationRealm" enable-http2="true"/>
<host name="default-host" alias="localhost" default-web-module="myear.ear/mywar.war">
<access-log pattern="%{i,X-Forwarded-For} %h %{i,SM_UNIVERSALID} %t %H %p %U %q %s %D %T" prefix="http-in" suffix=".log"/>
</host>
</server>
<servlet-container name="default">
<jsp-config/>
<websockets/>
</servlet-container>
<filters>
<response-header name="server-header" header-name="Server" header-value="WildFly/10"/>
<response-header name="x-powered-by-header" header-name="X-Powered-By" header-value="Undertow/1"/>
</filters>
</subsystem>
Can this solution work with an ear instead of a war, or have I to find another way ?
Thank you in advance,
Seb
Finally, I solved it by redirecting the index.html page of the welcome-content folder of WildFly to my application, it's simpler and it works perfectly.
Seb
I want to implement SSO between two apps that are deployed on same instance of Wildfly 9. I have searched about it but never got enough information regarding it.
First thing is we have to start from standalone.xml:
<subsystem xmlns="urn:jboss:domain:undertow:2.0">
<buffer-cache name="default"/>
<server name="default-server">
<http-listener name="default" socket-binding="http" redirect-socket="https"/>
<host name="default-host" alias="localhost">
<location name="/" handler="welcome-content"/>
<filter-ref name="server-header"/>
<filter-ref name="x-powered-by-header"/>
<single-sign-on domain="localhost"/>
</host>
</server>
<servlet-container name="default">
<jsp-config/>
<websockets/>
</servlet-container>
<handlers>
<file name="welcome-content" path="${jboss.home.dir}/welcome-content"/>
</handlers>
<filters>
<response-header name="server-header" header-name="Server" header-value="WildFly/9"/>
<response-header name="x-powered-by-header" header-name="X-Powered-By" header-value="Undertow/1"/>
</filters>
</subsystem>
Then in jboss-web.xml put following entry of security-domain and valve:
<jboss-web>
<security-domain>java:/jaas/other</security-domain>
<valve>
<class-name>org.apache.catalina.authenticator.SingleSignOn</class-name>
</valve>
</jboss-web>
I am not sure about changes in web.xml.
I think we have to provide information about security-constraint and login-config.
Please help me to implement this concept in both clustered and non-clustered environment.
Try to add the following line at default-host host under the default-server server:
<single-sign-on path="/"/>
At the end, it will be like:
<server name="default-server">
<http-listener name="default" socket-binding="http" redirect-socket="https"/>
<host name="default-host" alias="localhost">
<location name="/" handler="welcome-content"/>
<filter-ref name="server-header"/>
<filter-ref name="x-powered-by-header"/>
<single-sign-on path="/"/>
</host>
</server>
I'm using Wildfly 9.0.2 Final.
org.apache.catalina.authenticator.SingleSignOn can't work on WildFly AS, because Tomcat is substituted by Undertow as a web container.
Normally, you don't need any change to jboss-web.xml.
For an IdP based on PicketLink, you can set jboss-web.xml as following to enable the PicketLink Authenticator:
<filter>
<filter-name>IDPFilter</filter-name>
<filter-class>org.picketlink.identity.federation.web.filters.IDPFilter</filter-class>
</filter>
<filter-mapping>
<filter-name>IDPFilter</filter-name>
<url-pattern>/*</url-pattern>
</filter-mapping>
I complete the "tiago mussi" answer, valve are note supported anymore on widlfy because it uses the new webserver undertow, you can put the valve line in jboss-web it will do nothing at all...
<single-sign-on domain="localhost"/>
this is bad syntax because there is a bug in domain sso
<single-sign-on path="/"/>
this is the right syntax then in your web application you will see JSESSIONSSOID or like this name in plus than SESSIONID
picketLink is too much just for use SSO, because it handle API REST SSO, social secure, and it is a specific module with a new mechanism authentication, and furthermore if you will manage several URL you can't because you have to put in configuration the url, it is not dynamic...
In JBoss7 we've restricted number of web connections by using this
<connector name="https" scheme="https" protocol="HTTP/1.1" socket-binding="https" secure="true" max-connections="3000">
for urn:jboss:domain:web:1.0 subsystem which is replaced by urn:jboss:domain:undertow:1.2 in the wildfly. How to setup max-connections in wildfly?
I went through the documentation and didn't find matching attribute.
Thanks
Try add under filters definition
<filters>
<connection-limit name="limit-connections" max-concurrent-requests="3000" queue-size="100"/>
</filters>
and then under host or location add (depends on your need)
<filter-ref name="limit-connections"/>
See a configuration example and Model Reference
Also take a look in Configuring the Web server Pool: http://www.javacodegeeks.com/2014/01/entering-undertow-web-server.html
The above comment from Federico Sierra is correct. But in Wildfly 10.x the filter name 'connection-limit' doesn't exist anymore. Instead it is now called 'request-limit'.
So for Wildfly 10.x add filter reference in the untertow subsystem inside 'server' and 'host' context and the request-limit filter inside the 'filters' context:
<subsystem xmlns="urn:jboss:domain:undertow:3.1">
[...]
<server name="default-server">
[...]
<host name="default-host" alias="localhost">
<location name="/" handler="welcome-content"/>
[...]
<filter-ref name="limit-connections"/>
</host>
</server>
[...]
<filters>
<response-header name="server-header" header-name="Server" header-value="WildFly/10"/>
<response-header name="x-powered-by-header" header-name="X-Powered-By" header-value="Undertow/1"/>
<request-limit name="limit-connections" max-concurrent-requests="3000" queue-size="100"/>
</filters>
</subsystem>
Reference: https://github.com/wildfly/wildfly/blob/master/undertow/src/test/resources/org/wildfly/extension/undertow/undertow-3.1.xml
If you want to limit the maximum number of concurrent connections for an HTTP/HTTPS/AJP Connector you have to set the attribute max-connections.
Example:
/subsystem=undertow/server=default-server/http-listener=default:write-attribute(name=max-connections,value=300)
Source: How to set the maximum number of Web connections in WildFly
I would use the max-conncections attribute as defined in the documentation. Either for http and/or https connections. It is defined as
"The maximum number of concurrent connections. Only values greater
than 0 are allowed. For unlimited connections simply undefine this
attribute value."
I don't see the benefit of defining an extra filter. But maybe the others can shed some light on this... So similar to the other solutions it would look like this:
<subsystem xmlns="urn:jboss:domain:undertow:10.0">
[...]
<server name="default-server">
<http-listener name="default" socket-binding="http" max-connections="3000" redirect-socket="https" enable-http2="true"/>
<https-listener name="https" socket-binding="https" max-connections="3000" security-realm="ApplicationRealm" enable-http2="true" />
[...]
</server>
[...]
</subsystem>
Update: I just realized that this is the standalone.xml solution to what Francesco is proposing...
I have two different inside wildfly undertow subsystem in order to use two interface on different ip and send different ssl certificate for different domain
<buffer-cache name="default"/>
<server name="default-server">
<http-listener name="default" socket-binding="http"/>
<https-listener name="https-listener" socket-binding="https" security-realm="https_realm1"/>
<host name="default-host" alias="localhost">
<location name="/" handler="welcome-content"/>
<access-log pattern="common" directory="${jboss.server.log.dir}" prefix="access"/>
</host>
</server>
<server name="default-server_secondary">
<http-listener name="default_secondary" socket-binding="http_secondary"/>
<https-listener name="https-listener_secondary" socket-binding="https_secondary" security-realm="realm2"/>
<host name="server.mydomain.com" alias="server.mydomain.com">
<location name="/" handler="welcome-content"/>
<access-log pattern="common" directory="${jboss.server.log.dir}" prefix="access_secondary"/>
<filter-ref name="server-header1"/>
</host>
</server>
By using this configuration and others on interface and socket binding I correctly set my environment.
But the problem is deploy the EAR file in default-server_secondary inside host server.mydomain.com.
How to?
Thank you
I solve it.
Make and edit jboss-web.xml in WAR module
default-server_secondary
server.mydomain.com
I am using JBoss 6.0 .
I have deployed my web application: myApp.ear under the web-context: "/test".
So in browser-url if I type "http://localhost:8080/test/", I do get my login page (myLogin.jsp).
Since my WAR exists inside a EAR file, I have specified the context root in the application.xml file using a context-root element inside of the web module - i.e.
<module>
<web>
<web-uri>myWeb.war</web-uri>
<context-root>/test</context-root>
</web>
</module>
My question is how to auto direct user to my web-app from "root context"?
I mean if user types "http://localhost:8080/", I would expect my web-application's login page to load (instead of JBoss's default ROOT.war's index.html page).
I deleted existing index.html from {JBOSS}\server\default\deploy\ROOT.war and created a login.jsp there. Now I can see that "login.jsp" is getting invoked when I type http://localhost:8080/. But I can not redirect user-request to my web-app's login page.
In that login.jsp, I have tried with:
<jsp:forward page="/test" />, but I get error: "HTTP Status 404 - /test".
If I invoke like <jsp:forward page="/test/myLogin.jsp" /> I still get the same 404 error.
Can any one suggest how to achieve the auto-direct to my web-app from root-context?
You need to keep index.html in default deploy folder and forward request to your web module.
For example keep following line only in index.html
<META HTTP-EQUIV="Refresh" CONTENT="0; URL=/test/"/>
The answer from Senthil works nice, but user could see the actual redirect done by the browser (page blinks). The redirect can be done also with rewrite [1, 2] functionality of the JBoss server, which supports HTTP Redirect with 30x codes (no blink).
You can either add the rewrite to your app directly (web.xml, jboss-web.xml) and specify the redirect rules in rewrite.properties - not shown here.
Or you can modify the server configuration on it's own without touching the original application. I find this solution handy because the application is left intact.
Use case: We use this for EJBCA deployment (not our app), it sets it's context root to /ejbca. We want to preserve the default deployment process provided by the packaged ant script while in the same time we would like to add a redirect from / to /ejbca as some kind of default, for user friendliness. If user wants to change it, it's done simply by modifying standalone.xml without need to redeploy the whole app.
Edit standalone.xml:
<subsystem xmlns="urn:jboss:domain:web:2.2" default-virtual-server="default-host" native="false">
<virtual-server name="default-host" enable-welcome-root="true">
<alias name="localhost"/>
<rewrite pattern="^/$" substitution="/test" flags="L,QSA,R" />
</virtual-server>
</subsystem>
This has worked for me on Wildfly 26.1.1 and JBoss EAP 7.4.
<subsystem xmlns="urn:jboss:domain:undertow:12.0" default-server="default-server" default-virtual-host="default-host" default-servlet-container="default" default-security-domain="other" statistics-enabled="${wildfly.undertow.statistics-enabled:${wildfly.statistics-enabled:false}}">
<buffer-cache name="default"/>
<filters>
<rewrite name="myfilter" redirect="true" target="/myapp/"/>
</filters>
<server name="default-server">
<http-listener name="default" socket-binding="http" redirect-socket="https" enable-http2="true"/>
<https-listener name="https" socket-binding="https" ssl-context="applicationSSC" enable-http2="true"/>
<host name="default-host" alias="localhost">
<location name="/" handler="welcome-content"/>
<http-invoker http-authentication-factory="application-http-authentication"/>
<filter-ref name="myfilter" predicate="path('/')"/>
</host>
</server>
<servlet-container name="default">
<jsp-config/>
<websockets/>
</servlet-container>
<handlers>
<file name="welcome-content" path="${jboss.home.dir}/welcome-content"/>
</handlers>
<application-security-domains>
<application-security-domain name="other" security-domain="ApplicationDomain"/>
</application-security-domains>
</subsystem>
It looks like much but actually is not. My solution shows the default configuration, I just had to add the <filters> section and the <filter-ref>.
Be aware the <filters> section must come above <server> otherwise JBoss will complain at startup. This was not documented at https://access.redhat.com/solutions/2996371 but after all I found https://docs.wildfly.org/19/wildscribe/subsystem/undertow/index.html.
In jboss-cli this means:
/subsystem=undertow/configuration=filter/rewrite=myfilter/:add(redirect=true, target=/myapp)
/subsystem=undertow/server=default-server/host=default-host/filter-ref=myfilter/:add(predicate="path('/')")
The automatically generated standalone.xml does not have exactly the same structure as above but works as well.