I have a JBoss 7.2 app server and I start the server, I am able to connect to both the http and https ports but after a while running the server, I am not able to connect to the https port anymore but the http port still works so the server is still running. I tail the logs when I try to connect to the https port but nothing shows up and when I do a netstat on the https port, the port is still listening. Has anyone had this type of issue before?
JBoss Standalone.xml configuration
<security-realm name="ApplicationRealm">
<server-identities>
<ssl>
<keystore path="${jboss.home.dir}/standalone/configuration/XXXXX.keystore" keystore-password="XXXXXXXXX" alias="1"/>
</ssl>
</server-identities>
<subsystem xmlns="urn:jboss:domain:undertow:7.0" default-server="default-server" default-virtual-host="default-host" default-servlet-container="default" default-security-domain="other">
<buffer-cache name="default"/>
<server name="default-server">
<http-listener name="default" socket-binding="http" redirect-socket="https" enable-http2="true"/>
<https-listener name="https" socket-binding="https" security-realm="ApplicationRealm" enabled-protocols="TLSv1.1,TLSv1.2" enable-http2="true" ssl-session-cache-size="500" ssl-session-timeout="1800"/>
<host name="default-host" alias="localhost">
<location name="/" handler="welcome-content"/>
<access-log pattern="%h %l %u %t %r %s %b %{i,Referer} %{i,User-Agent} %S %T %{i,X-Forwarded-For}" prefix="access_log_"/>
<http-invoker security-realm="ApplicationRealm"/>
</host>
</server>
<servlet-container name="default">
<jsp-config/>
<websockets/>
</servlet-container>
<handlers>
<file name="welcome-content" path="${jboss.home.dir}/welcome-content"/>
</handlers>
</subsystem>
Related
I'm currently trying to fix in issue in our JBOSS Deployment with different SOAP Endpoints, we trying to close the Webservice Interface over https(port 8443) to only allow it via CA Authentication (port 8444).
We are Using JBOSS 7.4.7 and JDK 11
Here are the JBOSS Standalone Configurations:
<socket-binding-group name="standard-sockets" default-interface="public" port-offset="${jboss.socket.binding.port-offset:0}">
<socket-binding name="https" port="8443"/>
<socket-binding name="httpsca" port="8444"/>
</socket-binding-group>
[...]
<subsystem xmlns="urn:jboss:domain:undertow:12.0" default-server="default-server" default-virtual-host="default-host" default-servlet-container="default" default-security-domain="other" statistics-enabled="${wildfly.undertow.statistics-enabled:${wildfly.statistics-enabled:false}}">
<buffer-cache name="default"/>
<server name="default-server">
<https-listener name="https" socket-binding="https" max-post-size="0" secure="true" ssl-context="ssl"/>
<https-listener name="httpsca" socket-binding="httpsca" max-post-size="0" secure="true" ssl-context="sslca"/>
</server>
[...]
<subsystem xmlns="urn:jboss:domain:webservices:2.0" statistics-enabled="${wildfly.webservices.statistics-enabled:${wildfly.statistics-enabled:false}}">
<modify-wsdl-address>true</modify-wsdl-address>
<wsdl-host>${jboss.bind.address:127.0.0.1}</wsdl-host>
<wsdl-port>8444</wsdl-port>
<wsdl-secure-port>8444</wsdl-secure-port>
<endpoint-config name="Standard-Endpoint-Config"/>
<endpoint-config name="Recording-Endpoint-Config"/>
<client-config name="Standard-Client-Config"/>
</subsystem>
<tls>
<key-stores>
<key-store name="test">
<credential-reference clear-text="****"/>
<implementation type="JKS"/>
<file path="ssl_keystore.jks" relative-to="jboss.server.config.dir"/>
</key-store>
<key-store name="test-trusted">
<credential-reference clear-text="****"/>
<implementation type="JKS"/>
<file path="ssl_truststore.jks" relative-to="jboss.server.config.dir"/>
</key-store>
</key-stores>
<key-managers>
<key-manager name="serverssl" key-store="test">
<credential-reference clear-text="****"/>
</key-manager>
</key-managers>
<trust-managers>
<trust-manager name="serverssl-ca" key-store="test-trusted"/>
</trust-managers>
<server-ssl-contexts>
<server-ssl-context name="test-ssl" cipher-suite-filter="TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256,TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384,TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256,TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256,TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384,TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256,TLS_DHE_RSA_WITH_AES_128_GCM_SHA256,TLS_DHE_RSA_WITH_AES_256_GCM_SHA384,TLS_DHE_DSS_WITH_AES_128_GCM_SHA256,TLS_DHE_DSS_WITH_AES_256_GCM_SHA384" cipher-suite-names="TLS_AES_256_GCM_SHA384:TLS_CHACHA20_POLY1305_SHA256:TLS_AES_128_GCM_SHA256" protocols="TLSv1.2 TLSv1.3" key-manager="serverssl"/>
<server-ssl-context name="test-sslca" cipher-suite-filter="TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256,TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384,TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256,TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256,TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384,TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256,TLS_DHE_RSA_WITH_AES_128_GCM_SHA256,TLS_DHE_RSA_WITH_AES_256_GCM_SHA384,TLS_DHE_DSS_WITH_AES_128_GCM_SHA256,TLS_DHE_DSS_WITH_AES_256_GCM_SHA384" cipher-suite-names="TLS_AES_256_GCM_SHA384:TLS_CHACHA20_POLY1305_SHA256:TLS_AES_128_GCM_SHA256" protocols="TLSv1.2 TLSv1.3" need-client-auth="true" key-manager="serverssl" trust-manager="serverssl-ca"/>
</server-ssl-contexts>
</tls>
We are having trouble setting only one Port for the WSDL Endpoint.
1. If I don't set <wsdl-secure-port>, then the JBOSS throws an error because it trys to create a http endpoint which is not active at all.It also occurs if I only set the <wsdl-secure-port> and not the <wsdl-port>.
Are we doing something wrong or is that a bug from JBOSS ?
Thanks for any help and tips in advice.
What is the access log pattern for logging the total response time to the request on undertow subsystem ?
<subsystem xmlns="urn:jboss:domain:undertow:7.0" default-server="default-server" default-virtual-host="default-host" default-servlet-container="default" default-security-domain="other">
<buffer-cache name="default"/>
<server name="default-server">
<http-listener name="default" socket-binding="http" redirect-socket="https" enable-http2="true"/>
<https-listener name="https" socket-binding="https" security-realm="ApplicationRealm" enable-http2="true"/>
<host name="default-host" alias="localhost">
<access-log prefix="access" pattern="%h %t %U%q %m %s %b %T"/> <!-- use-server-log="true" -->
<location name="/" handler="welcome-content"/>
<http-invoker security-realm="ApplicationRealm"/>
</host>
</server>
<servlet-container name="default">
<jsp-config/>
<websockets/>
</servlet-container>
<handlers>
<file name="welcome-content" path="${jboss.home.dir}/welcome-content"/>
</handlers>
</subsystem>
The %T is recording just a '-' in the logs. Please help.
Here i found the following hint:
Time taken to process the request, in seconds. It won't work unless record-request-start-time is set to true, see %D above.
There is also a link how you can configure it. record-request-start-time
If you start undertow with Spring Boot, the properties are
server.undertow.options.server.record-request-start-time=true
server.undertow.accesslog.pattern=[...] %T
I'm trying to replace the Wildfly 10 default homepage (accessed from http://hostname:port) by one of my own web application.
I found a good way to do it by removing some parts of the undertow subsystem of the standalone.xml of my wildfly and by adding a war to the default-web-module.
My problem is that I don't have a war, I have a ear (with a war in it), and it doesn't work with that.
Hereunder is the undertow part of my standalone.xml file :
<subsystem xmlns="urn:jboss:domain:undertow:3.1">
<buffer-cache name="default"/>
<server name="default-server">
<http-listener name="default" socket-binding="http" redirect-socket="https" enable-http2="true"/>
<https-listener name="https" socket-binding="https" security-realm="ApplicationRealm" enable-http2="true"/>
<host name="default-host" alias="localhost" default-web-module="myear.ear/mywar.war">
<access-log pattern="%{i,X-Forwarded-For} %h %{i,SM_UNIVERSALID} %t %H %p %U %q %s %D %T" prefix="http-in" suffix=".log"/>
</host>
</server>
<servlet-container name="default">
<jsp-config/>
<websockets/>
</servlet-container>
<filters>
<response-header name="server-header" header-name="Server" header-value="WildFly/10"/>
<response-header name="x-powered-by-header" header-name="X-Powered-By" header-value="Undertow/1"/>
</filters>
</subsystem>
Can this solution work with an ear instead of a war, or have I to find another way ?
Thank you in advance,
Seb
Finally, I solved it by redirecting the index.html page of the welcome-content folder of WildFly to my application, it's simpler and it works perfectly.
Seb
I try to upload large files(400mb+) to wildfly 8.1 and i get an IOException but i dont encounter any exception with the same conditions when using jboss 7 server:
Exception:
Blocking request failed HttpServerExchange{ POST /ehub/contentstore/categories/maincategory/file/create}: java.lang.RuntimeException: java.io.IOException: Broken pipe
at io.undertow.servlet.spec.HttpServletResponseImpl.responseDone(HttpServletResponseImpl.java:527)
at io.undertow.servlet.handlers.ServletInitialHandler.handleFirstRequest(ServletInitialHandler.java:287)
at io.undertow.servlet.handlers.ServletInitialHandler.dispatchRequest(ServletInitialHandler.java:227)
at io.undertow.servlet.handlers.ServletInitialHandler.access$000(ServletInitialHandler.java:73)
at io.undertow.servlet.handlers.ServletInitialHandler$1.handleRequest(ServletInitialHandler.java:146)
at io.undertow.server.Connectors.executeRootHandler(Connectors.java:177)
at io.undertow.server.HttpServerExchange$1.run(HttpServerExchange.java:727)
at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1145) [rt.jar:1.7.0_51]
at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:615) [rt.jar:1.7.0_51]
at java.lang.Thread.run(Thread.java:744) [rt.jar:1.7.0_51]
Caused by: java.io.IOException: Broken pipe
at sun.nio.ch.FileDispatcherImpl.write0(Native Method) [rt.jar:1.7.0_51]
at sun.nio.ch.SocketDispatcher.write(SocketDispatcher.java:47) [rt.jar:1.7.0_51]
at sun.nio.ch.IOUtil.writeFromNativeBuffer(IOUtil.java:93) [rt.jar:1.7.0_51]
at sun.nio.ch.IOUtil.write(IOUtil.java:51) [rt.jar:1.7.0_51]
at sun.nio.ch.SocketChannelImpl.write(SocketChannelImpl.java:487) [rt.jar:1.7.0_51]
at org.xnio.nio.NioSocketConduit.write(NioSocketConduit.java:150) [xnio-nio-3.2.2.Final.jar:3.2.2.Final]
at io.undertow.server.protocol.http.HttpResponseConduit.processWrite(HttpResponseConduit.java:212)
at io.undertow.server.protocol.http.HttpResponseConduit.flush(HttpResponseConduit.java:629)
at io.undertow.conduits.FinishableStreamSinkConduit.flush(FinishableStreamSinkConduit.java:83)
at org.xnio.conduits.ConduitStreamSinkChannel.flush(ConduitStreamSinkChannel.java:162) [xnio-api-3.2.2.Final.jar:3.2.2.Final]
at io.undertow.channels.DetachableStreamSinkChannel.flush(DetachableStreamSinkChannel.java:100)
at org.xnio.channels.Channels.flushBlocking(Channels.java:63) [xnio-api-3.2.2.Final.jar:3.2.2.Final]
at io.undertow.servlet.spec.ServletOutputStreamImpl.close(ServletOutputStreamImpl.java:625)
at io.undertow.servlet.spec.HttpServletResponseImpl.closeStreamAndWriter(HttpServletResponseImpl.java:451)
at io.undertow.servlet.spec.HttpServletResponseImpl.responseDone(HttpServletResponseImpl.java:525)
I increased the max-post-size but it didnt work.
standalone.xml :
<subsystem xmlns="urn:jboss:domain:undertow:1.1">
<buffer-cache name="default"/>
<server name="default-server">
<http-listener name="default" socket-binding="http" max-post-size="974247881"/>
<host name="default-host" alias="localhost">
<location name="/" handler="welcome-content"/>
<filter-ref name="server-header"/>
<filter-ref name="x-powered-by-header"/>
</host>
</server>
<servlet-container name="default">
<jsp-config/>
</servlet-container>
<handlers>
<file name="welcome-content" path="${jboss.home.dir}/welcome-content"/>
</handlers>
<filters>
<response-header name="server-header" header-name="Server" header-value="WildFly/8"/>
<response-header name="x-powered-by-header" header-name="X-Powered-By" header-value="Undertow/1"/>
</filters>
</subsystem>
I have found solution for this. I had this same issue and I solved it. It may help others.
For allowing more http request header size you need to change standalone.xml file of jboss or wildfly.
Add max-header-size attribute to default server and restart the server it will work
Standalone.conf
<subsystem xmlns="urn:jboss:domain:undertow:1.1">
<buffer-cache name="default"/>
<server name="default-server">
<http-listener name="default" socket-binding="http" max-header-size="974247881"/>
<host name="default-host" alias="localhost">
<location name="/" handler="welcome-content"/>
<filter-ref name="server-header"/>
<filter-ref name="x-powered-by-header"/>
</host>
</server>
...
</subsystem>
It is not in "standalone.conf" file . It is "standalone.xml" file which is located in folder "standalone/configuration".
change max-post-size :
<http-listener name="default" socket-binding="http" redirect-socket="https" max-post-size="104857600"/>
<host name="default-host" alias="localhost">
see this link in jboss: https://issues.jboss.org/browse/UNDERTOW-185
max-post-size in ../wildfly/stanadalone/configuration/standalone.xml will be set.
If your wildfly stands behind webserver, e.q. nginx, you may have to set the limit there. This helped me.
Using the WildFly web console move to:
Configuration -> Subsystems -> Web(Undertow) -> Server -> default-server
click "View" button
move to "Listener" tab
edit "HTTP Listener" and "HTTPS Listener" parameter "max-post-size"
I have two different inside wildfly undertow subsystem in order to use two interface on different ip and send different ssl certificate for different domain
<buffer-cache name="default"/>
<server name="default-server">
<http-listener name="default" socket-binding="http"/>
<https-listener name="https-listener" socket-binding="https" security-realm="https_realm1"/>
<host name="default-host" alias="localhost">
<location name="/" handler="welcome-content"/>
<access-log pattern="common" directory="${jboss.server.log.dir}" prefix="access"/>
</host>
</server>
<server name="default-server_secondary">
<http-listener name="default_secondary" socket-binding="http_secondary"/>
<https-listener name="https-listener_secondary" socket-binding="https_secondary" security-realm="realm2"/>
<host name="server.mydomain.com" alias="server.mydomain.com">
<location name="/" handler="welcome-content"/>
<access-log pattern="common" directory="${jboss.server.log.dir}" prefix="access_secondary"/>
<filter-ref name="server-header1"/>
</host>
</server>
By using this configuration and others on interface and socket binding I correctly set my environment.
But the problem is deploy the EAR file in default-server_secondary inside host server.mydomain.com.
How to?
Thank you
I solve it.
Make and edit jboss-web.xml in WAR module
default-server_secondary
server.mydomain.com