I need to shutdown port 1099 in Wildfly 10.1. This port normally used for remote JNDI/RMI and in Wildfly 10.1, the remote naming system has a
[security vulnerability][1].
The straightforward solution will be to configure a firewall to not allow traffic on 1099 port, but this is not acceptable by our client. I thought it possible to configure WF to not use remote JNDI/RMI but can't figure out how to configure it.
The JBoss documentation on Remote JNDI Interface says that you can deactivate the remote JNDI interface by executing the following command via CLI interface:
/subsystem=naming/service=remote-naming:remove
and it seems really stopping the service, but once you do server 'reload' the Wildfly resumes connection on the port 1099.
Related
I have ActiveMQ Artemis server installed on a Unix box. I am able to create an Artemis broker instance which provides me with link to web console which is running on localhost.
Now I want access web console from an external machine, probably running Windows.
Can you please guide me on step by step process to configure the ActiveMQ Artemis server so that I can access it from another machine?
The embedded Jetty web server which is used to host the web console is configured in the bootstrap.xml file in the etc directory of your Artemis instance. Look for the web element in that file. You'll need to change its bind attribute to use something other than localhost since localhost is only accessible from the machine where the server is running. Typically this will be the externally accessible host name or IP address of the server.
You can find more information about configuring the embedded Jetty web server in the Artemis documentation.
I installed Eclipse and the Jboss Tools plugin with Wildfly.
I can run Wildfly in Eclipse in non-debug mode with no problems. But when I start Wildfly in debug, I can use it for a few minutes, and then it suddenly stops processing, the server ends.
I checked the log and there's nothing. What could be wrong?
Please note the JBoss Tools 4.9.0 is validated against 2018-09 but not against 2018-12.
Do you see something in the server log when the server dies ?
We had this issue and it was because we changed our config to close the management port, which had been used to detect that the server had started. Eclipse could no longer detect that the server had started, so it shut down the process after a set time (450 seconds)
To resolve the issue, we did the following in the Eclipse's Overview panel for our JBoss Server:
Changed the Start Timeout to 30, so it would only fail if it actually couldn't start in 30 seconds rather than waiting for 450
Changed our "Server State Detectors" to detect a Web Port for Startup Poller and Process Terminated for Shutdown Poller.
Changed the Server Ports to match our new configuration
Excerpt from JBoss Community Archive
The tooling was unable to verify your server started. Our tooling has several methods to see if your server is up or not. The two most-often used methods are either "Web Port Poller" or "Management Poller".
You can see which your server is using by opening the server object (In Servers view, double-click your server) and on the right side you'll see a section on polling.
If your server adapter (fancy word for the tooling's representation of your server) is using the Management Port Poller, you should make sure your server is actually exposing the management port. For local servers this shouldn't be an issue, since local servers should automatically expose the management port. You may want to verify in the Ports section (also in the server editor) that the management port is correct. To check if the server is up, we run a management command against the server. If the server responds properly, we declare the server to be started.
If you're using the web port poller, then you may want to verify your web port is correct. To verify the server is up, the Web Port Poller opens a URL connection on {serverHost}:{webPort} and sees if we get a valid connection.
I have configured jetty-maven-plugin in my eclipse Mars and I can run the server using jetty start and stop goals. I can able to access the website using http://localhost:8080/myapp but not using local IP address(i.e., http://192.168.0.5:8080/myapp) from my own computer or other computers connected in the same network via LAN and Wi-Fi.
As mentioned as a solution in these posts,
how to make jetty server accessible from LAN?
Configuring Jetty to accept connections from all hosts
I configured the server host to 0.0.0.0 from localhost to listen on all hosts. With this setting I can see on server start log,
INFO:oejs.AbstractConnector:Started SelectChannelConnector#0.0.0.0:8080
and it works only on http://localhost:8080 but it's not accessible from http://192.168.0.5:8080.
I also tried running that if the interface is accessible using the Networks Interface Listing as mentioned in this comment. and I got,
Display name: NETGEAR WNA1000M N150 Wireless USB Micro Adapter
Name: wlan4
InetAddress: /192.168.0.5
I also tried turning off my Windows Firewall/antivirus but din't help. My jetty version is <jetty.version>9.3.0.M1</jetty.version> and JDK 1.7. What could be the problem? Any help is appreciated.
McAfee Endpoint Security was the culprit here. It was blocking the requests with IP addresses from my very own computer. Turned off the firewall inside the Antivirus and I was able to access the site with http://192.168.0.5:8080/mysite from the browser and other devices connected through the network.
Sometimes some other program opens your port on external address before you do that with Jetty. It will receive all traffic instead. On Windows you will not know it if you reuse port (that is Jetty's default behavior). Check with netstat -ano what is the IP of the process that is indeed listening on 0.0.0.0:8080. Verify if it is your Jetty process only.
Then try connecting with telnet or netcat and see if you can open the connection and what is the response.
I have verified that it is possible to connect to a jboss node through jmx in jvisualvm using remote connection with a portnumber and user name and password. However wanting to add this jboss node as external monitor in LR controller there is no place to add i.e. username and password when setting up a remote UNIX monitor in loadrunner. When adding a UNIX resource and external measurement all I am asked is the name of the machine to add (in the wizard).
Is it possible to add a jboss node as UNIX resource monitor in LR controller without sitescope?
JMX requires Sitecope as the monitoring foundation for LoadRunner. Or, you can find some sort of JMX to SNMP bridge and then use the native SNMP monitor in LoadRunner. Howeverm, even then the SNMP monitor in SiteScope is more mature.
I have a swing client which connects to my ejb2 application deployed in JBoss 5.1. There is a particular requirement from Customer to make it available on internet.
The deployment architecture is as follows,
swing_client --> extranet_ip |firewall | --> iis7_machine --> jboss5.1_machine.
jndi properties in client is as follows
Context.PROVIDER_URL=http://extranet_ip:9180/invoker/JNDIFactory
Context.INITIAL_CONTEXT_FACTORY=org.jboss.naming.HttpNamingContextFactory
This configuration works fine when the client is inside intranet. But it does not work in internet (extranet).
When I tried initially I got the error 'Connection refused'
After seeing some posts in various forums, I changed the file server\deploy\http-invoker.sar\META-INF\jboss-service.xml, to reflect the extranet_ip in invokerURL.
Aftet this I am getting the following error.
org.jboss.remoting.CannotConnectException: Can not get connection to server. Problem establishing socket connection for InvokerLocator [socket://10.200.1.193:4546/?dataType=invocation&enableTcpNoDelay=true&marshaller=org.jboss.invocation.unified.marshall.InvocationMarshaller&unmarshaller=org.jboss.invocation.unified.marshall.InvocationUnMarshaller]
Where 10.200.1.193 is the intranet IP address of JBoss Server machine.
I tried changing the trasport parameter in remoting-jboss-beans.xml to http, but at that time client is not working in both intranet and extranet.
Please anybody suggest a way forward for this issue. Or is there any other way to implement RMI over Http in JBoss?
Update: As a solution, I had to change my deployment architecture as follows.
swing_client --> extranet_ip |firewall | --> jboss5.1_machine
where the JBoss Application Server will be directly exposed through firewall. Then update clientConnectAddress in the remoting-jboss-beans.xml to the extranet IP. Also open the ports 8080 & 4446 in the firewall for this address.
This way the swing client is working if I use the jnid properties as follows.
Context.PROVIDER_URL : http://extranet_ip:8080/invoker/JNDIFactory
Context.INITIAL_CONTEXT_FACTORY : org.jboss.naming.HttpNamingContextFactory
But still looking for a solution where there is no need to open any non-standard ports and no need to expose the Application Server directly.
After a long struggle I found a solution for my issue. The solution was to change EJB container's invoker type to http in standardjboss.xml. When the invoker is http, it will use the settings in http-invoker.sar for remote binding.