I am trying to make Jboss-7 deployment work with mod_proxy on port 80, but I faced problem
1- I modified the standaloan.xml
<subsystem xmlns="urn:jboss:domain:web:1.1" default-virtual-server="default-host" native="false">
<connector name="http" protocol="HTTP/1.1" scheme="http" socket-binding="http"/>
<virtual-server name="default-host" enable-welcome-root="true" default-web-module="filemanager">
<alias name="localhost"/>
<alias name="example.com"/>
</virtual-server>
<virtual-server name="AyeServer" default-web-module="mydeployemnt">
<alias name="mydomain.com"/>
</virtual-server>
</subsystem>
2- I created jboss-web.xml inside WEB-INF with this content
<?xml version="1.0" encoding="UTF-8"?>
<jboss-web xmlns="http://www.jboss.com/xml/ns/javaee" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://www.jboss.com/xml/ns/javaee http://www.jboss.org/j2ee/schema/jboss-web_7_1.xsd">
<context-root>/</context-root>
<virtual-host>www.mydomain.com<virtual-host>
</jboss-web>
3- in httpd.conf I add to the end of file this content
<VirtualHost *:80>
ServerName mydomain.com
ProxyPreserveHost On
ProxyPass / http://localhost:8080/mydeployment
ProxyPassReverse / http://localhost:8080/mydeployment
DocumentRoot /var/www
<Directory /var/www>
Options -Indexes
Order allow,deny
Allow from all
</Directory>
</VirtualHost>
but nothing work when I call mydomain.com
any help?
Thanks
<IfModule !proxy_ajp_module>
LoadModule proxy_ajp_module modules/mod_proxy_ajp.so
</IfModule>
ProxyPass / ajp://localhost:8009/
As I understand from your comments, you want to configure apache in front of JBOSS 7, to take the web requests.
You can use mod proxy apache modules with ajp protocol and enable ajp in JBOSS 7 app server. Below are the steps,
Enable below modules in httpd.conf of apache.
LoadModule proxy_module modules/mod_proxy.so
LoadModule proxy_ajp_module modules/mod_proxy_ajp.so
LoadModule proxy_balancer_module modules/mod_proxy_balancer.so
Create a file proxyajp.conf and place in apache/conf folder. The file should have above xml content. Then include this file in httpd.conf.
Modify JBOSS 7 standalone.xml to include supprot for ajp protocol. The ajp port will be 8009.
Related
I use Jboss eap 6.4.
I'd like to have those ears deployed simultaneously but on different ports.
If I just put 2 ears into deployments I got: DuplicateServiceException: Service /app already registered.
To configure JBoss for App1.war on port 8080 and App2.war on port 8543, you should implement the following steps:
First of all, you have to add socket-binding for 8543 (as port 8080 is already defined).
<socket-binding name="http2" port="8543"/>
In web subsystem the following connectors should be declared:
<connector name="http" protocol="HTTP/1.1" scheme="http" socket-binding="http" />
<connector name="http2" protocol="HTTP/1.1" scheme="http" socket-binding="http2" />
Additionally, in web subsystem the following two virtual-servers should be declared:
<virtual-server name="host1" enable-welcome-root="false" default-web-module="App1.war">
<alias name="first.com"/>
</virtual-server>
<virtual-server name="host2" enable-welcome-root="false" default-web-module="App2.war">
<alias name="second.com"/>
</virtual-server>
Associate the appropriate virtual-server with the respective connector:
<connector name="http" protocol="HTTP/1.1" scheme="http" socket-binding="http">
<virtual-server name="host1"/>
</connector>
<connector name="http2" protocol="HTTP/1.1" scheme="http" socket-binding="http2">
<virtual-server name="host2"/>
</connector>
The final step is to configure each application with the right jboss-web.xml in WEB-INF:
- For App1.war
<jboss-web>
<virtual-host>host1</virtual-host>
</jboss-web>
- For App2.war
<jboss-web>
<virtual-host>host2</virtual-host>
</jboss-web>
Now each application can be accessed by following the urls:
For App1.war - http://first.com:8080/App1/index.jsp
For App2.war - http://second.com:8543/App2/index.jsp
Please bear in mind that in /etc/hosts of the system, you must add the corresponding virtual-server alias names:
127.0.0.1 localhost.localdomain localhost first.com second.com
I'm trying to replace the Wildfly 10 default homepage (accessed from http://hostname:port) by one of my own web application.
I found a good way to do it by removing some parts of the undertow subsystem of the standalone.xml of my wildfly and by adding a war to the default-web-module.
My problem is that I don't have a war, I have a ear (with a war in it), and it doesn't work with that.
Hereunder is the undertow part of my standalone.xml file :
<subsystem xmlns="urn:jboss:domain:undertow:3.1">
<buffer-cache name="default"/>
<server name="default-server">
<http-listener name="default" socket-binding="http" redirect-socket="https" enable-http2="true"/>
<https-listener name="https" socket-binding="https" security-realm="ApplicationRealm" enable-http2="true"/>
<host name="default-host" alias="localhost" default-web-module="myear.ear/mywar.war">
<access-log pattern="%{i,X-Forwarded-For} %h %{i,SM_UNIVERSALID} %t %H %p %U %q %s %D %T" prefix="http-in" suffix=".log"/>
</host>
</server>
<servlet-container name="default">
<jsp-config/>
<websockets/>
</servlet-container>
<filters>
<response-header name="server-header" header-name="Server" header-value="WildFly/10"/>
<response-header name="x-powered-by-header" header-name="X-Powered-By" header-value="Undertow/1"/>
</filters>
</subsystem>
Can this solution work with an ear instead of a war, or have I to find another way ?
Thank you in advance,
Seb
Finally, I solved it by redirecting the index.html page of the welcome-content folder of WildFly to my application, it's simpler and it works perfectly.
Seb
I want to implement SSO between two apps that are deployed on same instance of Wildfly 9. I have searched about it but never got enough information regarding it.
First thing is we have to start from standalone.xml:
<subsystem xmlns="urn:jboss:domain:undertow:2.0">
<buffer-cache name="default"/>
<server name="default-server">
<http-listener name="default" socket-binding="http" redirect-socket="https"/>
<host name="default-host" alias="localhost">
<location name="/" handler="welcome-content"/>
<filter-ref name="server-header"/>
<filter-ref name="x-powered-by-header"/>
<single-sign-on domain="localhost"/>
</host>
</server>
<servlet-container name="default">
<jsp-config/>
<websockets/>
</servlet-container>
<handlers>
<file name="welcome-content" path="${jboss.home.dir}/welcome-content"/>
</handlers>
<filters>
<response-header name="server-header" header-name="Server" header-value="WildFly/9"/>
<response-header name="x-powered-by-header" header-name="X-Powered-By" header-value="Undertow/1"/>
</filters>
</subsystem>
Then in jboss-web.xml put following entry of security-domain and valve:
<jboss-web>
<security-domain>java:/jaas/other</security-domain>
<valve>
<class-name>org.apache.catalina.authenticator.SingleSignOn</class-name>
</valve>
</jboss-web>
I am not sure about changes in web.xml.
I think we have to provide information about security-constraint and login-config.
Please help me to implement this concept in both clustered and non-clustered environment.
Try to add the following line at default-host host under the default-server server:
<single-sign-on path="/"/>
At the end, it will be like:
<server name="default-server">
<http-listener name="default" socket-binding="http" redirect-socket="https"/>
<host name="default-host" alias="localhost">
<location name="/" handler="welcome-content"/>
<filter-ref name="server-header"/>
<filter-ref name="x-powered-by-header"/>
<single-sign-on path="/"/>
</host>
</server>
I'm using Wildfly 9.0.2 Final.
org.apache.catalina.authenticator.SingleSignOn can't work on WildFly AS, because Tomcat is substituted by Undertow as a web container.
Normally, you don't need any change to jboss-web.xml.
For an IdP based on PicketLink, you can set jboss-web.xml as following to enable the PicketLink Authenticator:
<filter>
<filter-name>IDPFilter</filter-name>
<filter-class>org.picketlink.identity.federation.web.filters.IDPFilter</filter-class>
</filter>
<filter-mapping>
<filter-name>IDPFilter</filter-name>
<url-pattern>/*</url-pattern>
</filter-mapping>
I complete the "tiago mussi" answer, valve are note supported anymore on widlfy because it uses the new webserver undertow, you can put the valve line in jboss-web it will do nothing at all...
<single-sign-on domain="localhost"/>
this is bad syntax because there is a bug in domain sso
<single-sign-on path="/"/>
this is the right syntax then in your web application you will see JSESSIONSSOID or like this name in plus than SESSIONID
picketLink is too much just for use SSO, because it handle API REST SSO, social secure, and it is a specific module with a new mechanism authentication, and furthermore if you will manage several URL you can't because you have to put in configuration the url, it is not dynamic...
I have two different inside wildfly undertow subsystem in order to use two interface on different ip and send different ssl certificate for different domain
<buffer-cache name="default"/>
<server name="default-server">
<http-listener name="default" socket-binding="http"/>
<https-listener name="https-listener" socket-binding="https" security-realm="https_realm1"/>
<host name="default-host" alias="localhost">
<location name="/" handler="welcome-content"/>
<access-log pattern="common" directory="${jboss.server.log.dir}" prefix="access"/>
</host>
</server>
<server name="default-server_secondary">
<http-listener name="default_secondary" socket-binding="http_secondary"/>
<https-listener name="https-listener_secondary" socket-binding="https_secondary" security-realm="realm2"/>
<host name="server.mydomain.com" alias="server.mydomain.com">
<location name="/" handler="welcome-content"/>
<access-log pattern="common" directory="${jboss.server.log.dir}" prefix="access_secondary"/>
<filter-ref name="server-header1"/>
</host>
</server>
By using this configuration and others on interface and socket binding I correctly set my environment.
But the problem is deploy the EAR file in default-server_secondary inside host server.mydomain.com.
How to?
Thank you
I solve it.
Make and edit jboss-web.xml in WAR module
default-server_secondary
server.mydomain.com
How is it possible to configure Jasig's CAS to listen only on HTTPS port (8443)?
We have application divided into two parts, portal and SSO authority (JASIG CAS). Both are running on JBoss AS7 and different machines. Portal and SSO authority are configured to redirect from HTTP (8080) port to HTTPS (8443) port by
<subsystem xmlns="urn:jboss:domain:web:1.0" default-virtual-server="default-host">
<connector name="http" protocol="HTTP/1.1" socket-binding="http" scheme="http" redirect-port="8443"/>
<connector name="https" protocol="HTTP/1.1" socket-binding="https" scheme="https" secure="true">
<ssl name="https" password="pass" certificate-key-file="/path_to_keystore.jks"/>
</connector>
<virtual-server name="default-host">
<alias name="myapp.domain.com"/>
</virtual-server>
</subsystem>
...
<socket-binding name="http" port="8080" fixed-port="true" interface="public"/>
<socket-binding name="https" port="8443" fixed-port="true" interface="public"/>
Port redirection works well on portal part, but CAS ignores the redirection and works at http (8080) as well (shows information about non-secured access).
For correct java web app SSL configuration is necessary to make some part of application secured in web.xml file. Then redirect works flawless.
<security-constraint>
<web-resource-collection>
<web-resource-name>sso secured pages</web-resource-name>
<url-pattern>/*</url-pattern>
</web-resource-collection>
<user-data-constraint>
<transport-guarantee>CONFIDENTIAL</transport-guarantee>
</user-data-constraint>
</security-constraint>