I need to configure 2 https ports (5480 and 8443) in jboss 7 ( I did this jboss 5 adding one more connector port). I tried creating two https connector ports in standalone-full.xml but it did not work.
Following is my current configuration for 8443 https port and I need another port 5480 as well.
<subsystem xmlns="urn:jboss:domain:web:1.2" default-virtual-server="default-host" native="false">
<connector name="https" protocol="HTTP/1.1" scheme="https" socket-binding="https" secure="true">
<ssl key-alias="tomcat" password="FOO#Bar-1" certificate-key-file="${jboss.server.config.dir}/keystore" cipher-suite="TLS_DHE_RSA_WITH_AES_256_CBC_SHA,TLS_DHE_RSA_WITH_AES_128_CBC_SHA,SSL_RSA_WITH_RC4_128_MD5" protocol="TLS" verify-client="false"/>
</ connector >
</subsystem>
<socket-binding name="https" port="8443"/>
Unless you changed some configuration, your standalone jboss container reads configuration from standalone.xml rather than from standalone-full.xml. The "full" version is like an example file.
Related
I want to have more information on how configuring the Thread-pool in JBoss. My aim is to have a server that can treat as many queries as possible at the same time.
Considering that in JBoss EAP 7+ you don't have the server.xml anymore, so then you just need to edit your standalone.xml or domain.xml to include the max number of threads:
<!-- A HTTP/1.1 Connector on port 8080 -->
<Connector protocol="HTTP/1.1" port="8080" address="${jboss.bind.address}" connectionTimeout="20000" redirectPort="8443" maxThreads="300" />
I'm talking here about Undertow threads, which are shared with EJB.
There is also the IO threads that are using to connect with DB for example.
Using the ServiceBindingManager referencing the "sample-bindings.xml" configuration in the /conf/jboss-service.xml:
<mbean code="org.jboss.services.binding.ServiceBindingManager"
name="jboss.system:service=ServiceBindingManager">
<attribute name="ServerName">myserver</attribute>
<attribute name="StoreURL">${jboss.home.url}/docs/examples/binding-manager/sample-bindings.xml</attribute>
<attribute name="StoreFactoryClassName">
org.jboss.services.binding.XMLServicesStoreFactory
</attribute>
</mbean>
1) Having enabled the ServiceBindingManager does it mean the "server.xml" ports are overwritten by the sample-bindings.xml defined ports?
<!-- A "Connector" represents an endpoint by which requests are received
and responses are returned. Documentation at :
Java HTTP Connector: /docs/config/http.html (blocking & non-blocking)
Java AJP Connector: /docs/config/ajp.html
APR (HTTP/AJP) Connector: /docs/apr.html
Define a non-SSL HTTP/1.1 Connector on port 8080
-->
<Connector port="8080" address="${jboss.bind.address}"
maxThreads="250" maxHttpHeaderSize="8192"
emptySessionPath="true" protocol="HTTP/1.1"
compression="on"
compressionMinSize="2048"
noCompressionUserAgents="gozilla, traviata"
compressableMimeType="text/html,text/xml,text/javascript,application/x-javascript,text/css,text/plain"
enableLookups="false" redirectPort="8443" acceptCount="100"
connectionTimeout="20000" disableUploadTimeout="true" server="server1" />
<!-- Define a SSL HTTP/1.1 Connector on port 8443
This connector uses the JSSE configuration, when using APR, the
connector should be using the OpenSSL style configuration
described in the APR documentation -->
<Connector port="8443" protocol="HTTP/1.1" SSLEnabled="true"
maxThreads="250" scheme="https" secure="true"
maxHttpHeaderSize="8192"
emptySessionPath="true"
address="${jboss.bind.address}"
keystoreFile="${jboss.server.home.dir}/conf/server.keystore"
keystorePass="xx"
truststoreFile="${jboss.server.home.dir}/conf/server.keystore"
truststorePass="xx"
clientAuth="false" sslProtocol="TLS" server="server1" />
2) If the server.xml ports are not relevant any more, how can the TLS server certificate still be used?
After some googling, it does look like sample-bindings.xml ports will override server.xml ports related settings and is mainly used for running multiple instances of JBoss on the same server/machine. On the SSL scertificate, if the keystores appear to be no longer found - you can add them as program arguments either in the JAVA_OPTS section of run.conf (I'm assuming you're using an older version of JBoss) or you can add them to the command line or script you use to start JBoss, for example:
/home/jboss/jboss-eap-5.1/jboss-as/bin/./run.sh -Djavax.net.ssl.keyStore=server.keystore -Djavax.net.ssl.trustStore=server.keystore -Djavax.net.ssl.trustStorePassword=xx -Djavax.net.ssl.keyStorePassword=xx > /dev/null 2>&1 &
Note, you'd need the correct paths to the files.
We use the same keystore/truststore program arguments at work on many Jboss instances.
I've just downloaded a java application called "test-app" that I obtained from http://www.coreservlets.com/Apache-Tomcat-Tutorial/tomcat-7-with-eclipse.html and I setup tomcat 7 in eclipse.
When I started the server I navigated to http://localhost/test-app and got a page could not be found error, but when I went to http://localhost:8080/test-app/ the page came up correctly.
Why is this occurring? The tutorial I'm following states that I should be able to navigate to the page without the 8080.
I believe port 8080 is the default port for tomcat installations. There should be a file called conf/server.xml which you can change it from 8080 to 80.
Look in server.xml for this line:
<Connector port="8080" maxHttpHeaderSize="8192"
maxThreads="150" minSpareThreads="25" maxSpareThreads="75"
enableLookups="false" redirectPort="8443" acceptCount="100"
connectionTimeout="20000" disableUploadTimeout="true" />
And change Connector port="8080" to Connector port="80"
I have Jboss server in Linux boxes. And I configured apache server in windows machine. I am able to see all the jboss server nodes in my modcluster manager console.
I have deployed one camel application on all the jboss servers. And I have done the performance test with 2,4,6 nodes. But there is no performance difference.......
Find the jboss configuration
<subsystem xmlns="urn:jboss:domain:modcluster:1.0">
<mod-cluster-config proxy-list="x.x.x.x:6666" advertise="false">
<dynamic-load-provider>
<load-metric type="busyness"/>
</dynamic-load-provider>
</mod-cluster-config>
</subsystem>
For parallel execution of nodes, whether I have to do any other configurations...
Thanks in advance................
1 - download last version of mod_cluster at this link and extract it..
2 - configure your mod_cluster at the httpd.conf file like above..
Listen ##PUT THE BALANCER IP HERE##:80
############### mod_cluster Setting - STARTED ###############
<IfModule ssl_module>
SSLRandomSeed startup builtin
SSLRandomSeed connect builtin
</IfModule>
# MOD_CLUSTER_ADDS
# Adjust to you hostname and subnet.
<IfModule manager_module>
Listen ##PUT THE BALANCER IP HERE##:6666
ManagerBalancerName mycluster
<VirtualHost ##PUT THE MACHINE IP HERE##:6666>
<Location />
Order deny,allow
Deny from all
Allow from 192.168.0
</Location>
KeepAliveTimeout 300
MaxKeepAliveRequests 0
AdvertiseFrequency 5
EnableMCPMReceive
<Location /mod_cluster_manager>
SetHandler mod_cluster-manager
Order deny,allow
Deny from all
Allow from 192.168.0
</Location>
</VirtualHost>
</IfModule>
############### mod_cluster Setting - ENDED ###############
3 - Set each of your jboss node's name
<server name="node1" xmlns="urn:jboss:domain:1.2">
4 - Add the instance-id attribute in web subsystem as shown below in both the standalone nodes
<subsystem xmlns="urn:jboss:domain:web:1.1" instance-id="${jboss.node.name}" default-virtual-server="default-host" native="false">
<connector name="http" protocol="HTTP/1.1" scheme="http" socket-binding="http"/>
<connector name="ajp" protocol="AJP/1.3" scheme="http" socket-binding="ajp"/>
.
.
.
</subsystem>
5 - Add the proxy-list in the attribute in mod-cluster-config of modcluster subsystem, which would be having IP Address and Port on which your Apache server (the balancer) is running so that JBoss server can communicate with it, as shown below in both the standalone nodes
<subsystem xmlns="urn:jboss:domain:modcluster:1.0">
<mod-cluster-config advertise-socket="modcluster" proxy-list="##PUT THE BALANCER IP HERE##:80">
.
.
.
</mod-cluster-config>
</subsystem>
6 - Now you can go to http://BALANCER_IP:80 and test it and to manage the jboss instances with mod_cluster go to http://BALANCER_IP:6666/mod_cluster_manager
**Obs: if you want to run jboss in standalone mode you CANNOT use the "-b" flag with the ip 0.0.0.0 that listens requests from all IPs.. I recommend you use the IP of the machine that's running the jboss itself
with sticky-session="true" (default), balancer keeps sending requests to the particular node to whom the session belongs as long as it is healthy.
If you tell me how did you test, especially: how many clients vs. how many requests, or not etc., I will be able to help you.
Furthermore, consider editing capacity attribute of load-metric element.
BTW: "busyness" considers threads in thread pool being occupied with serving requests. You might find that this is not the bottleneck of your system. You might want to add heap, requests or other metrics. See http://docs.jboss.org/mod_cluster/1.2.0/html_single/
I am trying to run my application in jboss 7 from jboss 4. In jboss 4 we changed server.xml to configure keystoreFile and keystorePass etc. Can any one help me where to make these changes in jboss7.
The server.xml equivalent in Jboss 7 is a standalone/configuration/standalone.xml for a standalone installation and domain.xml for a domain aware one.
I'm not sure where those options are or how you're supposed to configure it in Jboss 7, but start with standalone.xml file first.
Edit the file standalone/configuration/standalone.xml:
<subsystem xmlns="urn:jboss:domain:web:1.0" default-virtual-server="default-host">
<connector name="http" scheme="http" protocol="HTTP/1.1" socket-binding="http"/>
<virtual-server name="default-host" enable-welcome-root="true">
<alias name="localhost" />
<alias name="example.com" />
</virtual-server>
</subsystem>
Replace thew connector tag with following one:
<connector name="https" scheme="https" protocol="HTTP/1.1" secure =”true” socket- binding="https" ssl=”your certificate name”/>
You should avoid touching the config XMLs yourself.
Rather let it up to domain controller and host controller,
and configure your server through the means mentioned here:
JBoss AS 7 JMX Console
Update:
For manual configuration, try the Web UI - http://localhost:9990/.
For automated configuration, try CLI scripts.
To develop and debug CLI commands, try jboss-cli.sh --gui.
But if you really must, it's in standalone/configuration/standalone.xml:
<subsystem xmlns="urn:jboss:domain:web:1.0" ...>
The schema is here: http://www.jboss.org/schema/jbossas/jboss-as-web_1_2.xsd
(or later versions).
Recommended way to change the AS 7 model is anyway by means of the Command Line Interface.
For example, you can set the socket binding port of the HTTP port to 8090 with :
/socket-binding-group=standard-sockets/socket-binding=http:write-attribute(name="port", value="8090")
JBoss EAP 7 uses the Undertow web server and configures it via the undertow subsystem (which replaces the web subsystem used in previous versions). SSL/TLS setup using the CLI is described in Setting up an SSL/TLS for Applications. If you would like to directly modify the standalone.xml file, the instructions can be translated to:
Add and configure an HTTPS security realm. - under /server/management/security-realms add an HTTPS security-realm element, for example
<security-realm name="HTTPSRealm">
<server-identities>
<ssl>
<keystore path="/path/to/your/keystore/myKeystore.jks"
keystore-password="myKeystorePassword"
alias="mySSLKeyPairAlias"
key-password="mySSLKeyPairPassword" />
</ssl>
</server-identities>
</security-realm>
Update the undertow subsystem to use the HTTPS security realm. - under /server/profile find the Undertow subsystem element (e.g. <subsystem xmlns="urn:jboss:domain:undertow:3.1">). It has a server child element to which you add an https-listener element referencing your HTTPSRealm created in step 1 above, for example
<https-listener name="default-ssl" socket-binding="https" security-realm="HTTPSRealm" />
More details can be found at these related links:
Security Realms
Security Realm Detailed Configuration
https-listener Attributes