Accessing Multiple web applications on Jboss7 or Wildfly - jboss7.x

I know we can deploy multiple web applications on JBoss 7 or Wildfly. But how can we access different web application with a different port? Where do we set that port for a web application?
For example,
application1 is accessible on x.x.x.x:8080
application2 is accessible on x.x.x.x:30000
application3 is accessible on x.x.x.x:35000

In your standalone you have to set up a different server and host for each application.
<subsystem xmlns="urn:jboss:domain:undertow:1.2">
<server name="server1">
<http-listener name="default" socket-binding="http-server1"/>
<host name="webapp1" default-web-module="webapp1.war" alias="webapp1.com">
</host>
</server>
<server name="server2">
<http-listener name="default" socket-binding="http-server2"/>
<host name="webapp2" default-web-module="webapp2.war" alias="webapp2.com">
</host>
</server>
<!-- Other Settings -->
</subsystem>
For the socketbinding:
<socket-binding-group name="standard-sockets" default-interface="public" port-offset="${jboss.socket.binding.port-offset:0}">
<socket-binding name="http-server1" port="${jboss.http.port:8080}"/>
<socket-binding name="http-server2" port="${jboss.http.port:8081}"/>
<!-- Other ports -->
</socket-binding-group>
And then finally, you can have your .war files in the deployments directory but for configurations like this I sometimes find it easier to set the runtime names explicitly:
<deployments>
<deployment name="webapp1" runtime-name="webapp1.war">
<fs-archive path="/path/to/webapp1.war" />
</deployment>
<deployment name="webapp2" runtime-name="webapp2.war">
<fs-archive path="/path/to/webapp2.war" />
</deployment>
</deployments>

Related

Making Icecast SSL

So I have just finished setting up Icecast on a Centos 7 VPS and everything is working perfectly fine, but i was needing my stream to be SSL...
However i'm not entirely sure how to do it, I looked at Icecast's website and found this page which says it can be done.
http://icecast.org/docs/icecast-2.4.1/config-file.html
However I ain't entirely sure where i'm putting the part as I pretty much just followed a tutorial online how to set it up so i'm not very familiar how it works, i do have a SSL certificate all set up and what not working with my site I just wanted the stream to be SSL too.
Any help would be great thanks!
<!-- LIMITS -->
<limits>
<clients>100</clients>
<sources>10</sources>
<threadpool>5</threadpool>
<queue-size>524288</queue-size>
<client-timeout>30</client-timeout>
<header-timeout>15</header-timeout>
<source-timeout>10</source-timeout>
<burst-on-connect>1</burst-on-connect>
<burst-size>65535</burst-size>
</limits>
<!-- GENRIC -->
<authentication>
<source-password>password</source-password>
<admin-user>admin</admin-user>
<admin-password>password</admin-password>
</authentication>
<hostname>MyHost/IP</hostname>
<listen-socket>
<port>8000</port>
</listen-socket>
<fileserve>1</fileserve>
<!-- PATHES -->
<paths>
<basedir>/opt/icecast/latest/share/icecast</basedir>
<webroot>/opt/icecast/latest/share/icecast/web</webroot>
<adminroot>/opt/icecast/latest/share/icecast/admin</adminroot>
<logdir>/var/log/icecast</logdir>
<pidfile>/var/run/icecast/icecast.pid</pidfile>
<alias source="/" dest="/status.xsl"/>
</paths>
<!-- LOG -->
<logging>
<accesslog>access.log</accesslog>
<errorlog>error.log</errorlog>
<playlistlog>playlist.log</playlistlog>
<loglevel>1</loglevel>
<logsize>10000</logsize>
<logarchive>1</logarchive>
</logging>
<!-- SECURITY -->
<security>
<chroot>0</chroot>
<changeowner>
<user>icecast</user>
<group>icecast</group>
</changeowner>
</security>
You have nothing referring to SSL.
Try replacing this
<!-- GENRIC -->
<authentication>
<source-password>password</source-password>
<admin-user>admin</admin-user>
<admin-password>password</admin-password>
</authentication>
<hostname>MyHost/IP</hostname>
<listen-socket>
<port>8000</port>
</listen-socket>
<fileserve>1</fileserve>
With this
<!-- GENRIC -->
<authentication>
<source-password>password</source-password>
<admin-user>admin</admin-user>
<admin-password>password</admin-password>
</authentication>
<listen-socket>
<port>8000</port>
<bind-address>127.0.0.1</bind-address>
</listen-socket>
<listen-socket>
<port>8443</port>
<ssl>1</ssl>
</listen-socket>
<fileserve>1</fileserve>

Wildfly many domains with many ssl certificate

I've got test server and I would like to run many applications on that instance, but there's a problem with SSL certificates. If I'm using single certificate, everything is ok, but if when I add another, there is a problem.
This is my ssl realm configuration :
<security-realm name="ssl-realm">
<server-identities>
<ssl>
<keystore path="cert_one.jks" relative-to="jboss.server.config.dir" keystore-password="1234" key-password="1234"/>
<keystore path="cert_two.jks" relative-to="jboss.server.config.dir" keystore-password="1234" key-password="1234"/>
</ssl>
</server-identities>
</security-realm>
And this is my undertow server configuration:
<server name="default-server">
<http-listener name="default" socket-binding="http"/>
<https-listener name="defaultHttps" socket-binding="https" security-realm="ssl-realm" max-post-size="31457280"/>
<host name="one_app" alias="firstapp.com">
<filter-ref name="server-header"/>
<filter-ref name="x-powered-by-header"/>
</host>
<host name="two_app" alias="secondapp.com">
<filter-ref name="server-header"/>
<filter-ref name="x-powered-by-header"/>
</host>
</server>
As you can see I have two different certificate keystores, one for firstapp.com and another for secondapp.com.
But only certificate for secondapp.com is working. If I delete one of those keystores everything is OK. How to configure two or more certificates for different domains in Wildfly configuration?

gzip Cannot enable in Wildfly 8?

I want to enable gzip compression in wildfly server. I used the following tutorial. Tutorial
This is the gzip enabling code I included in the standalone.xml
<subsystem xmlns="urn:jboss:domain:undertow:1.0">
<buffer-caches>
<buffer-cache name="default" buffer-size="1024" buffers-per-region="1024" max-regions="10"/>
</buffer-caches>
<server name="default-server">
<http-listener name="default" socket-binding="http"/>
<host name="default-host" alias="localhost">
<location name="/" handler="welcome-content" />
**<filter-ref name="gzipFilter" predicate="path-suffix['.css'] or path-suffix['.js']" />**
<filter-ref name="server-header"/>
<filter-ref name="x-powered-by-header"/>
</host>
</server>
<servlet-container name="default" default-buffer-cache="default" stack-trace-on-error="local-only">
<jsp-config/>
</servlet-container>
<handlers>
<file name="welcome-content" path="${jboss.home.dir}/welcome-content" directory-listing="true"/>
</handlers>
<filters>
<response-header name="server-header" header-name="Server" header-value="Wildfly 8"/>
<response-header name="x-powered-by-header" header-name="X-Powered-By" header-value="Undertow 1"/>
<gzip name="gzipFilter"/>
</filters>
</subsystem>
But When I used this code in the Ubuntu 14.04.1 LTS, It works perfectly. But when I installed the application in CentOS Linux release 7.0.1406. It doesn't work. I used the same settings. But I could not figure out the problem so far. I'm very grateful someone can provide your valuable idea.
I recommend you to test upgrade to wildfly 8.2
I has the new undertow 1.1.0 interated which has solved a couple of issues around filters.
I assume your issue is also this:
UNDERTOW-331

Disable X-Powered-By in JBOSS AS 7.1.1 Final

I want to remove Server Apache-Coyote/1.1 and X-Powered-By JSP/2.2 from response header in Jboss AS 7.1.1 final. I tried a lot but could not found any thing.
What i tried is
<subsystem xmlns="urn:jboss:domain:web:1.1" default-virtual-server="default-host" native="false">
<configuration>
<static-resources listings="true"/>
<jsp-configuration development="true" x-powered-by="false" display-source-fragment="false"/>
</configuration>
<connector name="http" protocol="HTTP/1.1" scheme="http" socket-binding="http"/>
<virtual-server name="default-host" enable-welcome-root="false">
<alias name="localhost"/>
<alias name="example.com"/>
</virtual-server>
</subsystem>
but this is not working, Still same response headers are comming.
Please help me.
To modify Server header you can use the system property:
org.apache.coyote.http11.Http11Protocol.SERVER
Eg:
<system-properties>
<property name="org.apache.coyote.http11.Http11Protocol.SERVER" value="myserver"/>
</system-properties>
About X-Powered-By header there is a known issue in 7.1.1 that jsp-configuration element is not properly processed by the server and as such none of the settings configured are applied. See jsp configuration is ignored
It was fixed in version 7.1.2, you can download and compile this version, or even better upgrade to WildFly 8.x

JBoss mutual certificate authentication fails on SSL Handshake

I followed all the steps in this blogpost http://virgo47.wordpress.com/2010/08/23/tomcat-web-application-with-ssl-client-certificates/ except for the fact that I'm using JBoss7.0.2 and not the 6.x version.
The goal is to ask any clients to provide a client certificate and achieve mutual authentication between the client and the server.
I have created a certification authority (CA) to sign the client and server certificates.
I have imported the server certificate into the keystore and added an HTTPS connector to the standalone.xml configuration file to serve HTTPS requests on the 8443 port.
I have imported the CA root certificate into the Certificate Manager under Authorities in client's Firefox.
Everything works fine and when I request https://localhost:8443 I get a page with a valid server certificate.
The problem is, when I import the client certificate into the Certificate Manager in Firefox and set the server configuration to verify client certificates (verify-client="true" in standalone.xml) I get a browser error:
Secure Connection Failed:
An error occurred during a connection to localhost:8443.
SSL peer cannot verify your certificate.
(Error code: ssl_error_bad_cert_alert)
while the jboss log on the server states:
11:01:31,142 DEBUG [org.apache.tomcat.util.net.JIoEndpoint] (http-localhost-127.0.0.1-8443-1) Handshake failed: java.io.IOException: SSL handshake failed. Ciper suite in SSL Session is SSL_NULL_WITH_NULL_NULL
at org.apache.tomcat.util.net.jsse.JSSESocketFactory.handshake(JSSESocketFactory.java:191) [jbossweb-7.0.1.Final.jar:7.0.2.Final]
at org.apache.tomcat.util.net.JIoEndpoint.setSocketOptions(JIoEndpoint.java:1144) [jbossweb-7.0.1.Final.jar:7.0.2.Final]
at org.apache.tomcat.util.net.JIoEndpoint$Worker.run(JIoEndpoint.java:952) [jbossweb-7.0.1.Final.jar:7.0.2.Final]
at java.lang.Thread.run(Thread.java:662) [:1.6.0_30]
Do you have any idea how to resolve this problem?
My setup:
Localhost server:
sovo#sovo-pc:~$ cat /etc/issue
Ubuntu 10.10
JBoss 7.0.2 Final standalone.xml (relevant parts):
<management>
<security-realms>
<security-realm name="PropertiesMgmtSecurityRealm">
<authentication>
<properties path="mgmt-users.properties" relative-to="jboss.server.config.dir"/>
</authentication>
</security-realm>
</security-realms>
<management-interfaces>
<native-interface interface="management" port="9999"/>
<http-interface interface="management" port="9990"/>
</management-interfaces>
</management>
<profile>
<subsystem xmlns="urn:jboss:domain:security:1.0">
<security-domains>
<security-domain name="other" cache-type="default">
<authentication>
<login-module code="Disabled" flag="required"/>
</authentication>
</security-domain>
</security-domains>
</subsystem>
<subsystem xmlns="urn:jboss:domain:web:1.0" default-virtual-server="default-host">
<connector name="https" protocol="HTTP/1.1" socket-binding="https" scheme="https" enable-lookups="false" secure="true">
<ssl name="ssl" key-alias="sercer" password="changeit" certificate-key-file="/usr/share/jboss7.0.2/standalone/configuration/certificates/keystore.jks" protocol="TLSv1" verify-client="true" ca-certificate-file="/usr/share/jboss7.0.2/standalone/configuration/certificates/cacerts.jks"/>
</connector>
<virtual-server name="default-host" enable-welcome-root="true">
<alias name="localhost"/>
<alias name="example.com"/>
</virtual-server>
</subsystem>
<subsystem xmlns="urn:jboss:domain:weld:1.0"/>
</profile>
<interfaces>
<interface name="management">
<inet-address value="${jboss.bind.address.management:127.0.0.1}"/>
</interface>
<interface name="public">
<inet-address value="${jboss.bind.address:127.0.0.1}"/>
<inet-address value="${jboss.bind.address:localhost}"/>
</interface>
</interfaces>
<socket-binding-group name="standard-sockets" default-interface="public">
<socket-binding name="http" port="8080"/>
<socket-binding name="https" port="8443"/>
<socket-binding name="jmx-connector-registry" port="1090" interface="management"/>
<socket-binding name="jmx-connector-server" port="1091" interface="management"/>
<socket-binding name="jndi" port="1099"/>
<socket-binding name="osgi-http" port="8090" interface="management"/>
<socket-binding name="remoting" port="4447"/>
<socket-binding name="txn-recovery-environment" port="4712"/>
<socket-binding name="txn-status-manager" port="4713"/>
</socket-binding-group>
Java version:
sovo#sovo-pc:~$ java -version
java version "1.6.0_30"
Java(TM) SE Runtime Environment (build 1.6.0_30-b12)
Java HotSpot(TM) Server VM (build 20.5-b03, mixed mode)
sovo#sovo-pc:~$ javac -version
javac 1.6.0_30
I'll be happy to provide other relevant information if needed.
You might want to give a try by adding cipher suite you your ssl connector:
<ssl name="ssl" key-alias="sercer" password="changeit" certificate-key-file="/usr/share/jboss7.0.2/standalone/configuration/certificates/keystore.jks" protocol="TLSv1" verify-client="true" ca-certificate-file="/usr/share/jboss7.0.2/standalone/configuration/certificates/cacerts.jks" cipher-suite="AES+RSA"/>