I want to enable gzip compression in wildfly server. I used the following tutorial. Tutorial
This is the gzip enabling code I included in the standalone.xml
<subsystem xmlns="urn:jboss:domain:undertow:1.0">
<buffer-caches>
<buffer-cache name="default" buffer-size="1024" buffers-per-region="1024" max-regions="10"/>
</buffer-caches>
<server name="default-server">
<http-listener name="default" socket-binding="http"/>
<host name="default-host" alias="localhost">
<location name="/" handler="welcome-content" />
**<filter-ref name="gzipFilter" predicate="path-suffix['.css'] or path-suffix['.js']" />**
<filter-ref name="server-header"/>
<filter-ref name="x-powered-by-header"/>
</host>
</server>
<servlet-container name="default" default-buffer-cache="default" stack-trace-on-error="local-only">
<jsp-config/>
</servlet-container>
<handlers>
<file name="welcome-content" path="${jboss.home.dir}/welcome-content" directory-listing="true"/>
</handlers>
<filters>
<response-header name="server-header" header-name="Server" header-value="Wildfly 8"/>
<response-header name="x-powered-by-header" header-name="X-Powered-By" header-value="Undertow 1"/>
<gzip name="gzipFilter"/>
</filters>
</subsystem>
But When I used this code in the Ubuntu 14.04.1 LTS, It works perfectly. But when I installed the application in CentOS Linux release 7.0.1406. It doesn't work. I used the same settings. But I could not figure out the problem so far. I'm very grateful someone can provide your valuable idea.
I recommend you to test upgrade to wildfly 8.2
I has the new undertow 1.1.0 interated which has solved a couple of issues around filters.
I assume your issue is also this:
UNDERTOW-331
Related
With WildFly 8.2.1, I am trying to make existing webservice (JAX-WS) use SSL, but I haven't seen any use of SSL in quickstarts and the information I was able to google is limited. So far I've added this to web.xml:
<security-constraint>
<display-name>Foo security</display-name>
<web-resource-collection>
<web-resource-name>FooService</web-resource-name>
<url-pattern>/foo/FooService</url-pattern>
<http-method>POST</http-method>
</web-resource-collection>
<user-data-constraint>
<transport-guarantee>CONFIDENTIAL</transport-guarantee>
</user-data-constraint>
</security-constraint>
and this is in my standalone.xml:
<subsystem xmlns="urn:jboss:domain:webservices:1.2">
<wsdl-host>${jboss.bind.address:127.0.0.1}</wsdl-host>
<endpoint-config name="Standard-Endpoint-Config"/>
<endpoint-config name="Recording-Endpoint-Config">
<pre-handler-chain name="recording-handlers" protocol-bindings="##SOAP11_HTTP ##SOAP11_HTTP_MTOM ##SOAP12_HTTP ##SOAP12_HTTP_MTOM">
<handler name="RecordingHandler" class="org.jboss.ws.common.invocation.RecordingServerHandler"/>
</pre-handler-chain>
</endpoint-config>
<client-config name="Standard-Client-Config"/>
</subsystem>
but apparently that's not enough; when I look into standalone/data/wsdl/foo.ear/foo.war/FooService/Bar.wsdl I see:
<service name="FooService">
<port binding="foowsb:FooBinding" name="FooBinding">
<soap:address location="http://localhost:8080/foo/FooService"/>
</port>
</service>
Note that in the EAR/WAR, the soap:address.location is filled just with a placeholder (I suppose that the value is ignored).
I've found some info about setting up security realm, and creating the self-signed certificate using keytool (which I did), but I completely miss how this should be linked together.
I've also tried to setup wsdl-uri-scheme=https, but this is supported only in later versions of CXF.
Seems that the soap:address.location value is not ignored when it's being replaced, since changing that from REPLACE_WITH_ACTUAL_URL to https://REPLACE_WITH_ACTUAL_URL did the trick - now the service got exposed on https://localhost:8443.
There is a couple of more steps I had to do in standalone.xml: in undertow, add https-listener:
<https-listener name="secure" socket-binding="https" security-realm="SslRealm"/>
define the SslRealm:
<security-realm name="SslRealm">
<server-identities>
<ssl>
<keystore path="foo.keystore" relative-to="jboss.server.config.dir" keystore-password="foo1234" alias="foo" key-password="foo1234"/>
</ssl>
</server-identities>
<authentication>
<truststore path="foo.truststore" relative-to="jboss.server.config.dir" keystore-password="foo1234"/>
</authentication>
</security-realm>
Note that I reuse the same keystore for server and clients here. And since my clients are ATM in the same WF node during development, I had to setup the client-side part there, too:
<system-properties>
<property name="javax.net.ssl.trustStore" value="${jboss.server.config.dir}/foo.keystore"/>
<property name="javax.net.ssl.trustStorePassword" value="foo1234"/>
<property name="org.jboss.security.ignoreHttpsHost" value="true"/>
</system-properties>
The last property should be replaced in WF 9+ with cxf.tls-client.disableCNCheck.
So I have just finished setting up Icecast on a Centos 7 VPS and everything is working perfectly fine, but i was needing my stream to be SSL...
However i'm not entirely sure how to do it, I looked at Icecast's website and found this page which says it can be done.
http://icecast.org/docs/icecast-2.4.1/config-file.html
However I ain't entirely sure where i'm putting the part as I pretty much just followed a tutorial online how to set it up so i'm not very familiar how it works, i do have a SSL certificate all set up and what not working with my site I just wanted the stream to be SSL too.
Any help would be great thanks!
<!-- LIMITS -->
<limits>
<clients>100</clients>
<sources>10</sources>
<threadpool>5</threadpool>
<queue-size>524288</queue-size>
<client-timeout>30</client-timeout>
<header-timeout>15</header-timeout>
<source-timeout>10</source-timeout>
<burst-on-connect>1</burst-on-connect>
<burst-size>65535</burst-size>
</limits>
<!-- GENRIC -->
<authentication>
<source-password>password</source-password>
<admin-user>admin</admin-user>
<admin-password>password</admin-password>
</authentication>
<hostname>MyHost/IP</hostname>
<listen-socket>
<port>8000</port>
</listen-socket>
<fileserve>1</fileserve>
<!-- PATHES -->
<paths>
<basedir>/opt/icecast/latest/share/icecast</basedir>
<webroot>/opt/icecast/latest/share/icecast/web</webroot>
<adminroot>/opt/icecast/latest/share/icecast/admin</adminroot>
<logdir>/var/log/icecast</logdir>
<pidfile>/var/run/icecast/icecast.pid</pidfile>
<alias source="/" dest="/status.xsl"/>
</paths>
<!-- LOG -->
<logging>
<accesslog>access.log</accesslog>
<errorlog>error.log</errorlog>
<playlistlog>playlist.log</playlistlog>
<loglevel>1</loglevel>
<logsize>10000</logsize>
<logarchive>1</logarchive>
</logging>
<!-- SECURITY -->
<security>
<chroot>0</chroot>
<changeowner>
<user>icecast</user>
<group>icecast</group>
</changeowner>
</security>
You have nothing referring to SSL.
Try replacing this
<!-- GENRIC -->
<authentication>
<source-password>password</source-password>
<admin-user>admin</admin-user>
<admin-password>password</admin-password>
</authentication>
<hostname>MyHost/IP</hostname>
<listen-socket>
<port>8000</port>
</listen-socket>
<fileserve>1</fileserve>
With this
<!-- GENRIC -->
<authentication>
<source-password>password</source-password>
<admin-user>admin</admin-user>
<admin-password>password</admin-password>
</authentication>
<listen-socket>
<port>8000</port>
<bind-address>127.0.0.1</bind-address>
</listen-socket>
<listen-socket>
<port>8443</port>
<ssl>1</ssl>
</listen-socket>
<fileserve>1</fileserve>
I know we can deploy multiple web applications on JBoss 7 or Wildfly. But how can we access different web application with a different port? Where do we set that port for a web application?
For example,
application1 is accessible on x.x.x.x:8080
application2 is accessible on x.x.x.x:30000
application3 is accessible on x.x.x.x:35000
In your standalone you have to set up a different server and host for each application.
<subsystem xmlns="urn:jboss:domain:undertow:1.2">
<server name="server1">
<http-listener name="default" socket-binding="http-server1"/>
<host name="webapp1" default-web-module="webapp1.war" alias="webapp1.com">
</host>
</server>
<server name="server2">
<http-listener name="default" socket-binding="http-server2"/>
<host name="webapp2" default-web-module="webapp2.war" alias="webapp2.com">
</host>
</server>
<!-- Other Settings -->
</subsystem>
For the socketbinding:
<socket-binding-group name="standard-sockets" default-interface="public" port-offset="${jboss.socket.binding.port-offset:0}">
<socket-binding name="http-server1" port="${jboss.http.port:8080}"/>
<socket-binding name="http-server2" port="${jboss.http.port:8081}"/>
<!-- Other ports -->
</socket-binding-group>
And then finally, you can have your .war files in the deployments directory but for configurations like this I sometimes find it easier to set the runtime names explicitly:
<deployments>
<deployment name="webapp1" runtime-name="webapp1.war">
<fs-archive path="/path/to/webapp1.war" />
</deployment>
<deployment name="webapp2" runtime-name="webapp2.war">
<fs-archive path="/path/to/webapp2.war" />
</deployment>
</deployments>
I've got test server and I would like to run many applications on that instance, but there's a problem with SSL certificates. If I'm using single certificate, everything is ok, but if when I add another, there is a problem.
This is my ssl realm configuration :
<security-realm name="ssl-realm">
<server-identities>
<ssl>
<keystore path="cert_one.jks" relative-to="jboss.server.config.dir" keystore-password="1234" key-password="1234"/>
<keystore path="cert_two.jks" relative-to="jboss.server.config.dir" keystore-password="1234" key-password="1234"/>
</ssl>
</server-identities>
</security-realm>
And this is my undertow server configuration:
<server name="default-server">
<http-listener name="default" socket-binding="http"/>
<https-listener name="defaultHttps" socket-binding="https" security-realm="ssl-realm" max-post-size="31457280"/>
<host name="one_app" alias="firstapp.com">
<filter-ref name="server-header"/>
<filter-ref name="x-powered-by-header"/>
</host>
<host name="two_app" alias="secondapp.com">
<filter-ref name="server-header"/>
<filter-ref name="x-powered-by-header"/>
</host>
</server>
As you can see I have two different certificate keystores, one for firstapp.com and another for secondapp.com.
But only certificate for secondapp.com is working. If I delete one of those keystores everything is OK. How to configure two or more certificates for different domains in Wildfly configuration?
I want to remove Server Apache-Coyote/1.1 and X-Powered-By JSP/2.2 from response header in Jboss AS 7.1.1 final. I tried a lot but could not found any thing.
What i tried is
<subsystem xmlns="urn:jboss:domain:web:1.1" default-virtual-server="default-host" native="false">
<configuration>
<static-resources listings="true"/>
<jsp-configuration development="true" x-powered-by="false" display-source-fragment="false"/>
</configuration>
<connector name="http" protocol="HTTP/1.1" scheme="http" socket-binding="http"/>
<virtual-server name="default-host" enable-welcome-root="false">
<alias name="localhost"/>
<alias name="example.com"/>
</virtual-server>
</subsystem>
but this is not working, Still same response headers are comming.
Please help me.
To modify Server header you can use the system property:
org.apache.coyote.http11.Http11Protocol.SERVER
Eg:
<system-properties>
<property name="org.apache.coyote.http11.Http11Protocol.SERVER" value="myserver"/>
</system-properties>
About X-Powered-By header there is a known issue in 7.1.1 that jsp-configuration element is not properly processed by the server and as such none of the settings configured are applied. See jsp configuration is ignored
It was fixed in version 7.1.2, you can download and compile this version, or even better upgrade to WildFly 8.x