Chapter 2. Administering JBoss EAP
2.1. Downloading and installing JBoss EAP
The .zip
file option is a quick, platform-independent way to download and install JBoss EAP.
2.1.1. Downloading JBoss EAP
You must download the JBoss EAP .zip
file before you can install JBoss EAP.
Prerequisites
- Confirm that your system meets the JBoss EAP Supported Configurations.
- Install the latest updates and errata patches.
- Set read and write access for the installation directory.
- Install your desired Java Development Kit (JDK).
-
Optional: Set the
JAVA_HOME
andPATH
environment variables.
Procedure
- Log in to the Red Hat Customer Portal.
- Click Downloads.
- In the Product Downloads list, click Red Hat JBoss Enterprise Application Platform.
- In the Version drop-down menu, select 8.0 Beta.
Find Red Hat JBoss Enterprise Application Platform 8.0 Beta in the list and click the Download link.
The `.zip`file is downloaded to your system.
Additional resources
2.1.2. Installing JBoss EAP
You can install the JBoss EAP .zip
file by extracting the package contents to your desired file location.
Prerequisites
- Download JBoss EAP.
- Confirm that your system meets the JBoss EAP Supported Configurations.
- Install the latest updates and errata patches.
- Set read and write access for the installation directory.
- Install your desired Java Development Kit (JDK).
-
Optional: Set the
JAVA_HOME
andPATH
environment variables.
Procedure
-
Move the
.zip
file to the server and location where you want JBoss EAP to be installed. Extract the
.zip
file.On Linux, use the following command:
$ unzip jboss-eap-8.0.0.zip
On Windows Server, right-click the
.zip
file and select Extract All.The directory created by extracting the
.zip
file is the top-level directory for the JBoss EAP installation. This directory is referred to asEAP_HOME
.
2.2. Starting and stopping JBoss EAP
The method for starting JBoss EAP depends on whether you are running JBoss EAP as a standalone server or on servers in a managed domain.
The method for stopping JBoss EAP depends on whether you are running an interactive or background instance of JBoss EAP.
2.2.1. Starting JBoss EAP as a standalone server
You can run JBoss EAP as a standalone server to manage a single instance of JBoss EAP.
The server starts in a suspended state and does not accept requests until all required services start. After required services start, the server transitions into a normal running state and can start accepting requests.
This startup script uses the EAP_HOME/bin/standalone.conf
file, or standalone.conf.bat
for Windows Server, to set default preferences, such as JVM options. You can customize the settings in this file.
To see a list of startup script arguments in your terminal, use the --help
argument.
JBoss EAP uses the standalone.xml
configuration file by default, but you can start it using a different one.
Prerequisites
- Install JBoss EAP.
Procedure
- Open a terminal.
Start JBoss EAP as a standalone server by using the following script:
$ EAP_HOME/bin/standalone.sh
-
For Windows Server, use the
EAP_HOME\bin\standalone.bat
script.
-
For Windows Server, use the
Additional resources
2.2.2. Starting JBoss EAP for servers in a managed domain
You can run JBoss EAP in a managed domain operating mode to manage several JBoss EAP instances using a single domain controller.
Servers start in a suspended state and do not accept requests until all required services start. After required services start, the servers transition into a normal running state and start accepting requests.
You must start the domain controller before the servers in any of the server groups in the domain.
Prerequisites
- Install JBoss EAP.
Procedure
- Open a terminal.
Start the domain controller first and then start each associated host controller by using the following script:
$ EAP_HOME/bin/domain.sh
-
For Windows Server, use the
EAP_HOME\bin\domain.bat
script.
-
For Windows Server, use the
This startup script uses the EAP_HOME/bin/domain.conf
file, or domain.conf.bat
for Windows Server, to set default preferences, such as JVM options. You can customize the settings in this file.
JBoss EAP uses the host.xml
host configuration file by default, but you can start it using a different configuration file.
When setting up a managed domain, you must pass additional arguments into the startup script.
For a complete listing of all available startup script arguments and their purposes, use the --help
argument.
Additional resources
2.2.3. Stopping an interactive instance of JBoss EAP
You can stop an interactive instance of a standalone server or a domain controller from the terminal where you started it.
Prerequisites
- Have a running instance of JBoss EAP.
Procedure
-
Press
Ctrl+C
in the terminal where you started JBoss EAP.
2.2.4. Stopping a background instance of JBoss EAP
You can connect to the management CLI to shut down a running instance of a standalone server or servers in a managed domain.
Prerequisites
- Have a running instance of JBoss EAP running in a terminal.
Procedure
Start the management CLI by using the following script:
$ EAP_HOME/bin/jboss-cli.sh --connect
Issue the
shutdown
command:shutdown
When running an instance of JBoss EAP on servers in a managed domain, you must specify the host name to shut down by using the --host
argument with the shutdown
command.
2.3. JBoss EAP management
You can configure JBoss EAP using the command-line management CLI, web-based management console, Java API, or HTTP API. Changes you make using these management interfaces persist automatically, and the management API overwrites the XML configuration files. The management CLI and management console are the preferred methods, and it is not recommended to edit the XML configuration files manually.
JBoss EAP uses a simplified configuration, with one configuration file per standalone server or servers in a managed domain.
-
Default configuration for a standalone server is stored in the
EAP_HOME/standalone/configuration/standalone.xml
file. -
Default configuration for servers in a managed domain is stored in the
EAP_HOME/domain/configuration/domain.xml
file. -
Default configuration for a host controller is stored in the
EAP_HOME/domain/configuration/host.xml
file.
2.3.1. Management users
You must add a management user if you want to access the management CLI remotely or use the management console, which is considered remote access even if the traffic originates on the local host. If you attempt to access the management console before adding a management user, you will receive an error message.
The default JBoss EAP configuration provides local authentication so that a user can access the management CLI on the local host without having to authenticate.
If you install JBoss EAP using the graphical installer, the graphical installer creates a management user during the installation process.
2.3.2. Adding a management user
You can add a management user for JBoss EAP using the add-user
script, which is a utility for adding new users to the properties files for immediate authentication.
Prerequisites
- You have installed JBoss EAP.
Procedure
- Start the management CLI.
Run the
add-user
utility script and follow the prompts.$ EAP_HOME/bin/add-user.sh
-
For Windows Server, use the
EAP_HOME\bin\add-user.bat
script.
-
For Windows Server, use the
Press ENTER to select the default option
a
to add a management user.This adds the user to the ManagementRealm and authorizes the user to perform management operations using the management console or management CLI. The other choice,
b
, adds a user to the ApplicationRealm, which is used for applications and provides no particular permissions.Enter a username and password. You must confirm the password when prompted.
NoteUser names can only contain the following characters, in any number and in any order:
- Alphanumeric characters (a-z, A-Z, 0-9)
- Dashes (-), periods (.), commas (,), at sign (@)
- Backslash (\)
- Equals (=)
By default, JBoss EAP allows weak passwords but with a warning.
- Enter a comma-separated list of groups to which the user belongs. If you do not want the user to belong to any groups, press ENTER to leave it blank.
- Review the information and enter yes to confirm.
Determine whether this user represents a remote JBoss EAP server instance. For a basic management user, enter no.
If you are adding a user to the ManagementRealm whom represents a host controller that needs to connect to a domain controller, answer yes to this prompt. You will be given an encoded secret value representing the user’s password that must be added to the host controller’s
host*.xml
file.
You can create users non-interactively by passing parameters to the add-user
script. This approach is not recommended on shared systems, because the passwords will be visible in log and history files.
Additional resources
2.3.3. Running the add-user utility non-interactively
You can run the add-user
script non-interactively by passing in arguments on the command line. At a minimum, the username and password must be provided.
This approach is not recommended on shared systems, because the passwords are visible in log and history files.
Create a user belonging to multiple groups
The following command adds a management user, mgmtuser1
, with the guest
and mgmtgroup
groups:
$ EAP_HOME/bin/add-user.sh -u 'mgmtuser1' -p 'password1!' -g 'guest,mgmtgroup'
Specify an alternative properties file
By default, user and group information created using the add-user
script are stored in properties files located in the server configuration directory.
User information is stored in the following properties files:
-
EAP_HOME/standalone/configuration/mgmt-users.properties
-
EAP_HOME/domain/configuration/mgmt-users.properties
Group information is stored in the following properties files:
-
EAP_HOME/standalone/configuration/mgmt-groups.properties
-
EAP_HOME/domain/configuration/mgmt-groups.properties
The following command adds a new user, specifying a different name and location for the user properties files:
$ EAP_HOME/bin/add-user.sh -u 'mgmtuser2' -p 'password1!' -sc '/path/to/standaloneconfig/' -dc '/path/to/domainconfig/' -up 'newname.properties'
The new user was added to the user properties files located at /path/to/standaloneconfig/newname.properties
and /path/to/domainconfig/newname.properties
. Note that these files must already exist or you will see an error.
For a complete listing of all available add-user
arguments and their purposes, use the --help
argument.
Additional resources
2.3.4. Management CLI
The management command line interface (CLI) is a command line administration tool for JBoss EAP.
Use the management CLI to start and stop servers, deploy and remove applications, configure system settings, and perform other administrative tasks. You can perform operations in batch mode, allowing multiple tasks to be run as a group.
Many common terminal commands are available, such as ls
(list), cd
(change directory), and pwd
(print working directory). The management CLI also supports tab completion.
Start the management CLI
$ EAP_HOME/bin/jboss-cli.sh
For Windows Server, use the EAP_HOME\bin\jboss-cli.bat
script.
Connect to a running server
connect
You can start the management CLI and connect in one step by using the EAP_HOME/bin/jboss-cli.sh --connect
command.
Display help
Use the following command for general help:
help
Use the --help
flag on a command to receive instructions on using that specific command. For instance, to receive information about using deploy
, use the following command:
deploy --help
Quit the management CLI
Use the following command to quit the management CLI:
quit
View system settings
The following command uses the read-attribute
operation to display whether the example datasource is enabled:
/subsystem=datasources/data-source=ExampleDS:read-attribute(name=enabled) { "outcome" => "success", "result" => true }
When running servers in a managed domain, you must specify which profile to update by preceding the command with /profile=PROFILE_NAME
.
/profile=default/subsystem=datasources/data-source=ExampleDS:read-attribute(name=enabled)
View subsystem configuration
The following command uses the read-resource-description
operation to display a description of a given subsystem configuration that includes whether the resource is required, if property replacement is available, etc:
/subsystem=datasources:read-resource-description(recursive=true)
Update system settings
The following command uses the write-attribute
operation to disable the example datasource:
/subsystem=datasources/data-source=ExampleDS:write-attribute(name=enabled,value=false)
Start servers
Use the following command to start and stop servers when running in a managed domain:
/host=HOST_NAME/server-config=server-one:start
2.3.5. Management console
The management console is a web-based administration tool for JBoss EAP.
Use the management console to start and stop servers, deploy and remove applications, tune system settings, and make persistent modifications to the server configuration. The management console can also perform administrative tasks, with live notifications when a user makes any changes that require you to restart or reload the server.
In a managed domain, server instances and server groups in the same domain are centrally managed from the management console of the domain controller.
For a JBoss EAP instance running on the local host using the default management port, you can access the management console through a web browser at http://localhost:9990/console/index.html. You must authenticate with a user role that has permissions to access the management console.
The management console provides the following tabs for navigating and managing your JBoss EAP standalone server or managed domain.
- Home
- Learn how to accomplish several common configuration and management tasks. Take a tour to become familiar with the JBoss EAP management console.
- Deployments
- Add, remove, and enable deployments. In a managed domain, assign deployments to server groups.
- Configuration
- Configure available subsystems, which provide capabilities such as web services, messaging, or high availability. In a managed domain, manage the profiles that contain different subsystem configurations.
- Runtime
- View runtime information, such as server status, JVM usage, and server logs. In a managed domain, manage your hosts, server groups, and servers.
- Patching
- Apply patches to your JBoss EAP instances.
- Access control
- Assign roles to users and groups when using Role-Based Access Control.
2.3.6. Standalone server configuration files
The standalone configuration files are located in the EAP_HOME/standalone/configuration/
directory. A separate file exists for each of the five predefined profiles (default, ha, full, full-ha, load-balancer). These are example configuration files that you can modify using the management CLI when you start JBoss EAP.
Configuration file | Purpose |
---|---|
| This standalone configuration file is the default configuration that is used when you start your standalone server. It corresponds to the Jakarta EE Web profile and contains all information about the server, including subsystems, networking, deployments, socket bindings, and other configurable details. It does not provide the subsystems necessary for messaging or high availability. |
|
This standalone configuration file includes all of the default subsystems and adds the |
|
This standalone configuration file includes all of the default subsystems and adds the |
| This standalone configuration file includes support for every possible subsystem, including those for messaging and high availability. |
| This standalone configuration file includes the minimum subsystems necessary to use the built-in mod_cluster front-end load balancer to load balance other JBoss EAP instances. |
By default, starting JBoss EAP as a standalone server uses the standalone.xml
file. To start JBoss EAP with a different configuration, use the --server-config
argument. For example,
$ EAP_HOME/bin/standalone.sh --server-config=standalone-full.xml
2.3.7. Managed domain configuration files
The managed domain configuration files are located in the EAP_HOME/domain/configuration/
directory. These are example configuration files that you can modify using the management CLI when you start JBoss EAP.
Configuration file | Purpose |
---|---|
| This is the main configuration file for a managed domain. Only the domain master reads this file. This file contains the configurations for all of the profiles (default, ha, full, full-ha, load-balancer). |
|
This file includes configuration details specific to a physical host in a managed domain, such as network interfaces, socket bindings, the name of the host, and other host-specific details. The |
|
This file includes only the configuration details necessary to run a server as the managed domain controller. The |
|
This file includes only the configuration details necessary to run a server as a managed domain host controller. It does not define a domain controller and you must configure a domain controller address for |
By default, starting JBoss EAP in a managed domain uses the host.xml
file. To start JBoss EAP with a different configuration, use the --host-config
argument. For example,
$ EAP_HOME/bin/domain.sh --host-config=host-master.xml
2.3.8. Backing up configuration data
To restore your JBoss EAP server configuration, you must back up your data in the following locations:
EAP_HOME/standalone/configuration/
- Back up the entire directory to save user data, server configuration, and logging settings for standalone servers.
_EAP_HOME/standalone/data
- Back up data for managed deployments that are confined in the data/content directory.
EAP_HOME/standalone/deployments
- Back up deployments for standalone servers.
EAP_HOME/domain/configuration/
- Back up the entire directory to save user and profile data, domain and host configuration, and logging settings for managed domains.
EAP_HOME/domain/data
- Back up data for managed domains and deployments in managed domains that are confined in the data/content directory.
EAP_HOME/modules/
- Back up any custom modules.
EAP_HOME/welcome-content/
- Back up any custom welcome content.
EAP_HOME/bin/
- Back up any custom scripts or startup configuration files.
2.3.9. Configuration file snapshots
To assist in the maintenance and management of the server, JBoss EAP creates a timestamped version of the original configuration file at the time of startup.
Any additional configuration changes made by management operations will result in the original file being automatically backed up, and a working copy of the instance being preserved for reference and rollback. Additionally, configuration snapshots can be taken, which are point-in-time copies of the current server configuration. These snapshots can be saved and loaded by an administrator.
The following examples use the standalone.xml
file, but the same process applies to the domain.xml
and host.xml
files.
Take a snapshot
Use the management CLI to take a snapshot of the current configurations.
:take-snapshot
{
"outcome" => "success",
"result" => "EAP_HOME/standalone/configuration/standalone_xml_history/snapshot/20151022-133109702standalone.xml"
}
List snapshots
Use the management CLI to list all snapshots.
:list-snapshots
{
"outcome" => "success",
"result" => {
"directory" => "EAP_HOME/standalone/configuration/standalone_xml_history/snapshot",
"names" => [
"20151022-133109702standalone.xml",
"20151022-132715958standalone.xml"
]
}
}
Delete a snapshot
Use the management CLI to delete a snapshot.
:delete-snapshot(name=20151022-133109702standalone.xml)
2.3.10. Starting the server with a snapshot
You can start a server using a snapshot or an automatically-saved version of the configuration.
Prerequisites
- You have installed JBoss EAP.
- You have taken a snapshot of the configuration file.
Procedure
-
Navigate to the
EAP_HOME/standalone/configuration/standalone_xml_history
directory and identify the snapshot or saved configuration file to be loaded. Start the server and point to the selected configuration file. Pass in the file path relative to the configuration directory,
EAP_HOME/standalone/configuration/
.$ EAP_HOME/bin/standalone.sh --server-config=standalone_xml_history/snapshot/20151022-133109702standalone.xml
When running servers in a managed domain, use the --host-config
and --domain-config=<config>
arguments instead to specify the configuration file.
2.3.11. Property replacement
You can use expressions in JBoss EAP to define replaceable properties in place of literal values in the configuration.
Using property replacement in standalone*.xml
or domain.xml
configuration files will replace the property with the value found in a system property. System properties are defined in the EAP profile xml file or by typing -D
command from the command line terminal.
To determine if property replacement is allowed in a given subsystem, use the following command to display a description of a subsystem configuration:
/subsystem=datasources:read-resource-description(recursive=true)
If the expressions-allowed
attribute is set to true
, property replacement is allowed.
Expressions use the format ${PARAMETER:DEFAULT_VALUE}
. If the specified parameter is set, then the parameter’s value will be used. Otherwise, the default value provided will be used.
The supported sources for resolving expressions are system properties and environment variables. When resolving expressions using environment variables, use the format ${env.LANG}
.
The following example from the standalone.xml
configuration file sets the inet-address
for the public
interface to 127.0.0.1
unless the jboss.bind.address
parameter is set.
<interface name="public"> <inet-address value="${jboss.bind.address:127.0.0.1}"/> </interface>
You can use the following command to set the jboss.bind.address
parameter when starting EAP as a standalone server:
$ EAP_HOME/bin/standalone.sh -Djboss.bind.address=IP_ADDRESS
For deployments only, the source can be properties listed in a META-INF/jboss.properties
file in the deployment archive. For deployment types that support subdeployments, the resolution is scoped to all subdeployments if the properties file is in the outer deployment, for example the EAR. If the properties file is in the subdeployment, then the resolution is scoped just to that subdeployment.
2.3.12. Nested expressions
You can nest expressions, which allows for more advanced use of expressions in place of fixed values.
The format of a nested expression is like that of a normal expression, but one expression is embedded in the other, for example:
${SYSTEM_VALUE_1${SYSTEM_VALUE_2}}
JBoss EAP evaluates nested expressions recursively, so the inner expression is first evaluated, then the outer expression is evaluated. Expressions can also be recursive, where an expression resolves to another expression, which is then resolved. Nested expressions are permitted anywhere that expressions are permitted, with the exception of management CLI commands.
You might use a nested expression if a datasource definition password is masked, for example. The configuration for the datasource might have the following line:
<password>${VAULT::ds_ExampleDS::password::1}</password>
A system property (datasource_name
) replaces the value of ds_ExampleDS
using a nested expression. The following line is an example configuration for the datasource:
<password>${VAULT::${datasource_name}::password::1}</password>
JBoss EAP would first evaluate the expression ${datasource_name}
, then input this to the larger expression and evaluate the resulting expression. The advantage of this configuration is that the name of the datasource is abstracted from the fixed configuration.
2.3.13. Deployment descriptor-based property replacement
Deployment descriptor-based property replacement substitutes properties based on descriptors, so that you can remove assumptions about the environment from the application and the build chain.
Environment-specific configurations can be specified in deployment descriptors rather than annotations or build system scripts. You can provide configuration in files or as parameters at the command line.
Application configuration, such as datasource connection parameters, typically varies between development, testing, and production environments. This variance is sometimes accommodated by build system scripts, as the Jakarta EE specification does not contain a method to externalize these configurations. With JBoss EAP, you can use descriptor-based property replacement to manage configuration externally.
The spec-descriptor-property-replacement
flag controls Jakarta EE descriptor replacement, and JBoss EAP disables it by default. When it’s enabled, you can replace properties in the following deployment descriptors:
-
ejb-jar.xml
-
permissions.xml
-
persistence.xml
-
application.xml
-
web.xml
You can use the following management CLI command to enable or disable property replacement in Jakarta EE descriptors:
/subsystem=ee:write-attribute(name="spec-descriptor-property-replacement",value=VALUE)
The jboss-descriptor-property-replacement
flag controls JBoss-specific descriptor replacement, and JBoss EAP enables it by default. When it’s enabled, you can replace properties in the following deployment descriptors:
-
jboss-ejb3.xml
-
jboss-app.xml
-
jboss-web.xml
-
jboss-permissions.xml
-
*-jms.xml
-
*-ds.xml
Use the following management CLI command to enable or disable property replacement in JBoss EAP-specific descriptors:
/subsystem=ee:write-attribute(name="jboss-descriptor-property-replacement",value=VALUE)
The annotation-property-replacement
flag controls property replacement inside of annotations, and it is not enabled by default. When it’s enabled, you can replace properties in the annotation attributes inside of application classes.
Use the following management CLI command to enable or disable property replacement in annotations:
/subsystem=ee:write-attribute(name="annotation-property-replacement",value=VALUE)
2.4. JBoss EAP network and port configuration
You can configure the network accessibility of various services with JBoss EAP as well as use port offsets to easily run multiple JBoss EAP instances on the same machine using the same interface. Network configuration is organized in terms of interfaces and socket bindings.
Use the following detailed information about each of these network and port configurations to run JBoss EAP successfully.
2.4.1. Interfaces
JBoss EAP references named interfaces throughout the configuration. You can configure JBoss EAP to reference individual interface declarations with logical names rather than requiring the full details of the interface at each use.
You can also experience easier configuration in a managed domain where network interface details can vary across multiple machines. Each server instance can correspond to a logical name group.
The standalone.xml
, domain.xml
, and host.xml
files all include interface declarations. There are several preconfigured interface names, depending on which default configuration is used. The management
interface can be used for all components and services that require the management layer, including the HTTP management endpoint. The public
interface can be used for all application-related network communications. The unsecure
interface is used for IIOP sockets in the standard configuration. The private
interface is used for JGroups sockets in the standard configuration.
2.4.1.1. Default interface configurations
JBoss EAP includes the following four default interfaces:
<interfaces> <interface name="management"> <inet-address value="${jboss.bind.address.management:127.0.0.1}"/> </interface> <interface name="public"> <inet-address value="${jboss.bind.address:127.0.0.1}"/> </interface> <interface name="private"> <inet-address value="${jboss.bind.address.private:127.0.0.1}"/> </interface> <interface name="unsecure"> <inet-address value="${jboss.bind.address.unsecure:127.0.0.1}"/> </interface> </interfaces>
By default, JBoss EAP binds these interfaces to 127.0.0.1
, but these values can be overridden at runtime by setting the appropriate property. For example, the inet-address
of the public
interface can be set when starting JBoss EAP as a standalone server with the following command.
$ EAP_HOME/bin/standalone.sh -Djboss.bind.address=IP_ADDRESS
Alternatively, you can use the -b
switch on the server start command line.
If you modify the default network interfaces or ports that JBoss EAP uses, you must also change any scripts that use the modified interfaces or ports. These include JBoss EAP service scripts, as well as specifying the correct interface and port when accessing the management console or management CLI.
Additional resources
2.4.1.2. Optional interface configurations
Network interfaces are declared by specifying a logical name and selection criteria for the physical interface. The selection criteria can reference a wildcard address or specify a set of one or more characteristics that an interface or address must have to be a valid match.
You can configure interfaces using the management console or the management CLI. The information later in this section includes several examples of adding and updating interfaces. The management CLI command is shown first, followed by the corresponding configuration XML.
Additional resources
2.4.1.2.1. Interface with a NIC value
You can use the following example to add a new interface with a NIC value of eth0
.
/interface=external:add(nic=eth0)
<interface name="external"> <nic name="eth0"/> </interface>
2.4.1.2.2. Interface with several conditional values
You can use the following example to add a new interface that matches any interface or address on the correct subnet if it is running, supports multicast, and is not point-to-point.
/interface=default:add(subnet-match=192.168.0.0/16,up=true,multicast=true,not={point-to-point=true})
<interface name="default"> <subnet-match value="192.168.0.0/16"/> <up/> <multicast/> <not> <point-to-point/> </not> </interface>
2.4.1.2.3. Updates to an interface attribute
In this example, you can update the public
interface’s default inet-address
value, keeping the jboss.bind.address
property so that you can set this value at runtime.
/interface=public:write-attribute(name=inet-address,value="${jboss.bind.address:192.168.0.0}")
<interface name="public"> <inet-address value="${jboss.bind.address:192.168.0.0}"/> </interface>
2.4.1.2.4. Additional interfaces to a server in a managed domain
You can add more interfaces to a server in a managed domain using the following code.
/host=HOST_NAME/server-config=SERVER_NAME/interface=INTERFACE_NAME:add(inet-address=127.0.0.1)
<servers> <server name="SERVER_NAME" group="main-server-group"> <interfaces> <interface name="INTERFACE_NAME"> <inet-address value="127.0.0.1"/> </interface> </interfaces> </server> </servers>
2.4.2. Socket bindings
Use socket bindings and socket binding groups to define network ports and their relationship to the networking interfaces required for your JBoss EAP configuration. A socket binding is a named configuration for a socket. A socket binding group is a collection of socket binding declarations that are grouped under a logical name.
This allows other sections of the configuration to reference socket bindings by their logical name, rather than requiring the full details of the socket configuration at each use.
You can find the declarations for these named configurations in the standalone.xml
and domain.xml
configuration files. A standalone server contains only one socket binding group, while a managed domain can contain multiple groups. You can create a socket binding group for each server group in the managed domain, or share a socket binding group between multiple server groups.
The ports JBoss EAP uses by default depend on which socket binding groups are used and the requirements of your individual deployments.
There are three types of socket bindings that can be defined in a socket binding group in the JBoss EAP configuration:
- Inbound socket bindings
-
The
socket-binding
element is used to configure inbound socket bindings for the JBoss EAP server. The default JBoss EAP configurations provide several preconfiguredsocket-binding
elements, for example, for HTTP and HTTPS traffic. - Remote outbound socket bindings
-
The
remote-destination-outbound-socket-binding
element is used to configure outbound socket bindings for destinations that are remote to the JBoss EAP server. The default JBoss EAP configurations provide an example remote destination socket binding that can be used for a mail server. - Local outbound socket bindings
-
The
local-destination-outbound-socket-binding
element is used to configure outbound socket bindings for destinations that are local to the JBoss EAP server. This type of socket binding is not expected to be commonly used.
Additional resources
2.4.2.1. Management ports
By default, JBoss EAP 8.0 Beta uses port 9990
for both native management, used by the management CLI, and HTTP management, used by the web-based management console. Port 9999
, which was used as the native management port in JBoss EAP 6, is no longer used but can still be enabled if desired.
If HTTPS is enabled for the management console, then port 9993
is used by default.
2.4.2.2. Default socket bindings
JBoss EAP ships with a socket binding group for each of the five predefined profiles (default, ha, full, full-ha, load-balancer).
If you modify the default network interfaces or ports that JBoss EAP uses, you must also change any scripts that use the modified interfaces or ports. These include JBoss EAP service scripts, as well as specifying the correct interface and port when accessing the management console or management CLI.
Additional resources
2.4.2.2.1. Socket binding group for a standalone server
When running as a standalone server, only one socket binding group is defined per configuration file. Each standalone configuration file (standalone.xml
, standalone-ha.xml
, standalone-full.xml
, standalone-full-ha.xml
, standalone-load-balancer.xml
) defines socket bindings for the technologies used by its corresponding profile.
For example, the default standalone configuration file (standalone.xml
) specifies the following socket bindings.
<socket-binding-group name="standard-sockets" default-interface="public" port-offset="${jboss.socket.binding.port-offset:0}"> <socket-binding name="management-http" interface="management" port="${jboss.management.http.port:9990}"/> <socket-binding name="management-https" interface="management" port="${jboss.management.https.port:9993}"/> <socket-binding name="ajp" port="${jboss.ajp.port:8009}"/> <socket-binding name="http" port="${jboss.http.port:8080}"/> <socket-binding name="https" port="${jboss.https.port:8443}"/> <socket-binding name="txn-recovery-environment" port="4712"/> <socket-binding name="txn-status-manager" port="4713"/> <outbound-socket-binding name="mail-smtp"> <remote-destination host="localhost" port="25"/> </outbound-socket-binding> </socket-binding-group>
2.4.2.2.2. Socket binding groups in a managed domain
When running in a managed domain, all socket binding groups are defined in the domain.xml
file. There are five predefined socket binding groups:
-
standard-sockets
-
ha-sockets
-
full-sockets
-
full-ha-sockets
-
load-balancer-sockets
Each socket binding group specifies socket bindings for the technologies used by its corresponding profile. For example, the full-ha-sockets
socket binding group defines several jgroups
socket bindings, which are used by the full-ha profile for high availability.
<socket-binding-groups> <socket-binding-group name="standard-sockets" default-interface="public"> <!-- Needed for server groups using the 'default' profile --> <socket-binding name="ajp" port="${jboss.ajp.port:8009}"/> <socket-binding name="http" port="${jboss.http.port:8080}"/> <socket-binding name="https" port="${jboss.https.port:8443}"/> <socket-binding name="txn-recovery-environment" port="4712"/> <socket-binding name="txn-status-manager" port="4713"/> <outbound-socket-binding name="mail-smtp"> <remote-destination host="localhost" port="25"/> </outbound-socket-binding> </socket-binding-group> <socket-binding-group name="ha-sockets" default-interface="public"> <!-- Needed for server groups using the 'ha' profile --> ... </socket-binding-group> <socket-binding-group name="full-sockets" default-interface="public"> <!-- Needed for server groups using the 'full' profile --> ... </socket-binding-group> <socket-binding-group name="full-ha-sockets" default-interface="public"> <!-- Needed for server groups using the 'full-ha' profile --> <socket-binding name="ajp" port="${jboss.ajp.port:8009}"/> <socket-binding name="http" port="${jboss.http.port:8080}"/> <socket-binding name="https" port="${jboss.https.port:8443}"/> <socket-binding name="iiop" interface="unsecure" port="3528"/> <socket-binding name="iiop-ssl" interface="unsecure" port="3529"/> <socket-binding name="jgroups-mping" interface="private" port="0" multicast-address="${jboss.default.multicast.address:230.0.0.4}" multicast-port="45700"/> <socket-binding name="jgroups-tcp" interface="private" port="7600"/> <socket-binding name="jgroups-udp" interface="private" port="55200" multicast-address="${jboss.default.multicast.address:230.0.0.4}" multicast-port="45688"/> <socket-binding name="modcluster" port="0" multicast-address="224.0.1.105" multicast-port="23364"/> <socket-binding name="txn-recovery-environment" port="4712"/> <socket-binding name="txn-status-manager" port="4713"/> <outbound-socket-binding name="mail-smtp"> <remote-destination host="localhost" port="25"/> </outbound-socket-binding> </socket-binding-group> <socket-binding-group name="load-balancer-sockets" default-interface="public"> <!-- Needed for server groups using the 'load-balancer' profile --> ... </socket-binding-group> </socket-binding-groups>
The socket configuration for the management interfaces is defined in the domain controller’s host.xml
file.
2.4.2.3. Configuring socket bindings
When defining a socket binding, you can configure the port
and interface
attributes, as well as multicast settings such as multicast-address
and multicast-port
.
Procedure
Socket bindings can be configured using the management console or the management CLI. The following steps go through adding a socket binding group, adding a socket binding, and configuring socket binding settings using the management CLI.
Add a new socket binding group.
NoteYou cannot add an additional socket binding when running an instance of JBoss EAP as a standalone server. You can remove, add, or modify the existing socket binding.
/socket-binding-group=new-sockets:add(default-interface=public)
Add a socket binding.
/socket-binding-group=new-sockets/socket-binding=new-socket-binding:add(port=1234)
Change the socket binding to use an interface other than the default, which is set by the socket binding group.
/socket-binding-group=new-sockets/socket-binding=new-socket-binding:write-attribute(name=interface,value=unsecure)
The following example shows how the XML configuration may look after the above steps have been completed.
<socket-binding-groups> ... <socket-binding-group name="new-sockets" default-interface="public"> <socket-binding name="new-socket-binding" interface="unsecure" port="1234"/> </socket-binding-group> </socket-binding-groups>
Additional resources
2.4.2.4. Port offsets
A port offset is a numeric offset value added to all port values specified in the socket binding group for that server. This allows the server to inherit the port values defined in its socket binding group, with an offset to ensure that it does not conflict with any other servers on the same host and interface. For instance, if the HTTP port of the socket binding group is 8080
, and a server uses a port offset of 100
, then its HTTP port is 8180
.
The information later is this section is an example of setting a port offset of 250
for a server in a managed domain using the management CLI.
/host=master/server-config=server-two/:write-attribute(name=socket-binding-port-offset,value=250)
Port offsets can be used for servers in a managed domain and for running multiple standalone servers on the same host.
You can pass in a port offset when starting a standalone server using the jboss.socket.binding.port-offset
property.
$ EAP_HOME/bin/standalone.sh -Djboss.socket.binding.port-offset=100
Port offset is defined in JBoss Profiles with the system property name. You can change the system property name or remove it and hard code the port offset setting.
<socket-binding-group name="standard-sockets" default-interface="public" port-offset ="${jboss.socket.binding.port-offset:0}">
2.4.3. IPv6 addresses
By default, JBoss EAP is configured to run using IPv4 addresses. The following procedures describe how to configure JBoss EAP to run using IPv6 addresses.
2.4.3.1. Configuring the JVM Stack for IPv6 Addresses
You can configure your JBoss EAP to run using IPv6.
Procedure
To update your start-up configuration to run on IPv6 addresses, complete the following steps.
Open the startup configuration file.
-
When running as a standalone server, edit the
EAP_HOME/bin/standalone.conf
file (orstandalone.conf.bat
for Windows Server). -
When running in a managed domain, edit the
EAP_HOME/bin/domain.conf
file (ordomain.conf.bat
for Windows Server).
-
When running as a standalone server, edit the
Set the
java.net.preferIPv4Stack
property tofalse
.-Djava.net.preferIPv4Stack=false
Append the
java.net.preferIPv6Addresses
property and set it totrue
.-Djava.net.preferIPv6Addresses=true
The following example shows how the JVM options in the startup configuration file may look after making the above changes.
# # Specify options to pass to the Java VM. # if [ "x$JAVA_OPTS" = "x" ]; then JAVA_OPTS="-Xms1303m -Xmx1303m -XX:MaxPermSize=256m -Djava.net.preferIPv4Stack=true" JAVA_OPTS="$JAVA_OPTS -Djboss.modules.system.pkgs=$JBOSS_MODULES_SYSTEM_PKGS -Djava.awt.headless=true" JAVA_OPTS="$JAVA_OPTS -Djboss.modules.policy-permissions=true" else echo "JAVA_OPTS already set in environment; overriding default settings with values: $JAVA_OPTS" fi
2.4.3.2. Default interface values updated to IPv6 addresses
The default interface values in the configuration can be changed to IPv6 addresses. For example, the following management CLI command sets the management
interface to the IPv6 loopback address (::1
).
/interface=management:write-attribute(name=inet-address,value="${jboss.bind.address.management:[::1]}")
After running the previous command, the following example shows how the XML configuration might look.
<interfaces> <interface name="management"> <inet-address value="${jboss.bind.address.management:[::1]}"/> </interface> .... </interfaces>
2.5. Optimization of the JBoss EAP server configuration
Apply the latest updates to JBoss EAP to stay current on security CVEs and other customer reported bug fixes.
Once you have installed the JBoss EAP server, and you have created a management user, optimize your server configuration.
Common optimizations include: * Setting ulimits
to ensure that your operating system provides enough file descriptors needed for web connections * Adjusting the thread pool size