Search

Chapter 2. Administering JBoss EAP

download PDF

2.1. Downloading and installing JBoss EAP

The .zip file option is a quick, platform-independent way to download and install JBoss EAP.

2.1.1. Downloading JBoss EAP

You must download the JBoss EAP .zip file before you can install JBoss EAP.

Prerequisites

  • Confirm that your system meets the JBoss EAP Supported Configurations.
  • Install the latest updates and errata patches.
  • Set read and write access for the installation directory.
  • Install your desired Java Development Kit (JDK).
  • Optional: Set the JAVA_HOME and PATH environment variables.

Procedure

  1. Log in to the Red Hat Customer Portal.
  2. Click Downloads.
  3. In the Product Downloads list, click Red Hat JBoss Enterprise Application Platform.
  4. In the Version drop-down menu, select 8.0 Beta.
  5. Find Red Hat JBoss Enterprise Application Platform 8.0 Beta in the list and click the Download link.

    The `.zip`file is downloaded to your system.

Additional resources

2.1.2. Installing JBoss EAP

You can install the JBoss EAP .zip file by extracting the package contents to your desired file location.

Prerequisites

  • Download JBoss EAP.
  • Confirm that your system meets the JBoss EAP Supported Configurations.
  • Install the latest updates and errata patches.
  • Set read and write access for the installation directory.
  • Install your desired Java Development Kit (JDK).
  • Optional: Set the JAVA_HOME and PATH environment variables.

Procedure

  1. Move the .zip file to the server and location where you want JBoss EAP to be installed.
  2. Extract the .zip file.

    1. On Linux, use the following command:

      $ unzip jboss-eap-8.0.0.zip
    2. On Windows Server, right-click the .zip file and select Extract All.

      The directory created by extracting the .zip file is the top-level directory for the JBoss EAP installation. This directory is referred to as EAP_HOME.

2.2. Starting and stopping JBoss EAP

The method for starting JBoss EAP depends on whether you are running JBoss EAP as a standalone server or on servers in a managed domain.

The method for stopping JBoss EAP depends on whether you are running an interactive or background instance of JBoss EAP.

2.2.1. Starting JBoss EAP as a standalone server

You can run JBoss EAP as a standalone server to manage a single instance of JBoss EAP.

The server starts in a suspended state and does not accept requests until all required services start. After required services start, the server transitions into a normal running state and can start accepting requests.

This startup script uses the EAP_HOME/bin/standalone.conf file, or standalone.conf.bat for Windows Server, to set default preferences, such as JVM options. You can customize the settings in this file.

Note

To see a list of startup script arguments in your terminal, use the --help argument.

JBoss EAP uses the standalone.xml configuration file by default, but you can start it using a different one.

Prerequisites

  • Install JBoss EAP.

Procedure

  1. Open a terminal.
  2. Start JBoss EAP as a standalone server by using the following script:

    $ EAP_HOME/bin/standalone.sh
    1. For Windows Server, use the EAP_HOME\bin\standalone.bat script.

2.2.2. Starting JBoss EAP for servers in a managed domain

You can run JBoss EAP in a managed domain operating mode to manage several JBoss EAP instances using a single domain controller.

Servers start in a suspended state and do not accept requests until all required services start. After required services start, the servers transition into a normal running state and start accepting requests.

You must start the domain controller before the servers in any of the server groups in the domain.

Prerequisites

  • Install JBoss EAP.

Procedure

  1. Open a terminal.
  2. Start the domain controller first and then start each associated host controller by using the following script:

    $ EAP_HOME/bin/domain.sh
    • For Windows Server, use the EAP_HOME\bin\domain.bat script.

This startup script uses the EAP_HOME/bin/domain.conf file, or domain.conf.bat for Windows Server, to set default preferences, such as JVM options. You can customize the settings in this file.

JBoss EAP uses the host.xml host configuration file by default, but you can start it using a different configuration file.

When setting up a managed domain, you must pass additional arguments into the startup script.

Note

For a complete listing of all available startup script arguments and their purposes, use the --help argument.

2.2.3. Stopping an interactive instance of JBoss EAP

You can stop an interactive instance of a standalone server or a domain controller from the terminal where you started it.

Prerequisites

  • Have a running instance of JBoss EAP.

Procedure

  • Press Ctrl+C in the terminal where you started JBoss EAP.

2.2.4. Stopping a background instance of JBoss EAP

You can connect to the management CLI to shut down a running instance of a standalone server or servers in a managed domain.

Prerequisites

  • Have a running instance of JBoss EAP running in a terminal.

Procedure

  1. Start the management CLI by using the following script:

    $ EAP_HOME/bin/jboss-cli.sh --connect
  2. Issue the shutdown command:

    shutdown

When running an instance of JBoss EAP on servers in a managed domain, you must specify the host name to shut down by using the --host argument with the shutdown command.

2.3. JBoss EAP management

You can configure JBoss EAP using the command-line management CLI, web-based management console, Java API, or HTTP API. Changes you make using these management interfaces persist automatically, and the management API overwrites the XML configuration files. The management CLI and management console are the preferred methods, and it is not recommended to edit the XML configuration files manually.

JBoss EAP uses a simplified configuration, with one configuration file per standalone server or servers in a managed domain.

  • Default configuration for a standalone server is stored in the EAP_HOME/standalone/configuration/standalone.xml file.
  • Default configuration for servers in a managed domain is stored in the EAP_HOME/domain/configuration/domain.xml file.
  • Default configuration for a host controller is stored in the EAP_HOME/domain/configuration/host.xml file.

2.3.1. Management users

You must add a management user if you want to access the management CLI remotely or use the management console, which is considered remote access even if the traffic originates on the local host. If you attempt to access the management console before adding a management user, you will receive an error message.

The default JBoss EAP configuration provides local authentication so that a user can access the management CLI on the local host without having to authenticate.

If you install JBoss EAP using the graphical installer, the graphical installer creates a management user during the installation process.

2.3.2. Adding a management user

You can add a management user for JBoss EAP using the add-user script, which is a utility for adding new users to the properties files for immediate authentication.

Prerequisites

  • You have installed JBoss EAP.

Procedure

  1. Start the management CLI.
  2. Run the add-user utility script and follow the prompts.

    $ EAP_HOME/bin/add-user.sh
    • For Windows Server, use the EAP_HOME\bin\add-user.bat script.
  3. Press ENTER to select the default option a to add a management user.

    This adds the user to the ManagementRealm and authorizes the user to perform management operations using the management console or management CLI. The other choice, b, adds a user to the ApplicationRealm, which is used for applications and provides no particular permissions.

  4. Enter a username and password. You must confirm the password when prompted.

    Note

    User names can only contain the following characters, in any number and in any order:

    • Alphanumeric characters (a-z, A-Z, 0-9)
    • Dashes (-), periods (.), commas (,), at sign (@)
    • Backslash (\)
    • Equals (=)

    By default, JBoss EAP allows weak passwords but with a warning.

  5. Enter a comma-separated list of groups to which the user belongs. If you do not want the user to belong to any groups, press ENTER to leave it blank.
  6. Review the information and enter yes to confirm.
  7. Determine whether this user represents a remote JBoss EAP server instance. For a basic management user, enter no.

    If you are adding a user to the ManagementRealm whom represents a host controller that needs to connect to a domain controller, answer yes to this prompt. You will be given an encoded secret value representing the user’s password that must be added to the host controller’s host*.xml file.

You can create users non-interactively by passing parameters to the add-user script. This approach is not recommended on shared systems, because the passwords will be visible in log and history files.

2.3.3. Running the add-user utility non-interactively

You can run the add-user script non-interactively by passing in arguments on the command line. At a minimum, the username and password must be provided.

Warning

This approach is not recommended on shared systems, because the passwords are visible in log and history files.

Create a user belonging to multiple groups

The following command adds a management user, mgmtuser1, with the guest and mgmtgroup groups:

$ EAP_HOME/bin/add-user.sh -u 'mgmtuser1' -p 'password1!' -g 'guest,mgmtgroup'
Specify an alternative properties file

By default, user and group information created using the add-user script are stored in properties files located in the server configuration directory.

User information is stored in the following properties files:

  • EAP_HOME/standalone/configuration/mgmt-users.properties
  • EAP_HOME/domain/configuration/mgmt-users.properties

Group information is stored in the following properties files:

  • EAP_HOME/standalone/configuration/mgmt-groups.properties
  • EAP_HOME/domain/configuration/mgmt-groups.properties

The following command adds a new user, specifying a different name and location for the user properties files:

$ EAP_HOME/bin/add-user.sh -u 'mgmtuser2' -p 'password1!' -sc '/path/to/standaloneconfig/' -dc '/path/to/domainconfig/' -up 'newname.properties'

The new user was added to the user properties files located at /path/to/standaloneconfig/newname.properties and /path/to/domainconfig/newname.properties. Note that these files must already exist or you will see an error.

Note

For a complete listing of all available add-user arguments and their purposes, use the --help argument.

Additional resources

2.3.4. Management CLI

The management command line interface (CLI) is a command line administration tool for JBoss EAP.

Use the management CLI to start and stop servers, deploy and remove applications, configure system settings, and perform other administrative tasks. You can perform operations in batch mode, allowing multiple tasks to be run as a group.

Many common terminal commands are available, such as ls (list), cd (change directory), and pwd (print working directory). The management CLI also supports tab completion.

Start the management CLI
$ EAP_HOME/bin/jboss-cli.sh
Note

For Windows Server, use the EAP_HOME\bin\jboss-cli.bat script.

Connect to a running server
connect

You can start the management CLI and connect in one step by using the EAP_HOME/bin/jboss-cli.sh --connect command.

Display help

Use the following command for general help:

help

Use the --help flag on a command to receive instructions on using that specific command. For instance, to receive information about using deploy, use the following command:

deploy --help
Quit the management CLI

Use the following command to quit the management CLI:

quit
View system settings

The following command uses the read-attribute operation to display whether the example datasource is enabled:

/subsystem=datasources/data-source=ExampleDS:read-attribute(name=enabled)
{
    "outcome" => "success",
    "result" => true
}

When running servers in a managed domain, you must specify which profile to update by preceding the command with /profile=PROFILE_NAME.

/profile=default/subsystem=datasources/data-source=ExampleDS:read-attribute(name=enabled)
View subsystem configuration

The following command uses the read-resource-description operation to display a description of a given subsystem configuration that includes whether the resource is required, if property replacement is available, etc:

/subsystem=datasources:read-resource-description(recursive=true)
Update system settings

The following command uses the write-attribute operation to disable the example datasource:

/subsystem=datasources/data-source=ExampleDS:write-attribute(name=enabled,value=false)
Start servers

Use the following command to start and stop servers when running in a managed domain:

/host=HOST_NAME/server-config=server-one:start

2.3.5. Management console

The management console is a web-based administration tool for JBoss EAP.

Use the management console to start and stop servers, deploy and remove applications, tune system settings, and make persistent modifications to the server configuration. The management console can also perform administrative tasks, with live notifications when a user makes any changes that require you to restart or reload the server.

In a managed domain, server instances and server groups in the same domain are centrally managed from the management console of the domain controller.

For a JBoss EAP instance running on the local host using the default management port, you can access the management console through a web browser at http://localhost:9990/console/index.html. You must authenticate with a user role that has permissions to access the management console.

The management console provides the following tabs for navigating and managing your JBoss EAP standalone server or managed domain.

Home
Learn how to accomplish several common configuration and management tasks. Take a tour to become familiar with the JBoss EAP management console.
Deployments
Add, remove, and enable deployments. In a managed domain, assign deployments to server groups.
Configuration
Configure available subsystems, which provide capabilities such as web services, messaging, or high availability. In a managed domain, manage the profiles that contain different subsystem configurations.
Runtime
View runtime information, such as server status, JVM usage, and server logs. In a managed domain, manage your hosts, server groups, and servers.
Patching
Apply patches to your JBoss EAP instances.
Access control
Assign roles to users and groups when using Role-Based Access Control.

2.3.6. Standalone server configuration files

The standalone configuration files are located in the EAP_HOME/standalone/configuration/ directory. A separate file exists for each of the five predefined profiles (default, ha, full, full-ha, load-balancer). These are example configuration files that you can modify using the management CLI when you start JBoss EAP.

Table 2.1. Standalone configuration files
Configuration filePurpose

standalone.xml

This standalone configuration file is the default configuration that is used when you start your standalone server. It corresponds to the Jakarta EE Web profile and contains all information about the server, including subsystems, networking, deployments, socket bindings, and other configurable details. It does not provide the subsystems necessary for messaging or high availability.

standalone-ha.xml

This standalone configuration file includes all of the default subsystems and adds the modcluster and jgroups subsystems for high availability. It does not provide the subsystems necessary for messaging.

standalone-full.xml

This standalone configuration file includes all of the default subsystems and adds the messaging-activemq and iiop-openjdk subsystems. It corresponds to the Jakarta EE full profile and does not provide the subsystems necessary for high availability.

standalone-full-ha.xml

This standalone configuration file includes support for every possible subsystem, including those for messaging and high availability.

standalone-load-balancer.xml

This standalone configuration file includes the minimum subsystems necessary to use the built-in mod_cluster front-end load balancer to load balance other JBoss EAP instances.

By default, starting JBoss EAP as a standalone server uses the standalone.xml file. To start JBoss EAP with a different configuration, use the --server-config argument. For example,

$ EAP_HOME/bin/standalone.sh --server-config=standalone-full.xml

2.3.7. Managed domain configuration files

The managed domain configuration files are located in the EAP_HOME/domain/configuration/ directory. These are example configuration files that you can modify using the management CLI when you start JBoss EAP.

Table 2.2. Managed domain configuration files
Configuration filePurpose

domain.xml

This is the main configuration file for a managed domain. Only the domain master reads this file. This file contains the configurations for all of the profiles (default, ha, full, full-ha, load-balancer).

host.xml

This file includes configuration details specific to a physical host in a managed domain, such as network interfaces, socket bindings, the name of the host, and other host-specific details. The host.xml file includes all of the features of both host-master.xml and host-slave.xml, which are described in this table.

host-master.xml

This file includes only the configuration details necessary to run a server as the managed domain controller. The host-master.xml file defines itself as the domain controller and does not define any server instances.

host-slave.xml

This file includes only the configuration details necessary to run a server as a managed domain host controller. It does not define a domain controller and you must configure a domain controller address for host-slave.xml to connect to. This xml file represents an example configuration where host-slave.xml runs on a machine and is managed by a remote domain controller. The machine acts as a host controller to define and start server instances. The domain controller manages these server instances.

By default, starting JBoss EAP in a managed domain uses the host.xml file. To start JBoss EAP with a different configuration, use the --host-config argument. For example,

$ EAP_HOME/bin/domain.sh --host-config=host-master.xml

2.3.8. Backing up configuration data

To restore your JBoss EAP server configuration, you must back up your data in the following locations:

  • EAP_HOME/standalone/configuration/

    • Back up the entire directory to save user data, server configuration, and logging settings for standalone servers.
  • _EAP_HOME/standalone/data

    • Back up data for managed deployments that are confined in the data/content directory.
  • EAP_HOME/standalone/deployments

    • Back up deployments for standalone servers.
  • EAP_HOME/domain/configuration/

    • Back up the entire directory to save user and profile data, domain and host configuration, and logging settings for managed domains.
  • EAP_HOME/domain/data

    • Back up data for managed domains and deployments in managed domains that are confined in the data/content directory.
  • EAP_HOME/modules/

    • Back up any custom modules.
  • EAP_HOME/welcome-content/

    • Back up any custom welcome content.
  • EAP_HOME/bin/

    • Back up any custom scripts or startup configuration files.

2.3.9. Configuration file snapshots

To assist in the maintenance and management of the server, JBoss EAP creates a timestamped version of the original configuration file at the time of startup.

Any additional configuration changes made by management operations will result in the original file being automatically backed up, and a working copy of the instance being preserved for reference and rollback. Additionally, configuration snapshots can be taken, which are point-in-time copies of the current server configuration. These snapshots can be saved and loaded by an administrator.

The following examples use the standalone.xml file, but the same process applies to the domain.xml and host.xml files.

Take a snapshot

Use the management CLI to take a snapshot of the current configurations.

:take-snapshot
{
    "outcome" => "success",
    "result" => "EAP_HOME/standalone/configuration/standalone_xml_history/snapshot/20151022-133109702standalone.xml"
}
List snapshots

Use the management CLI to list all snapshots.

:list-snapshots
{
    "outcome" => "success",
    "result" => {
        "directory" => "EAP_HOME/standalone/configuration/standalone_xml_history/snapshot",
        "names" => [
            "20151022-133109702standalone.xml",
            "20151022-132715958standalone.xml"
        ]
    }
}
Delete a snapshot

Use the management CLI to delete a snapshot.

:delete-snapshot(name=20151022-133109702standalone.xml)

2.3.10. Starting the server with a snapshot

You can start a server using a snapshot or an automatically-saved version of the configuration.

Prerequisites

  • You have installed JBoss EAP.
  • You have taken a snapshot of the configuration file.

Procedure

  1. Navigate to the EAP_HOME/standalone/configuration/standalone_xml_history directory and identify the snapshot or saved configuration file to be loaded.
  2. Start the server and point to the selected configuration file. Pass in the file path relative to the configuration directory, EAP_HOME/standalone/configuration/.

    $ EAP_HOME/bin/standalone.sh --server-config=standalone_xml_history/snapshot/20151022-133109702standalone.xml
Note

When running servers in a managed domain, use the --host-config and --domain-config=<config> arguments instead to specify the configuration file.

2.3.11. Property replacement

You can use expressions in JBoss EAP to define replaceable properties in place of literal values in the configuration.

Using property replacement in standalone*.xml or domain.xml configuration files will replace the property with the value found in a system property. System properties are defined in the EAP profile xml file or by typing -D command from the command line terminal.

To determine if property replacement is allowed in a given subsystem, use the following command to display a description of a subsystem configuration:

/subsystem=datasources:read-resource-description(recursive=true)

If the expressions-allowed attribute is set to true, property replacement is allowed.

Expressions use the format ${PARAMETER:DEFAULT_VALUE}. If the specified parameter is set, then the parameter’s value will be used. Otherwise, the default value provided will be used.

The supported sources for resolving expressions are system properties and environment variables. When resolving expressions using environment variables, use the format ${env.LANG}.

The following example from the standalone.xml configuration file sets the inet-address for the public interface to 127.0.0.1 unless the jboss.bind.address parameter is set.

<interface name="public">
    <inet-address value="${jboss.bind.address:127.0.0.1}"/>
</interface>

You can use the following command to set the jboss.bind.address parameter when starting EAP as a standalone server:

$ EAP_HOME/bin/standalone.sh -Djboss.bind.address=IP_ADDRESS
Note

For deployments only, the source can be properties listed in a META-INF/jboss.properties file in the deployment archive. For deployment types that support subdeployments, the resolution is scoped to all subdeployments if the properties file is in the outer deployment, for example the EAR. If the properties file is in the subdeployment, then the resolution is scoped just to that subdeployment.

2.3.12. Nested expressions

You can nest expressions, which allows for more advanced use of expressions in place of fixed values.

The format of a nested expression is like that of a normal expression, but one expression is embedded in the other, for example:

${SYSTEM_VALUE_1${SYSTEM_VALUE_2}}

JBoss EAP evaluates nested expressions recursively, so the inner expression is first evaluated, then the outer expression is evaluated. Expressions can also be recursive, where an expression resolves to another expression, which is then resolved. Nested expressions are permitted anywhere that expressions are permitted, with the exception of management CLI commands.

You might use a nested expression if a datasource definition password is masked, for example. The configuration for the datasource might have the following line:

<password>${VAULT::ds_ExampleDS::password::1}</password>

A system property (datasource_name) replaces the value of ds_ExampleDS using a nested expression. The following line is an example configuration for the datasource:

<password>${VAULT::${datasource_name}::password::1}</password>

JBoss EAP would first evaluate the expression ${datasource_name}, then input this to the larger expression and evaluate the resulting expression. The advantage of this configuration is that the name of the datasource is abstracted from the fixed configuration.

2.3.13. Deployment descriptor-based property replacement

Deployment descriptor-based property replacement substitutes properties based on descriptors, so that you can remove assumptions about the environment from the application and the build chain.

Environment-specific configurations can be specified in deployment descriptors rather than annotations or build system scripts. You can provide configuration in files or as parameters at the command line.

Application configuration, such as datasource connection parameters, typically varies between development, testing, and production environments. This variance is sometimes accommodated by build system scripts, as the Jakarta EE specification does not contain a method to externalize these configurations. With JBoss EAP, you can use descriptor-based property replacement to manage configuration externally.

The spec-descriptor-property-replacement flag controls Jakarta EE descriptor replacement, and JBoss EAP disables it by default. When it’s enabled, you can replace properties in the following deployment descriptors:

  • ejb-jar.xml
  • permissions.xml
  • persistence.xml
  • application.xml
  • web.xml

You can use the following management CLI command to enable or disable property replacement in Jakarta EE descriptors:

/subsystem=ee:write-attribute(name="spec-descriptor-property-replacement",value=VALUE)

The jboss-descriptor-property-replacement flag controls JBoss-specific descriptor replacement, and JBoss EAP enables it by default. When it’s enabled, you can replace properties in the following deployment descriptors:

  • jboss-ejb3.xml
  • jboss-app.xml
  • jboss-web.xml
  • jboss-permissions.xml
  • *-jms.xml
  • *-ds.xml

Use the following management CLI command to enable or disable property replacement in JBoss EAP-specific descriptors:

/subsystem=ee:write-attribute(name="jboss-descriptor-property-replacement",value=VALUE)

The annotation-property-replacement flag controls property replacement inside of annotations, and it is not enabled by default. When it’s enabled, you can replace properties in the annotation attributes inside of application classes.

Use the following management CLI command to enable or disable property replacement in annotations:

/subsystem=ee:write-attribute(name="annotation-property-replacement",value=VALUE)

2.4. JBoss EAP network and port configuration

You can configure the network accessibility of various services with JBoss EAP as well as use port offsets to easily run multiple JBoss EAP instances on the same machine using the same interface. Network configuration is organized in terms of interfaces and socket bindings.

Use the following detailed information about each of these network and port configurations to run JBoss EAP successfully.

2.4.1. Interfaces

JBoss EAP references named interfaces throughout the configuration. You can configure JBoss EAP to reference individual interface declarations with logical names rather than requiring the full details of the interface at each use.

You can also experience easier configuration in a managed domain where network interface details can vary across multiple machines. Each server instance can correspond to a logical name group.

The standalone.xml, domain.xml, and host.xml files all include interface declarations. There are several preconfigured interface names, depending on which default configuration is used. The management interface can be used for all components and services that require the management layer, including the HTTP management endpoint. The public interface can be used for all application-related network communications. The unsecure interface is used for IIOP sockets in the standard configuration. The private interface is used for JGroups sockets in the standard configuration.

2.4.1.1. Default interface configurations

JBoss EAP includes the following four default interfaces:

<interfaces>
  <interface name="management">
    <inet-address value="${jboss.bind.address.management:127.0.0.1}"/>
  </interface>
  <interface name="public">
    <inet-address value="${jboss.bind.address:127.0.0.1}"/>
  </interface>
  <interface name="private">
    <inet-address value="${jboss.bind.address.private:127.0.0.1}"/>
  </interface>
  <interface name="unsecure">
    <inet-address value="${jboss.bind.address.unsecure:127.0.0.1}"/>
  </interface>
</interfaces>

By default, JBoss EAP binds these interfaces to 127.0.0.1, but these values can be overridden at runtime by setting the appropriate property. For example, the inet-address of the public interface can be set when starting JBoss EAP as a standalone server with the following command.

$ EAP_HOME/bin/standalone.sh -Djboss.bind.address=IP_ADDRESS

Alternatively, you can use the -b switch on the server start command line.

Important

If you modify the default network interfaces or ports that JBoss EAP uses, you must also change any scripts that use the modified interfaces or ports. These include JBoss EAP service scripts, as well as specifying the correct interface and port when accessing the management console or management CLI.

2.4.1.2. Optional interface configurations

Network interfaces are declared by specifying a logical name and selection criteria for the physical interface. The selection criteria can reference a wildcard address or specify a set of one or more characteristics that an interface or address must have to be a valid match.

You can configure interfaces using the management console or the management CLI. The information later in this section includes several examples of adding and updating interfaces. The management CLI command is shown first, followed by the corresponding configuration XML.

Additional resources

2.4.1.2.1. Interface with a NIC value

You can use the following example to add a new interface with a NIC value of eth0.

/interface=external:add(nic=eth0)
<interface name="external">
   <nic name="eth0"/>
</interface>
2.4.1.2.2. Interface with several conditional values

You can use the following example to add a new interface that matches any interface or address on the correct subnet if it is running, supports multicast, and is not point-to-point.

/interface=default:add(subnet-match=192.168.0.0/16,up=true,multicast=true,not={point-to-point=true})
<interface name="default">
   <subnet-match value="192.168.0.0/16"/>
   <up/>
   <multicast/>
   <not>
      <point-to-point/>
   </not>
</interface>
2.4.1.2.3. Updates to an interface attribute

In this example, you can update the public interface’s default inet-address value, keeping the jboss.bind.address property so that you can set this value at runtime.

/interface=public:write-attribute(name=inet-address,value="${jboss.bind.address:192.168.0.0}")
<interface name="public">
    <inet-address value="${jboss.bind.address:192.168.0.0}"/>
</interface>
2.4.1.2.4. Additional interfaces to a server in a managed domain

You can add more interfaces to a server in a managed domain using the following code.

/host=HOST_NAME/server-config=SERVER_NAME/interface=INTERFACE_NAME:add(inet-address=127.0.0.1)
<servers>
   <server name="SERVER_NAME" group="main-server-group">
      <interfaces>
         <interface name="INTERFACE_NAME">
            <inet-address value="127.0.0.1"/>
         </interface>
      </interfaces>
   </server>
</servers>

2.4.2. Socket bindings

Use socket bindings and socket binding groups to define network ports and their relationship to the networking interfaces required for your JBoss EAP configuration. A socket binding is a named configuration for a socket. A socket binding group is a collection of socket binding declarations that are grouped under a logical name.

This allows other sections of the configuration to reference socket bindings by their logical name, rather than requiring the full details of the socket configuration at each use.

You can find the declarations for these named configurations in the standalone.xml and domain.xml configuration files. A standalone server contains only one socket binding group, while a managed domain can contain multiple groups. You can create a socket binding group for each server group in the managed domain, or share a socket binding group between multiple server groups.

The ports JBoss EAP uses by default depend on which socket binding groups are used and the requirements of your individual deployments.

There are three types of socket bindings that can be defined in a socket binding group in the JBoss EAP configuration:

Inbound socket bindings
The socket-binding element is used to configure inbound socket bindings for the JBoss EAP server. The default JBoss EAP configurations provide several preconfigured socket-binding elements, for example, for HTTP and HTTPS traffic.
Remote outbound socket bindings
The remote-destination-outbound-socket-binding element is used to configure outbound socket bindings for destinations that are remote to the JBoss EAP server. The default JBoss EAP configurations provide an example remote destination socket binding that can be used for a mail server.
Local outbound socket bindings
The local-destination-outbound-socket-binding element is used to configure outbound socket bindings for destinations that are local to the JBoss EAP server. This type of socket binding is not expected to be commonly used.

Additional resources

2.4.2.1. Management ports

By default, JBoss EAP 8.0 Beta uses port 9990 for both native management, used by the management CLI, and HTTP management, used by the web-based management console. Port 9999, which was used as the native management port in JBoss EAP 6, is no longer used but can still be enabled if desired.

If HTTPS is enabled for the management console, then port 9993 is used by default.

2.4.2.2. Default socket bindings

JBoss EAP ships with a socket binding group for each of the five predefined profiles (default, ha, full, full-ha, load-balancer).

Important

If you modify the default network interfaces or ports that JBoss EAP uses, you must also change any scripts that use the modified interfaces or ports. These include JBoss EAP service scripts, as well as specifying the correct interface and port when accessing the management console or management CLI.

Additional resources

2.4.2.2.1. Socket binding group for a standalone server

When running as a standalone server, only one socket binding group is defined per configuration file. Each standalone configuration file (standalone.xml, standalone-ha.xml, standalone-full.xml, standalone-full-ha.xml, standalone-load-balancer.xml) defines socket bindings for the technologies used by its corresponding profile.

For example, the default standalone configuration file (standalone.xml) specifies the following socket bindings.

<socket-binding-group name="standard-sockets" default-interface="public" port-offset="${jboss.socket.binding.port-offset:0}">
    <socket-binding name="management-http" interface="management" port="${jboss.management.http.port:9990}"/>
    <socket-binding name="management-https" interface="management" port="${jboss.management.https.port:9993}"/>
    <socket-binding name="ajp" port="${jboss.ajp.port:8009}"/>
    <socket-binding name="http" port="${jboss.http.port:8080}"/>
    <socket-binding name="https" port="${jboss.https.port:8443}"/>
    <socket-binding name="txn-recovery-environment" port="4712"/>
    <socket-binding name="txn-status-manager" port="4713"/>
    <outbound-socket-binding name="mail-smtp">
        <remote-destination host="localhost" port="25"/>
    </outbound-socket-binding>
</socket-binding-group>
2.4.2.2.2. Socket binding groups in a managed domain

When running in a managed domain, all socket binding groups are defined in the domain.xml file. There are five predefined socket binding groups:

  • standard-sockets
  • ha-sockets
  • full-sockets
  • full-ha-sockets
  • load-balancer-sockets

Each socket binding group specifies socket bindings for the technologies used by its corresponding profile. For example, the full-ha-sockets socket binding group defines several jgroups socket bindings, which are used by the full-ha profile for high availability.

<socket-binding-groups>
  <socket-binding-group name="standard-sockets" default-interface="public">
    <!-- Needed for server groups using the 'default' profile  -->
    <socket-binding name="ajp" port="${jboss.ajp.port:8009}"/>
    <socket-binding name="http" port="${jboss.http.port:8080}"/>
    <socket-binding name="https" port="${jboss.https.port:8443}"/>
    <socket-binding name="txn-recovery-environment" port="4712"/>
    <socket-binding name="txn-status-manager" port="4713"/>
    <outbound-socket-binding name="mail-smtp">
      <remote-destination host="localhost" port="25"/>
    </outbound-socket-binding>
  </socket-binding-group>
  <socket-binding-group name="ha-sockets" default-interface="public">
    <!-- Needed for server groups using the 'ha' profile  -->
    ...
  </socket-binding-group>
  <socket-binding-group name="full-sockets" default-interface="public">
    <!-- Needed for server groups using the 'full' profile  -->
    ...
  </socket-binding-group>
  <socket-binding-group name="full-ha-sockets" default-interface="public">
    <!-- Needed for server groups using the 'full-ha' profile  -->
    <socket-binding name="ajp" port="${jboss.ajp.port:8009}"/>
    <socket-binding name="http" port="${jboss.http.port:8080}"/>
    <socket-binding name="https" port="${jboss.https.port:8443}"/>
    <socket-binding name="iiop" interface="unsecure" port="3528"/>
    <socket-binding name="iiop-ssl" interface="unsecure" port="3529"/>
    <socket-binding name="jgroups-mping" interface="private" port="0" multicast-address="${jboss.default.multicast.address:230.0.0.4}" multicast-port="45700"/>
    <socket-binding name="jgroups-tcp" interface="private" port="7600"/>
    <socket-binding name="jgroups-udp" interface="private" port="55200" multicast-address="${jboss.default.multicast.address:230.0.0.4}" multicast-port="45688"/>
    <socket-binding name="modcluster" port="0" multicast-address="224.0.1.105" multicast-port="23364"/>
    <socket-binding name="txn-recovery-environment" port="4712"/>
    <socket-binding name="txn-status-manager" port="4713"/>
    <outbound-socket-binding name="mail-smtp">
      <remote-destination host="localhost" port="25"/>
    </outbound-socket-binding>
  </socket-binding-group>
  <socket-binding-group name="load-balancer-sockets" default-interface="public">
    <!-- Needed for server groups using the 'load-balancer' profile  -->
    ...
  </socket-binding-group>
</socket-binding-groups>
Note

The socket configuration for the management interfaces is defined in the domain controller’s host.xml file.

2.4.2.3. Configuring socket bindings

When defining a socket binding, you can configure the port and interface attributes, as well as multicast settings such as multicast-address and multicast-port.

Procedure

Socket bindings can be configured using the management console or the management CLI. The following steps go through adding a socket binding group, adding a socket binding, and configuring socket binding settings using the management CLI.

  1. Add a new socket binding group.

    Note

    You cannot add an additional socket binding when running an instance of JBoss EAP as a standalone server. You can remove, add, or modify the existing socket binding.

    /socket-binding-group=new-sockets:add(default-interface=public)
  2. Add a socket binding.

    /socket-binding-group=new-sockets/socket-binding=new-socket-binding:add(port=1234)
  3. Change the socket binding to use an interface other than the default, which is set by the socket binding group.

    /socket-binding-group=new-sockets/socket-binding=new-socket-binding:write-attribute(name=interface,value=unsecure)

The following example shows how the XML configuration may look after the above steps have been completed.

<socket-binding-groups>
    ...
    <socket-binding-group name="new-sockets" default-interface="public">
        <socket-binding name="new-socket-binding" interface="unsecure" port="1234"/>
    </socket-binding-group>
</socket-binding-groups>

Additional resources

2.4.2.4. Port offsets

A port offset is a numeric offset value added to all port values specified in the socket binding group for that server. This allows the server to inherit the port values defined in its socket binding group, with an offset to ensure that it does not conflict with any other servers on the same host and interface. For instance, if the HTTP port of the socket binding group is 8080, and a server uses a port offset of 100, then its HTTP port is 8180.

The information later is this section is an example of setting a port offset of 250 for a server in a managed domain using the management CLI.

/host=master/server-config=server-two/:write-attribute(name=socket-binding-port-offset,value=250)

Port offsets can be used for servers in a managed domain and for running multiple standalone servers on the same host.

You can pass in a port offset when starting a standalone server using the jboss.socket.binding.port-offset property.

$ EAP_HOME/bin/standalone.sh -Djboss.socket.binding.port-offset=100

Port offset is defined in JBoss Profiles with the system property name. You can change the system property name or remove it and hard code the port offset setting.

<socket-binding-group name="standard-sockets" default-interface="public" port-offset ="${jboss.socket.binding.port-offset:0}">

2.4.3. IPv6 addresses

By default, JBoss EAP is configured to run using IPv4 addresses. The following procedures describe how to configure JBoss EAP to run using IPv6 addresses.

2.4.3.1. Configuring the JVM Stack for IPv6 Addresses

You can configure your JBoss EAP to run using IPv6.

Procedure

To update your start-up configuration to run on IPv6 addresses, complete the following steps.

  1. Open the startup configuration file.

    • When running as a standalone server, edit the EAP_HOME/bin/standalone.conf file (or standalone.conf.bat for Windows Server).
    • When running in a managed domain, edit the EAP_HOME/bin/domain.conf file (or domain.conf.bat for Windows Server).
  2. Set the java.net.preferIPv4Stack property to false.

    -Djava.net.preferIPv4Stack=false
  3. Append the java.net.preferIPv6Addresses property and set it to true.

    -Djava.net.preferIPv6Addresses=true

The following example shows how the JVM options in the startup configuration file may look after making the above changes.

#
# Specify options to pass to the Java VM.
#
if [ "x$JAVA_OPTS" = "x" ]; then
   JAVA_OPTS="-Xms1303m -Xmx1303m -XX:MaxPermSize=256m -Djava.net.preferIPv4Stack=true"
   JAVA_OPTS="$JAVA_OPTS -Djboss.modules.system.pkgs=$JBOSS_MODULES_SYSTEM_PKGS -Djava.awt.headless=true"
   JAVA_OPTS="$JAVA_OPTS -Djboss.modules.policy-permissions=true"
else
   echo "JAVA_OPTS already set in environment; overriding default settings with values: $JAVA_OPTS"
fi

2.4.3.2. Default interface values updated to IPv6 addresses

The default interface values in the configuration can be changed to IPv6 addresses. For example, the following management CLI command sets the management interface to the IPv6 loopback address (::1).

/interface=management:write-attribute(name=inet-address,value="${jboss.bind.address.management:[::1]}")

After running the previous command, the following example shows how the XML configuration might look.

<interfaces>
    <interface name="management">
        <inet-address value="${jboss.bind.address.management:[::1]}"/>
    </interface>
    ....
</interfaces>

2.5. Optimization of the JBoss EAP server configuration

Apply the latest updates to JBoss EAP to stay current on security CVEs and other customer reported bug fixes.

Once you have installed the JBoss EAP server, and you have created a management user, optimize your server configuration.

Common optimizations include: * Setting ulimits to ensure that your operating system provides enough file descriptors needed for web connections * Adjusting the thread pool size

Red Hat logoGithubRedditYoutubeTwitter

Learn

Try, buy, & sell

Communities

About Red Hat Documentation

We help Red Hat users innovate and achieve their goals with our products and services with content they can trust.

Making open source more inclusive

Red Hat is committed to replacing problematic language in our code, documentation, and web properties. For more details, see the Red Hat Blog.

About Red Hat

We deliver hardened solutions that make it easier for enterprises to work across platforms and environments, from the core datacenter to the network edge.

© 2024 Red Hat, Inc.