Chapter 4. Network and Port Configuration
4.1. Interfaces
JBoss EAP references named interfaces throughout the configuration. This allows the configuration to reference individual interface declarations with logical names, rather than requiring the full details of the interface at each use.
This also allows for easier configuration in a managed domain, where network interface details can vary across multiple machines. Each server instance can correspond to a logical name group.
The standalone.xml
, domain.xml
, and host.xml
files all include interface declarations. There are several preconfigured interface names, depending on which default configuration is used. The management
interface can be used for all components and services that require the management layer, including the HTTP management endpoint. The public
interface can be used for all application-related network communications. The unsecure
interface is used for IIOP sockets in the standard configuration. The private
interface is used for JGroups sockets in the standard configuration.
4.1.1. Default interface configurations
The following interface configurations are set by default:
<interfaces> <interface name="management"> <inet-address value="${jboss.bind.address.management:127.0.0.1}"/> </interface> <interface name="public"> <inet-address value="${jboss.bind.address:127.0.0.1}"/> </interface> <interface name="private"> <inet-address value="${jboss.bind.address.private:127.0.0.1}"/> </interface> <interface name="unsecure"> <inet-address value="${jboss.bind.address.unsecure:127.0.0.1}"/> </interface> </interfaces>
JBoss EAP binds these interfaces to 127.0.0.1
, but these values can be overridden at runtime by setting the appropriate property. For example, the inet-address
of the public
interface can be set when starting JBoss EAP as a standalone server with the following command.
$ EAP_HOME/bin/standalone.sh -Djboss.bind.address=IP_ADDRESS
Alternatively, you can use the -b
switch on the server start command line.
$ EAP_HOME/bin/standalone.sh -b IP_ADDRESS
In the above command, -b IP_ADDRESS
is equivalent to -Djboss.bind.address=IP_ADDRESS
.
You can also use the -b
switch to set the inet-address
of the management
interface.
$ EAP_HOME/bin/standalone.sh -bmanagement=IP_ADDRESS
If you only want to set a single variable, you can change jboss.bind.address.management
to jboss.bind.address
. When you set -b
switch or -Djboss.bind.address
, the public and management interfaces will share the same IP_ADDRESS
.
For more information about server start options, see Server Runtime Arguments.
If you modify the default network interfaces or ports that JBoss EAP uses, you must also remember to change any scripts that use the modified interfaces or ports. These include JBoss EAP service scripts, as well as remembering to specify the correct interface and port when accessing the management console or management CLI.
4.1.2. Configuring interfaces
Network interfaces are declared by specifying a logical name and selection criteria for the physical interface. The selection criteria can reference a wildcard address or specify a set of one or more characteristics that an interface or address must have in order to be a valid match. For a listing of all available interface selection criteria, see the Interface Attributes section.
Interfaces can be configured using the management console or the management CLI. Below are several examples of adding and updating interfaces. The management CLI command is shown first, followed by the corresponding configuration XML.
Add an interface with a NIC value
Add a new interface with a NIC value of eth0
.
/interface=external:add(nic=eth0)
<interface name="external"> <nic name="eth0"/> </interface>
Add an interface with several conditional values
Add a new interface that matches any interface/address on the correct subnet if it is up, supports multicast, and is not point-to-point.
/interface=default:add(subnet-match=192.168.0.0/16,up=true,multicast=true,not={point-to-point=true})
<interface name="default"> <subnet-match value="192.168.0.0/16"/> <up/> <multicast/> <not> <point-to-point/> </not> </interface>
Update an interface attribute
Update the public
interface’s default inet-address
value, keeping the jboss.bind.address
property to allow for this value to be set at runtime.
/interface=public:write-attribute(name=inet-address,value="${jboss.bind.address:192.168.0.0}")
<interface name="public"> <inet-address value="${jboss.bind.address:192.168.0.0}"/> </interface>
Add an interface to a server in a managed domain
/host=HOST_NAME/server-config=SERVER_NAME/interface=INTERFACE_NAME:add(inet-address=127.0.0.1)
<servers> <server name="SERVER_NAME" group="main-server-group"> <interfaces> <interface name="INTERFACE_NAME"> <inet-address value="127.0.0.1"/> </interface> </interfaces> </server> </servers>
4.2. Socket bindings
Socket bindings and socket binding groups allow you to define network ports and their relationship to the networking interfaces required for your JBoss EAP configuration. A socket binding is a named configuration for a socket. A socket binding group is a collection of socket binding declarations that are grouped under a logical name.
This allows other sections of the configuration to reference socket bindings by their logical name, rather than requiring the full details of the socket configuration at each use.
The declarations for these named configurations can be found in the standalone.xml
and domain.xml
configuration files. A standalone server contains only one socket binding group, while a managed domain can contain multiple groups. You can create a socket binding group for each server group in the managed domain, or share a socket binding group between multiple server groups.
The ports JBoss EAP uses by default depend on which socket binding groups are used and the requirements of your individual deployments.
There are three types of socket bindings that can be defined in a socket binding group in the JBoss EAP configuration:
- Inbound socket bindings
The
socket-binding
element is used to configure inbound socket bindings for the JBoss EAP server. The default JBoss EAP configurations provide several preconfiguredsocket-binding
elements, for example, for HTTP and HTTPS traffic. Another example can be found in the Broadcast groups section of Configuring Messaging for JBoss EAP.Attributes for this element can be found in the Inbound socket binding attributes table.
- Remote outbound socket bindings
The
remote-destination-outbound-socket-binding
element is used to configure outbound socket bindings for destinations that are remote to the JBoss EAP server. The default JBoss EAP configurations provide an example remote destination socket binding that can be used for a mail server. Another example can be found in the Using the Integrated Artemis resource adapter for remote connections section of Configuring Messaging for JBoss EAP.Attributes for this element can be found in the Remote outbound socket binding attributes table.
- Local outbound socket bindings
The
local-destination-outbound-socket-binding
element is used to configure outbound socket bindings for destinations that are local to the JBoss EAP server. This type of socket binding is not expected to be commonly used.Attributes for this element can be found in the Local outbound socket binding attributes table.
4.2.1. Management ports
Management ports were consolidated in JBoss EAP 7. By default, JBoss EAP 8.0 uses port 9990
for both native management, used by the management CLI, and HTTP management, used by the web-based management console. Port 9999
, which was used as the native management port in JBoss EAP 6, is no longer used but can still be enabled if desired.
If HTTPS is enabled for the management console, then port 9993
is used by default.
4.2.2. Default socket bindings
JBoss EAP ships with a socket binding group for each of the five predefined profiles (default, ha, full, full-ha, load-balancer).
For detailed information about the default socket bindings, such as default ports and descriptions, see the Default socket bindings groups section.
If you modify the default network interfaces or ports that JBoss EAP uses, you must also remember to change any scripts that use the modified interfaces or ports. These include JBoss EAP service scripts, as well as remembering to specify the correct interface and port when accessing the management console or management CLI.
Standalone server
When running as a standalone server, only one socket binding group is defined per configuration file. Each standalone configuration file (standalone.xml
, standalone-ha.xml
, standalone-full.xml
, standalone-full-ha.xml
, standalone-load-balancer.xml
) defines socket bindings for the technologies used by its corresponding profile.
For example, the default standalone configuration file (standalone.xml
) specifies the below socket bindings.
<socket-binding-group name="standard-sockets" default-interface="public" port-offset="${jboss.socket.binding.port-offset:0}"> <socket-binding name="management-http" interface="management" port="${jboss.management.http.port:9990}"/> <socket-binding name="management-https" interface="management" port="${jboss.management.https.port:9993}"/> <socket-binding name="ajp" port="${jboss.ajp.port:8009}"/> <socket-binding name="http" port="${jboss.http.port:8080}"/> <socket-binding name="https" port="${jboss.https.port:8443}"/> <socket-binding name="txn-recovery-environment" port="4712"/> <socket-binding name="txn-status-manager" port="4713"/> <outbound-socket-binding name="mail-smtp"> <remote-destination host="localhost" port="25"/> </outbound-socket-binding> </socket-binding-group>
Managed domain
When running in a managed domain, all socket binding groups are defined in the domain.xml
file. There are five predefined socket binding groups:
-
standard-sockets
-
ha-sockets
-
full-sockets
-
full-ha-sockets
-
load-balancer-sockets
Each socket binding group specifies socket bindings for the technologies used by its corresponding profile. For example, the full-ha-sockets
socket binding group defines several jgroups
socket bindings, which are used by the full-ha profile for high availability.
<socket-binding-groups> <socket-binding-group name="standard-sockets" default-interface="public"> <!-- Needed for server groups using the 'default' profile --> <socket-binding name="ajp" port="${jboss.ajp.port:8009}"/> <socket-binding name="http" port="${jboss.http.port:8080}"/> <socket-binding name="https" port="${jboss.https.port:8443}"/> <socket-binding name="txn-recovery-environment" port="4712"/> <socket-binding name="txn-status-manager" port="4713"/> <outbound-socket-binding name="mail-smtp"> <remote-destination host="localhost" port="25"/> </outbound-socket-binding> </socket-binding-group> <socket-binding-group name="ha-sockets" default-interface="public"> <!-- Needed for server groups using the 'ha' profile --> ... </socket-binding-group> <socket-binding-group name="full-sockets" default-interface="public"> <!-- Needed for server groups using the 'full' profile --> ... </socket-binding-group> <socket-binding-group name="full-ha-sockets" default-interface="public"> <!-- Needed for server groups using the 'full-ha' profile --> <socket-binding name="ajp" port="${jboss.ajp.port:8009}"/> <socket-binding name="http" port="${jboss.http.port:8080}"/> <socket-binding name="https" port="${jboss.https.port:8443}"/> <socket-binding name="iiop" interface="unsecure" port="3528"/> <socket-binding name="iiop-ssl" interface="unsecure" port="3529"/> <socket-binding name="jgroups-mping" interface="private" port="0" multicast-address="${jboss.default.multicast.address:230.0.0.4}" multicast-port="45700"/> <socket-binding name="jgroups-tcp" interface="private" port="7600"/> <socket-binding name="jgroups-udp" interface="private" port="55200" multicast-address="${jboss.default.multicast.address:230.0.0.4}" multicast-port="45688"/> <socket-binding name="modcluster" port="0" multicast-address="224.0.1.105" multicast-port="23364"/> <socket-binding name="txn-recovery-environment" port="4712"/> <socket-binding name="txn-status-manager" port="4713"/> <outbound-socket-binding name="mail-smtp"> <remote-destination host="localhost" port="25"/> </outbound-socket-binding> </socket-binding-group> <socket-binding-group name="load-balancer-sockets" default-interface="public"> <!-- Needed for server groups using the 'load-balancer' profile --> ... </socket-binding-group> </socket-binding-groups>
The socket configuration for the management interfaces is defined in the domain controller’s host.xml
file.
4.2.3. Configuring socket bindings
When defining a socket binding, you can configure the port
and interface
attributes, as well as multicast settings such as multicast-address
and multicast-port
. For details on all available socket bindings attributes, see the Socket binding attributes section.
Socket bindings can be configured using the management console or the management CLI. The following steps go through adding a socket binding group, adding a socket binding, and configuring socket binding settings using the management CLI.
Procedure
Add a new socket binding group.
NoteThis step cannot be performed when running as a standalone server.
/socket-binding-group=new-sockets:add(default-interface=public)
Add a socket binding.
/socket-binding-group=new-sockets/socket-binding=new-socket-binding:add(port=1234)
Change the socket binding to use an interface other than the default, which is set by the socket binding group.
/socket-binding-group=new-sockets/socket-binding=new-socket-binding:write-attribute(name=interface,value=unsecure)
The following example shows how the XML configuration may look after the above steps have been completed.
<socket-binding-groups> ... <socket-binding-group name="new-sockets" default-interface="public"> <socket-binding name="new-socket-binding" interface="unsecure" port="1234"/> </socket-binding-group> </socket-binding-groups>
4.2.4. Viewing socket bindings and open ports for a server
You can view the socket binding name and the open ports for a server from the management console.
Prerequisites
Socket binding names and open ports are only visible when the server is in one of the following states:
-
running
-
reload-required
-
restart-required
Procedure
- Access the management console and navigate to Runtime.
- Click the server to view the socket binding name and the open ports in the right pane.
4.2.5. Port offsets
A port offset is a numeric offset value added to all port values specified in the socket binding group for that server. This allows the server to inherit the port values defined in its socket binding group, with an offset to ensure that it does not conflict with any other servers on the same host. For instance, if the HTTP port of the socket binding group is 8080
, and a server uses a port offset of 100
, then its HTTP port is 8180
.
Below is an example of setting a port offset of 250
for a server in a managed domain using the management CLI.
/host=primary/server-config=server-two/:write-attribute(name=socket-binding-port-offset,value=250)
Port offsets can be used for servers in a managed domain and for running multiple standalone servers on the same host.
You can pass in a port offset when starting a standalone server using the jboss.socket.binding.port-offset
property.
$ EAP_HOME/bin/standalone.sh -Djboss.socket.binding.port-offset=100
4.3. IPv6 Addresses
By default, JBoss EAP is configured to run using IPv4 addresses. The steps below show how to configure JBoss EAP to run using IPv6 addresses.
4.3.1. Configure the JVM stack for IPv6 addresses
Update the startup configuration to prefer IPv6 addresses.
Procedure
Open the startup configuration file.
-
When running as a standalone server, edit the
EAP_HOME/bin/standalone.conf
file (orstandalone.conf.bat
for Windows Server). -
When running in a managed domain, edit the
EAP_HOME/bin/domain.conf
file (ordomain.conf.bat
for Windows Server).
-
When running as a standalone server, edit the
Set the
java.net.preferIPv4Stack
property tofalse
.-Djava.net.preferIPv4Stack=false
Append the
java.net.preferIPv6Addresses
property and set it totrue
.-Djava.net.preferIPv6Addresses=true
The following example shows how the JVM options in the startup configuration file may look after making the above changes.
# Specify options to pass to the Java VM. # if [ "x$JAVA_OPTS" = "x" ]; then JAVA_OPTS="$JBOSS_JAVA_SIZING -Djava.net.preferIPv4Stack=false" JAVA_OPTS="$JAVA_OPTS -Djava.net.preferIPv6Addresses=true" else
4.3.2. Update interface declarations for IPv6 addresses
The default interface values in the configuration can be changed to IPv6 addresses. For example, the below management CLI command sets the management
interface to the IPv6 loopback address (::1
).
/interface=management:write-attribute(name=inet-address,value="${jboss.bind.address.management:[::1]}")
The following example shows how the XML configuration may look after running the above command.
<interfaces> <interface name="management"> <inet-address value="${jboss.bind.address.management:[::1]}"/> </interface> .... </interfaces>