You should block sensitive ports from external access and turn off unused listeners.

You shouldn't run JBoss with the root account in case a vulnerability allows someone to break the JVM and access the system as root. This also means some port redirection if Jetty/Tomcat are directly facing the internet/intranet or if you are using an intermediate Linux firewall - see http://www.amitysolutions.com.au/downloads/Tomcat-Firewalls.pdf for greater detail.

Choose between performance or access logging with reverse lookups in Tomcat/Jetty.

If using Jetty, configure your logging timestamps as necessary for your sysadmin - i.e. Timezone setting in the Jetty jboss-service.xml.

Create a proper RedHat startup and shutdown script (when using RedHat) and ensure that the startup and shutdown sequence is correct - don't startup before port redirection/etc is in place and don't shutdown before the firewall is turned off - that kind of thing.

Should also include instructions for installing certificates for SSL as well as file protections so the file can't be changed, etc by unauthorised persons. For most clients we've had, this is usually one of the first things a sysadmin asks about.

Access file archival topic.
Redirecting JSP and content file storage so that cron jobs don't clean off these necessary webapp services.

Upgrading the JDK and environment variables to change for this.

Installation and configuration for Jikes.

Memory and disk space recommendations.

JVM memory settings and -Xrs if JBoss keeps mysteriously shutting down (encountered this a few times).

Troubleshooting.

Can't think of anything else for now.

Sysadmin manuals are always fun.

Sorry. I was looking at that one blankly too. It was late at night - or ealy in the morning.

You probably need some coverage on archiving log files. For example, the Tomcat or Jetty page access logs should be stored somewhere or deleted - depending on the client's requirements - otherwise they just keep building up.

By default, for Jetty at least, the class files for the servlet code generated from a JSP and much of the static content gets stored in /tmp. RedHat Linux and a few others have a cron job that sweeps out the /tmp directory. So you often need to modify the script so you can add JAVA_OPTS with -Djava.io.tmpdir=/jetty so these files get put somewhere that the cron job won't delete - otherwise you get a broken app sometime in the next month or so (which a appserver restart will cure). You'd need to create this /jetty directory from this example.

At some point someone will want to upgrade the JDK - which means you will want to have some instructions on changing JAVA_HOME otherwise next time they start JBoss, it probably won't start.

Lack of at least a simple checklist for production configuration seems like a gaping hole in the available JBoss documentation. I did some searches and couldn't find any. I did notice that there was a recent post to this forum that the for-pay documentation from the JBoss Group doesn't cover production usage either.

Here are things I've discovered so far:

* Running on Linux (probably applies to all Unix), the issue already mentioned of putting the compiled version of JSP page under /tmp burned us for a long time until we figured that out. I found this in the FAQ on http://coredevelopers.net, btw.

* We created Linux startup/shutdown scripts, also as mentioned.

* We added logic to our shutdown script to clean the JBoss and Jetty temporary directories, so that the space consumed doesn't just grow and grow.

* You also need to monitor space in your log directory, and perhaps delete old files there.

* I haven't worked with JBoss 3.2 yet, but 3.0.x the default server is configured with the JMX console with no security. This either needs to be secured or removed.

One thing I've been meaning to do is devote some thought to whether there is some approach to configuration that would make it easier to install dot releases of the app server. For example, so far we typically just use the preconfigured "deploy" directory, but I'm wondering if it might be better to set up one or more of my own deploy directories outside the directory tree from the JBoss distribution.

--jeff

One other thing I forgot, secure your deploy directory, particularly the datasource scripts as they usually have the database username/password in them - you should also manage access to the Tomcat/Jetty certificate passwords for SSL.

This is where having another deployment directory outside the standard install might be useful. Although, it is also an option to bundle your own production install of JBoss with your applications pre-configured so it is a no-brainer for your clients to re-install if something very tragic occurs - i.e. the hard drive head ploughs into the magnetic surface and throws all the oxide holding your once useful application into the stratosphere.

As for the production checklist - well, I wouldn't want the JBoss Group to have all the fun. Some of us still need to make a living. ;)

And customers like to have a nice bound Operations manual. ;)

I'm not able to access coredevelopers.net at the moment either. The exact link I had found before was

http://coredevelopers.net/technology/jetty/jetty-jboss-faq.jsp

This was only a few weeks ago.

What I wound up doing was adding something like this to the JBoss run.sh:

JAVA_OPTS="$JAVA_OPTS -Djava.io.tmpdir=$JBOSS_HOME/tmp_jetty"

Then, in my shutdown script, I added:

rm -rf $JBOSS_HOME/server/default/tmp
rm -rf $JBOSS_HOME/tmp_jetty/*

Jetty uses the system property java.io.tmpdir to decide where to put compiled JSPs. Apparently this defaults to /tmp on Unix, and since most systems have a cron job to clean old files out of /tmp you have the files deleted out from under your running web site and the pages just don't show up anymore. You restart and everything is back to normal.

And with the JBoss temporary directory... One server I was working with had been operational for over six months with several apps with large EAR files. The JBoss server/default/tmp directory was wasting a lot of space. You could be a little more elegant and delete old file, but it doesn't really hurt to just rm the whole directory.

Anybody else have more tips to share?

--jeff

As with most things, eject what you don't use. If you are not using the scheduler, remove it from deployment. Same with the UUID-key-generator. If you are not using hsqldb at all, remove it - be aware that things like JMS use the hsqldb unless you tell it otherwise, so trial things on your test system before you do it in production.

Also hsqldb is by default configured for tcp connection (port 1701). If you want to retain the service and are not accessing it by other processes - you'll want to switch it to in-process or in-memory. Doing this means you can disable the Hypersonic MBean as well. View the hsqldb-ds.xml for more information. We tend to do this rather than removing hsqldb altogether.

Disable listeners you aren't using in your servlet.

If you think your Jetty server is going to sustain some heavy load, you might want to consider using the Jetty Channel Socket Listener. It implements non-blocking IO (you need JDK 1.4), and it means that it can share the socket when your system can't create enough sockets. You need to compile this in from the Jetty sources as the standard JBoss (to support JDK 1.3) does not include this.

The NIO is actually in JDK 1.4.x so Jetty makes use of it. Before that, the NIO libraries I think were a GNU set and then Sun decided it was a good comms idea.The Channel Socket Listener seems stable enough and has also been around a while. It seems to handle things under stress and doesn't seem to have the issue of blocking more users until persistent HTTP connections expire - although hopefully your system should never be under such stresses normally.