Jboss in a DMZ

ligda Mar 23, 2004 9:22 AM

I know this has been posted before but I have not been able to locate a precise answer. What is the common method of deploying a Jboss Application Server in a DMZ environment?

From a default install of Jboss, many ports are opened and are listening for all incoming connections (as opposed to only localhost connections). Perferably I wouldn't mind locking these ports down, but do a lack of understanding I don't know how this would affect the application server. Likewise I could restrict connections using Netfilter, but I read that this causes Jboss to act crazy.

I also read a brief line about using apache in the DMZ forwarding request through the firewall to an internal Jboss server. Is this the perfered method? I would appreciate any and all advice.

1. Re: Jboss in a DMZ

beny23 Mar 24, 2004 7:05 AM (in response to ligda)

Depends what Jboss services you require to be accessible externally. I have got JBoss running a web application which is accessible externally. I have closed all ports but 80 (HTTP) and 443 (HTTPS) externally and that's all JBoss needs.

hth
Actions
2. Re: Jboss in a DMZ

ligda Mar 24, 2004 7:09 AM (in response to ligda)

Did you modify Jboss such that these 'extra' ports do not open on startup, or did you firewall them.

I have been having success through the use of IPTables, but like I mentioned before I'd rather keep the ports from listening all together.
Actions

Go to original post