8 Replies Latest reply on May 3, 2013 2:13 PM by djangofan

Remote Access for Admin Console in AS 7.1.1

markus_s Apr 25, 2012 6:51 AM

Hi,

I would like to enable the JMX Console on my JBoss-AS 7.1.1.

Since this minor release remote access is disabled by default (https://issues.jboss.org/browse/AS7-4008) and it is not clear for me how to reenable it.

The relevant documentation (https://docs.jboss.org/author/display/AS7/Securing+the+Management+Interfaces) is out of date, my standalone.xml looks different and contains the following section regarding JMX:

<show-model value="true"/>

<remoting-connector/>

</subsystem>

Thanks in advance,

Markus Straub

1. Re: Remote Access for JMX Console in AS 7.1.1

dlofthouse Apr 24, 2012 11:00 AM (in response to markus_s)

Do you mean remote access using jconsole?

The Jira you reference is applicable to domain mode only, as ou are using standalone mode it is already enabled.

Just follow the following article to connect: -

Using jconsole to connect to JMX on AS7
Actions
2. Re: Remote Access for JMX Console in AS 7.1.1

markus_s Apr 25, 2012 5:08 AM (in response to dlofthouse)

What I want to use is the management website normally available at port 9990. It works fine if I run JBoss on my local computer: http://localhost:9990, I can not however access it if I run JBoss on a server (without a firewall - so the port should be accessible and the services are accessible on port 8080).

And you are right, I use standalone mode, not domain mode, sorry.
Actions
3. Re: Remote Access for JMX Console in AS 7.1.1

dlofthouse Apr 25, 2012 6:48 AM (in response to markus_s)

Ok in that case you are talking about the admin console and not JMX but it is not possible for that to be exposed over port 8080, you will need to change which address the management interfaces bind to so that port 9990 can be accessed remotely.

Can you please confirm are you really asking for the app that manages the whole application server installation to be exposed over the same port that you expose web applications over?
Actions
4. Re: Remote Access for JMX Console in AS 7.1.1

markus_s Apr 25, 2012 6:56 AM (in response to dlofthouse)

Sorry for the JMX/admin console confusion - I am interested in the latter and changed the thread title to admin console as well.

No, I do not want to access the admin console over port 8080, but over port 9990. This is what I want to achieve and my guess is that I have to configure it in standalone.xml:
you will need to change which address the management interfaces bind to so that port 9990 can be accessed remotely.
Right now the admin console is only accessible from localhost but I would like to make it accessible at http://<SERVER_IP>:9990.. if possible only for a specified IP range.
Actions

5. Re: Remote Access for JMX Console in AS 7.1.1

dlofthouse Apr 25, 2012 7:03 AM (in response to markus_s)

The address it is accessible over is a combination of the following two blocks: -

        <management-interfaces>
            <native-interface security-realm="ManagementRealm">
                <socket-binding native="management-native"/>
            </native-interface>
            <http-interface security-realm="ManagementRealm">
                <socket-binding http="management-http"/>
            </http-interface>
        </management-interfaces>

And

    <interfaces>
        <interface name="management">
            <inet-address value="${jboss.bind.address.management:127.0.0.1}"/>
        </interface>
        <interface name="public">
            <inet-address value="${jboss.bind.address:127.0.0.1}"/>
        </interface>
        <!-- TODO - only show this if the jacorb subsystem is added  -->
        <interface name="unsecure">
            <!--
              ~  Used for IIOP sockets in the standard configuration.
              ~                  To secure JacORB you need to setup SSL 
              -->
            <inet-address value="${jboss.bind.address.unsecure:127.0.0.1}"/>
        </interface>
    </interfaces>

At the moment the HTTP interface is mapped using the management interface in the second block. As it stands if you change the management definition in the bottom block it will affect both the HTTP interface and Native interface so you may want to split the lower interface defintion in two and just map the http interface to a new definition.

Regarding restricting to a range of IP addresses we do not currently support that although it would be a valid feature request if you would like to raise a Jira at the moment I would suggest at the moment that restriction would really come down to firewall settings - as the ports are different it should be possible to restrict access to port 9990 at the firewall without the same restriction affecting port 8080.

1 of 1 people found this helpful

6. Re: Remote Access for JMX Console in AS 7.1.1

markus_s Apr 25, 2012 7:44 AM (in response to dlofthouse)
Thanks, this change in standalone.xml does the trick:

 <socket-binding name="management-http" interface="public" port="${jboss.management.http.port:9990}"/>

Alternatively setting jboss.bind.address.management at startup (-b) should also work: https://docs.jboss.org/author/display/AS71/Command+line+parameters (Section "Controlling the Bind Address with -b")
Actions
7. Re: Remote Access for Admin Console in AS 7.1.1

fivalo Jun 25, 2012 12:06 PM (in response to markus_s)

Thanks a lot for the post.

It works fine.

Bye
Actions
8. Re: Remote Access for Admin Console in AS 7.1.1

djangofan May 3, 2013 2:13 PM (in response to markus_s)

So, this is how I got JBoss EAP 6.0.1 to allow me access to http://instanceip:9990/console from a remote machine.   Edit of standalone.xml .

<subsystem xmlns="urn:jboss:domain:webservices:1.1">
      <modify-wsdl-address>true</modify-wsdl-address>
      <wsdl-host>${jboss.bind.address:0.0.0.0}</wsdl-host>
      <endpoint-config name="Standard-Endpoint-Config"/>
      <endpoint-config name="Recording-Endpoint-Config">
        <pre-handler-chain name="recording-handlers" protocol-bindings="##SOAP11_HTTP ##SOAP11_HTTP_MTOM ##SOAP12_HTTP ##SOAP12_HTTP_MTOM">
          <handler name="RecordingHandler" class="org.jboss.ws.common.invocation.RecordingServerHandler"/>
        </pre-handler-chain>
      </endpoint-config>
    </subsystem>
    <subsystem xmlns="urn:jboss:domain:weld:1.0"/>
</profile>
<interfaces>
    <interface name="management">
      <inet-address value="${jboss.bind.address.management:0.0.0.0}"/>
    </interface>
    <interface name="public">
      <inet-address value="${jboss.bind.address:0.0.0.0}"/>
    </interface>
    <interface name="unsecure">
      <inet-address value="${jboss.bind.address.unsecure:0.0.0.0}"/>
    </interface>
</interfaces>
<socket-binding-group name="standard-sockets" default-interface="public" port-offset="${jboss.socket.binding.port-offset:0}">
    <socket-binding name="management-native" interface="management" port="9999"/>
    <socket-binding name="management-http" interface="management" port="9990"/>
    <socket-binding name="management-https" interface="management" port="9443"/>
    <socket-binding name="ajp" port="8009"/>
    <socket-binding name="http" port="8080"/>
    <socket-binding name="https" port="8443"/>
    <socket-binding name="osgi-http" interface="management" port="8090"/>
    <socket-binding name="remoting" port="4447"/>
    <socket-binding name="txn-recovery-environment" port="4712"/>
    <socket-binding name="txn-status-manager" port="4713"/>
    <outbound-socket-binding name="mail-smtp">
      <remote-destination host="localhost" port="25"/>
    </outbound-socket-binding>
</socket-binding-group>
Actions

Go to original post