-
1. Re: Wildfly 17.0.1-Not working configured SSL using legacy security-realm in ManagementRealm on host.xml
brian.stansberry Jul 29, 2019 11:37 AM (in response to tarakfs)Perhaps you have hit [WFCORE-4560] HTTP management interface fails to start if backed by a "https" socket-binding - JBoss Issue Tracker ?
The workaround suggested at Not able to use admin console on HTTPS in wildfly 17 was to configure both the 'https' and 'http' attributes on management interface socket-binding.
<socket-binding https="management-https" http="management-http"/>
-
2. Re: Wildfly 17.0.1-Not working configured SSL using legacy security-realm in ManagementRealm on host.xml
tarakfs Jul 29, 2019 12:59 PM (in response to brian.stansberry)Hi Brian,
Proposed configuration settings from you is related to standalone.xml file. The issue we are facing is within the SSL cluster concept on host.xml(master) file also called manageDoman. Per your given suggestion tried to enable both http and https sockets, but we faced an issue stating 'socket' can't appear more than once within the http-interface element in Host Controller; we think it is a bug in WildFly 17.0.1, what do you say ?
error message is of like below
<socket interface="management" port="9990"/>
[Host Controller] | <socket interface="managements" secure-port="9993"/>
[Host Controller] | ^^^^ 'socket' can't appear more than once within the http-interface element
-
3. Re: Wildfly 17.0.1-Not working configured SSL using legacy security-realm in ManagementRealm on host.xml
brian.stansberry Jul 29, 2019 3:07 PM (in response to tarakfs)Hi Tarak,
Sorry; I forgot the host.xml config is different. This should do it:
<socket interface="management" port="${jboss.management.http.port:9990}" secure-port="${jboss.management.https.port:9993}"/>
-
4. Re: Wildfly 17.0.1-Not working configured SSL using legacy security-realm in ManagementRealm on host.xml
tarakfs Jul 29, 2019 3:26 PM (in response to tarakfs)Thank you, Brian. yes we are able to configure SSL port along with non-secure port, without non-secure port not allowing us to configure SSL port alone to avoid vulnerabilities.
-
5. Re: Wildfly 17.0.1-Not working configured SSL using legacy security-realm in ManagementRealm on host.xml
brian.stansberry Jul 29, 2019 3:44 PM (in response to tarakfs)You can also add a 'secure-interface', which would allow you to limit the http socket to localhost, e.g.
<socket interface="localonly" secure-interface="management" port="${jboss.management.http.port:9990}" secure-port="${jboss.management.https.port:9993}"/>
and in the interfaces section, assuming you want the HTTPS interface on 192.168.200.10:
<interfaces>
<interface name="localonly">
<inet-address value="127.0.0.1"/>
</interface>
<interface name="management">
<inet-address value="192.168.200.10"/>
</interface>
That's not ideal but it's better than having HTTP on an external interface.