2 Replies Latest reply on Jul 22, 2011 4:11 PM by Gustavo Rojas

    Which ports are required to jboss 5.0.1 GA

    Gustavo Rojas Newbie

      Hi to all:

       

      I know that Jboss uses the following ports:

      Port       Description

      1090       RMI/JRMP for Remote JMX

      1091       RMI server socket

      1098       Naming Service - RMI requests from client proxies

      1099       Naming Service - Main port

      3873       EJB3 Remoting Connector

      4446       JBoss Remoting Connector - Unified Invoker

      4712       JBossTS Recovery Manager

      4713       JBossTS Transaction Status Manager

      4714       JBossTS - used to create a unique process id

      5445       HornetQ

      5455       Socket for HornetQ throughput connection factory

      5500       Non-SSL Remoting

      5501       SSL Remoting

      8009       AJP Port

      8080       HTTP Port

      8083       Dynamic class and resource loading

       

      But I need to know essential ports for web services and servlet, and to know how to disable the others ports.

       

      Someone can i help me, please?

        • 1. Re: Which ports are required to jboss 5.0.1 GA
          jaime.chavarriaga Newbie

          For web applications and services, usually you only use the AJP port when you also install a web server (e.g. Apache). If you don't install a webserver, you must allow the access to the HTTP and HTTPS ports.

           

          If you are securing your web applications, disabling other ports in the JBoss is not absolutely necessary. You can use your firewall (e.g. Iptables in Linux) to restrict the access to the other ports.

           

          Typical configuration

          Typical JBoss configuration uses a web server or load balancer (e.g. Apache Web Server) receiving the web requests. The JBoss can be installed behind your web server and you can restrict the external access to all the ports excepting standard HTTP (80) and HTTPS (443) ports.

           

          Using this configuration,

          • web browsers will connect to the webserver (e.g. apache) using HTTP or HTTPS port
          • apache connects to JBoss to execute the application using the AJP port

           

          In this case, you can restrict the access to all the JBoss ports.

          • If you are using one machine, you can use your firewall and enable only the access to the webserver, and execute the JBoss to only get connections from localhost (127.0.0.1)
          • If you are using several machines, you can configure the firewall of the load balancer and enable only access using HTTP or HTTPS, and configure the firewall of the JBoss servers to only permit the access from the load balancer using the AJP port (8009)

           

          Specifying ports and addresses for JBoss

          As i remember, by default, JBoss will run using only connections from localhost (127.0.0.1) and a set of ports. You can specify which ip addresses and ports JBoss must use.

           

          In the command line, if you only want local connections, you can bind the server to localhost only.

            run -b 127.0.0.1

           

          If you want connections from all the machines, you can bind the server to all the available ip addresses

            run -b 0.0.0.0

            

          If you want to use another set of ports, you can use

            run -Djboss.service.binding.set=ports-01

           

          additional information in http://community.jboss.org/wiki/ConfigurePorts

           

          Configuring the web server

          You can use the mod_proxy module for Apache to redirect some URLs to web applications in your JBoss

           

          For example, to expose an application called demo you can include in your httpd.conf

            ProxyPass /demo  ajp://localhost:8009/demo

           

          Configuring the Linux firewall

          You can configure your firewall to disable external connections to some ports. Usually, all the ports are protected and you must configure which ports are accesible by external clients and applications.

           

          Also, if you don't wanna use a webserver, you can use the firewall to redirect connections to standard web ports (80) to the JBoss web ports. For example, using iptables you can redirect the web requests to the 8080 port

            # iptables -t nat -A PREROUTING -i eth0 -p tcp --dport http -j REDIRECT --to-ports 8080

           

          The firewall configuration depends on your linux distro

           

          Disabling ports In JBoss

          If you want to disable some ports, you must take care about which must be enabled or disabled. (The use of a firewall is a better idea)

            - web browsers/web services require HTTP (8080) or HTTPS (8443) ports

            - web servers or load balancers require AJP (8009) port

            - RMI clients require RMI ports

            - EJB clients (possibly) require RMI, Naming and EJB ports

            - EJB with complex transactions (e.g. two-phase-commit) require JBossTS

            - etc.

           

          For the HTTP, HTTPS and AJP ports, you can modify a configuration file

          • <jboss_home>/server/all/deploy/jbossweb.sar/META-INF/jboss-service.xml

           

          You can disable some additional ports manually modifying these files

          • <jboss_home>/server/all/conf/jboss-service.xml
          • <jboss_home>/server/all/deploy/cluster-service.xml
          • <jboss_home>/server/all/deploy/jbossmq-service.xml
          • <jboss_home>/server/all/deploy/hsqldb-service.xml
          • <jboss_home>/server/all/deploy/jmx-rmi-adaptor.sar/META-INF/jboss-service.xml

           

          additional information in http://community.jboss.org/wiki/ConfigurePorts

          1 of 1 people found this helpful
          • 2. Re: Which ports are required to jboss 5.0.1 GA
            Gustavo Rojas Newbie

            Hi Jaime:

             

            I will try all the possibilities and options given, it is a very comprehensive answer for me.  Specially the item "Disabling ports In JBoss" i'll be careful.

             

            Thanks a lot.