-
1. Re: How to make Wildfly 10.1.0 work in port 80 and 443 (SSL) with h2 (HTTP/2) protocol in Linux Ubuntu 16.04
1 of 1 people found this helpfulI also tried configuring wildfly to use port 80 and 443 directly but Ubuntu does not allow it.
Does that mean there is already bind process to ports 80 and 443 (some web server; e.g. Apache)? You can stop that process, as you are stealing traffic for ports 80/443, anyway.
-
2. Re: How to make Wildfly 10.1.0 work in port 80 and 443 (SSL) with h2 (HTTP/2) protocol in Linux Ubuntu 16.04
1 of 1 people found this helpfulPort numbers less than 1024 are reserved for use by privileged processes on UNIX (see also Running JBoss on Port 80 or 443 )
-
3. Re: How to make Wildfly 10.1.0 work in port 80 and 443 (SSL) with h2 (HTTP/2) protocol in Linux Ubuntu 16.04
1 of 1 people found this helpfulWhat does your selinux say?
/var/log/audit.log?
-
4. Re: How to make Wildfly 10.1.0 work in port 80 and 443 (SSL) with h2 (HTTP/2) protocol in Linux Ubuntu 16.04
Hi Wolfgang Mayer.
I already tried to do what is in the link but it does not work in wildfly 10 (besides the tutorial is old).
Please could you instruct me in making wildfly use ports 80 and 443 using Unix administrative users ???
Thx.
-
5. Re: How to make Wildfly 10.1.0 work in port 80 and 443 (SSL) with h2 (HTTP/2) protocol in Linux Ubuntu 16.04
Hi Martin Choma.
I do not have any other server / application / service running on port 80 or 443, just the wildfly, but should I have?
Should I use a server like nginx or apache to do the redirect to wildfly and solve this problem?
And if I should use, how do I configure this additional server and the wildfly?
Thx.
-
6. Re: How to make Wildfly 10.1.0 work in port 80 and 443 (SSL) with h2 (HTTP/2) protocol in Linux Ubuntu 16.04
Hi Tomaz Cerar.
Here is some info of my log:
Line 527: Dec 19 11:46:24 server-app-ny1 sudo: root : TTY=pts/0 ; PWD=/root ; USER=root ; COMMAND=/usr/sbin/ufw allow 8080
Line 1603: Dec 20 10:06:29 server-app-ny1 sudo: root : TTY=pts/1 ; PWD=/root ; USER=root ; COMMAND=/sbin/iptables -D PREROUTING -i eth0 -p tcp --dport 80 -j REDIRECT --to-port 8080
Line 3937: Dec 21 10:19:33 server-app-ny1 sudo: root : TTY=pts/1 ; PWD=/root ; USER=root ; COMMAND=/sbin/iptables -t nat -A OUTPUT -o lo -p tcp --dport 80 -j REDIRECT --to-port 8080
Line 4385: Dec 21 13:49:57 server-app-ny1 sudo: root : TTY=pts/1 ; PWD=/root ; USER=root ; COMMAND=/sbin/iptables -A PREROUTING -t nat -p all --dport 80 -j REDIRECT --to-port 8080
Line 425: Dec 19 11:21:04 server-app-ny1 sudo: root : TTY=pts/0 ; PWD=/root ; USER=root ; COMMAND=/usr/sbin/ufw allow 8443
Line 434: Dec 19 11:21:43 server-app-ny1 sudo: root : TTY=pts/0 ; PWD=/root ; USER=root ; COMMAND=/usr/sbin/ufw allow 8443
Line 3940: Dec 21 10:19:55 server-app-ny1 sudo: root : TTY=pts/1 ; PWD=/root ; USER=root ; COMMAND=/sbin/iptables -t nat -A OUTPUT -o lo -p tcp --dport 443 -j REDIRECT --to-port 8443
If you need more information please do not hesitate to ask.
Thx.
-
7. Re: How to make Wildfly 10.1.0 work in port 80 and 443 (SSL) with h2 (HTTP/2) protocol in Linux Ubuntu 16.04
It is true that the above document is pretty old. But neverthess this statemen is still true: You need to run the process as privileged user (root) if you want to use ports less than 1024. Otherwise you will get a java.net.SocketException: Permission denied. It looks like this is required by W3C (Privileged Ports ):
"The TCP/IP port numbers below 1024 are special in that normal users are not allowed to run servers on them. This is a security feaure, in that if you connect to a service on one of these ports you can be fairly sure that you have the real thing, and not a fake which some hacker has put up for you."
To test this and run wildfly as privileged user is quite easy.
Just enter:
sudo ${pathToWildFly}/bin/standalone.sh
-
8. Re: How to make Wildfly 10.1.0 work in port 80 and 443 (SSL) with h2 (HTTP/2) protocol in Linux Ubuntu 16.04
Hi Wolfgang Mayer
Thank you very much for responding.
I'm having a lot of trouble making the wildfly access port 80 and 443 ...
I have now tried your command and even then the ports 80 and 443 have been denied.
I followed a tutorial to install wildfly as a service and would like to know how do I run this service with access to the privileged ports?
Here is the tutorial (unfortunately the page I was staying in I could not find and the author of the tutorial):
-----------------------------------------------------------------
These are my notes for installing JBoss WildFly 10.0.0.Final
Elevate to root:
sudo -s
Install Java JDK 8:
aptitude update
aptitude install --with-recommends software-properties-common
add-apt-repository ppa:webupd8team/java
aptitude update
aptitude --with-recommends install oracle-java8-installer vim
Verify your java install
java -version
Should get out put of something like
java version "1.8.0_72"
Java(TM) SE Runtime Environment (build 1.8.0_72-b15)
Java HotSpot(TM) 64-Bit Server VM (build 25.72-b15, mixed mode
Create a user acount on the system for wildfly:
adduser --no-create-home --disabled-password --disabled-login wildfly
Download WildFly:
cd /srv
wget --tries=0 --continue http://download.jboss.org/wildfly/10.0.0.Final/wildfly-10.0.0.Final.tar.gz
Extract WildFly:
tar -xzvf wildfly-10.0.0.Final.tar.gz
Make a symbolic link to new folder:
ln -s wildfly-10.0.0.Final wildfly
Change ownership of directory and symbolic link to wildfly:
chown -R wildfly.wildfly wildfly*
Now, while WildFly 10 doesn’t ship as a .deb (which would be awesome!) it does provide a sample init script to get you going on Debian like/based systems of which Ubuntu is one. So, let’s copy that script to the /etc/init.d directory:
cp /srv/wildfly/docs/contrib/scripts/init.d/wildfly-init-debian.sh /etc/init.d/wildfly
Run update-rc.d to ensure wildfly starts on reboot:
update-rc.d /etc/init.d/wildfly defaults
And, copy the wildfly.conf file to /etc/default:
cp /srv/wildfly/docs/contrib/scripts/init.d/wildfly.conf /etc/default/wildfly
cd /etc/default
Edit the file that contains the settings/options for the setup script:
vi wildfly <– Or, editor of your choice
Uncomment and/or Edit the following lines:
JBOSS_HOME="/srv/wildfly"
JBOSS_USER=wildfly
JBOSS_MODE=standalone
JBOSS_CONFIG=standalone-full.xml — Change configuration file name in order to run full Java EE 7 Stack
STARTUP_WAIT=120 –Probably overkill wait time
SHUTDOWN_WAIT=120 –Probably overkill wait time
JBOSS_CONSOLE_LOG="/var/log/wildfly/console.log"
Try out the init.d and wildfly.conf settings and make sure the service can start:
service wildfly start
Shut the wildfly service down and lets make some edits/customizations:
service wildfly stop
cd /srv/wildfly/standalone/configuration
cp standalone-full.xml standalone-full.xml.original #<– Always backup before edits!
By default WildFly seems to only listen on 127.0.0.1. To make it listen on all interfaces we have to edit the standalone-full.xml (recall we are using the standalone-full.xml per the /etc/default/wildfly configuration file above) file and change each instance of “127.0.0.1” to “0.0.0.0” in the file. Just use find and replace in your editor to do this. I use vim so…
vi standalone-full.xml
:%s/127.0.0.1/0.0.0.0/g
:wq
Start or restart Wildfly
service wildfly start
With WildFly running add a “Management User” and remember your credentials!!!
cd /srv/wildfly/bin
./add-user.sh
That’s it. You now have a basic WildFly 10 install and can reach it and configure further with any browser using the “Management User” credentials you setup above.
-
9. Re: How to make Wildfly 10.1.0 work in port 80 and 443 (SSL) with h2 (HTTP/2) protocol in Linux Ubuntu 16.04
1 of 1 people found this helpfulHi Rodrigo,
I am not sure understanding your issue correctly. But I cannot believe thay you really get an access denied when starting standalone.sh as superuser root.
What exactly did you do and which errors did you get?
There are quite a few pages in the internet which explain how to install Wildfly as a service. But I'd suggest to refer to your $JBOSS_HOME/docs/contrib/scripts/ directory.
The set up is almost self explaining. Where do you run into trouble?
You have usually 2 options:
- install WildFly as a systemd service via systemctl
- install WildFly under control of init
When using systemd you probably need to change the user in the /etc/systemd/system/wildfly.service to 'root'.
As mentioned in the start script the process must be started via the root like
sudo service wildfly start
Regards
Wolfgang
-
10. Re: How to make Wildfly 10.1.0 work in port 80 and 443 (SSL) with h2 (HTTP/2) protocol in Linux Ubuntu 16.04
Hi Wolfgang.
thx for the help
I managed to run the server directly on ports 8080 and 443 using sistemd (init.d could not be done on port 80 and 443).
But I still have the initial problem, which is http2 and gzpi that do not work if I use port 443.
I thought if I directed the wildfly directly to port 443 it would work but that was not the case.
On port 8443 http2 and gzip work, but in the port 443 it does not work.
Is it missing any configuration in wildfly or ubuntu?
Here is the standalone-full.xml server configuration (I use the full configuration rather than the default).
STANDALONE-FULL.XML
....
<security-realm name="ApplicationRealm">
<server-identities>
<ssl>
<keystore path="letsencrypt.jks" relative-to="jboss.server.config.dir" keystore-password="log1me2in3"/>
</ssl>
</server-identities>
<authentication>
<local default-user="$local" allowed-users="*" skip-group-loading="true"/>
<properties path="application-users.properties" relative-to="jboss.server.config.dir"/>
</authentication>
<authorization>
<properties path="application-roles.properties" relative-to="jboss.server.config.dir"/>
</authorization>
</security-realm>
.....
<subsystem xmlns="urn:jboss:domain:undertow:3.1">
<buffer-cache name="default"/>
<server name="default-server">
<http-listener name="default" socket-binding="http" redirect-socket="https" enable-http2="true"/>
<https-listener name="https" socket-binding="https" secure="true" security-realm="ApplicationRealm" enable-http2="true"/>
<host name="default-host" alias="localhost">
<location name="/" handler="welcome-content"/>
<filter-ref name="custom-max-age" predicate="path-prefix('/javax.faces.resource/') or path-suffix('.js') or path-suffix ('.js.xhtml') or path-suffix ('.json') or path-suffix ('.json.xhtml') or path-suffix ('.html') or path-suffix ('.css') or path-suffix ('.css.xhtml') or path-suffix ('.jpg') or path-suffix ('.jpg.xhtml') or path-suffix ('.jpeg') or path-suffix ('.jpeg.xhtml') or path-suffix ('.png') or path-suffix ('.png.xhtml') or path-suffix ('.gif') or path-suffix ('.gif.xhtml') or path-suffix ('.eot') or path-suffix ('.eot.xhtml') or path-suffix ('.ttf') or path-suffix ('.ttf.xhtml') or path-suffix ('.woff') or path-suffix ('.woff.xhtml') or path-suffix ('.woff2') or path-suffix ('.woff2.xhtml')"/>
<filter-ref name="gzipFilter" predicate="exists('%{o,Content-Type}') and regex(pattern='(?:application/javascript|text/css|text/html|text/xml|application/json)(;.*)?', value=%{o,Content-Type}, full-match=true)"/>
<filter-ref name="Vary-header"/>
<filter-ref name="server-header"/>
<filter-ref name="x-powered-by-header"/>
</host>
</server>
<servlet-container name="default" allow-non-standard-wrappers="true" default-encoding="UTF-8" use-listener-encoding="true">
<jsp-config/>
<websockets/>
</servlet-container>
<handlers>
<file name="welcome-content" path="${jboss.home.dir}/welcome-content"/>
</handlers>
<filters>
<response-header name="custom-max-age" header-name="Cache-Control" header-value="max-age=64800000, public"/>
<response-header name="server-header" header-name="Server" header-value="WildFly/10"/>
<response-header name="x-powered-by-header" header-name="X-Powered-By" header-value="Undertow/1"/>
<response-header name="Vary-header" header-name="Vary" header-value="Accept-Encoding"/>
<gzip name="gzipFilter"/>
</filters>
</subsystem>
.....
<socket-binding-group name="standard-sockets" default-interface="public" port-offset="${jboss.socket.binding.port-offset:0}">
<socket-binding name="management-http" interface="management" port="${jboss.management.http.port:9990}"/>
<socket-binding name="management-https" interface="management" port="${jboss.management.https.port:9993}"/>
<socket-binding name="ajp" port="${jboss.ajp.port:8009}"/>
<socket-binding name="http" port="${jboss.ajp.port:80}"/>
<socket-binding name="https" port="${jboss.ajp.port:443}"/>
<socket-binding name="iiop" interface="unsecure" port="3528"/>
<socket-binding name="iiop-ssl" interface="unsecure" port="3529"/>
<socket-binding name="txn-recovery-environment" port="4712"/>
<socket-binding name="txn-status-manager" port="4713"/>
<outbound-socket-binding name="mail-smtp">
<remote-destination host="localhost" port="25"/>
</outbound-socket-binding>
</socket-binding-group>
JBOSS-WEB.XML:
<?xml version="1.0" encoding="UTF-8"?>
<jboss-web xmlns="http://www.jboss.com/xml/ns/javaee">
<context-root/>
</jboss-web>
-
11. Re: How to make Wildfly 10.1.0 work in port 80 and 443 (SSL) with h2 (HTTP/2) protocol in Linux Ubuntu 16.04
1 of 1 people found this helpfulSo is your problem not related to the privileged ports but to http/2?
If yes, which problems do you get and which JDK do you use?
According to the undertow page Using HTTP2 With Wildfly 9.0.0.Beta1 · JBoss Community I understand that alpn neeeds to be installed separately since it is not supported in JDK8.
-
12. Re: How to make Wildfly 10.1.0 work in port 80 and 443 (SSL) with h2 (HTTP/2) protocol in Linux Ubuntu 16.04
1 of 1 people found this helpfulWolfgang Mayer wrote:
So is your problem not related to the privileged ports but to http/2?
If yes, which problems do you get and which JDK do you use?
According to the undertow page Using HTTP2 With Wildfly 9.0.0.Beta1 · JBoss Community I understand that alpn neeeds to be installed separately since it is not supported in JDK8.
That is no longer needed since 10.1.0.Final as long as you are using "supported" JDK.
-
13. Re: How to make Wildfly 10.1.0 work in port 80 and 443 (SSL) with h2 (HTTP/2) protocol in Linux Ubuntu 16.04
Thanks a lot for the help Wolfgang
I just completed the tutorial but did not succeed to activate the http2 protocol.
The java version I have is this:
And according to this page the alpn version would be at 8.1.9.v20160720:
I tried to execute a command to see if it works but I have the following error:
And even with the setting inside the wildfly in standalone.conf it does not run on http2.
JAVA_OPTS="-Xms128m -Xmx512m -XX:MetaspaceSize=96M -XX:MaxMetaspaceSize=256m -Djava.net.preferIPv4Stack=true -Xbootclasspath/p:$JBOSS_HOME/bin/alpn-boot-8.1.9.v20160720.jar"
Please help me solve this problem.
thx.
-
14. Re: How to make Wildfly 10.1.0 work in port 80 and 443 (SSL) with h2 (HTTP/2) protocol in Linux Ubuntu 16.04
Tomaz Cerar escreveu:
Wolfgang Mayer wrote:
So is your problem not related to the privileged ports but to http/2?
If yes, which problems do you get and which JDK do you use?
According to the undertow page Using HTTP2 With Wildfly 9.0.0.Beta1 · JBoss Community I understand that alpn neeeds to be installed separately since it is not supported in JDK8.
That is no longer needed since 10.1.0.Final as long as you are using "supported" JDK.
Hi Tomaz.
Thanks for the help.
What is the supported JDK?
What version of java should I install in ubuntu?
Remembering that if I use port 8443 instead of 443 in the browser (Chrome, Firefox, Edge, the respose is the same) then http2 works (I do not know why this happens).
