0

I deployed wildfly 14 & Nginx on a pre-prodction server.Where Nginx is a reverse proxy. and I forced wildfly to use the ssl throught the 443 by adding a socket-binding

    <socket-binding-group name="standard-sockets" default-interface="public">
      ...
      <socket-binding name="https-external" port="443"/>
      ...

and I modified the http-listener

<http-listener name="default" socket-binding="http" redirect-socket="https" enable-http2="true"/>

when I scan the server for the opened ports I found this result: 

80/tcp   open     http
443/tcp  open     https
445/tcp  filtered microsoft-ds
8080/tcp open     http-proxy
8443/tcp open     https-alt

so how can I stop wildfly from listening on 8080 and 8443 whiout causing any damage and keeping the admin console accessible?

Barttttt
  • 123
  • 9
  • Are you sure that nginx is not listening on 443? If it does, then Wildfly will try to bind on the defined port (443 in your case) and if the port is in use, I suppose it will bind to 8443. No idea how wildfly works or behaves but from my little experience with Java Apps, that might be a common scenario – Bogdan Stoica Feb 04 '19 at 15:02
  • run this as root to find out which processes are binding to which ports: `netstat -ntlpe`, paste the output here so that we can be sure what to answer. – Marcel Feb 04 '19 at 15:14
  • this is the result of netstat -tulpn tcp 0 0 127.0.0.1:9990 0.0.0.0:* LISTEN 2303/java tcp 0 0 0.0.0.0:8080 0.0.0.0:* LISTEN 2303/java tcp 0 0 0.0.0.0:80 0.0.0.0:* LISTEN 1460/nginx -g daemo tcp 0 0 0.0.0.0:8443 0.0.0.0:* LISTEN 2303/java tcp 0 0 0.0.0.0:443 0.0.0.0:* LISTEN 1460/nginx -g daemo – Barttttt Feb 04 '19 at 15:16
  • Ok, so you see the output? There's a java process binding on all interfaces `0.0.0.0:8080 && 0.0.0.0:8443`, which I suppose is the mentioned wildfly. You should instruct wildfly to bind only to the loopback device, and then have the reverse proxy bind on the loopback, and only letting nginx to bind to the public interface. – Marcel Feb 04 '19 at 15:32
  • that's right the java process are those of the wildfly , but how can instruct wildfly to listen to the loopback device ? – Barttttt Feb 04 '19 at 15:39
  • That young man, is an exercise for you to try at home, I never worked with wildfly before, but my guess is tweaking the attribute `default-interface` in the XML tag `socket-binding-group`. – Marcel Feb 04 '19 at 15:56

1 Answers1

0

OK, here it is:

https://github.com/wildfly/wildfly/blob/0f873236ffe8a0ea9dc78acbf3b18d4a59fbb98a/docs/src/main/asciidoc/_admin-guide/Interfaces_and_ports.adoc

This piece of documentation states there's a XML section like this: 

<interfaces>
  <interface name="management">
   <inet-address value="127.0.0.1"/>
  </interface>
  <interface name="public">
   <inet-address value="127.0.0.1"/>
  </interface>
</interfaces>

Just look if inet-address for both public and management interfaces are set to the value above, and I think you'll have it working as expected.

Marcel
  • 1,575
  • 8
  • 14