2

I'd installed Wildfly 10.0.0 Final on Ubuntu 14.04.4 LTS using this script.

Everything looks working fine.

My problem is that wildfly is listenning on port 28080 (script installation default) and I can change to 8080 updating standalone.xml. But I'd like wildfly listenning on port 80, but changing the standalone.xml to use port 80 not works.

Looks like only root can listen on ports lower than 1024, so, the question is, what is the preferred way to configure Wildfly on Ubuntu servers to listening on port 80?

I have tried to use nginx and works, but the strange is that some files, like the css of the jboss default home page, cannot be found.

GarouDan
  • 152
  • 11

3 Answers3

5

The JBoss wiki on developer.jboss.org lists a fairly comprehensive list of options which are likely also valid for Wildfly; essentially variations of:

  • Keep the application server on an unpriviliged port and use something that does listen on the privileged port to forward requests to that port:
    • i.e. a Reverse Proxy or load balancer
    • i.e. configure Port forwarding

Those two seem the most common options and quite preferred.

Alternatives are:

  • Start the application server as root to bind to the privileged port (not really secure and a Bad IdeaTM)
  • Start the application server as root to bind to the privileged port and then drop privileges and run as unprivileged regular user, for which I haven't readily found documented support.

And last but not least my personal favourite:

  • Use setcap to allow the java binary itself the capability to bind to privileged ports, without the requirement to be running as root:

    sudo setcap 'cap_net_bind_service=+ep' /path/to/jre/bin/java

The only disadvantage is that doing that is slightly obscure, but you don't have any external dependancies to your application either.

HBruijn
  • 77,029
  • 24
  • 135
  • 201
  • 1
    I have tried the command `sudo setcap 'cap_net_bind_service=+ep' /path/to/jre/bin/java` and works fine. Very easy. Thanks a lot. In future I would like learn more about how to learn load balance, but for now it's done. Thanks. – GarouDan Jul 27 '16 at 14:19
1

Yes, setting up Nginx to act as an reverse proxy in front of wildfly is IMHO the preferred way. There is an deployment guide on the Nginx homepage on how to configure that.

Henrik Pingel
  • 9,380
  • 2
  • 28
  • 39
  • Thanks about your reply. Using setcap was the easiest way to me but in future I would like to try using a load balancer with nginx. Thanks a lot. – GarouDan Jul 27 '16 at 14:20
1

One of the recommended ways to "reach" your applications deployed on WildFly over port 80, is to use an Apache HTTP server that act as reverse proxy using:

a) mod_proxy wich is the simplest way if you have no experience as sysadmin, you can use HTTP (mod_proxy_http) or AJP (mod_proxy_ajp) on WildFly. For load balancer scenarios you use mod_proxy_balancer too.

b) mod_jk a little more complex to config and AJP only, generally not needed since Apache 2.2+ comes with mod_proxy_ajp.

c) mod_cluster, more complex but have cool features for load balancing scenarios, it use mod_proxy behind scenes.

You can use many others reverse proxys out there like nginx or haproxy if you wish.

Another aproach is to use iptables port forwarding:

iptables -t nat -A PREROUTING -p tcp --dport 80 -j REDIRECT --to-port 8080

Developers of WildFly recommends using something like this since Undertow is really fast.

JorSol
  • 299
  • 2
  • 9
  • Thanks a lot. For now I will preferer use setcap because its very simple but I would like to see more things about this in the future. Thanks a lot. – GarouDan Jul 27 '16 at 14:20