Thursday, 30 May 2013

How to install jboss in rhel 6.x / Centos 6.x

This post will cover installing JBoss 7.1.1 on CentOS 6.x.

We'll also set up JBoss to run as a service, as well as set up access to the management console

Finally, we will look at how run JBoss on port 80 or, alternatively, placing JBoss behind Apache.

Firstly, we will need to install Java.

JBoss 7.1.1 will work with JDK 6 or JDK 7.

I'm using JDK 7

[root@vellore 3rdparty_packages]# rpm -ivh jdk-7u7-linux-x64.rpm
-->
[root@vellore Downloads]# unzip jboss-as-7.1.1.Final.zip -d /usr/share/
[root@vellore Downloads]# cd /usr/share
[root@vellore share]# mv jboss-as-7.1.1.Final/ jboss-as

Since we will want to run JBoss as a non-root user with minimal privileges, we'll create a user, jboss, who will own the JBoss files and JBoss will run under his account.

To do this, do the following.

Create a new group, jboss, and then create the user jboss and add the user to the jboss group.

[root@vellore Downloads]# groupadd jboss;useradd -s /bin/bash -g jboss jboss
[root@vellore Downloads]# chown -Rf jboss.jboss /usr/share/jboss-as/
[root@vellore Downloads]# passwd jboss
[root@vellore Downloads]# cat /root/.bash_profile
JAVA_HOME=/usr/java/jdk1.7.0_07
export JAVA_HOME
PATH=$JAVA_HOME/bin:$PATH
export PATH
[root@vellore Downloads]# . ~/.bash_profile
java version "1.7.0_07"
Java(TM) SE Runtime Environment (build 1.7.0_07-b10)
Java HotSpot(TM) 64-Bit Server VM (build 23.3-b01, mixed mode)
[root@vellore Downloads]# java -version
java version "1.7.0_07"
Java(TM) SE Runtime Environment (build 1.7.0_07-b10)
Java HotSpot(TM) 64-Bit Server VM (build 23.3-b01, mixed mode)
[root@vellore Downloads]# su - jboss
[jboss@vellore ~]$ java -version
java version "1.6.0_24"
OpenJDK Runtime Environment (IcedTea6 1.11.1) (rhel-1.45.1.11.1.el6-x86_64)
OpenJDK 64-Bit Server VM (build 20.0-b12, mixed mode)
[jboss@vellore ~]$ exit
logout
[root@vellore Downloads]# cp /usr/share/jboss-as/bin/init.d/jboss-as-standalone.sh /etc/init.d/jboss
[root@vellore Downloads]# vim /etc/init.d/jboss
5 # chkconfig: 234 80 20
18 JBOSS_USER=jboss
19 export JBOSS_USER
[root@vellore Downloads]# chmod 755 /etc/init.d/jboss
[root@vellore Downloads]# chkconfig --add jboss
[root@vellore Downloads]# chkconfig --level 234 jboss on
[root@vellore Downloads]# service jboss start
Starting jboss-as: [ OK ]
[root@vellore Downloads]# service jboss stop
Stopping jboss-as: *** JBossAS process (16287) received TERM signal *** [ OK ]
[root@vellore ~]# vim /usr/share/jboss-as/standalone/configuration/standalone.xml
By default, JBoss 7.1.1 is bound to the loopback IP of 127.0.0.1, so if we want to make it available on the web, we need to change this.

Locate standalone.xml under /usr/share/jboss-as/standalone/configuration/.

Open standalone.xml in vi or a text editor and look for the public interfaces node as shown below.

<interface name="public">
<inet-address value="${jboss.bind.address:127.0.0.1}"/>
</interface>

To make JBoss publicly accessible, change 127.0.0.1 to either 0.0.0.0 to allow access on all interfaces or to your public IP.

So, for example, if your public IP is 10.66.191.232, you would change it as so:

[root@vellore ~]# vim /usr/share/jboss-as/standalone/configuration/standalone.xml
275 <interfaces>
276 <interface name="management">
277 <inet-address value="${jboss.bind.address.management:127.0.0.1}"/>
278 </interface>
279 <interface name="public">
280 <inet-address value="${jboss.bind.address:10.66.191.232}"/>
281 </interface>
282 <!-- TODO - only show this if the jacorb subsystem is added -->
283 <interface name="unsecure">
284 <!--
285 ~ Used for IIOP sockets in the standard configuration.
286 ~ To secure JacORB you need to setup SSL
287 -->
288 <inet-address value="${jboss.bind.address.unsecure:127.0.0.1}"/>
289 </interface>
[root@vellore ~]# service jboss start
Starting jboss-as: [ OK ]
[root@vellore ~]#

Again, if you wish to have JBoss publicly accessible on all interfaces, use 0.0.0.0 in place of your IP above.

Save your changes, start up JBoss, and check it is publicly accessible via http://10.66.191.232:8080




If you try to access the JBoss Admin Console via the link on the home page (or by going directly to http://127.0.0.1:9990, you will be greeted with the following:



While the error page tells you how to add a user, you will also need to update the standalone.xml as we did earlier if you want to allow access over your public IP.


Let's start with adding a Management user as shown on the error page:

As root, navigate to /usr/share/jboss-as/bin

[root@vellore ~]# cd /usr/share/jboss-as/bin


Issue './add-user.sh' to run the script to add a Management user. Follow the prompts. Some defaults are provided.

[root@vellore bin]# ./add-user.sh
What type of user do you wish to add?
a) Management User (mgmt-users.properties)
b) Application User (application-users.properties)
(a):
Enter the details of the new user to add.
Realm (ManagementRealm) :
Username : ranjith
Password : ------ > should not give user name as password
Re-enter Password :
* Error *
JBAS015238: Username must not match the password.
Enter the details of the new user to add.
Realm (ManagementRealm) :
Username (ranjith) :
Password :
Re-enter Password :
About to add user 'ranjith' for realm 'ManagementRealm'
Is this correct yes/no? yes
Added user 'ranjith' to file '/usr/share/jboss-as/standalone/configuration/mgmt-users.properties'
Added user 'ranjith' to file '/usr/share/jboss-as/domain/configuration/mgmt-users.properties'
[root@vellore bin]#

While you can now access the Admin console on localhost (127.0.0.1), if you want to access it publicly, we need to update standalone.xml under /usr/share/jboss-as/standalone/configuration/ as we did earlier.

Open standalone.xml in vi or a text editor and look for the management interface node as shown below.

<interface name="management">
<inet-address value="${jboss.bind.address.management:127.0.0.1}"/>
</interface>

To make the JBoss Admin console publicly accessible, change 127.0.0.1 to your your public IP or to 0.0.0.0 for all interfaces.

So, for example, if your public IP is 10.66.191.232, you would change it as so:

[root@vellore bin]# vim /usr/share/jboss-as/standalone/configuration/standalone.xml
275 <interfaces>
276 <interface name="management">
277 <inet-address value="${jboss.bind.address.management:10.66.191.232}"/>
278 </interface>
279 <interface name="public">
280 <inet-address value="${jboss.bind.address:10.66.191.232}"/>
281 </interface>
282 <!-- TODO - only show this if the jacorb subsystem is added -->
283 <interface name="unsecure">
284 <!--
285 ~ Used for IIOP sockets in the standard configuration.
286 ~ To secure JacORB you need to setup SSL
287 -->
288 <inet-address value="${jboss.bind.address.unsecure:127.0.0.1}"/>
289 </interface>
290 </interfaces>

Again, if you wish to have the Admin console publicly accessible on all interfaces, use 0.0.0.0 in place of your IP above.

Retstart JBoss to reload the the change to standalone.xml:

[root@vellore bin]# service jboss restart
Stopping jboss-as: *** JBossAS process (16532) received TERM signal ***
[ OK ]
Starting jboss-as: [ OK ]
[root@vellore bin]#

Now, navigate back to http://10.66.191.232:9990 and you should be prompted for the Management user credentials you just created: 


Below, we are now logged in to the Admin console as the Management user we created:
To run services below port 1024 as user other than root, you can use port forwarding.

You can do this by adding the following to your IP tables:

[root@vellore ~]# iptables -t nat -A PREROUTING -p tcp -m tcp --dport 80 -j REDIRECT --to-ports 8080
[root@vellore ~]# iptables -t nat -A PREROUTING -p udp -m udp --dport 80 -j REDIRECT --to-ports 8080
[root@vellore ~]# service iptables save
iptables: Saving firewall rules to /etc/sysconfig/iptables:[ OK ]
[root@vellore ~]# service iptables restart
iptables: Flushing firewall rules: [ OK ]
iptables: Setting chains to policy ACCEPT: nat filter [ OK ]
iptables: Unloading modules: [ OK ]
iptables: Applying firewall rules: [ OK ]
[root@vellore ~]#


As an alternative to running JBoss on port 80, if you have Apache in front of JBoss, you can use mod_proxy as well as ajp connector to map your domain to your JBoss applications using an Apache vhost as shown below:

While both Tomcat and JBoss have improved their standalone performance, I still prefer to have Apace in front for a number of reasons.

Note that when using proxy, if you will be proxy to localhost (which you should be), you will need to set your public interface bind address to either 0.0.0.0 (for all interfaces) or to 127.0.0.1 for localhost only.

[root@vellore ~]# vim /etc/httpd/conf/httpd.conf
1010 <VirtualHost *:80>
1011 ServerAdmin root@vellore.zumi.com
1012 ServerName vellore.zumi.com
1013 ServerAlias www.zumi.com
1014
1015
1016 ProxyRequests Off
1017 ProxyPreserveHost On
1018 <Proxy *>
1019 Order allow,deny
1020 Allow from all
1021 </Proxy>
1022
1023
1024 ProxyPass / http://www.zumi.com:8080/
1025 ProxyPassReverse / http://zumi.com:8080/
1026
1027
1028 ErrorLog logs/zumi.com-error_log
1029 CustomLog logs/zumi.com-access_log common
1030
1031 </VirtualHost>
[root@vellore ~]# service httpd restart
Stopping httpd: [ OK ]
Starting httpd: [ OK ] 

Alternatively, with the AJP connector enabled, you can use ajp as well:

  1. <VirtualHost *:80>  
  2.     ServerAdmin root@vellore.zumi.com  
  3.     ServerName vellore.zumi.com  
  4.     ServerAlias www.zumi.com  
  5.   
  6.   
  7.     ProxyRequests Off  
  8.     ProxyPreserveHost On  
  9.     <Proxy *>  
  10.        Order allow,deny  
  11.        Allow from all  
  12.     </Proxy>  
  13.   
  14.   
  15.     ProxyPass / ajp://www.zumi.com:8009/  
  16.     ProxyPassReverse / ajp://www.zumi.com:8009/  
  17.   
  18.   
  19.     ErrorLog logs/domain.com-error_log  
  20.     CustomLog logs/domain.com-access_log common  
  21.   
  22. </VirtualHost> 

  The AJP connector is NOT enabled by default. To enable the AJP connector:

1. Log into the Admin console
2. Click Profile on the top right.
3. On the left menu, go to Web > Servlet/HTTP.
3. Click on the "add" button at right.
4. Enter the following in the Create Connector dialogue box as shown below.

5. Click Save.
The AJP connector is now enabled.
One final note above the vhost examples above (proxy and ajp).

In both vhost examples above, we are "mapping" the domain to the root.

If we wish to map to an application such as domain.com/myapp, we can add some rewrite as shown below.

This will rewrite all requests for domain.com to domain.com/myapp.
  1. <VirtualHost *:80>  
  2.     ServerAdmin root@vellore.zumi.com  
  3.     ServerName vellore.zumi.com 
  4.     ServerAlias www.zumi.com  
  5.   
  6.     RewriteEngine On  
  7.     RewriteRule ^/$ myapp/ [R=301]  
  8.   
  9.   
  10.     ProxyRequests Off  
  11.     ProxyPreserveHost On  
  12.     <Proxy *>  
  13.        Order allow,deny  
  14.        Allow from all  
  15.     </Proxy>  
  16.   
  17.   
  18.     ProxyPass / ajp://www.zumi.com:8009/  
  19.     ProxyPassReverse / ajp://www.zumi.com:8009/  
  20.   
  21.   
  22.     ErrorLog logs/domain.com-error_log  
  23.     CustomLog logs/domain.com-access_log common  
  24.   
  25. </VirtualHost> 



6 comments:

  1. the following command:
    [root@vellore Downloads]# chown -Rf jboss.jboss /usr/share/jboss-as-7.1.1.Final/

    should be:
    [root@vellore Downloads]# chown -Rf jboss.jboss /usr/share/jboss-as/

    excellent write-up, sir...

    ReplyDelete
  2. This is the best guide and only one in the whole world which works. PERFECT!

    ReplyDelete
  3. Fantastic effort.....

    ReplyDelete
  4. Good One - keep it up my friend !

    ReplyDelete
  5. I really appreciate information shared above. It’s of great help. If someone want to learn Online (Virtual) instructor lead live training in Alfresco , kindly contact us http://www.maxmunus.com/contact
    MaxMunus Offer World Class Virtual Instructor led training on Alfresco. We have industry expert trainer. We provide Training Material and Software Support. MaxMunus has successfully conducted 100000+ trainings in India, USA, UK, Australlia, Switzerland, Qatar, Saudi Arabia, Bangladesh, Bahrain and UAE etc.
    For Demo Contact us:
    Name : Arunkumar U
    Email : arun@maxmunus.com
    Skype id: training_maxmunus
    Contact No.-+91-9738507310
    Company Website –http://www.maxmunus.com


    ReplyDelete