How to install JBOSS - EAP 6.

4 Application Server on
Linux machine.

Configuration File Purpose

standalone.xml This standalone configuration file is the default configuration that is used when
you start your standalone server. It contains all information about the server,
including subsystems, networking, deployments, socket bindings, and other
configurable details. It does not provide the subsystems necessary for messaging
or high availability.

standalone-ha.xml This standalone configuration file includes all of the default subsystems and
adds the modcluster and jgroups subsystems for high availability. It does not
provide the subsystems necessary for messaging.

standalone-full.xml This standalone configuration file includes all of the default subsystems and
adds the messaging-activemq and iiop-openjdk subsystems. It does not provide
the subsystems necessary for high availability.

standalone-full-ha.xml This standalone configuration file includes support for every

possible subsystem, including those for messaging and high availability.

standalone-load- This standalone configuration file includes the minimum subsystems necessary
balancer.xml to use the built-in mod_cluster front-end load
balancer to load balance other JBoss EAP instances.

Step 1: Make one directory JBOSS1

Command >> mkdir JBOSS1

Screenshot 1:
Step 2: copy the jboss binaries to that JBOSS1 folder.

Command >> cp -pr jboss-eap-6.4.0.zip /JBOSS1

Screenshot 2:

Step 3: unzip the jboss-eap-6.4.0.zip binaries .

Command >> unzip jboss-eap-6.4.0.zip

Screenshot 3:
Step 4: change permission to that directory.

Command >> chmod -R 755 /JBOSS1

Screenshot 4:

Step 5: Before starting make sure java is installed on Linux machine.

Command >> java -version

Screenshot 5:
Step 6: We have to add a users.

Command >> ./add-user.sh

Screenshot 6:

What type of user do you wish to add?

a) Management User (mgmt-users.properties)
b) Application User (application-users.properties)

Where,
a)The ManagementRealm and is authorized to perform management operations
using the web-based Management Console or command-line based Management
CLI.
b)Adds a user to the ApplicationRealm, and provides no particular permissions.
That realm is provided for use with applications.
Step 7: locate to /JBOSS/JBOSS1/jboss-eap-6.4/bin and run add-user.sh to add
the users.

Command >> ./add-user.sh

Screenshot 7:

Where,
./add-user.sh >> Use to add user

Username >> Provide username for Managemnet User.

Password >> Provide password for Management User.

Added user 'jboss' to file >> List of .properties file where the 'jboss' user is added .

Step 8: After adding user we have to start jboss using ./standalone.sh file.

Locate to /JBOSS/JBOSS1/jboss-eap-6.4/bin and run ./standalone.sh

Command >> ./standalone.sh

Screenshot 8:
Where,

JBOSS_HOME: /JBOSS/JBOSS1/jboss-eap-6.4 >> says jboss home.

-verbose:gc >> gc.log location

-Xms1303m -Xmx1303m >> heap size from standalone.conf

-XX:MaxPermSize=256m >> Perm size from standalone.conf

http-/127.0.0.1:8080 >> The “public” interface binding is used for all

application related network communication.

http://127.0.0.1:9990 >> The “management” interface is used for all

components and services that are required by the management layer

Step 9: go to browser , use http://127.0.0.1:9990 for login .

Screenshot 9:
Step 10 : Deploy the Calendar.war file on jboss using file system.

Command >> cp -pr Calendar.war /JBOSS/JBOSS1/jboss-eap-

6.4/standalone/deployments/

Screenshot 10:

where,

JBAS018210: Register web context: /Calendar >> Access the application

using context root.

JBOSS Server- Application Deployment Methods - Click here

Step 11 : Go to browser , use URL http://127.0.0.1:8080/Calendar

Screenshot 11:

Step 12 : Bind JBOSS to a Available IP address

from http://127.0.0.1:8080 to http://192.168.216.134:8080 >> Application

Public IP (IPV4)
&
http://127.0.0.1:9990 to http://192.168.216.134:9990/console >> JBOSS
Management user console

Step 13 : To bind "Application Public IP" (IPV4)

locate to jboss bin , use below command.

Command >> ./standalone.sh -b=192.168.216.134

Where,

-b=XXX.XXX.XXX.XXX is use to bind Application “public” interface to a specific IP

address.

Screenshot 13-1:
Screenshot 13-2:

Step 14 : To bind “management” interface to available IP addresses

locate to jboss bin , use below command.

Command >> ./standalone.sh -bmanagement=192.168.216.134

Where,

-bmanagement=XXX.XXX.XXX.XXX is use to bind “management” interface to a

specific IP address.

Screenshot 14-1:

Step 15 : To bind jboss “public” and “management” interface together .

locate to jboss bin , use below command.

Command >> ./standalone.sh -b=192.168.216.134 -

bmanagement=192.168.216.134

Screenshot 15-1:

Screenshot 15-2:

JBoss EAP 6.X Http Connector Settings

max-connections: The maximum number of connections that the

server will accept and process at any given time.
If the max-connections attributes is not set on web subsystem
connectors in standalone-(*).xml / domain.xml, default is computed
as:

512 * Runtime.getRuntime().availableProcessors() //for default Java

connector

(i.e The maximum number of simultaneous connection for JBoss

server is based on the number of CPU cores and it is calculated
as 512*(no of CPU core)).

32 * Runtime.getRuntime().availableProcessors() //for native APR

connector addon
max-threads: The maximum number of request processing threads to
be created by this Connector, which therefore determines the
maximum number of simultaneous requests that can be handled.

Reference link :
https://access.redhat.com/documentation/6.4/pdf/installation_guide/R
ed_Hat_JBoss_EAP_6.4
https://access.redhat.com/documentation/en-us/
http://anonsvn.jboss.org/repos/jbossweb/tags
https://developer.jboss.org/thread/266415
https://access.redhat.com/solutions/25054

Thanks :-)

What is SSL, What is One-Way SSL & Two-Way SSL?

What is SSL?
• SSL stands for “Secure Sockets Layer”.
• SSL has been developed by Netscape.
• The first released version 2.0 was declared in 1995.
• It is Security technology used to encrypt the data between clients and
server or website on browser, mails, etc.

What is TLS?
• TLS stands for “Transport Layer Security” protocol.
• Later the SSL v3.0 has been replaced by TLS1.0
• The TLS1.0, TLS1.1, TLS 1.2 is available, the TLS 1.3 is the newer
version protocol released in 2018.

SSL works on “three basic principles”:

• A. Encryption.
• B. Authentication.
 • C. Data Integrity.

A) Encryption: The data which is transferred between two or more Clients and
Server should be encrypted. Since the attacker or hacker would unable to
understand.

B) Authentication: The data to be transferred must be to the correct person or

user.

C) Data Integrity: The data over transmission should not be tampered or changed.

SSL works on “a key pair”:

a) Public Key.
b) Private Key.

a) Public Key:
• As the name says public, means it is available to all people.
• A public key is basically used for Authentication purpose (The Right
Person/User).
• A CSR (Certificate Signing Request) contains the user detail which is
encrypted using the public key.
b) Private Key:
• As the name says Private, means it is kept secret only available to the
owner.
• This key is having both functionalities of encrypting and decrypting
the data during transmission.
• The private key is generated while creating CSR in an encrypted
format.

Public key infrastructure (PKI) produces public and private keys.

*********************************************************************************

SSL (Secure Sockets Layer) HANDSHAKE :

Basically, the browser works on One-Way SSL authentication mechanism,
Where the Client verifies/validates the server certificate with the list of CA's
certification authority.
There are three keys are used to set up the SSL connection: (a)the public, (b)
private, and (c) session keys.

The SSL connection can be made in two different ways:

A) One-Way SSL: In this method only client going to verifies, server

certificates with the List of CA's certification authority.

B) Two-Way SSL: In this method, both client and server verify, each other
certificates with the list of CA's certification authority.

A) One-Way SSL authentication:

1. Client requests for data on HTTPS protocol to the server. That going to
initiates the SSL/TLS handshake process.

2. Server returns with its public certificate and public key to the client
along with the server hello message.

3. The client validates/verifies the received server certificates with CA’s

certification authority including certificate expiration, unrevoked and
Common Name (CN – name).

4. The client sends back with a symmetric session key using the server’s
public key.

5. The server decrypts the symmetric session key using its private key
and sends back an encrypted session key to start the encrypted session.

B) Two-Way SSL (MUTUAL AUTHENTICATION) :

1. Client requests for data on HTTPS protocol to the server. That going to initiates
the SSL/TLS handshake process.

2. Server returns with its public certificate and public key to the client along with
the server hello message.
3. The client validates/verifies the received server certificates with CA’s
certification authority including certificate expiration, unrevoked and Common
Name (CN – name).

4. The client sends back a client certificate with a symmetric session key using the
server’s public key.

5. The server validates/verifies the received client certificates with CA’s

certification authority for CA digital signed certificates, and checks its certificate
expiration status.

6. After completion of the handshake process, client and server communicate and
transfer data with each other encrypted with the secret keys shared between the
two during a handshake.

Reference Links:
https://www.codeproject.com/Articles/326574/An-Introduction-to-Mutual-SSL-
Authentication
https://www.digicert.com/ssl/
http://www.robinhowlett.com/blog/one-way-ssl-authentication-server---client
https://tutorialspedia.com/an-overview-of-one-way-ssl-and-two-way-ssl/

How to configure SSL on JBOSS EAP 6.4 with SAN

certificate.
Step 1: Locate to JBOSS /configuration folder.

Screenshot 1:

Step 2: open standalone.xml file. NOTE : Always take backup before doing any
config. changes.

Command >> vi standalone.xml

Step 3: Add below parameters for ssl configuration below connector http.

------------------------------------------------------------------------------------------------------
----

<connector name="https" protocol="HTTP/1.1" scheme="https" socket-

binding="https" secure="true">
<ssl key-alias="ssl" password="142536" certificate-key-file="/JBOSS/JBOSS1/jboss-
eap-6.4/standalone/configuration/keystore.jks" verify-client="false" />
</connector>

------------------------------------------------------------------------------------------------------
----
Where,
key-alias >> alias name of keystore.
certificate-key-file >> Pathname of the keystore file where you have stored the
server certificate to be loaded.
 password >> Password of a file.
verify-client >> Set to true if you want the SSL stack to require a valid certificate
chain from the client before accepting a connection. (default is false).

Screenshot 3-1:

Screenshot 3-2:

Step 4 : Locate jboss /bin folder and start the jboss.

I have made a startjboss.sh script and bind my machine IP address.

Screenshot 4-1:

Screenshot 4-2:
Step 5: Check the application on port 8443 with IP (Default port is 8443).

Screenshot 5 :

Step 6: Check the application on port 8443 with CN (CommanName) and SAN
(Subject Alternative Name) DNS in certificate.

Before this make entries in hosts file of machine.

Command >> vi /etc/hosts

Screenshot 6-1:

Step 7 : Check the application using Common Name (CN).

Screenshot 7-1:

Check the application using SAN-DNS.

Screenshot 7-2:

Screenshot 7-3:
Step 8 : To hide port 8443 , change the
Port from 8443 to 443 in standalone.xml and restart the jboss.

Screenshot 8-1 :

Step 9: Check the application using Common Name (CN).

Screenshot 9 :
Refrence link : https://docs.jboss.org/jbossweb/7.0.x/config/ssl.html
Refrence link : https://access.redhat.com/solutions/209023
Refrence link : https://access.redhat.com/solutions/172203