Running management GUI on both HTTP and HTTPS

Solution Unverified - Updated -

Issue

  • Is it possible to have the management console listening on both localhost:9990 with HTTP and the public IP:9443 with HTTPS? I would still like our admins to be able to access the console securely.

  • Can you provide us a way to run the http-management-api on both HTTP+localhost and HTTPS+real_wold_IP in domain mode?
    We are setting up new JBoss servers, and I had configured them to use HTTPS on port 9443 on the public IP of the system so administrators could connect to the admin GUI securely.

  • We are now trying to integrate the JON agent, and my colleague has discovered that JON does not seem to want to talk to the JBoss management console on HTTPS. The following solution indicates that we should configure the JBoss EAP server to listen on localhost 9990: JBoss AS 7 plug-in for JBoss ON fails to discover server and logs error "Invalid port: 0" if non-HTTPS management interface is not defined
    However, after adding a second interface and configuring it to use the management port, the server is failing to start. I get the following message:
ERROR [org.jboss.as.controller.management-operation] JBAS014613: Operation ("add") failed - address: ([
    ("core-service" => "management"),
    ("management-interface" => "http-interface")
]) - failure description: "JBAS014803: Duplicate resource [
    (\"core-service\" => \"management\"),
    (\"management-interface\" => \"http-interface\")
]"

A way to achieve this with a standalone configuration, is to configure the socket-binding as follows:

 <http-interface security-realm="ManagementRealm">
    <socket-binding http="management-http" https="management-https"/>
 </http-interface>

In domain mode this does NOT work.

The following host.xml configuration snippet

    <http-interface security-realm="ManagementRealm">
        <socket interface="management_not_localhost" port="9990" secure-port="9991" />
    </http-interface>
</management-interfaces>

... does not change the bound interface for the both ports.

If we define it like this in host.xml

    <http-interface security-realm="ManagementRealm">
        <socket interface="management_not_localhost" port="9990" />
        <socket interface="management_localhost" port="9990" />
    </http-interface>
</management-interfaces>

only the last socket defined will be used by the server.

Environment

  • Red Hat JBoss Enterprise Application Platform (EAP)
    • 6.0.x
    • 6.1.x
    • 6.2.0

Subscriber exclusive content

A Red Hat subscription provides unlimited access to our knowledgebase of over 48,000 articles and solutions.

Current Customers and Partners

Log in for full access

Log In

New to Red Hat?

Learn more about Red Hat subscriptions

Close

Welcome! Check out the Getting Started with Red Hat page for quick tours and guides for common tasks.