Sunday, 20 April 2014

Install JBoss 7.1 on CentOS 6



This post will cover installing JBoss 7.1.1 on CentOS 6.x.

We'll also set up JBoss to run as a service, as well as set up access to the management console

Finally, we will look at how run JBoss on port 80 or, alternatively, placing JBoss behind Apache.

In this post, we will set up the JBoss 7.1.1 in Standalone mode. In a subsequent post we will look at setting up JBoss 7.1.1 in Domain mode.
Step 1: Install the Java 6 or 7


Firstly, we will need to install Java.

JBoss 7.1.1 will work with JDK 6 or JDK 7.

I'm using JDK 7, update 5. 

You can download the JDK here: http://www.oracle.com/technetwork/java/javase/downloads/index.html

The instructions below will also work with JDK 6, you just need to change the file names accordingly.


Start by creating a directory /usr/java.
  • [root@dev2 ~]# mkdir /usr/java  


Download jdk-7u5-linux-x64.tar.gz (or latest) and save to /usr/java directory you created above.
  • [root@dev2 java]# ls  
  • jdk-7u5-linux-x64.tar.gz  


Extract it:
  • [root@dev2 java]# tar -zxf  jdk-7u5-linux-x64.tar.gz  


This will create the directory, /usr/java/jdk1.7.0_05, this will be our JAVA_HOME.
  • [root@dev2 java]# ls  
  • jdk1.7.0_05  jdk-7u5-linux-x64.tar.gz  
  • [root@dev2 java]# cd jdk1.7.0_05  
  • [root@dev2 jdk1.7.0_05]# pwd  
  • /usr/java/jdk1.7.0_05  


Note: If you decided to use JDK 6 rather than 7 as we did above, simply save the JDK 6 bin file to /opt (or another location), then navigate to /usr/java and issue: 'sh /opt/jdk-6u33-linux-x64.bin' as shown below (substitute whichever version you downloaded). This will create a JAVA Home of /usr/java/jdk1.6.0.33
  • [root@dev2 ~]#cd /usr/java  
  • [root@dev2 java]# sh /opt/jdk-6u33-linux-x64.bin  



Step 2: Download and Install JBoss 7.1.1 Application Server


Change to the /usr/share directory:
  • [root@dev2 jdk1.7.0_05]# cd /usr/share  


Download jboss-as-7.1.1.Final.zip at http://www.jboss.org/jbossas/downloads and save it to /usr/share. Or, use wget:
  • [root@dev2 share]# wget http://download.jboss.org/jbossas/7.1/jboss-as-7.1.1.Final/jboss-as-7.1.1.Final.zip  


Unzip the file:
  • [root@dev2 share]# unzip -q jboss-as-7.1.1.Final.zip  


Rename jboss-as-7.1.1.Final to jboss-as. This isn't strictly necessary, but it will save you the bother of changing the start up script later.
  • [root@dev2 share]# mv jboss-as-7.1.1.Final jboss-as  


Our JBOSS_HOME is '/usr/share/jboss-as'.
  • [root@dev2 share]# cd jboss-as  
  • [root@dev2 jboss-as]# pwd  
  • /usr/share/jboss-as  


Step 3: Create the user jboss, who will own and run JBoss


Since we will want to run JBoss as a non-root user with minimal privileges, we'll create a user, jboss, who will own the JBoss files and JBoss will run under his account.

To do this, do the following.

Create a new group, jboss, and then create the user jboss and add the user to the jboss group.
  • [root@dev2 share]# groupadd jboss  
  • [root@dev2 share]# useradd -s /bin/bash -g jboss jboss  


Change ownership of the JBoss home directory, /usr/share/jboss-as so all files are owned by the user jboss we created.
  • [root@dev2 share]# chown -Rf jboss.jboss /usr/share/jboss-as/  


Step 4: Put Java into the path of jboss and root


Now, we need to put Java into the path of the users jboss and root (as well as any other users you like) 

The JAVA_HOME is where we installed the JDK above: /usr/java/jdk1.7.0_05

Add the following to the .bash_profile of the user jboss and the user root:
  • JAVA_HOME=/usr/java/jdk1.7.0_05  
  • export JAVA_HOME  
  • PATH=$JAVA_HOME/bin:$PATH  
  • export PATH  


As root, issue '. ~/.bash_profile' as below to put JAVA into the path of root immediately. 
  • [root@dev2 ~]# . ~/.bash_profile  


Check that JAVA is now in the path of root by issuing 'java -version' as below.
  • [root@dev2 ~]# java -version  
  • java version "1.7.0_05"  
  • Java(TM) SE Runtime Environment (build 1.7.0_05-b06)  
  • Java HotSpot(TM) 64-Bit Server VM (build 23.1-b03, mixed mode)  
  • [root@dev2 ~]#  


We need to have JAVA in the path of user root for when we add a Management User for JBoss console in Step 8 below.

Finally, switch to the user jboss and issue 'java -version' to verify that Java is now in the path of user jboss.
  • [root@dev2 ~]# su - jboss  
  • [jboss@dev2 ~]$ java -version  
  • java version "1.7.0_05"  
  • Java(TM) SE Runtime Environment (build 1.7.0_05-b06)  
  • Java HotSpot(TM) 64-Bit Server VM (build 23.1-b03, mixed mode)  
  • [jboss@dev2 ~]$  


Step 5: Create a start/stop/restart script for JBoss.


To create our JBoss script, we will copy the jboss-as-standalone.sh script located under /usr/share/jboss-as/bin/init.d

As root, copy jboss-as-standalone.sh to /etc/init.d and rename it jboss

.
  • [root@dev2 ~]# cd /usr/share/jboss-as/bin/init.d  
  • [root@dev2 bin]# cp jboss-as-standalone.sh /etc/init.d/jboss  


The only change I needed to make two changes to the script

The first was to change line #5 below from it's original '# chkconfig: - 80 20' to '# chkconfig: 234 80 20' The second was to set the JBOSS_USER.

To set the JBOSS_USER, add the following lines to script:

JBOSS_USER=jboss
export JBOSS_USER

You can add the lines just under 'export JAVA_HOME' on line 18 or so below. So the beginning of your script will look like this:
  • #!/bin/sh  
  • #  
  • # JBoss standalone control script  
  • #  
  • # chkconfig: 234 80 20  
  • # description: JBoss AS Standalone  
  • # processname: standalone  
  • # pidfile: /var/run/jboss-as/jboss-as-standalone.pid  
  • # config: /etc/jboss-as/jboss-as.conf  

  • # Source function library.  
  • . /etc/init.d/functions  

  • # Load Java configuration.  
  • [ -r /etc/java/java.conf ] && . /etc/java/java.conf  
  • export JAVA_HOME  
  •   
  • JBOSS_USER=jboss  
  • export JBOSS_USER  

  • # Load JBoss AS init.d configuration.  
  • if [ -z "$JBOSS_CONF" ]; then  
  •   JBOSS_CONF="/etc/jboss-as/jboss-as.conf"  
  • fi  
  •   
  • [ -r "$JBOSS_CONF" ] && . "${JBOSS_CONF}"  

  • # Set defaults.  
  •   
  • if [ -z "$JBOSS_HOME" ]; then  
  •   JBOSS_HOME=/usr/share/jboss-as  
  • fi  
  • export JBOSS_HOME  


Step 6: Run JBoss as a Service.


To run JBoss as a service and enable start up at boot, make the script we created above executable and add it to our chkconfig so it starts at boot.
  • [root@dev2 init.d]# chmod 755 jboss  
  • [root@dev2 init.d]# chkconfig --add jboss  
  • [root@dev2 init.d]# chkconfig --level 234 jboss on  


We should now be able to Start, Stop, and Restart JBoss as a service.

Start JBoss (JBoss can take some time to start, but it is faster than JBoss 6).:
  • [root@dev2 init.d]# service jboss start  
  • Starting jboss-as:                                         [  OK  ]  
  • [root@dev2 init.d]#   


Stop JBoss:
  • [root@dev2 init.d]# service jboss stop  
  • Stopping jboss-as: *** JBossAS process (25794) received TERM signal ***  
  •                                                            [  OK  ]  


Step 7: Change bind address to make JBoss accessible.


By default, JBoss 7.1.1 is bound to the loopback IP of 127.0.0.1, so if we want to make it available on the web, we need to change this.

Locate standalone.xml under /usr/share/jboss-as/standalone/configuration/.

Open standalone.xml in vi or a text editor and look for the public interfaces node as shown below.

<interface name="public">
<inet-address value="${jboss.bind.address:127.0.0.1}"/>
</interface>

To make JBoss publicly accessible, change 127.0.0.1 to either 0.0.0.0 to allow access on all interfaces or to your public IP.

So, for example, if your public IP is 173.194.35.177, you would change it as so:
  • <interfaces>  
  •         <interface name="management">  
  •             <inet-address value="${jboss.bind.address.management:127.0.0.1}"/>  
  •         </interface>  
  •         <interface name="public">  
  •             <inet-address value="${jboss.bind.address:173.194.35.177}"/>  
  •         </interface>  
  •         <!-- TODO - only show this if the jacorb subsystem is added  -->  
  •         <interface name="unsecure">  
  •             <!--  
  •               ~  Used for IIOP sockets in the standard configuration.  
  •               ~                  To secure JacORB you need to setup SSL   
  •               -->  
  •             <inet-address value="${jboss.bind.address.unsecure:127.0.0.1}"/>  
  •         </interface>  
  •     </interfaces>  

Again, if you wish to have JBoss publicly accessible on all interfaces, use 0.0.0.0 in place of your IP above.
Save your changes, start up JBoss, and check it is publicly accessible via http://yourIP:8080
  • [root@dev2 init.d]# service jboss start  
  • Starting jboss-as:                                         [  OK  ]  


Woo-hoo! JBoss 7:

 


Step 8: Accessing the JBoss 7 Admin Console and adding a Management User


If you try to access the JBoss Admin Console via the link on the home page (or by going directly to http://YourIP:9990, you will be greeted with the following:

 



While the error page tells you how to add a user, you will also need to update the standalone.xml as we did earlier if you want to allow access over your public IP.


Let's start with adding a Management user as shown on the error page:

As root, navigate to /usr/share/jboss-as/bin
  • [root@dev2 etc]# cd /usr/share/jboss-as/bin  


Issue './add-user.sh' to run the script to add a Management user. Follow the prompts. Some defaults are provided.
  • [root@dev2 bin]# ./add-user.sh  
  •   
  • What type of user do you wish to add?  
  •  a) Management User (mgmt-users.properties)  
  •  b) Application User (application-users.properties)  
  • (a):  
  •   
  • Enter the details of the new user to add.  
  • Realm (ManagementRealm) :  
  • Username : david  
  • Password :  
  • Re-enter Password :  
  • About to add user 'david' for realm 'ManagementRealm'  
  • Is this correct yes/no? yes  
  • Added user 'david' to file '/usr/share/jboss-as/standalone/configuration/mgmt-users.properties'  
  • Added user 'david' to file '/usr/share/jboss-as/domain/configuration/mgmt-users.properties'  
  • [root@dev2 bin]#   


While you can now access the Admin console on localhost (127.0.0.1), if you want to access it publicly, we need to update standalone.xml under /usr/share/jboss-as/standalone/configuration/ as we did earlier in Step 7.

Open standalone.xml in vi or a text editor and look for the management interface node as shown below.

<interface name="management">
<inet-address value="${jboss.bind.address.management:127.0.0.1}"/>
</interface>

To make the JBoss Admin console publicly accessible, change 127.0.0.1 to your your public IP or to 0.0.0.0 for all interfaces.

So, for example, if your public IP is 173.194.35.177, you would change it as so:
  • <interfaces>  
  •         <interface name="management">  
  •             <inet-address value="${jboss.bind.address.management:173.194.35.177}"/>  
  •         </interface>  
  •         <interface name="public">  
  •             <inet-address value="${jboss.bind.address:173.194.35.177}"/>  
  •         </interface>  
  •         <!-- TODO - only show this if the jacorb subsystem is added  -->  
  •         <interface name="unsecure">  
  •             <!--  
  •               ~  Used for IIOP sockets in the standard configuration.  
  •               ~                  To secure JacORB you need to setup SSL   
  •               -->  
  •             <inet-address value="${jboss.bind.address.unsecure:127.0.0.1}"/>  
  •         </interface>  
  •     </interfaces>  


Again, if you wish to have the Admin console publicly accessible on all interfaces, use 0.0.0.0 in place of your IP above.

Retstart JBoss to reload the the change to standalone.xml:
  • [root@dev2 init.d]# service jboss stop  
  • Stopping jboss-as: *** JBossAS process (25794) received TERM signal ***  
  •                                                            [  OK  ]  
  • [root@dev2 init.d]# service jboss start  
  • Starting jboss-as:                                         [  OK  ]  


Now, navigate back to http://YourIP:9990 and you should be prompted for the Management user credentials you just created: 


 



Below, we are now logged in to the Admin console as the Management user we created: 


 


Step 9 (Optional): Running JBoss on Port 80.


To run services below port 1024 as user other than root, you can use port forwarding.

You can do this by adding the following to your IP tables:
  • [root@sv2 ~]# iptables -t nat -A PREROUTING -p tcp -m tcp --dport 80 -j REDIRECT --to-ports 8080  
  • [root@sv2 ~]# iptables -t nat -A PREROUTING -p udp -m udp --dport 80 -j REDIRECT --to-ports 8080  


Be sure to save and restart your IP Tables.
Step 10 (Optional): Putting Apache in Front of JBoss.


As an alternative to running JBoss on port 80, if you have Apache in front of JBoss, you can use mod_proxy as well as ajp connector to map your domain to your JBoss applications using an Apache vhost as shown below:

While both Tomcat and JBoss have improved their standalone performance, I still prefer to have Apace in front for a number of reasons.

Note that when using proxy, if you will be proxy to localhost (which you should be), you will need to set your public interface bind address to either 0.0.0.0 (for all interfaces) or to 127.0.0.1 for localhost only.
  • <VirtualHost *:80>  
  •     ServerAdmin admin@domain.com  
  •     ServerName domain.com  
  •     ServerAlias www.domain.com  
  •   
  •   
  •     ProxyRequests Off  
  •     ProxyPreserveHost On  
  •     <Proxy *>  
  •        Order allow,deny  
  •        Allow from all  
  •     </Proxy>  
  •   
  •   
  •     ProxyPass / http://localhost:8080/  
  •     ProxyPassReverse / http://localhost:8080/  
  •   
  •   
  •     ErrorLog logs/domain.com-error_log  
  •     CustomLog logs/domain.com-access_log common  
  •   
  • </VirtualHost>  


Alternatively, with the AJP connector enabled, you can use ajp as well:
  • <VirtualHost *:80>  
  •     ServerAdmin admin@domain.com  
  •     ServerName domain.com  
  •     ServerAlias www.domain.com  
  •   
  •   
  •     ProxyRequests Off  
  •     ProxyPreserveHost On  
  •     <Proxy *>  
  •        Order allow,deny  
  •        Allow from all  
  •     </Proxy>  
  •   
  •   
  •     ProxyPass / ajp://localhost:8009/  
  •     ProxyPassReverse / ajp://localhost:8009/  
  •   
  •   
  •     ErrorLog logs/domain.com-error_log  
  •     CustomLog logs/domain.com-access_log common  
  •   
  • </VirtualHost>  


The AJP connector is NOT enabled by default. To enable the AJP connector:

1. Log into the Admin console
2. Click Profile on the top right.
3. On the left menu, go to Web > Servlet/HTTP.
3. Click on the "add" button at right.


 



4. Enter the following in the Create Connector dialogue box as shown below.

5. Click Save.

 



The AJP connector is now enabled.

 



One final note above the vhost examples above (proxy and ajp).

In both vhost examples above, we are "mapping" the domain to the root. 

If we wish to map to an application such as domain.com/myapp, we can add some rewrite as shown below.

This will rewrite all requests for domain.com to domain.com/myapp.
  • <VirtualHost *:80>  
  •     ServerAdmin admin@domain.com  
  •     ServerName domain.com  
  •     ServerAlias www.domain.com  
  •   
  •     RewriteEngine On  
  •     RewriteRule ^/$ myapp/ [R=301]  
  •   
  •   
  •     ProxyRequests Off  
  •     ProxyPreserveHost On  
  •     <Proxy *>  
  •        Order allow,deny  
  •        Allow from all  
  •     </Proxy>  
  •   
  •   
  •     ProxyPass / ajp://localhost:8009/  
  •     ProxyPassReverse / ajp://localhost:8009/  
  •   
  •   
  •     ErrorLog logs/domain.com-error_log  
  •     CustomLog logs/domain.com-access_log common  
  •   
  • </VirtualHost>  





No comments:

Post a Comment