* Realizada instalação básica do debian para servidor conforme wiki
* Ajustar o source.list com a opção contrib e instalar os pacote abaixo:
# apt-get update
# apt-get install ttf-mscorefonts-installer unzip cifs-utils
* Definir usuário para posse dos arquivos do WildFly
OBs.: Essa dependência faz jus a necessidade que o WildFly precisa para funcionar pois o WildFly não roda em modo root por motivos de segurança, portanto existe a possibilidade de usar o usuário www-data ou criar novo usuário. Nesta instalação/configuração foi usado o usuário www-data.
# useradd -G www-data -c "WildFly" -d /home/wildfly -s /usr/sbin/nologin wildfly
* Baixar o WildFly e disponibilizar
Wildfly-9
# wget http://download.jboss.org/wildfly/9.0.2.Final/wildfly-9.0.2.Final.zip
# unzip wildfly-9.0.2.Final.zip
# mv wildfly-9.0.2.Final /home/webapps/wildfly/wildfly-9.0.2
# ln -s webapps/wildfly/wildfly-9.0.2/ /home/wildfly
Wildfly-10
# wget http://download.jboss.org/wildfly/10.0.0.Final/wildfly-10.0.0.Final.tar.gz
# tar -zvxf wildfly-10.0.0.Final.tar.gz
# mv wildfly-10.0.0.Final /home/webapps/wildfly/wildfly-10.0.0.Final
# ln -s webapps/wildfly/wildfly-10.0.0.Final/ /home/wildfly
* Ajuste o arquivo de configuração do ambiente Wildfly
Wildfly-9
# cd /home/wildfly
# ln -s /home/wildfly/bin/init.d/wildfly.conf /etc/default/wildfly
Wildfly-10
# cd /home/wildfly
# ln -s /home/wildfly/docs/contrib/scripts/init.d/wildfly.conf /etc/default/wildfly
* O arquivo de configuração que determina qual modo o serviço Wildfly ira funcionar
Standalone mode
# vi /etc/default/wildfly
# General configuration for the init.d scripts,
# not necessarily for JBoss AS itself.
# default location: /etc/default/wildfly
## Location of WildFly
JBOSS_HOME="/home/wildfly"
## The username who should own the process.
JBOSS_USER=www-data
## The mode WildFly should start, standalone or domain
JBOSS_MODE=standalone
## Configuration for standalone mode
JBOSS_CONFIG=standalone.xml
## The amount of time to wait for startup
STARTUP_WAIT=60
## The amount of time to wait for shutdown
SHUTDOWN_WAIT=60
## Location to keep the console log
# Wildfly 09:
# JBOSS_CONSOLE_LOG="$JBOSS_HOME/standalone/log/console.log"
# Wildfly 10:
JBOSS_CONSOLE_LOG="/var/log/wildfly/console.log"
Domain mode
# vi /etc/default/wildfly
# General configuration for the init.d scripts,
# not necessarily for JBoss AS itself.
# default location: /etc/default/wildfly
## Location of WildFly
JBOSS_HOME="/home/wildfly"
## The username who should own the process.
JBOSS_USER=www-data
## The mode WildFly should start, standalone or domain
JBOSS_MODE=domain
## Configuration for domain mode
JBOSS_DOMAIN_CONFIG=domain.xml
JBOSS_HOST_CONFIG=host.xml <-3 serv conf
#JBOSS_HOST_CONFIG=host-master.xml <-clear conf
## The amount of time to wait for startup
STARTUP_WAIT=60
## The amount of time to wait for shutdown
SHUTDOWN_WAIT=60
## Location to keep the console log
# Wildfly 09
# JBOSS_CONSOLE_LOG="$JBOSS_HOME/standalone/log/console.log"
# Wildfly 10
JBOSS_CONSOLE_LOG="/var/log/wildfly/console.log"
* Acessar jboss-cli.xml e alterar o "host" para o endereço IP do servidor (OPCIONAL)
# vi bin/jboss-cli.xml
De:
<host>localhost</host>
Para:
<host>10.0.0.8</host>
* Acessar standalone.xml ou host.xml e alterar o IP das interfaces "management e public" para o endereço IP do servidor
Standalone mode
# vi standalone/configuration/standalone.xml
<interface name="management">
<inet-address value="${jboss.bind.address.management:10.0.0.8}"/>
</interface>
<interface name="public">
<inet-address value="${jboss.bind.address:10.0.0.8}"/>
</interface>
Domain mode
# vi domain/configuration/host.xml
<interface name="management">
<inet-address value="${jboss.bind.address.management:10.0.0.8}"/>
</interface>
<interface name="public">
<inet-address value="${jboss.bind.address:10.0.0.8}"/>
</interface>
# vi domain/configuration/host-master.xml
<interface name="management">
<inet-address value="${jboss.bind.address.management:10.0.0.8}"/>
</interface>
* No lugar do endereço IP pode ser usado 0.0.0.0 para todos ou pode alterar o parametro de conexão para qualquer endereço, conforme abaixo:
De:
<inet-address value="${jboss.bind.address.management:10.0.0.8}"/>
<inet-address value="${jboss.bind.address:10.0.0.8}"/>
Para as linhas abaixo respectivamente:
<any-address>
<any-address>
* Ajustar as permissões
OBs.: Caso tenha usado o usuário wildfly ajustar as permissões para o usuário wildfly
# chown -R www-data.www-data /home/wildfly
# chown -R www-data.www-data /home/webapps/wildfly/wildfly-9.0.2 <- Versão 9
# chown -R www-data.www-data /home/webapps/wildfly/wildfly-10.0.0 <- Versao 10
* Configurar a inicialização do serviço WildFly
- Wildfly 9
# cp bin/init.d/wildfly-init-debian.sh /etc/init.d/
- Wildfly 10
# cp wildfly/docs/contrib/scripts/init.d/wildfly-init-debian.sh /etc/init.d/
# cd /etc/init.d/
# update-rc.d wildfly-init-debian.sh defaults
# /etc/init.d/wildfly-init-debian.sh start
* Criar usuário de gerenciamento
# sh bin/add-user.sh
What type of user do you wish to add?
a) Management User (mgmt-users.properties)
b) Application User (application-users.properties)
(a): <a>
Enter the details of the new user to add.
Using realm 'ManagementRealm' as discovered from the existing property files.
Username : <admin>
The username 'admin' is easy to guess
Are you sure you want to add user 'admin' yes/no? <yes>
Password recommendations are listed below. To modify these restrictions edit the add-user.properties configuration file.
- The password should be different from the username
- The password should not be one of the following restricted values {root, admin, administrator}
- The password should contain at least 8 characters, 1 alphabetic character(s), 1 digit(s), 1 non-alphanumeric symbol(s)
Password : <password>
Re-enter Password : <password>
What groups do you want this user to belong to? (Please enter a comma separated list, or leave blank for none)[ ]: <Pressione Enter>
About to add user 'admin' for realm 'ManagementRealm'
Is this correct yes/no? '''yes'''
Added user 'admin' to file '/home/wildfly-9.0.2/standalone/configuration/mgmt-users.properties'
Added user 'admin' to file '/home/wildfly-9.0.2/domain/configuration/mgmt-users.properties'
Added user 'admin' with groups to file '/home/wildfly-9.0.2/standalone/configuration/mgmt-groups.properties'
Added user 'admin' with groups to file '/home/wildfly-9.0.2/domain/configuration/mgmt-groups.properties'
Is this new user going to be used for one AS process to connect to another AS process?
e.g. for a slave host controller connecting to the master or for a Remoting connection for server to server EJB calls.
yes/no? <no>
To represent the user add the following to the server-identities definition <secret value="RklTQUAxNDA=" />
* Habilitar RBAC "Role-based access control", tanto para standalone mode com para domain mode
OBs.: Inicialmente o valor é "simple"
# sh bin/jboss-cli.sh -c <- standalone mode
# sh bin/jboss-cli.sh --connect controller=10.0.0.8:9990 <- domain mode
[standalone@10.0.0.8:9990 /] /core-service=management/access=authorization:write-attribute(name=provider,value=rbac)
[standalone@10.0.0.8:9990 /] reload <- em modo domain usar reload master
[standalone@10.0.0.8:9990 /] /core-service=management/access=authorization/role-mapping=SuperUser/include=user-admin:add(name=admin,type=USER)
[standalone@10.0.0.8:9990 /] reload <- em modo domain usar reload master
[standalone@10.0.0.8:9990 /] exit
* Testar acesso a GUI de administração
http://<servidor>:9990
http://<servidor>:8080
* Por requisitos de segurança o serviço wildfly não roda como root, portanto não funcina nas portas convencionais (80,443).
Caso deseje usar o serviço na porta 80 será necessário configurar o iptables para fazer este redirecionamento.
# iptables -t nat -A PREROUTING -i eth0 -p tcp --dport 80 -j REDIRECT --to-port 8080 -m comment --comment "HTTP"
# iptables -t nat -A PREROUTING -i eth0 -p tcp --dport 443 -j REDIRECT --to-port 8443 -m comment --comment "HTTPS"
Nota: Pode-se utilizar do serviço de proxy reverso para redirecionar para as portas.
* Para habilitar o serviço web com configuração SSL basta ativar o recurso
<security-realm name="SSLRealm">
<server-identities>
<ssl> <- Possível adicionar protocol="TLSv1"
<keystore path="keystore.jks" relative-to="jboss.server.config.dir" keystore-password="localhost" alias="www.dominio.com.br"/>
</ssl>
</server-identities>
<authentication>
<truststore path="cacerts.jks" relative-to="jboss.server.config.dir" keystore-password="localhost"/>
</authentication>
</security-realm>
<https-listener name="default-ssl" socket-binding="https" security-realm="SSLRealm"/>
OBs.: Se já possui um keystore, basta copiar este keystore no caminho definido acima
* Reiniciar o serviço para validar
# /etc/init.d/wildfly-init-debian.sh restart
* Realize o download do driver MySQL
# wget http://dev.mysql.com/get/Downloads/Connector-J/mysql-connector-java-5.1.39.tar.gz
# tar -zvxf mysql-connector-java-5.1.39.tar.gz
* Criar o diretório repositório e copiar o modulo mysql
# mkdir -p /home/wildfly/modules/system/layers/base/com/mysql/main
# cp -a mysql-connector-java-5.1.39/mysql-connector-java-5.1.39-bin.jar /home/wildfly/modules/system/layers/base/com/mysql/main
* Criar arquivo de configuração
# vi /home/wildfly/modules/system/layers/base/com/mysql/main/module.xml
<module xmlns="urn:jboss:module:1.3" name="com.mysql">
<resources>
<resource-root path="mysql-connector-java-5.1.39-bin.jar" />
</resources>
<dependencies>
<module name="javax.api"/>
<module name="javax.transaction.api"/>
<module name="javax.servlet.api" optional="true"/>
</dependencies>
</module>
* Realize o registro driver MySQL em standalone mode
# sh /home/wildfly/bin/jboss-cli.sh -c
[standalone@10.0.0.8:9990 /] /subsystem=datasources/jdbc-driver=mysql:add(driver-name=mysql,driver-module-name=com.mysql,driver-class-name=com.mysql.jdbc.Driver,driver-xa-datasource-class-name=com.mysql.jdbc.jdbc2.optional.MysqlXADataSource)
* Realize o registro driver MySQL em domain mode
# sh /home/wildfly/bin/jboss-cli.sh --connect controller=10.0.0.8:9990
[domian@10.0.0.8:9990 /] /profile=<default/full>/subsystem=datasources/jdbc-driver=mysql:add(driver-name=mysql,driver-module-name=com.mysql,driver-class-name=com.mysql.jdbc.Driver,driver-xa-datasource-class-name=com.mysql.jdbc.jdbc2.optional.MysqlXADataSource)
* Realize registro de pool de conexões para aplicação e para cada conexão com database
[standalone@10.0.0.8:9990 /] batch
/subsystem=datasources/xa-data-source="<APLICACAO>":add( \
driver-name="mysql", \
xa-datasource-class=com.mysql.jdbc.jdbc2.optional.MysqlXADataSource, \
jndi-name="java:/jdbc/<APLICACAO>", \
user-name="<USER>", \
password="<PASS>", \
min-pool-size=8, \
max-pool-size=32, \
enabled=true, \
check-valid-connection-sql="SELECT SQL_NO_CACHE 1;", \
validate-on-match=true, \
valid-connection-checker-class-name=org.jboss.jca.adapters.jdbc.extensions.mysql.MySQLValidConnectionChecker, \
exception-sorter-class-name=org.jboss.jca.adapters.jdbc.extensions.mysql.MySQLExceptionSorter \
)
/subsystem=datasources/xa-data-source="<APLICACAO>"/xa-datasource-properties=ServerName:add(value="<SERVER_NAME>")
/subsystem=datasources/xa-data-source="<APLICACAO>"/xa-datasource-properties=DatabaseName:add(value="<DATABASE_NAME>")
run-batch
* Saia e reinicie o Wildfly
[standalone@10.0.0.8:9990 /] exit
# /etc/init.d/wildfly-init-debian.sh restart
* Realize o download do driver PostgreSQL
# wget https://jdbc.postgresql.org/download/postgresql-9.4.1211.jar
* Criar o diretório repositório e copiar o modulo PostgreSQL
# mkdir -p /home/wildfly/modules/system/layers/base/org/postgresql/main
# cp -a postgresql-9.4.1211.jar /home/wildfly/modules/system/layers/base/org/postgresql/main
* Criar arquivo de configuração
# vi /home/wildfly/modules/system/layers/base/org/postgresql/main/module.xml
<module xmlns="urn:jboss:module:1.3" name="org.postgresql">
<resources>
<resource-root path="postgresql-9.4.1211.jar" />
</resources>
<dependencies>
<module name="javax.api"/>
<module name="javax.transaction.api"/>
<module name="javax.servlet.api" optional="true"/>
</dependencies>
</module>
* Realize o registro driver PostgreSQL em standalone mode
# sh /home/wildfly/bin/jboss-cli.sh -c
[standalone@10.0.0.8:9990 /] /subsystem=datasources/jdbc-driver=postgres:add(driver-name=postgres,driver-module-name=org.postgresql,driver-class-name=org.postgresql.Driver)
* Realize o registro driver PostgreSQL em domain mode
# sh /home/wildfly/bin/jboss-cli.sh --connect controller=10.0.0.8:9990
[domain@10.0.0.8:9990 /] /profile=<default/full>/subsystem=datasources/jdbc-driver=postgres:add(driver-name=postgres,driver-module-name=org.postgresql,driver-class-name=org.postgresql.Driver)
* Realize registro de pool de conexões para aplicação e para cada conexão com database (VALIDAR)
[standalone@10.0.0.8:9990 /] batch
/subsystem=datasources/org.postgresql.Driver="<APLICACAO>":add( \
driver-name="postgresql", \
xa-datasource-class=org.postgresql.xa.PGXADataSource, \
jndi-name="java:/jdbc/<APLICACAO>", \
user-name="<USER>", \
password="<PASS>", \
min-pool-size=8, \
max-pool-size=100, \
enabled=true, \
use-java-context="true"\
check-valid-connection-sql="SELECT SQL_NO_CACHE 1;", \
validate-on-match=true, \
valid-connection-checker-class-name=org.jboss.jca.adapters.jdbc.extensions.<postgres/postgresql>.PostgreSQLValidConnectionChecker, \
exception-sorter-class-name=org.jboss.jca.adapters.jdbc.extensions.<postgres/postgresql>.PostgreSQLExceptionSorter \
)
/subsystem=datasources/xa-data-source="<APLICACAO>"/xa-datasource-properties=ServerName:add(value="<SERVER_NAME>")
/subsystem=datasources/xa-data-source="<APLICACAO>"/xa-datasource-properties=PortNumber:add(value="5432")
/subsystem=datasources/xa-data-source="<APLICACAO>"/xa-datasource-properties=DatabaseName:add(value="<DATABASE_NAME>")
run-batch
* Saia e reinicie o Wildfly
[standalone/domain@10.0.0.8:9990 /] exit
# /etc/init.d/wildfly-init-debian.sh restart
* ajustar o uso de memória edite o arquivo
# vi wildfly/bin/standalone.conf
JAVA_OPTS="-Xms64m -Xmx2G -XX:MetaspaceSize=96M -XX:MaxMetaspaceSize=2G -Djava.net.preferIPv4Stack=true"