How to access JBoss from a remote machine

One of the most frequent issues for users that are approaching JBoss or WildFly is how to access it over a network. Let’s see how you can access JBoss across your network.

Default Public address configuration

For security reasons, both management and public interfaces are available only on the 127.0.0.1 address (localhost):

<interface name="management">
   <inet-address value="${jboss.bind.address.management:127.0.0.1}"/>
</interface>

<interface name="public">
   <inet-address value="${jboss.bind.address:127.0.0.1}"/>
</interface>

Therefore, if you are trying to access it from another host, you will hit a Page not found error. Here is your check list to make sure that you can access WildFly / JBoss across the network:

  • Configure a bind address for your server
  • Check that there are no firewall rules stopping incoming connections

Configuring the Bind Address

By default as you start JBoss application server / WildFly without any parameter, the server uses as IP Address the loopback address that is 127.0.0.1. This is evident from the server’s logs:

wildfly allow remote host connection

You can set the Application Server’s IP Address at start-up by using the jboss.bind.address.management and jboss.bind.address parameters. For example:

./standalone.sh -Djboss.bind.address.management=192.168.1.10 -Djboss.bind.address=192.168.1.10

Next, check the Console logs to see that both the public and management bind address are using 192.168.1.10:

access jboss over network

The netstat command can confirm, that ports 8080 and 9990 have been engaged by a process that is listening:

$ netstat -an | grep 8080
tcp        0      0 127.0.0.1:8080          0.0.0.0:*               LISTEN     

$ netstat -an | grep 9990
tcp        0      0 127.0.0.1:9990          0.0.0.0:*               LISTEN

If you want to apply this change at configuration level, then you can specify as fall-back address, the IP Address that we will use for our server:

<interface name="management">
    <inet-address value="${jboss.bind.address.management:192.168.10.1}"/>
</interface>
<interface name="public">
    <inet-address value="${jboss.bind.address:192.168.10.1}"/>
</interface>

Another option which is available, is binding the application server to all the IP Addresses available on your Ethernet card. This can be achieved by using the 0.0.0.0 IP Address as shown:

<interface name="management">
    <inet-address value="${jboss.bind.address.management:0.0.0.0}"/>
</interface>
<interface name="public">
    <inet-address value="${jboss.bind.address:0.0.0.0}"/>
</interface>

IP Address blocked by firewall rules

The other possible cause, that prevent your application server to be reachable over the network, is that you have some firewall rules active.On a Linux system you can check if this is the issue by dropping your iptables temporarily for testing:

/etc/init.d/iptables stop

If this is the cause, you can make a permanent change to your iptables config by adding the following line to /etc/sysconfig/iptables

-A INPUT -m state --state NEW -m tcp -p tcp --dport 8080 -j ACCEPT

Next, restart them when you’ve finished with:

/etc/init.d/iptables start

Another option, is to use the firewall-cmd to allow a permanent traffic across a TCP/UDP Port. For example:

sudo firewall-cmd --zone=public --add-port 8080/tcp  --permanent

iptables or firewalld

With the iptables service, every single change means flushing the old rules whilst reading the new rules from /etc/sysconfig/iptables. When using firewalld there is no re-creating of all the rules; therefore you can change the settings during run time without existing connections being lost.