One of the most frequent issues for users that are approaching JBoss or WildFly is how to access it over a network. Let’s see how you can access JBoss across your network.
Default Public address configuration
For security reasons, both management and public interfaces are available only on the 127.0.0.1 address (localhost):
<interface name="management"> <inet-address value="${jboss.bind.address.management:127.0.0.1}"/> </interface> <interface name="public"> <inet-address value="${jboss.bind.address:127.0.0.1}"/> </interface>
Therefore, if you are trying to access it from another host, you will hit a Page not found error. Here is your check list to make sure that you can access WildFly / JBoss across the network:
- Configure a bind address for your server
- Check that there are no firewall rules stopping incoming connections
Configuring the Bind Address
By default as you start JBoss application server / WildFly without any parameter, the server uses as IP Address the loopback address that is 127.0.0.1. This is evident from the server’s logs:
You can set the Application Server’s IP Address at start-up by using the jboss.bind.address.management and jboss.bind.address parameters. For example:
./standalone.sh -Djboss.bind.address.management=192.168.1.10 -Djboss.bind.address=192.168.1.10
Next, check the Console logs to see that both the public and management bind address are using 192.168.1.10:
The netstat command can confirm, that ports 8080 and 9990 have been engaged by a process that is listening:
$ netstat -an | grep 8080 tcp 0 0 127.0.0.1:8080 0.0.0.0:* LISTEN $ netstat -an | grep 9990 tcp 0 0 127.0.0.1:9990 0.0.0.0:* LISTEN
If you want to apply this change at configuration level, then you can specify as fall-back address, the IP Address that we will use for our server:
<interface name="management"> <inet-address value="${jboss.bind.address.management:192.168.10.1}"/> </interface> <interface name="public"> <inet-address value="${jboss.bind.address:192.168.10.1}"/> </interface>
Another option which is available, is binding the application server to all the IP Addresses available on your Ethernet card. This can be achieved by using the 0.0.0.0 IP Address as shown:
<interface name="management"> <inet-address value="${jboss.bind.address.management:0.0.0.0}"/> </interface> <interface name="public"> <inet-address value="${jboss.bind.address:0.0.0.0}"/> </interface>
IP Address blocked by firewall rules
The other possible cause, that prevent your application server to be reachable over the network, is that you have some firewall rules active.On a Linux system you can check if this is the issue by dropping your iptables temporarily for testing:
/etc/init.d/iptables stop
If this is the cause, you can make a permanent change to your iptables config by adding the following line to /etc/sysconfig/iptables
-A INPUT -m state --state NEW -m tcp -p tcp --dport 8080 -j ACCEPT
Next, restart them when you’ve finished with:
/etc/init.d/iptables start
Another option, is to use the firewall-cmd to allow a permanent traffic across a TCP/UDP Port. For example:
sudo firewall-cmd --zone=public --add-port 8080/tcp --permanent
iptables or firewalld
With the iptables service, every single change means flushing the old rules whilst reading the new rules from /etc/sysconfig/iptables. When using firewalld there is no re-creating of all the rules; therefore you can change the settings during run time without existing connections being lost.