Wednesday, May 4, 2011

JBoss 5.1 + Linux/Unix install, secure, administration cheatsheet

Install

Download jboss-5.1.0.GA and unpack to /opt directory:

cd /opt

wget -nd http://citylan.dl.sourceforge.net/project/jboss/JBoss/JBoss-5.1.0.GA/jboss-5.1.0.GA.zip

unzip jboss-5.1.0.GA.zip

Configure

addgroup jboss

adduser --system --home /opt/jboss-5.1.0.GA --no-create-home --ingroup jboss jboss

passwd jboss [enter password]

chown -R jboss:jboss /opt/jboss-5.1.0.GA

Start JBoss

Start command for Jboss server (jboss user, mydomain.com IP binding, "default" server domain)

nohup su -l jboss -s /bin/bash -c "/opt/jboss-5.1.0.GA/bin/run.sh -c default -b mydomain.com" > /dev/null &

You can add this command to cron.

Command:

crontab -e

Cron file string:

@reboot nohup su -l jboss -s /bin/bash -c "/opt/jboss-5.1.0.GA/bin/run.sh -c default -b mydomain.com" > /dev/null &


View JBoss log to control that all run well:

tail -f /opt/jboss-5.1.0.GA/server/default/log/server.log

Secure

By default JBoss installation have some web administration enter points with standard admin login/password.

Administrator must change these passwords to secure server.


Config files for password changing:

cd /opt/jboss-5.1.0.GA/server/default/

vim deploy/jmx-console.war/WEB-INF/web.xml

vim deploy/jmx-console.war/WEB-INF/jboss-web.xml



vim deploy/http-invoker.sar/invoker.war/WEB-INF/web.xml

vim deploy/http-invoker.sar/invoker.war/WEB-INF/jboss-web.xml



vim deploy/admin-console.war/WEB-INF/web.xml

vim deploy/admin-console.war/WEB-INF/jboss-web.xml



vim deploy/management/console-mgr.sar/web-console.war/WEB-INF/web.xml

vim deploy/management/console-mgr.sar/web-console.war/WEB-INF/jboss-web.xml



vim deploy/jbossws.sar/jbossws-management.war/WEB-INF/web.xml

vim deploy/jbossws.sar/jbossws-management.war/WEB-INF/jboss-web.xml



vim deploy/management/console-mgr.sar/web-console.war/WEB-INF/classes/web-console-users.properties

vim deploy/profileservice-secured.jar/profileservice-users.properties



vim conf/props/jbossws-users.properties

vim conf/props/jmx-console-users.properties

vim conf/props/messaging-users.properties



Deploy Web/Java EE application

Chown file owner to jboss:jboss and move WAR/EAR to /opt/jboss-5.1.0.GA/server/default/deploy/

PostgreSQL data source configuration

Download PostgreSQL JDBC file postgresql-*.*-***.jdbc3.jar to /opt/jboss-5.1.0.GA/server/default/lib/ directory.

chown jboss:jboss /opt/jboss-5.1.0.GA/server/default/lib/postgresql-*.*-***.jdbc3.jar



Create configuration file postgres-ds.xml in deploy directory:

vim /opt/jboss-5.1.0.GA/server/default/deploy/postgres-ds.xml


postgres-ds.xml file content:


<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE datasources
    PUBLIC "-//JBoss//DTD JBOSS JCA Config
1.5//EN" "http://www.jboss.org/j2ee/dtd/jboss-ds_1_5.dtd">
<datasources>
   <local-tx-datasource>
<jndi-name>MyDatasource</jndi-name>
<use-java-context>false</use-java-context>
<connection-url>jdbc:postgresql:payment_processing</connection-url>
<driver-class>org.postgresql.Driver</driver-class>
<user-name>postgres</user-name>
<password>mypassword</password>
   </local-tx-datasource>
</datasources>


chown /opt/jboss-5.1.0.GA/server/default/deploy/postgres-ds.xml
Posted by at
Labels:

4 comments:

  1. DmitryFebruary 1, 2012 at 3:44 AM

    You are welcome :)

    ReplyDelete
  2. Tech MaestroApril 18, 2012 at 9:33 AM

    I am from Dordogne ,France. It was great effort to consolidate jboss commands at one place. Thank you.

    ReplyDelete
    Replies
    1. Tech MaestroApril 18, 2012 at 9:35 AM

      it would be great if you can also put the cheat sheet kind of stuff for Tomcat also.

      - GGK Dordogne

      Delete
  3. DmitrySeptember 30, 2012 at 2:26 AM

    JBoss 5.1 has been remote hacked. Admin could delete JBoss 5.1 "Administration Console" from installation for The Hole closing.

    ReplyDelete

Subscribe to: Post Comments (Atom)