当前位置: 文江博客话题详情

如何阻止 JBOSS AS7 将 http 管理控制台重定向到域

发布于 2024-12-23 16:43:30 字数 132 浏览 1 评论 0原文

我正在尝试从 JBOSS AS 7 远程访问管理控制台。我已将管理接口配置为我的 IP,但在我尝试访问该地址后,它会被转换为 /etc/hosts 中的任何内容。我怎样才能改变这种行为?我希望它只能通过 IP 访问。

谢谢 , 菲利普

原文

I am trying to remotely access the administration console from JBOSS AS 7. I have configured the management interface to my IP, but after I try to access the address, it is translated to whatever I have in /etc/hosts. How can I change this behavior? I want it to be accessible only through the IP.

Thanks ,
Filip

如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。

扫码二维码加入Web技术交流群

发布评论

需要 登录 才能够评论, 你可以免费 注册 一个本站的账号。

评论(2

最终幸福 2024-12-30 16:43:30

JBoss AS7 社区文档中有一个关于保护管理接口< /a>.这是了解管理界面安全主题的一个很好的资源。

听起来您已经设置了 management-interfaces 来控制管理控制台和管理 CLI 的接口和端口设置。为此接口定义特定的 IP 和端口设置通常会排除本地主机访问。

问题

  • 您使用的是哪个版本的 JBoss AS 7?
  • 您使用的是独立实例还是托管域?
  • 您是否连接到正确的计算机(假设远程连接到域控制器的主机)?
  • 您的配置设置是什么?

管理接口设置存在于任一实例的配置文件中,如下所示。您需要将相对运行时令牌更改为特定的 IP 地址和端口。

独立

独立配置文件是standalone.xml

    <interfaces>
    <interface name="management">
        <!-- Declare a specific IP address for this management interface -->
        <inet-address value="${jboss.bind.address.management:127.0.0.1}"/>
    </interface>
    <interface name="public">
        <inet-address value="${jboss.bind.address:127.0.0.1}"/>
    </interface>
    <interface name="unsecure">
        <inet-address value="${jboss.bind.address.unsecure:127.0.0.1}"/>
    </interface>
</interfaces>

<socket-binding-group name="standard-sockets" default-interface="public" port-offset="${jboss.socket.binding.port-offset:0}">
    <socket-binding name="management-native" interface="management" port="${jboss.management.native.port:9999}"/>
    <!-- Declare a specific port for the management-native interface -->
    <socket-binding name="management-http" interface="management" port="${jboss.management.http.port:9990}"/>
    <socket-binding name="management-https" interface="management" port="${jboss.management.https.port:9443}"/>

受管域

您可以管理每个主机控制器,因此配置文件不是主域控制器关心的domain.xml,而是host.xml中特定主机的配置。您希望以与独立实例类似的方式保护native-interface。如果您的域配置正确,您可以通过域控制器远程连接到域,即管理控制台或管理 CLI(特别是在该界面上)。

    <management>
    <security-realms>
        <security-realm name="ManagementRealm">
            <authentication>
                <properties path="mgmt-users.properties" relative-to="jboss.domain.config.dir"/>
            </authentication>
        </security-realm>
        <security-realm name="ApplicationRealm">
            <authentication>
                <properties path="application-users.properties" relative-to="jboss.domain.config.dir" />
            </authentication>
        </security-realm>
    </security-realms>
    <management-interfaces>
        <native-interface security-realm="ManagementRealm">
            <socket interface="management" port="${jboss.management.native.port:9999}"/>
        </native-interface>
        <http-interface security-realm="ManagementRealm">
            <socket interface="management" port="${jboss.management.http.port:9990}"/>
        </http-interface>
    </management-interfaces>
</management>

<domain-controller>
   <local/>
   <!-- Alternative remote domain controller configuration with a host and port -->
   <!-- <remote host="${jboss.domain.master.address}" port="${jboss.domain.master.port:9999}" security-realm="ManagementRealm"/> -->
</domain-controller>

<interfaces>
    <interface name="management">
        <inet-address value="${jboss.bind.address:127.0.0.1}"/>
    </interface>
    <interface name="public">
       <inet-address value="${jboss.bind.address:127.0.0.1}"/>
    </interface>
    <interface name="unsecure">
        <!-- Used for IIOP sockets in the standard configuration.
             To secure JacORB you need to setup SSL -->
        <inet-address value="${jboss.bind.address.unsecure:127.0.0.1}"/>
    </interface>
</interfaces>

连接

如果您对远程连接有疑问,请阅读使用 CLI 连接 JBoss AS 7 的 4 种方法中间件魔法。

There's a section in the JBoss AS7 community documentation about Securing The Management Interfaces. This is a good resource for an entry to management interface security topics.

It sounds like you've already set your management-interfaces to control the interface and port settings for the Management Console and the Management CLI. Defining the specific IP and Port settings for this interface will typically exclude localhost access.

Questions

  • What version of JBoss AS 7 are you using?
  • Are you using a Standalone instance or the Managed Domain?
  • Are you connecting to the right machine (assuming remote connection to the host of the domain controller)?
  • What are your configuration settings?

The management interface settings exist in configuration files for either instance as follows. You need to change the relative runtime token to a specific IP address and port.

Standalone

The standalone configuration file is standalone.xml.

    <interfaces>
    <interface name="management">
        <!-- Declare a specific IP address for this management interface -->
        <inet-address value="${jboss.bind.address.management:127.0.0.1}"/>
    </interface>
    <interface name="public">
        <inet-address value="${jboss.bind.address:127.0.0.1}"/>
    </interface>
    <interface name="unsecure">
        <inet-address value="${jboss.bind.address.unsecure:127.0.0.1}"/>
    </interface>
</interfaces>

<socket-binding-group name="standard-sockets" default-interface="public" port-offset="${jboss.socket.binding.port-offset:0}">
    <socket-binding name="management-native" interface="management" port="${jboss.management.native.port:9999}"/>
    <!-- Declare a specific port for the management-native interface -->
    <socket-binding name="management-http" interface="management" port="${jboss.management.http.port:9990}"/>
    <socket-binding name="management-https" interface="management" port="${jboss.management.https.port:9443}"/>

Managed Domain

You can administer each host controller, so the configuration file is not the master domain controller care of domain.xml, but the specific host's configuration in host.xml. You are looking to secure the native-interface in a similar manner as a standalone instance. If your domain is configured correctly, you can connect remotely to the domain via the domain controller, be that the Management Console or the Management CLI (specifically on that interface).

    <management>
    <security-realms>
        <security-realm name="ManagementRealm">
            <authentication>
                <properties path="mgmt-users.properties" relative-to="jboss.domain.config.dir"/>
            </authentication>
        </security-realm>
        <security-realm name="ApplicationRealm">
            <authentication>
                <properties path="application-users.properties" relative-to="jboss.domain.config.dir" />
            </authentication>
        </security-realm>
    </security-realms>
    <management-interfaces>
        <native-interface security-realm="ManagementRealm">
            <socket interface="management" port="${jboss.management.native.port:9999}"/>
        </native-interface>
        <http-interface security-realm="ManagementRealm">
            <socket interface="management" port="${jboss.management.http.port:9990}"/>
        </http-interface>
    </management-interfaces>
</management>

<domain-controller>
   <local/>
   <!-- Alternative remote domain controller configuration with a host and port -->
   <!-- <remote host="${jboss.domain.master.address}" port="${jboss.domain.master.port:9999}" security-realm="ManagementRealm"/> -->
</domain-controller>

<interfaces>
    <interface name="management">
        <inet-address value="${jboss.bind.address:127.0.0.1}"/>
    </interface>
    <interface name="public">
       <inet-address value="${jboss.bind.address:127.0.0.1}"/>
    </interface>
    <interface name="unsecure">
        <!-- Used for IIOP sockets in the standard configuration.
             To secure JacORB you need to setup SSL -->
        <inet-address value="${jboss.bind.address.unsecure:127.0.0.1}"/>
    </interface>
</interfaces>

Connecting

If you have questions on connecting remotely, read 4 ways to connect JBoss AS 7 using CLI on Middleware Magic.

回复 原文
忘东忘西忘不掉你 2024-12-30 16:43:30

standalone.xml中配置

<interfaces>
    <interface name="management">
        <!-- Declare a specific IP address for this management interface -->
        <inet-address value="your-hostname/>
    </interface>
    <interface name="public">
        <inet-address value="your-hostname"/>
    </interface>
    <interface name="unsecure">
        <inet-address value="your-hostname"/>
    </interface>
</interfaces

Configure in standlone.xml

<interfaces>
    <interface name="management">
        <!-- Declare a specific IP address for this management interface -->
        <inet-address value="your-hostname/>
    </interface>
    <interface name="public">
        <inet-address value="your-hostname"/>
    </interface>
    <interface name="unsecure">
        <inet-address value="your-hostname"/>
    </interface>
</interfaces
回复 原文
~没有更多了~

关于作者

清旖

暂无简介

文章
评论
26 人气
发私信

相关话题

更多

热门标签

操作系统 程序设计 IT运维 Linux系统管理 JavaScript 服务器应用 solaris C/C++ PHP Shell BSD Vue.js aix Oracle Python HTML 系统管理 HTML5 CSS 前端
更多

推荐作者

╰ゝ天使的微笑

文章 0 评论 0

少女净妖师

文章 0 评论 0

朱洁

文章 0 评论 0

觉浅

文章 0 评论 0

滥情空心

文章 0 评论 0

hl1314520

文章 0 评论 0

更多

友情链接

文江博客
    我们使用 Cookies 和其他技术来定制您的体验包括您的登录状态等。通过阅读我们的 隐私政策 了解更多相关信息。 单击 接受 或继续使用网站,即表示您同意使用 Cookies 和您的相关数据。
    原文