영이네

EAP6

#STANDALONE

] /subsystem=web/configuration=static-resources/:write-attribute(name=listings,value=false)

#DOMAIN

] /profile=ha/subsystem=web/configuration=static-resources/:write-attribute(name=listings,value=false)

        <subsystem xmlns="urn:jboss:domain:web:1.1" default-virtual-server="default-host" instance-id="${jboss.jvmRoute}" native="false">

            <configuration>

                <static-resources listings="true"/>

            </configuration>       

            <connector name="http" protocol="HTTP/1.1" scheme="http" socket-binding="http" max-post-size="104857600"/>

            <connector name="ajp" protocol="AJP/1.3" scheme="http" socket-binding="ajp" max-post-size="104857600" max-connections="3260"/>

            <virtual-server name="default-host" enable-welcome-root="false">

                <alias name="localhost"/>

                <alias name="test.co.kr"/>

                <access-log pattern="%a %t %H %p %U %s ">

                    <directory path="access"/>

                </access-log>

            </virtual-server>

        </subsystem>

EAP5

web.xml

    <servlet>

        <servlet-name>listing</servlet-name>

        <servlet-class>

          org.apache.catalina.servlets.DefaultServlet

        </servlet-class>

        <init-param>

            <param-name>debug</param-name>

            <param-value>0</param-value>

        </init-param>

        <init-param>

            <param-name>listings</param-name>

            <param-value>false</param-value>

        </init-param>

        <load-on-startup>1</load-on-startup>

    </servlet>

    <servlet-mapping>

        <servlet-name>listing</servlet-name>

        <url-pattern>/</url-pattern>

    </servlet-mapping>

APACHE Indexes 제거

Options Indexes FollowSymLinks => Options FollowSymLinks

<datasource jndi-name="java:jboss/datasources/ExampleDS" pool-name="ExampleDS" enabled="true" use-java-context="true" statistics-enabled="true">

standalone.xml에서 statistics-enabled="ture" 추가

    <system-properties>

        <property name="org.apache.tomcat.util.http.Parameters.MAX_COUNT" value="-1"/>

    </system-properties>

    <subsystem xmlns="urn:jboss:domain:web:1.1" default-virtual-server="default-host" instance-id="${jboss.jvmRoute}" native="false">

        <connector name="http" protocol="HTTP/1.1" scheme="http" socket-binding="http" max-post-size="104857600"/>

        <connector name="ajp" protocol="AJP/1.3" scheme="http" socket-binding="ajp" max-post-size="104857600"/>

        <virtual-server name="default-host" enable-welcome-root="false">

            <alias name="localhost"/>

            <alias name="pms.ktis.co.kr"/>

            <access-log pattern="%a %t %H %p %U %s ">

                <directory path="access"/>

            </access-log>

        </virtual-server>

    </subsystem>

# 설정파일 : jboss-web.xml

<jboss-app>

<context-root></context-root>

</jboss-app>

JBoss EAP 5

- server configuration

- all : default + cluster

- default : EJB 및 webapplication 등 JAVA EE 표준 스펙의 기능을 기본적으로 제공

- minimal : 최소 기능만 제공

- 프로파일 확인: server.log -> Loading profile 확인

#제이보스 기동

- run.sh -c default

- run.sh -c custom

#데이터소스 설정

- 데이터소스 설정은 파일명이 -ds.xml로 끝나는 XML 파일을 deploy 디렉터리에 생성

$JBOSS_HOME/docs/examples/jca 경로에 DB 제품별 데이터소스 예제

$JBOSS_HOME/server/default/deploy/oracle-ds.xml

#어플리케이션 경로

- 기본경로: 

$JBOSS_HOME/server/default/deploy/어플리케이션.war

- 경로변경: conf/bootstrap/profile.xml

      <property name="applicationURIs">

         <list elementClass="java.net.URI">

            <value>${jboss.server.home.url}deploy</value>

            <value>file:///home/jboss/custom</value>

         </list>

      </property>

-> jboss-web.xml

<?xml version="1.0" encoding="UTF-8"?>

<jboss-web>

    <context-root>/</context-root>

</jboss-web>

#환경설정

$JBOSS_HOME/server/default/deploy/jbossweb.sar/server.xml

- Access 로그: Valve className="org.apache.catalina.valves.AccessLogValve"

- Listen 포트: 

• Connector protocol="HTTP/1.1" port="8080"

• Connector protocol="AJP/1.3" port="8009"

• Connector protocol="HTTP/1.1" SSLEnabled="true" port="8443"

- 포트 변경(기본)

- 경로: conf/bindingservice.beans/META-INF/bindings-jboss-beans.xml

     ports-01 : +100

     ports-02 : +200

     ports-03 : +300

- custom

-> env.sh

export PORT_OFFSET=200

export PORT_NAME=ports-custom

export JAVA_OPTS="$JAVA_OPTS -Djboss.service.binding.set=$PORT_NAME"

export JAVA_OPTS="$JAVA_OPTS -Djboss.socket.binding.port-offset=$PORT_OFFSET"

-> bindings-jboss-beans.xml

         <parameter>

            <set>

               <inject bean="PortsDefaultBindings"/>

               <inject bean="Ports01Bindings"/>

               <inject bean="Ports02Bindings"/>

               <inject bean="Ports03Bindings"/>

               <inject bean="PortsCustomBindings"/>

            </set>

         </parameter>

   <!-- The ports-custom bindings are obtained by taking the base bindings and adding 0 to each port value  -->

   <bean name="PortsCustomBindings"  class="org.jboss.services.binding.impl.ServiceBindingSet">

      <constructor>

         <!--  The name of the set -->

         <parameter>ports-custom</parameter>

         <!-- Default host name -->

         <parameter>${jboss.bind.address}</parameter>

         <!-- The port offset -->

         <parameter>${jboss.socket.binding.port-offset:0}</parameter>

         <!-- Set of bindings to which the "offset by X" approach can't be applied -->

         <parameter><null/></parameter>

      </constructor>

   </bean>

#콘솔 호출

- JMX-Console: http://127.0.0.1:8080/jmx-console

- WEB-Console: http://127.0.0.1:8080/web-console

#TCP Clustering

MPING을 TCPPING으로 바꾸기

deploy/cluster/jgroups-channelfactory.sar/META-INF/jgroups-channelfactory-stacks.xml

1. MPING 주석처리

2. TCPPING 주석해제

3. 옵션 설정: -Djboss.jgroups.tcp.tcpping.initial_hosts=node1[7600],node2[7600]

<stack name="tcp"

       description="TCP based stack, with flow control and message bundling.

                    TCP stacks are usually used when IP multicasting cannot

                    be used in a network, e.g. because it is disabled (e.g.

                    routers discard multicast)">

    <config>

        <TCP

             singleton_name="tcp"

             start_port="${jboss.jgroups.tcp.tcp_port:7600}"

             tcp_nodelay="true"

             loopback="true"

             recv_buf_size="20000000"

             send_buf_size="640000"

             discard_incompatible_packets="true"

             max_bundle_size="64000"

             max_bundle_timeout="30"

             use_incoming_packet_handler="true"

             enable_bundling="false"

             use_send_queues="false"

             sock_conn_timeout="300"

             skip_suspected_members="true"

             timer.num_threads="12"

             enable_diagnostics="${jboss.jgroups.enable_diagnostics:false}"

             diagnostics_addr="${jboss.jgroups.diagnostics_addr:224.0.75.75}"

             diagnostics_port="${jboss.jgroups.diagnostics_port:7500}"

               thread_pool.enabled="true"

               thread_pool.min_threads="20"

               thread_pool.max_threads="200"

               thread_pool.keep_alive_time="5000"

               thread_pool.queue_enabled="true"

               thread_pool.queue_max_size="1000"

               thread_pool.rejection_policy="discard"

             oob_thread_pool.enabled="true"

               oob_thread_pool.min_threads="20"

               oob_thread_pool.max_threads="200"

               oob_thread_pool.keep_alive_time="1000"

               oob_thread_pool.queue_enabled="false"

               oob_thread_pool.rejection_policy="discard"/>

          <!-- Alternative 1: multicast-based automatic discovery. -->

        <MPING timeout="3000"      

               num_initial_members="3"

               mcast_addr="${jboss.jgroups.tcp.mping_mcast_addr:230.11.11.11}"

               mcast_port="${jgroups.tcp.mping_mcast_port:45700}"

               ip_ttl="${jgroups.udp.ip_ttl:2}"/>

        <!-- Alternative 2: non multicast-based replacement for MPING. Requires a static configuration

             of *all* possible cluster members.

        <TCPPING timeout="3000"

                 initial_hosts="${jboss.jgroups.tcp.tcpping.initial_hosts:localhost[7600],localhost[7601]}"

                 port_range="1"

                 num_initial_members="3"/>

         -->

        <MERGE2 max_interval="100000" min_interval="20000"/>

        <FD_SOCK start_port="${jboss.jgroups.tcp.fd_sock_port:57600}"/>

        <FD timeout="6000" max_tries="5" shun="true"/>

        <VERIFY_SUSPECT timeout="1500"/>

        <BARRIER/>

        <pbcast.NAKACK use_mcast_xmit="false" gc_lag="0"

                       retransmit_timeout="300,600,1200,2400,4800"

                       discard_delivered_msgs="true"/>

        <UNICAST timeout="300,600,1200,2400,3600"/>

        <pbcast.STABLE stability_delay="1000" desired_avg_gossip="50000"

                       max_bytes="400000"/>

        <VIEW_SYNC avg_send_interval="10000"/>

        <pbcast.GMS print_local_addr="true" join_timeout="3000"

                    shun="true"

                    view_bundling="true"

                    view_ack_collection_timeout="5000"

                    resume_task_timeout="7500"/>

        <FC max_credits="2000000" min_threshold="0.10"

            ignore_synchronous_response="true"/>

        <FRAG2 frag_size="60000"/>

        <!-- pbcast.STREAMING_STATE_TRANSFER/ -->

        <pbcast.STATE_TRANSFER/>

        <pbcast.FLUSH timeout="0" start_flush_timeout="10000"/>

    </config>

</stack>

Cache 매니저에서 jgroup 스택 프로토콜 바꾸기

deploy/cluster/jboss-cache-manager.sar/META-INF/jboss-cache-manager-jboss-beans.xml

jboss.default.jgroups.stack:udp 를 jboss.default.jgroups.stack:tcp 로 모두 수정

또는 -Djboss.default.jgroups.stack=tcp 옵션 설정

JBoss Messaging을 TCP로 변경

deploy/messaging/hsqldb-persistence-service.xml

<attribute name="ControlChannelName">jbm-control</attribute>

-> <attribute name="ControlChannelName">tcp</attribute>

<attribute name="DataChannelName">jbm-data</attribute>

-> <attribute name="DataChannelName">tcp</attribute>

JBoss 옵션으로 설정하기

JBOSS_OPTS="$JBOSS_OPTS -Djboss.messaging.ServerPeerID=2"

JBOSS_OPTS="$JBOSS_OPTS -Djboss.service.binding.set=ports-01"

JBOSS_OPTS="$JBOSS_OPTS -Djboss.partition.name=systemV"

JBOSS_OPTS="$JBOSS_OPTS -Djboss.default.jgroups.stack=tcp"

JBOSS_OPTS="$JBOSS_OPTS -Djboss.jgroups.tcp.tcpping.initial_hosts=192.168.123.1[7700],192.168.123.2[7700]"

JBOSS_OPTS="$JBOSS_OPTS -Djboss.jgroups.tcp.tcp_port=7600"

JBOSS_OPTS="$JBOSS_OPTS -Djboss.jgroups.bind.address=192.168.123.1"

#jboss 5 slimming

Remove EJB3 Service

In server /[instance]/deploy/remove

- ejb3-connectors-jboss-beans.xml

- ejb3-container-jboss-beans.xml

- ejb3-interceptors-aop.xml

- jboss-ejb3-embedded-impl-as.jar

In server /[instance]/deployer/remove

- jboss-ejb3-endpoint-deployer.jar

- jboss-ejb3-jndi-deployer.jar

- jboss-ejb3-metrics-deployer.jar

- jboss-ejb3-timerservice-deployer.jar

Remove JBoss Mail

In server /[instance]/deploy/remove

- mail-ra.rar

- mail-service.xml

Remove Scheduling

In server /[instance]/deploy/remove

- schedule-manager-service.xml

- scheduler-service.xml

- quartz-ra.rar

Remove Hypersonic DB

In server /[instance]/deployer/remove

- hsqldb-ds.xml

Remove Bsh Deployer

In server /[instance]/deploy/remove

- bsh.deployer

Remove Key Generateor

In server /[instance]/deploy/remove

- uuid-key-generator.sar

Turn off hot deployment

In server /[instance]/deploy/remove

- hdscanner-jboss-beans.xml

#개발모드: deployers/jbossweb.deployer/web.xml

  <servlet>

      <servlet-name>jsp</servlet-name>

      <servlet-class>org.apache.jasper.servlet.JspServlet</servlet-class>

      <init-param>

         <param-name>fork</param-name>

         <param-value>false</param-value>

      </init-param>

      <init-param>

         <param-name>development</param-name>

         <param-value>true</param-value>

      </init-param>

 </servlet>

#stickysession

- deploy/jbossweb.sar/server.xml

<Engine name="jboss.web" defaultHost="localhost" jvmRoute="node1" >

배포상태

- 상태 확인 CLI: deployment-info --name=test.war

[standalone@xxx.xxx.xxx.xxx:10099 /] deployment-info --name=test.war

NAME     RUNTIME-NAME PERSISTENT ENABLED STATUS

test.war test.war             false            true        OK 

- PERSISTENT: ? - JPA과 관련된 옵션

배포방식

Managed/Unmanaged

- Managed: JBoss가 어플리케이션 배포 파일을 관리. Archive 방법만 사용할 수 있음

- Unmanaged: 사용자가 어플리케이션 배포 파일을 관리

Archive/Exploded

- Archive: 압축된 파일을 배포하는 방법

- Exploded: 압축을 푼 디렉터리를 배포하는 방법

자동배포

- scan-enabled(boolean): 스캔을 사용할지 지정

- scan-interval(int): 스캔 간격을 밀리 세컨드로 지정. 1이상의 값을 지정했을 경우에만 스캔이 실행

- auto-deploy-zipped(boolean): 압축된 어플리케이션을 자동으로 배포할 것인지 지정

- auto-deploy-exploded(boolean): 디렉터리 어플리케이션을 자동으로 배포할 것인지 지정

- deployment-timeout(long): 배포의 타임아웃

unmanaged 방식 xml

    <deployments>

        <deployment name="test.war" runtime-name="test.war">

            <fs-archive path="/jboss/servers/webapp/test"/> or <fs-exploded path="/jboss/servers/webapp/test"/>

        </deployment>

    </deployments>

JBoss EAP 6/7 - vault : 패스워드 암호화

1. keystore/vault 파일을 저장할 디렉터리 생성

web1]$ mkdir -p $JBOSS_HOME/vault

2. keystore.sh 실행하여 keystore 생성

- 스크립트1. keysotre.sh 확인(맨아래)

web1]$ ./keystore.sh [aliasname] [storepass] [keypass] [validity(in day)]

3. vault.sh 실행하여 vault 생성

- 스크립트2. vault.sh 확인(맨아래)

web1]$ ./vault.sh [aliasname] [sotrepass] [password]

4. 출력된 결과를 standalone.xml / host-slave.xml / domain.xml에 등록

Please make note of the following:

********************************************

Vault Block:vb

Attribute Name:password

Configuration should be done as follows:

VAULT::vb::password::1

********************************************

WFLYSEC0048: Vault Configuration in WildFly configuration file:

********************************************

...

</extensions>

<vault>

  <vault-option name="KEYSTORE_URL" value="$JBOSS_HOME/vault/vault.keystore"/>

  <vault-option name="KEYSTORE_PASSWORD" value="MASK-5dOaAVafCSd"/>

  <vault-option name="KEYSTORE_ALIAS" value="vault"/>

  <vault-option name="SALT" value="1234abcd"/>

  <vault-option name="ITERATION_COUNT" value="120"/>

  <vault-option name="ENC_FILE_DIR" value="$JBOSS_HOME/vault/"/>

</vault>

<management>

...

********************************************

4.1. standalone 모드

web1]$ vi standalone.xml

...

</extensions>

<vault>

<vault-option name="KEYSTORE_URL" value="$JBOSS_HOME/vault/vault.keystore"/>

<vault-option name="KEYSTORE_PASSWORD" value="MASK-5dOaAVafCSd"/>

<vault-option name="KEYSTORE_ALIAS" value="vault"/>

<vault-option name="SALT" value="1234abcd"/>

<vault-option name="ITERATION_COUNT" value="120"/>

<vault-option name="ENC_FILE_DIR" value="$JBOSS_HOME/vault/"/>

</vault>

<management>

...

<datasource pool-name="OracleDS" ...>

<security>

<user-name>jboss</user-name>

<password>${VAULT::vb::password::1}</password>

</security>

</datasource>

4.2. domain 모드

web1]$ vi host-slave.xml

...

</extensions>

<vault>

<vault-option name="KEYSTORE_URL" value="$JBOSS_HOME/vault/vault.keystore"/>

<vault-option name="KEYSTORE_PASSWORD" value="MASK-5dOaAVafCSd"/>

<vault-option name="KEYSTORE_ALIAS" value="vault"/>

<vault-option name="SALT" value="1234abcd"/>

<vault-option name="ITERATION_COUNT" value="120"/>

<vault-option name="ENC_FILE_DIR" value="$JBOSS_HOME/vault/"/>

</vault>

<management>

...

web1]$ vi domain.xml

<datasource pool-name="OracleDS" ...>

<security>

<user-name>jboss</user-name>

<password>${VAULT::vb::password::1}</password>

</security>

</datasource>

5. 재기동

# 스크립트1. keystore.sh

#!/bin/sh

. ./env.sh

if[ \( -n "$1" \) -a \( -n "$2" \) -a \( -n "$3" \) -a \( -n "$4" \) ]

then

$JAVA_HOME/bin/keytool -genseckey -alias $1 -storetype jceks -keyalg AES -keysize 128 -storepass $2 -keypass $3 -validity $4 -keystore $JBOSS_HOME/vault/vault.keystore

echo "Check: $JBOSS_HOME/vault/vault.keystore"

exit;

fi

echo "./keystore.sh [aliasname] [storepass] [keypass] [validity(in day)]"

exit;

# 스크립트2. vault.sh

#!/bin/sh

. ./env.sh

if[ \( -n "$1" \) -a \( -n "$2" \) -a \( -n "$3" \) ]

then

$JBOSS_HOME/bin/vault.sh --keystore $JBOSS_HOME/vault/vault.keystore --alias $1 --keystore-password $2 --vault-block vb --attribute password --sec-attr $3 --enc-dir $EAP_HOME/vault/ --iteration 120 --salt 1234abcd

echo "Check: $JBOSS_HOME/vault/VAULT.dat"

exit;

fi

echo "./vault.sh [aliasname] [storepass] [password]"

exit;

# module.xml

<module xmlns="urn:jboss:module:1.0" name="com.mysql">

<resources>

<resource-root path=“mysql-connector-java-5.1.32-bin.jar"/>

</resources>

<dependencies>

<module name="javax.api"/>

</dependencies>

</module>

# drivers

<driver name=“mysql" module="com.mysql“>

<driver-class>com.mysql.jdbc.Driver</driver-class>

</driver>

# mysql datasource

<datasource jta="false" jndi-name="java:/mysqlJNDI" pool-name=“mysqlDS" enabled="true" use-ccm="false">

<connection-url>jdbc:mysql://xxx.xxx.xxx.xxx:3306/mysql</connection-url>

<driver-class>com.mysql.jdbc.Driver</driver-class>

<driver>mysql</driver>

<pool>

<min-pool-size>2</min-pool-size>

<max-pool-size>5</max-pool-size>

<prefill>true</prefill>

</pool>

<security>

<user-name>jboss</user-name>

<password>jboss</password>

</security>

</datasource>

<security>

<security-domain>encds</security-domain>

</security>

<security-domain name="encds" cache-type="default">

<authentication>

<login-module code="org.picketbox.datasource.security.SecureIdentityLoginModule" flag="required">

<module-option name="username" value="username"/>

<module-option name="password" value="enc_pwd"/>

<module-option name="managedConnectionFactoryName" value="jboss.jca:service=LocalTxCM"/>

</login-module>

</authentication>

</security-domain>

<subsystem xmlns="urn:jboss:domain:web:1.1" default-virtual-server="default-host" instance-id="${jboss.jvmRoute}" native="false">

    <connector name="http" protocol="HTTP/1.1" scheme="http" socket-binding="http"/>

    <connector name="ajp" protocol="AJP/1.3" scheme="http" socket-binding="ajp"/>

    <virtual-server name="default-host" enable-welcome-root="false">

        <alias name="localhost"/>

        <alias name="000.ktis.co.kr"/>

        <access-log pattern="%a %t %H %p %U %s "> => <access-log pattern="%h %l %u %t %r %s %b %{Referer}i %{User-Agent}i %S %T">

            <directory path="access"/>

        </access-log>

    </virtual-server>

</subsystem>

로그 경로를 변경할 경우 사용 - env.sh

지정하지 않을 경우 default 경로 사용 - ${jboss.server.base.dir}/log

export JAVA_OPTS="$JAVA_OPTS -Djboss.server.log.dir=/logs/server-group/server11"

access log 설정 - standalone.xml

<subsystem xmlns="urn:jboss:domain:undertow:3.1" instance-id="${jboss.server.name}">

<buffer-cache name="default"/>

<server name="default-server">

  <ajp-listener name="ajp" socket-binding="ajp"/>

  <http-listener name="default" socket-binding="http" redirect-socket="https"/>

  <host name="default-host" alias="localhost">

   <location name="/" handler="welcome-content"/>

   <!-- combined -->

   <access-log prefix="access." directory="${jboss.server.log.dir}/access" pattern="%h %l %u %t %r %s %b %{i,Referer} %{i,User-Agent} %s %T"/>

   <filter-ref name="server-header"/>

   <filter-ref name="x-powered-by-header"/>

  </host>

</server>

...

</subsystem>