Professional Open Source™

JBoss Production Installation

Real-life installation scenarios

© JBoss, Inc. 2003-2005. June 16, 2005 1

 Objectives
Professional Open Source™

 In this section we cover:

– JBoss port configurations
– Installation issues with
• Firewalls
• Native web server front-ends
– Installing JBoss to run as a service

© JBoss, Inc. 2003-2005 2

 Professional Open Source™

JBoss Port Configuration

© JBoss, Inc. 2003-2005. June 16, 2005 3

 JBoss Application as Service Framework
Professional Open Source™

 JBoss Application Server is a service platform

– Hosts multiple services
– Some services bind to physical ports
– Depending on which services are hosted, different combination of
listening socket ports may be opened

Port 8080 Service Service

HTTP

JBoss Microkernel
Port 4444 RMI Service Service EIS
EIS
Port 3528 IIOP Service Service EIS

Port 4445 TCP/IP Service Service

Ref : %JBoss_home%\server\default\conf\jboss-service.xml
© JBoss, Inc. 2003-2005 4
 Professional Open Source™

Tomcat Connectors

© JBoss, Inc. 2003-2005. June 16, 2005 5

 Tomcat Connectors
Professional Open Source™

 Web tier has three main connectors

– HTTP 1.1 (TCP port 8080)
• Direct HTTP requests to the application server
– HTTPS (not enabled by default)
• Direct encrypted HTTP requests to the application server
– AJP13 (TCP port 8009)
• Apache Java Protocol from a native web server to the JBoss
application server

– Depending on your deployment scenario you may want to

enable/disable some of these

Ref : %Jboss_home%\server\default\deploy\jbossweb-tomcat50.sar\server.xml
© JBoss, Inc. 2003-2005 6
 Web Tier Connectors
Professional Open Source™

 Locate the configuration file:

Notice a version change starting from JBoss 4.0.2 which embeds Tomcat
5.5 – the package name is ”jbossweb-tomcat55.sar”, accordingly.

© JBoss, Inc. 2003-2005 7

 Web Tier Connectors
Professional Open Source™

jbossweb-tomcat50.sar/server.xml

<!-- A HTTP/1.1 Connector on port 8080 -->

<Connector port="8080"
address="${jboss.bind.address}"
maxThreads="150" Notice the use of
maxHttpHeaderSize="8192" system properties in
minSpareThreads="25" configuration files.
maxSpareThreads="75"
enableLookups="false" redirectPort="8443"
acceptCount="100"
connectionTimeout="20000"
disableUploadTimeout="true"/>

<!-- A AJP 1.3 Connector on port 8009 -->

<Connector port="8009"
– If all your incoming connections are proxied through a native web server with
address="${jboss.bind.address}"
mod_jk, you may disable the
enableLookups="false" HTTP connector
redirectPort="8443"
debug="0"
– Attribute ”maxThreads”:
protocol="AJP/1.3"/>
• Maximum number of concurrent requests handled by this container
– Attribute ”acceptCount”:
• The length of queued requests when all threads are processing requests

© JBoss, Inc. 2003-2005 8

 Professional Open Source™

Naming Service
J2EE Phone Directory

© JBoss, Inc. 2003-2005. June 16, 2005 9

 Naming Service
Professional Open Source™

 Naming Service
– Java Naming and Directory Interface (JNDI)
– Primary lookup point for J2EE applications
• ”All applications start from naming.” – location transparency
– Redundancy required for high availability
• Provided by JBoss Clustering framework (more on this later).

Remote calls

lookup
Naming Service Other Services

proxy
JBoss Microkernel

© JBoss, Inc. 2003-2005 10

 Naming Service
Professional Open Source™

 How does the client find the naming service?

– Client machine usually has jndi.properties
jndi.properties

java.naming.factory.initial =
org.jnp.interfaces.NamingContextFactory
java.naming.provider.url = jnp://localhost:1099
java.naming.factory.url.pkgs = org.jboss.naming

– This is usually the first access to the server a client makes

– Defaults to TCP port 1099
• Uses TCP/IP to communicate to port 1099 to retrieve a naming service proxy
(Java RMI based)
• Uses then Java Remote Method Invocations to interact with naming service
– E.g. lookup, naming context access, etc.

This applies to ”stand-alone” clients. Web clients connect through HTTP port,
and generally don’t use naming services remotely from the client.

© JBoss, Inc. 2003-2005 11

 Naming Service Configuration
Professional Open Source™

 Locate the service configuration:

– In ”static” bootup sequence from conf/jboss-service.xml

– Contents of ”conf” is not hot-deployable (it is not monitored for changes)

– It is read once right after the kernel has been bootstrapped

© JBoss, Inc. 2003-2005 12

 Naming Service
Professional Open Source™

conf/jboss-service.xml
<mbean code = "org.jboss.naming.NamingService“ name =
"jboss:service=Naming"
xmbean-dd = "resource:xmdesc/NamingService-xmbean.xml">
<!-- The call by value mode. true if all lookups are unmarshalled using
the caller's TCL, false if in
VM lookups return the value by reference. -->
<attribute name="CallByValue">false</attribute>
<!-- The listening port for the bootstrap JNP service. Set this to -1 to
run the NamingService without
the JNP invoker listening port. -->
<attribute name="Port">1099</attribute>
<!-- The bootstrap JNP server bind address. This also sets the default
RMI service bind address.
Empty == all addresses -->
<attribute name="BindAddress">${jboss.bind.address}</attribute>
<!-- The port of the RMI naming service, 0 == anonymous -->
<attribute name="RmiPort">1098</attribute>
<!-- The RMI service bind address. Empty == all addresses -->
<attribute
name="RmiBindAddress">${jboss.bind.address}</attribute>
...
</mbean>

© JBoss, Inc. 2003-2005 13

 Naming Service
Professional Open Source™

 Configuration options:
– Attribute ”Port” (1099):
• Initial access point to naming services
• Can be disabled if:
1. Only have HTTP clients (no remote naming access)
2. All remote naming access is tunneled through HTTP (port 8080)
3. Running replicated naming services (TCP 1100 is used instead)
– Attribute ”BindAddress”:
• The NIC to bind the listening port to (IP address)
• Notice the use of system property jboss.bind.address
– Attributes ”RmiPort” and ”RmiBindAddress”
• The Java Remote Method Invocation access points to naming
service, and the NIC binding address

© JBoss, Inc. 2003-2005 14

 Naming Service HTTP Tunneling
Professional Open Source™

Download RMI
Stub JNP (TCP – Default naming access through two
1099)
Naming Service
ports: JNP Bootstrap and RMI
RMI (TCP protocol
Execute Naming 1098)
operations

HTTP
Communication HTTP (TCP
8080)
Servlet Container
HTTP
Invoker
– Default distribution contains a servlet Servlet
that can accept and route remote
calls to services deployed on the Naming Service
microkernel.

© JBoss, Inc. 2003-2005 15

 JNDI Client Configuration
Professional Open Source™

We don't need to specify any of the properties when we connect

to the JNDI provider from within Jboss. Jboss reads the properties
from \conf\jndi.properties file.

Configuring the client to access JNDI through JNP/RMI protocols :

Properties prop = new Properties();

Prop.put(Context.INITIAL_CONTEXT_FACTORY,
“org.jnp.interfaces.NamingContextFactory”);
prop.put(Context.PROVIDER_URL, “jnp://localhost:1099”);
prop.put(Context,URL_PKG_PREFIXES,
“org.jboss.naming.org.jnp.interfaces”);

Create an initial context connecting to the Jboss naming provider:

InitialContext jbosscontext = new InitialContext(prop);

© JBoss, Inc. 2003-2005 16
 HTTP-Based JNDI
Professional Open Source™

- Jboss provides an HTTP-based implementation for using JNDI contexts.

JNDI implementation provided by RMI can pose problems if the clients
that connect to the naming provider sit outside a firewall.

- Firewalls allow communication to a set of predefined ports. In such cases,

communication based on RMI may not be possible.

- HTTP is one of the protocols passed through by most firewalls, and

they allow remote clients to connect to port 8080 of the internal servers.

- This is available as a SAR component called http-invoker.sar in the

\deploy directory.

© JBoss, Inc. 2003-2005 17

 HTTP-Based JNDI
Professional Open Source™

Configuring the client to access JNDI through HTTP protocols :

Properties prop = new Properties();

prop.put(Context.INITIAL_CONTEXT_FACTORY,
“org.jboss.naming.HttpNamingContextFactory”);

prop.put(Context.PROVIDER_URL,
“http://localhost:8080/invoker/JNDIFactory”);

Create an initial context connecting to the Jboss naming provider:

InitialContext jbosscontext = new InitialContext(prop);

© JBoss, Inc. 2003-2005 18

 Naming Service HTTP Tunneling
Professional Open Source™

 How do I configure the client to use HTTP tunneling?

– Enable a HTTP proxy factory in the client jndi.properties configuration
– Point the provider URL to a HTTP servlet URL

jndi.properties

java.naming.factory.initial =
org.jboss.naming.HttpNamingContextFactory
java.naming.provider.url =
http://localhost:8080/invoker/JNDIFactory
java.naming.factory.url.pkgs = org.jboss.naming
– Encrypting the wire protocol is as easy as switching to HTTPS URL and
HTTPS port
• We will see how to enable HTTPS access in the security section

Note that if all your clients are web clients (web browser access web
applications), remote access to naming service is usually not necessary
(sans applets that may try to connect back to the application server)

© JBoss, Inc. 2003-2005 19

 Naming Service and HTTP Tunneling(Fire-wall Free)
Professional Open Source™

 How to locate the HTTP invoker servlet?

<servlet-name>JNDIFactory</servlet-name>
<description>A servlet that exposes the JBoss
JNDI Naming service stub
through http. The return content is a serialized
MarshalledValue
containing the org.jnp.interfaces.Naming stub.
This configuration handles
requests for the standard JNDI naming service.
</description>
...
<servlet-mapping>
<servlet-name>JNDIFactory</servlet-name>
<url-pattern>/JNDIFactory/*</url-pattern>
</servlet-mapping>

http://localhost:8080/invoker/JNDIFactory

Remember that the default context root of a web

application is derived from its package name:
invoker.war  invoker

© JBoss, Inc. 2003-2005 20

 Clustered Naming and Multicast Discovery
Professional Open Source™

 When enabling clustering for naming service

– TCP 1100 for JNP initial bootstrap (stub)
• Instead of 1099 which can be closed
– RMI access port for naming operations
• For high availability naming this is an
anonymous (random) port
• You will want to fix it for firewall JNP (TCP
1100)
HA Naming (JNDI)
JNP (TCP
RMI (TCP 0)
1100)
HA Naming (JNDI)
RMI (TCP 0)
Multicast
Discovery
Address: 230.0.0.4
JNP (TCP
Port: UDP 1102
1100)
HA Naming (JNDI)
– UDP port 1102 on multicast address RMI (TCP 0)
• Discovery of replicated naming service
• ”Which IP addresses host a naming service?”

© JBoss, Inc. 2003-2005 21

 Professional Open Source™

EJB Invokers

© JBoss, Inc. 2003-2005. June 16, 2005 22

 EJB Invokers
Professional Open Source™

 Direct EJB component access from the client

– Does not apply if you only have HTTP clients to
web applications
– Default is Java Remote Method Invocation
access to TCP port 4444
– There’s an alternative (pooled) invoker
implementation at TCP port 4445 RMI/JRMP (TCP
4444)
JRMP Invoker

Socket (TCP
– EJB communication can also be tunneled 4445)
Pooled Invoker
through HTTP
• Same HTTP Invoker web application
• URL:
http://<host>:8080/invoker/EJBInvokerServlet
– Embedded inside EJB HTTP proxies

© JBoss, Inc. 2003-2005 23

 EJB Invoker Configuration
Professional Open Source™

 Locate the service configuration:

– In ”static” bootup sequence from conf/jboss-service.xml

© JBoss, Inc. 2003-2005 24

 EJB Invokers (RMI/JRMP)
Professional Open Source™

 Default RMI Java Remote Method Protocol (JRMP) invoker

– ”Invoker” is functionally equivalent to a ”Connector” – we use both terms

conf/jboss-service.xml
<!--
==================================================
================== -->
<!-- Invokers to the JMX node
<!--
==================================================
================== -->

<!-- RMI/JRMP invoker -->

<mbean code="org.jboss.invocation.jrmp.server.JRMPInvoker“
name="jboss:service=invoker,type=jrmp">
<attribute name="RMIObjectPort">4444</attribute>
Used for encrypting the
<attribute name="ServerAddress">${jboss.bind.address}</attribute>
<!-- communication. We will
cover this in the
<attribute name="RMIClientSocketFactory">custom</attribute>
security section.
<attribute name="RMIServerSocketFactory">custom</attribute>
<attribute name="RMIServerSocketAddr">custom</attribute>
<attribute name="SecurityDomain">ssl-domain-name</attribute>
-->
<depends>jboss:service=TransactionManager</depends> 25
© JBoss, Inc. 2003-2005
 EJB Invokers (RMI)
Professional Open Source™

 Configuration options:
– RMIObjectPort
• The TCP port clients connecting directly to EJB tier will attempt open
a socket by default
– ServerAddress
• Bind address for multi-homed (multiple NICs) machine

If all clients connect via web tier (servlets and JSPs) then this
invoker is not necessary – can be removed or the port blocked.

© JBoss, Inc. 2003-2005 26

 EJB Invokers (TCP/IP)
Professional Open Source™

 Alternative socket level EJB invoker

– May yield better performance in some scenarios
– Usually you don’t need both the RMI and pooled invoker
• Choose which one to use and disable the other

conf/jboss-service.xml
<!--
====================================================
================ -->
<!-- Invokers to the JMX node
<!--
====================================================
================ -->
<mbean code="org.jboss.invocation.pooled.server.PooledInvoker“
name="jboss:service=invoker,type=pooled">
<attribute name="NumAcceptThreads">1</attribute>
<attribute name="MaxPoolSize">300</attribute>
<attribute name="ClientMaxPoolSize">300</attribute>
<attribute name="SocketTimeout">60000</attribute>
<attribute
name="ServerBindAddress">${jboss.bind.address}</attribute>
<attribute name="ServerBindPort">4445</attribute>
<attribute
name="ClientConnectAddress">${jboss.bind.address}</attribute>
© JBoss, Inc. 2003-2005 27
 Professional Open Source™

Messaging Invocation Layers

© JBoss, Inc. 2003-2005. June 16, 2005 28

 Messaging Connectivity
Professional Open Source™

 Messaging service (JMS) uses invocation layer

– Yet another name for invokers/connectors
• We are cleaning up these, honest!

 Split to three main categories

– Socket based Unified Invocation Layer 2 (UIL2)
• Default TCP port 8093
– HTTP based invocation layer (servlet)
– A fast ”In-VM” invocation layer for messages between components in the
same server instance

Unlike EJB usage, message service clients often access the

service directly, rather than through the web tier.

© JBoss, Inc. 2003-2005 29

 Messaging Connectivity
Professional Open Source™

 Locate service configuration:

– Directory ”jms” under deploy (Java Messaging Service)

Messaging client access through HTTP

tunnel
• Remove (undeploy) if not needed

Internal messaging layer

Messaging client access through

multiplexing socket at TCP port 8093
• Remove (undeploy) if not needed

In some older JBoss 3.0.x and 3.2.x releases you may find additional
invocation layers for messaging – RMI, UIL(1), OIL layers. These have
been deprecated in favor of UIL2, which is the recommended production
grade implementation.

© JBoss, Inc. 2003-2005 30

 Messaging Connectivity
Professional Open Source™

deploy/jms/uil2-service.xml
<mbean code="org.jboss.mq.il.uil2.UILServerILService"
name="jboss.mq:service=InvocationLayer,type=UIL2">
  <depends optional-attribute-
name="Invoker">jboss.mq:service=Invoker</depends>
<!-- JNDI binding   -->
  <attribute
name="ConnectionFactoryJNDIRef">ConnectionFactory</attribute>
  <attribute
name="XAConnectionFactoryJNDIRef">XAConnectionFactory</attribute>
<!-- The bind address   -->
  <attribute name="BindAddress">${jboss.bind.address}</attribute>
<!-- The bind port   -->
  <attribute name="ServerBindPort">8093</attribute>
  <attribute name="PingPeriod">60000</attribute>
  <attribute name="EnableTcpNoDelay">true</attribute>
<!-- Used to disconnect the client if there is no activity. Ensure this is
greater than the ping period   -->
  <attribute name="ReadTimeout">120000</attribute>
  <attribute name="BufferSize">2048</attribute>
<!-- Large messages may block the ping/pong. A pong is simulated after
each chunk (in bytes) for both
reading and writing. It must be larger than the buffer size   -->
  <attribute name="ChunkSize">1000000</attribute>
© JBoss, Inc. 2003-2005 31
 Messaging Connectivity
Professional Open Source™

 How to switch to HTTP tunneling for messaging clients?

– Clients rely on a connection factory they find via a naming service
– Most messaging clients lookup the default ”ConnectionFactory”
• Connection factory is a proxy that mandates a wire protocol from the
client to the server
• Defaults to UIL2 multiplexing socket implementation

– Undeploy UIL2 service or change the name binding to something other

than ”ConnectionFactory”
• Clients will lookup a proxy that mandates HTTP protocol instead

© JBoss, Inc. 2003-2005 32

 Messaging Connectivity
Professional Open Source™

deploy/jms/uil2-service.xml
<mbean
code="org.jboss.mq.il.uil2.UILServerILServic
e"

name="jboss.mq:service=InvocationLayer,ty
pe=UIL2">
<!-- JNDI binding   -->
  <attribute name =

"ConnectionFactoryJNDIRef">UILConnection
deploy/jms/jbossmq-il.sar/META-INF/jboss-
Factory</attribute> service.xml
<server>
…
<mbean
</mbean>
code="org.jboss.mq.il.http.HTTPServerILService"

name="jboss.mq:service=InvocationLayer,type=HTTP"
>
 
<attribute
name="ConnectionFactoryJNDIRef">ConnectionFactory
</attribute>

</server>
© JBoss, Inc. 2003-2005 33
 Ports Conclusion
Professional Open Source™

 Defaults:

TCP 8009 Apache Java Protocol Connector

TCP 8080 HTTP 1.1 Connector
TCP 1099 Naming Bootstrap (stub)
TCP 1098 Naming Remote Method Invocation
TCP 4444 EJB Invoker
TCP 4445 Alternative Pooled EJB Invoker
TCP 8083 Class Downloading Service

TCP 8093 Messaging UIL2

 Clustering:

TCP 1100 Clustered Naming Service

UDP 1102 Naming Discovery

© JBoss, Inc. 2003-2005 34