!!NOTICE!! The content of this article has been transcribed in the following article together with other steps. Please look there to maintain the posting destination in the future.
Install Apache HTTP Server and Wildfly (JBossAS) on Oracle Linux 8 on an OCI instance.
yum install -y java-1.8.0-openjdk.x86_64
groupadd -r wildfly
useradd -r -g wildfly -d /opt/wildfly -s /sbin/nologin wildfly
The URL to wget is as you like.
cd /opt
wget https://download.jboss.org/wildfly/20.0.1.Final/wildfly-20.0.1.Final.zip
unzip -q wildfly-20.0.1.Final.zip
ln -s wildfly-20.0.1.Final wildfly
sh /opt/wildfly/bin/standalone.sh
2020-09-15 09:47:48,958 INFO [org.jboss.as](Controller Boot Thread) WFLYSRV0025: WildFly Full 20.0.1.Final (WildFly Core 12.0.3.Final) started in 13956ms - Started 314 of 580 services (370 services are lazy, passive or on-demand)
It seems that it started up safely. Press Ctrl + C to stop.
Since the script for starting the daemon is already prepared, you can start the daemon immediately by placing it.
mkdir -p /etc/wildfly
cp /opt/wildfly/docs/contrib/scripts/systemd/wildfly.conf /etc/wildfly/
vi /etc/wildfly/wildfly.conf
Edit the definition as necessary. I changed the bind address to 0.0.0.0-> 127.0.0.1
.
cp /opt/wildfly/docs/contrib/scripts/systemd/launch.sh /opt/wildfly/bin/
chmod 744 /opt/wildfly/bin/launch.sh
cp /opt/wildfly/docs/contrib/scripts/systemd/wildfly.service /etc/systemd/system/
chown -R wildfly /opt/wildfly*
systemctl daemon-reload
systemctl start wildfly
systemctl enable wildfly
You need to configure the admin user to tweak the Wildfly settings from the admin console.
cd /opt/wildfly/bin
./add-user.sh
I will omit the details, but please add the Management User according to the prompt. For more information, go to Official Documentation.
yum install -y httpd
If you keep the default settings, there is a security risk, so correct it.
Eliminate unnecessary content such as welcome pages that are not normally published as much as possible.
cd /etc/httpd/conf.d
mv welcome.conf welcome.conf.org
mv autoindex.conf autoindex.conf.org
vi /etc/httpd/conf/httpd.conf
#Options Indexes FollowSymLinks
Options FollowSymLinks
Disable the TRACE method as an XST countermeasure.
vi /etc/httpd/conf/httpd.conf
#Added to the end of the file
TraceEnable off
Do not include the web server version in the HTTP response header.
vi /etc/httpd/conf/httpd.conf
#Added to the end of the file
ServerTokens ProductOnly
ServerSignature off
As a countermeasure against clickjacking, add the X-Frame-Options header to the HTTP response header.
#Create a new file
vi /etc/httpd/conf.modules.d/headers.conf
#Added to the end of the file
Header append X-FRAME-OPTIONS SAMEORIGIN
Brings requests to Apache HTTP Server to Wildfly.
Direct access to port 80 to port 8080 (Wildfly's HTTP listener).
#Add new file
vi /etc/httpd/conf.modules.d/wildfly.conf
<VirtualHost *:80>
ProxyPass / http://127.0.0.1:8080/
ProxyPassReverse / http://example.net/
</VirtualHost>
Once this is done, test the definition file and restart Apache HTTP Server.
httpd -t
systemctl restart httpd
Simply access port 80, like http \ //example.com, and you'll be successful if you see the Wildfly welcome page.
LB of OCI supports SSL, and I tried to build backend communication with HTTP. If you try to use SSL on the Web / AP server, it will be complicated, so it is nice to be able to terminate with LB.
Reference: Apache's 10 basic security points to review before being attacked
Recommended Posts