Bug 821556

Summary: standalone.xml has configurations to use https on port 8443, but we can't bind to 8443
Product: OKD Reporter: Nam Duong <nduong>
Component: PodAssignee: Bill DeCoste <wdecoste>
Status: CLOSED CURRENTRELEASE QA Contact: libra bugs <libra-bugs>
Severity: low Docs Contact:
Priority: low    
Version: 2.xCC: bmeng, jofernan, mpatel
Target Milestone: ---Keywords: Triaged
Target Release: ---   
Hardware: Unspecified   
OS: Unspecified   
Whiteboard:
Fixed In Version: Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2012-12-19 19:26:53 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:

Description Nam Duong 2012-05-14 22:09:26 UTC
Description of problem:
I started looking into standalone.xml to configure https access to java apps based on this Forum post: https://openshift.redhat.com/community/forums/openshift/spring-security-and-https-redirect#comment-21226

but if I configure jboss to use https and port 8443, JBoss fails to start web connector service (essentially the app) with the following error:
2012/05/14 17:26:40,129 ERROR [org.jboss.msc.service.fail] (MSC service thread 1-2) MSC00001: Failed to start service jboss.web.connector.https: org.jboss.msc.service.StartException in service jboss.web.connector.https: JBAS018007: Error starting web connector
	at org.jboss.as.web.WebConnectorService.start(WebConnectorService.java:271)
	at org.jboss.msc.service.ServiceControllerImpl$StartTask.startService(ServiceControllerImpl.java:1811) [jboss-msc-1.0.2.GA.jar:1.0.2.GA]
	at org.jboss.msc.service.ServiceControllerImpl$StartTask.run(ServiceControllerImpl.java:1746) [jboss-msc-1.0.2.GA.jar:1.0.2.GA]
	at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1110) [rt.jar:1.6.0_22]
	at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:603) [rt.jar:1.6.0_22]
	at java.lang.Thread.run(Thread.java:679) [rt.jar:1.6.0_22]
Caused by: LifecycleException:  Protocol handler initialization failed: java.net.BindException: Permission denied /127.13.21.1:8443
	at org.apache.catalina.connector.Connector.init(Connector.java:985)


We should either allow port 8443, or update standalone.xml/JBoss config.

Comment 1 Bill DeCoste 2012-05-15 17:19:19 UTC
There are still some ports that haven't been opened for the full JEE profile - I'll make sure 8443 is on the list. However, HTTPS is already forced for external access. The user doesn't have to do anything and should leave 8443 alone unless they want inter-gear HTTPS which I'd have to test once the port is opened.

Comment 2 Bill DeCoste 2012-05-29 18:09:07 UTC
I am leaving this bug open as a reminder to test the user's specific Spring use case. We can currently bind to the loopback at 8443 but this is only exposed locally.

Comment 3 Bill DeCoste 2012-05-30 19:50:20 UTC
Lowering severity. See comment above.

Comment 4 Bill DeCoste 2012-11-09 01:45:47 UTC
8443 removed from standalone.xml

Comment 5 Meng Bo 2012-11-09 09:37:27 UTC
Checked on devenv_2447, port 8443 has been removed from jbossas and jbosseap standalone.xml file.

Jbossas
<socket-binding-group name="standard-sockets" default-interface="public" port-offset="0">
        <socket-binding name="http" port="8080"/>
        <socket-binding name="jacorb" interface="unsecure" port="3528"/>
        <socket-binding name="jacorb-ssl" interface="unsecure" port="3529"/>
        <socket-binding name="jgroups-tcp" port="7600"/>
        <socket-binding name="management-native" interface="management" port="9999"/>
        <socket-binding name="management-http" interface="management" port="9990"/>
        <socket-binding name="messaging" port="5445"/>
        <socket-binding name="messaging-throughput" port="5455"/>
        <socket-binding name="osgi-http" interface="management" port="8090"/>
        <socket-binding name="remoting" port="4447"/>
        <socket-binding name="txn-recovery-environment" port="4712"/>
        <socket-binding name="txn-status-manager" port="4713"/>
        <outbound-socket-binding name="mail-smtp">
            <remote-destination host="localhost" port="25"/>
        </outbound-socket-binding>
    </socket-binding-group>


Jbosseap
 <socket-binding-group name="standard-sockets"
                default-interface="public" port-offset="0">
                <socket-binding name="management-native" interface="management"
                        port="9999" />
                <socket-binding name="management-http" interface="management"
                        port="9990" />

                <socket-binding name="http" port="8080" />
                <socket-binding name="jacorb" interface="unsecure"
                        port="3528" />
                <socket-binding name="jacorb-ssl" interface="unsecure"
                        port="3529" />
                <socket-binding name="jgroups-tcp" port="7600" />
                <socket-binding name="messaging" port="5445" />
                <!--socket-binding name="messaging-group" multicast-address="${jboss.messaging.group.address:231.7.7.7}" 
                        multicast-port="${jboss.messaging.group.port:9876}"/ -->
                <socket-binding name="messaging-throughput" port="5455" />
                <socket-binding name="osgi-http" interface="management"
                        port="8090" />
                <socket-binding name="remoting" port="4447" />
                <socket-binding name="txn-recovery-environment" port="4712" />
                <socket-binding name="txn-status-manager" port="4713" />
                <outbound-socket-binding name="mail-smtp">
                        <remote-destination host="localhost" port="25" />
                </outbound-socket-binding>
        </socket-binding-group>