Bug 821556 - standalone.xml has configurations to use https on port 8443, but we can't bind to 8443
standalone.xml has configurations to use https on port 8443, but we can't bin...
Status: CLOSED CURRENTRELEASE
Product: OpenShift Origin
Classification: Red Hat
Component: Pod (Show other bugs)
2.x
Unspecified Unspecified
low Severity low
: ---
: ---
Assigned To: Bill DeCoste
libra bugs
: Triaged
Depends On:
Blocks:
  Show dependency treegraph
 
Reported: 2012-05-14 18:09 EDT by Nam Duong
Modified: 2015-05-14 21:53 EDT (History)
3 users (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2012-12-19 14:26:53 EST
Type: Bug
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)

  None (edit)
Description Nam Duong 2012-05-14 18:09:26 EDT
Description of problem:
I started looking into standalone.xml to configure https access to java apps based on this Forum post: https://openshift.redhat.com/community/forums/openshift/spring-security-and-https-redirect#comment-21226

but if I configure jboss to use https and port 8443, JBoss fails to start web connector service (essentially the app) with the following error:
2012/05/14 17:26:40,129 ERROR [org.jboss.msc.service.fail] (MSC service thread 1-2) MSC00001: Failed to start service jboss.web.connector.https: org.jboss.msc.service.StartException in service jboss.web.connector.https: JBAS018007: Error starting web connector
	at org.jboss.as.web.WebConnectorService.start(WebConnectorService.java:271)
	at org.jboss.msc.service.ServiceControllerImpl$StartTask.startService(ServiceControllerImpl.java:1811) [jboss-msc-1.0.2.GA.jar:1.0.2.GA]
	at org.jboss.msc.service.ServiceControllerImpl$StartTask.run(ServiceControllerImpl.java:1746) [jboss-msc-1.0.2.GA.jar:1.0.2.GA]
	at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1110) [rt.jar:1.6.0_22]
	at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:603) [rt.jar:1.6.0_22]
	at java.lang.Thread.run(Thread.java:679) [rt.jar:1.6.0_22]
Caused by: LifecycleException:  Protocol handler initialization failed: java.net.BindException: Permission denied /127.13.21.1:8443
	at org.apache.catalina.connector.Connector.init(Connector.java:985)


We should either allow port 8443, or update standalone.xml/JBoss config.
Comment 1 Bill DeCoste 2012-05-15 13:19:19 EDT
There are still some ports that haven't been opened for the full JEE profile - I'll make sure 8443 is on the list. However, HTTPS is already forced for external access. The user doesn't have to do anything and should leave 8443 alone unless they want inter-gear HTTPS which I'd have to test once the port is opened.
Comment 2 Bill DeCoste 2012-05-29 14:09:07 EDT
I am leaving this bug open as a reminder to test the user's specific Spring use case. We can currently bind to the loopback at 8443 but this is only exposed locally.
Comment 3 Bill DeCoste 2012-05-30 15:50:20 EDT
Lowering severity. See comment above.
Comment 4 Bill DeCoste 2012-11-08 20:45:47 EST
8443 removed from standalone.xml
Comment 5 Meng Bo 2012-11-09 04:37:27 EST
Checked on devenv_2447, port 8443 has been removed from jbossas and jbosseap standalone.xml file.

Jbossas
<socket-binding-group name="standard-sockets" default-interface="public" port-offset="0">
        <socket-binding name="http" port="8080"/>
        <socket-binding name="jacorb" interface="unsecure" port="3528"/>
        <socket-binding name="jacorb-ssl" interface="unsecure" port="3529"/>
        <socket-binding name="jgroups-tcp" port="7600"/>
        <socket-binding name="management-native" interface="management" port="9999"/>
        <socket-binding name="management-http" interface="management" port="9990"/>
        <socket-binding name="messaging" port="5445"/>
        <socket-binding name="messaging-throughput" port="5455"/>
        <socket-binding name="osgi-http" interface="management" port="8090"/>
        <socket-binding name="remoting" port="4447"/>
        <socket-binding name="txn-recovery-environment" port="4712"/>
        <socket-binding name="txn-status-manager" port="4713"/>
        <outbound-socket-binding name="mail-smtp">
            <remote-destination host="localhost" port="25"/>
        </outbound-socket-binding>
    </socket-binding-group>


Jbosseap
 <socket-binding-group name="standard-sockets"
                default-interface="public" port-offset="0">
                <socket-binding name="management-native" interface="management"
                        port="9999" />
                <socket-binding name="management-http" interface="management"
                        port="9990" />

                <socket-binding name="http" port="8080" />
                <socket-binding name="jacorb" interface="unsecure"
                        port="3528" />
                <socket-binding name="jacorb-ssl" interface="unsecure"
                        port="3529" />
                <socket-binding name="jgroups-tcp" port="7600" />
                <socket-binding name="messaging" port="5445" />
                <!--socket-binding name="messaging-group" multicast-address="${jboss.messaging.group.address:231.7.7.7}" 
                        multicast-port="${jboss.messaging.group.port:9876}"/ -->
                <socket-binding name="messaging-throughput" port="5455" />
                <socket-binding name="osgi-http" interface="management"
                        port="8090" />
                <socket-binding name="remoting" port="4447" />
                <socket-binding name="txn-recovery-environment" port="4712" />
                <socket-binding name="txn-status-manager" port="4713" />
                <outbound-socket-binding name="mail-smtp">
                        <remote-destination host="localhost" port="25" />
                </outbound-socket-binding>
        </socket-binding-group>

Note You need to log in before you can comment on or make changes to this bug.