Bug 821556 - standalone.xml has configurations to use https on port 8443, but we can't bind to 8443
Summary: standalone.xml has configurations to use https on port 8443, but we can't bin...
Keywords:
Status: CLOSED CURRENTRELEASE
Alias: None
Product: OKD
Classification: Red Hat
Component: Pod
Version: 2.x
Hardware: Unspecified
OS: Unspecified
low
low
Target Milestone: ---
: ---
Assignee: Bill DeCoste
QA Contact: libra bugs
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2012-05-14 22:09 UTC by Nam Duong
Modified: 2015-05-15 01:53 UTC (History)
3 users (show)

Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Clone Of:
Environment:
Last Closed: 2012-12-19 19:26:53 UTC
Target Upstream Version:
Embargoed:

Attachments (Terms of Use)

Description Nam Duong 2012-05-14 22:09:26 UTC 
Description of problem:
I started looking into standalone.xml to configure https access to java apps based on this Forum post: https://openshift.redhat.com/community/forums/openshift/spring-security-and-https-redirect#comment-21226

but if I configure jboss to use https and port 8443, JBoss fails to start web connector service (essentially the app) with the following error:
2012/05/14 17:26:40,129 ERROR [org.jboss.msc.service.fail] (MSC service thread 1-2) MSC00001: Failed to start service jboss.web.connector.https: org.jboss.msc.service.StartException in service jboss.web.connector.https: JBAS018007: Error starting web connector
	at org.jboss.as.web.WebConnectorService.start(WebConnectorService.java:271)
	at org.jboss.msc.service.ServiceControllerImpl$StartTask.startService(ServiceControllerImpl.java:1811) [jboss-msc-1.0.2.GA.jar:1.0.2.GA]
	at org.jboss.msc.service.ServiceControllerImpl$StartTask.run(ServiceControllerImpl.java:1746) [jboss-msc-1.0.2.GA.jar:1.0.2.GA]
	at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1110) [rt.jar:1.6.0_22]
	at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:603) [rt.jar:1.6.0_22]
	at java.lang.Thread.run(Thread.java:679) [rt.jar:1.6.0_22]
Caused by: LifecycleException:  Protocol handler initialization failed: java.net.BindException: Permission denied /127.13.21.1:8443
	at org.apache.catalina.connector.Connector.init(Connector.java:985)


We should either allow port 8443, or update standalone.xml/JBoss config.
Comment 1 Bill DeCoste 2012-05-15 17:19:19 UTC 
There are still some ports that haven't been opened for the full JEE profile - I'll make sure 8443 is on the list. However, HTTPS is already forced for external access. The user doesn't have to do anything and should leave 8443 alone unless they want inter-gear HTTPS which I'd have to test once the port is opened.
Comment 2 Bill DeCoste 2012-05-29 18:09:07 UTC 
I am leaving this bug open as a reminder to test the user's specific Spring use case. We can currently bind to the loopback at 8443 but this is only exposed locally.
Comment 3 Bill DeCoste 2012-05-30 19:50:20 UTC 
Lowering severity. See comment above.
Comment 4 Bill DeCoste 2012-11-09 01:45:47 UTC 
8443 removed from standalone.xml
Comment 5 Meng Bo 2012-11-09 09:37:27 UTC 
Checked on devenv_2447, port 8443 has been removed from jbossas and jbosseap standalone.xml file.

Jbossas
<socket-binding-group name="standard-sockets" default-interface="public" port-offset="0">
        <socket-binding name="http" port="8080"/>
        <socket-binding name="jacorb" interface="unsecure" port="3528"/>
        <socket-binding name="jacorb-ssl" interface="unsecure" port="3529"/>
        <socket-binding name="jgroups-tcp" port="7600"/>
        <socket-binding name="management-native" interface="management" port="9999"/>
        <socket-binding name="management-http" interface="management" port="9990"/>
        <socket-binding name="messaging" port="5445"/>
        <socket-binding name="messaging-throughput" port="5455"/>
        <socket-binding name="osgi-http" interface="management" port="8090"/>
        <socket-binding name="remoting" port="4447"/>
        <socket-binding name="txn-recovery-environment" port="4712"/>
        <socket-binding name="txn-status-manager" port="4713"/>
        <outbound-socket-binding name="mail-smtp">
            <remote-destination host="localhost" port="25"/>
        </outbound-socket-binding>
    </socket-binding-group>


Jbosseap
 <socket-binding-group name="standard-sockets"
                default-interface="public" port-offset="0">
                <socket-binding name="management-native" interface="management"
                        port="9999" />
                <socket-binding name="management-http" interface="management"
                        port="9990" />

                <socket-binding name="http" port="8080" />
                <socket-binding name="jacorb" interface="unsecure"
                        port="3528" />
                <socket-binding name="jacorb-ssl" interface="unsecure"
                        port="3529" />
                <socket-binding name="jgroups-tcp" port="7600" />
                <socket-binding name="messaging" port="5445" />
                <!--socket-binding name="messaging-group" multicast-address="${jboss.messaging.group.address:231.7.7.7}" 
                        multicast-port="${jboss.messaging.group.port:9876}"/ -->
                <socket-binding name="messaging-throughput" port="5455" />
                <socket-binding name="osgi-http" interface="management"
                        port="8090" />
                <socket-binding name="remoting" port="4447" />
                <socket-binding name="txn-recovery-environment" port="4712" />
                <socket-binding name="txn-status-manager" port="4713" />
                <outbound-socket-binding name="mail-smtp">
                        <remote-destination host="localhost" port="25" />
                </outbound-socket-binding>
        </socket-binding-group>
Note You need to log in before you can comment on or make changes to this bug.