A little background on this project, and why I needed to run a vulnerable JBoss instance in my environment. I have a client that wanted to demo a web app that utilizes JBoss as it's prmary middleware. The web app is completly built around JBoss 4.2.2 so unfortunately I had no other option but to use it. Eventually, if the client decides to purchase the web app I will be putting extra security on the server so that the sensitive/hackable areas of JBoss are at least password protected, and I will post directions on that accordingly. As of now the only access to the server is through a VPN into the environment. The big security issues will occur when the client wants to access the web app via the internet without the VPN...
After successfully installing JBoss (easiest part of this whole thing), the client wanted it to be turned into a Windows service, then wanted it to bind on the host IP address or host name. This is so that they can access the web app without being connect to the server via RDP. JBoss by default binds to http://localhost:8080 so initially the only way to access the web app was RDP then a web browser pointed to localhost....The best solution would be to set up an Apache server to act as the proxy to pull the localhost to a host name or IP address, but that currently is beyond the scope of work, so I had to figure out how to accomplish this with the current Windows instance. If/when the client wants to access this web app via the internet, I will be setting up the Apache server to provide the proxy connection (I will of course post accordingly). Normally this is accomplished by adding a "-b 0.0.0.0" to the end of the "run.bat" command that would be issued in the command line. But this doesn't work with JBoss as a Windows service....Burred in the depths of the JBoss forums I was able to locate one small post that held the answer to this.
And thus the lack of a straight-through document was what lead me to post this little nugget of information. My goal was to be as straight through as possible so be sure to get your Googling on if you have any issues. I am not an expert in the subject, and like any good IT person, I decided to document after I finished the install and verified that everything is functional.....So it is possible I may have missed something here or there....At any rate, good luck!
Johnson, P. (2009, December 01). Re: how to provide the bind address when running jboss as a [Online forum comment]. Retrieved from https://community.jboss.org/message/206191
running jboss web as windows service. (n.d.). retrieved from http://www.jboss.org/jbossweb/install/service.html
After successfully installing JBoss (easiest part of this whole thing), the client wanted it to be turned into a Windows service, then wanted it to bind on the host IP address or host name. This is so that they can access the web app without being connect to the server via RDP. JBoss by default binds to http://localhost:8080 so initially the only way to access the web app was RDP then a web browser pointed to localhost....The best solution would be to set up an Apache server to act as the proxy to pull the localhost to a host name or IP address, but that currently is beyond the scope of work, so I had to figure out how to accomplish this with the current Windows instance. If/when the client wants to access this web app via the internet, I will be setting up the Apache server to provide the proxy connection (I will of course post accordingly). Normally this is accomplished by adding a "-b 0.0.0.0" to the end of the "run.bat" command that would be issued in the command line. But this doesn't work with JBoss as a Windows service....Burred in the depths of the JBoss forums I was able to locate one small post that held the answer to this.
And thus the lack of a straight-through document was what lead me to post this little nugget of information. My goal was to be as straight through as possible so be sure to get your Googling on if you have any issues. I am not an expert in the subject, and like any good IT person, I decided to document after I finished the install and verified that everything is functional.....So it is possible I may have missed something here or there....At any rate, good luck!
Install JBoss 4.2.2 in Windows Server 2008 and run as service
Download and install FireFox or Chrome (IE 10 and 11 gives
out too many errors)
Download and install Java JKD and JRE 6u26 <this version
was required by the web app>
Use Administrative command prompt and run the following
commands:
- cd c:\Program Files\jboss-4.2.2.GA\bin
- Run.bat
Test the install by opening FireFox and navigating to http://localhost:8080
Install as a Service:
Download binaries 2.0.10-windows x64 zip <found here>
Extract the file and copy from the bin directory
·
Jbosssvc
·
Jbossweb.x64
·
Jbosswebw.x64
·
README-service
·
Service.bat
Paste files into jboss-4.2.2.GA\bin directory
Necessary changes will need to be made to the service.bat
file as it is originally written for JBoss 5+. You will need to locate any
references to the version of JBoss and edit accordingly by replacing the
version number in the file with the version number of the JBoss instillation.
There are about three of these instinces at the beginning of the file under: “set
SVCNAME” and “set SVCDISP”.
Use Administrative command prompt and issue commands
- cd c:\Program Files\jboss-4.2.2.GA\bin
- service.bat install
You should now be able to issue the net start/stop commands
and/or see the new JBoss service in the services.msc. Attempt to start the
service after you have installed it. If it starts without error open FireFox
and navigate to http://localhost:8080
If you receive any errors issue when attempting to start the
service;
Take note of the service name
Take note of the service name
- right click on the service and select Properties
- Issue the following command in an Administrative Command propt in the JBoss "bin" directory to remove the service:
- service.bat uninstall ; or
- sc delete <service-name>
·
Go back to your service.bat file to make the
necessary changes (you may need to do some Googling depending on the error)
Get JBoss Service to bind on any address other than “localhost”
Ideally this is done through a
connected Apache server that acts as proxy between JBoss on “localhost”, but
can be accomplished without the Apache server with the following:
If JBoss is running be sure to
stop the service before editing the service.bat file.
In the service.bat file you will
need to add “-b 0.0.0.0” after the “call run.bat” in two locations. They should
be changed to the following examples:
- :cmdStart
- call run.bat –b 0.0.0.0 < .r.lock >> run.log 2>&1
- :cmdRestart
- call run.bat –b 0.0.0.0 < .r.lock >> run.log 2>&1
Save the service.bat file and start the JBoss service. You should
now be able to get to JBoss using either: http://<hostIP>:8080
or http://<hostDNSname>:8080
References:
Hideo, M (2007, October 18. Jboss application server 4.2 instillation guide.Retrieved from http://docs.jboss.org/jbossas/docs/Installation_Guide/4/pdf/Installation_Guide.pdf
running jboss web as windows service. (n.d.). retrieved from http://www.jboss.org/jbossweb/install/service.html
Comments
Post a Comment