Jboss 7 production server port setting

Question

I have a Jboss 7 server setup and running a web application and a Java Web start application . Both work fine . Here is a snapshot of my standalone.xml which gives information of the various ports in use .

 <socket-binding name="management-http" interface="management" port="${jboss.management.http.port:9990}"/>
        <socket-binding name="management-https" interface="management" port="${jboss.management.https.port:9443}"/>
        <socket-binding name="ajp" port="8009"/>
        <socket-binding name="http" port="80"/>
        <socket-binding name="https" port="443"/>
        <socket-binding name="osgi-http" interface="management" port="8090"/>
        <socket-binding name="remoting" port="4447"/>
        <socket-binding name="txn-recovery-environment" port="4712"/>
        <socket-binding name="txn-status-manager" port="4713"/>

I want to know more about how to set up a Jboss production server here . Typically port 80 is open on all systems for http traffic and hence there is no problem with the web application .

However my java client connects to the java web start application deployed on the server using a remote ejb interface using port 4447 which is Jboss servers default remoting port . This port may be not open for traffic on all systems .

So my question is : How do you make this remoting interface listen to a port which will hopefully be available on all systems across all networks ? If i change this to say 80 will my application still work correctly ? I dont want to try to experiment and break everything :D

Anyone experienced with setting up a Jboss production server ?

Answer 1

Basically i want to ensure that all my clients can connect to the system

Note that you're talking about remote port here, your web server port, so it's either open for everybody or nobody. Once you get the port open in your production server, there are generally not that many restrictions to which ports your client can connect to on the remote end. Some web proxies only allow you to connect to 80 (standard http port), 443 (ssl port) and 8080 (http port for some services) for example, but other than that, all ports should be equally fine and it doesn't matter that much which one you choose. You can check a list of ports if you want to avoid a port that is commonly reserved for something else.

So, for usual cases, 4447 should be ok. For some people it won't work, if they're behind strict proxies/firewalls. (There is a possibility for you to have a dedicated hostname for your jboss remoting on port 80, but then in that hostname you couldn't have any regular http server running and it is fishy to use standard http port for this.) The most reliable option would be to rewrite your app to use http REST interface or similar, connecting to port 80, and having a web app there that would do the EJB calls, so EJB layer would not be exposed.

Note also that remoting interface has had its share of exploits. You want to check carefully there are no open exploits for JBoss in there. However, I'm not aware of exploits against AS7 at least yet. There exists at least two that probably apply to AS7 as well.

If you use remoting you probably also want to have a security realm configured.

Answer 2

No, at a time only one process can bind to a port. If your application http bind to 80, then remoting need to use some other port which is open.