How to disable and enable admin console (admin-listener, port 4848) from the command line
-
25-06-2021 - |
Domanda
I would like to control when and where the admin service is accessible
How do I do one of the following (if possible)
Enable the admin console only from localhost (I know about disable-secure-admin, but still I don't want anyone to see the console login page when they add 4848 in the end) I will use SSH tunnle to connect
Or, be able to use a certificate, so only certified clients will be able to even see the console
Or, be able on demand to start / stop the admin service when needed, not opening it to the outside world (e.g. start stop __asadmin virtual server)
Is any of the above possible?
Soluzione
Ok, I found it by guess-work
Solution to scenario #1
- Make sure you have SSH tunnel on port 4848 first
- Go to Configuration -> server-config -> Network Config -> Network Listeners -> admin-listener
- Under the General tab, in the Address: field replace
0.0.0.0
to127.0.0.1
- Restart the server
Solution to scenario #3
I didn't find any command line way to enable / disable virtual servers, network listeners or protocols, but editing domain.xml shows that it's all there, just comment out and restart.
Altri suggerimenti
Use asadmin to update the The HTTP Network Listener named
admin-listener
.asadmin enable-secure-admin-principal "Instructs GlassFish Server, when secure admin is enabled, to accept admin requests from clients identified by the specified SSL certificate".
asadmin enable-secure-admin "enables secure admin (if it is not already enabled), optionally changing the alias used for DAS-to-instance admin messages or the alias used for instance-to-DAS admin messages". Also a good blog on the subject. This doesn't turn admin on/off, but enables/disables for remote access to the admin console without the complications of (1).