How to disable and enable admin console (admin-listener, port 4848) from the command line
-
25-06-2021 - |
문제
I would like to control when and where the admin service is accessible
How do I do one of the following (if possible)
Enable the admin console only from localhost (I know about disable-secure-admin, but still I don't want anyone to see the console login page when they add 4848 in the end) I will use SSH tunnle to connect
Or, be able to use a certificate, so only certified clients will be able to even see the console
Or, be able on demand to start / stop the admin service when needed, not opening it to the outside world (e.g. start stop __asadmin virtual server)
Is any of the above possible?
해결책
Ok, I found it by guess-work
Solution to scenario #1
- Make sure you have SSH tunnel on port 4848 first
- Go to Configuration -> server-config -> Network Config -> Network Listeners -> admin-listener
- Under the General tab, in the Address: field replace
0.0.0.0
to127.0.0.1
- Restart the server
Solution to scenario #3
I didn't find any command line way to enable / disable virtual servers, network listeners or protocols, but editing domain.xml shows that it's all there, just comment out and restart.
다른 팁
Use asadmin to update the The HTTP Network Listener named
admin-listener
.asadmin enable-secure-admin-principal "Instructs GlassFish Server, when secure admin is enabled, to accept admin requests from clients identified by the specified SSL certificate".
asadmin enable-secure-admin "enables secure admin (if it is not already enabled), optionally changing the alias used for DAS-to-instance admin messages or the alias used for instance-to-DAS admin messages". Also a good blog on the subject. This doesn't turn admin on/off, but enables/disables for remote access to the admin console without the complications of (1).