Installing IG in JBoss EAP

For basic information about how to install IG in JBoss, see "Downloading and Starting IG in JBoss". The following sections describe other installation options:

Configuring IG for HTTPS (Server-Side) in JBoss EAP

This section describes how to set up JBoss to run IG over HTTPS. These instructions are for JBoss 7.2, and are not compatible with earlier versions. For information about the set up for HTTPS (client-side), see "Configuring IG For HTTPS (Client-Side)".

The default ephemeral DH key size in the JVM is 1024-bit. To support stronger ephemeral DH keys, and protect against weak keys, set the following system property: jdk.tls.ephemeralDHKeySize=2048.

Configure Jetty for HTTPS

Before you start, install IG in JBoss as described in "Downloading and Starting IG in JBoss". JBoss is installed in /path/to/jboss.

  1. Set the environment variable JBOSS_HOME in two terminals:

    $ export JBOSS_HOME=/path/to/jboss
  2. In the first terminal, create a user with administrative permissions to run the setup:

    $ ${JBOSS_HOME}/bin/add-user.sh myadmin myadmin-password
    Added user 'myadmin' to file '${JBOSS_HOME}/standalone/configuration/mgmt-users.properties'
    Added user 'myadmin' to file '${JBOSS_HOME}/domain/configuration/mgmt-users.properties'
  3. Make a temporary directory for the settings and keystore:

    $ mkdir $JBOSS_HOME/tmp
  4. Create the following file as ${JBOSS_HOME}/tmp/batch_settings:

    /socket-binding-group=standard-sockets/socket-binding=http/:write-attribute(name=port, value=8080)
    /socket-binding-group=standard-sockets/socket-binding=https/:write-attribute(name=port, value=8443)
    /socket-binding-group=standard-sockets/socket-binding=ajp/:write-attribute(name=port, value=8009)
    /socket-binding-group=standard-sockets/socket-binding=management-http/:write-attribute(name=port, value=9990)
    /socket-binding-group=standard-sockets/socket-binding=management-https/:write-attribute(name=port, value=9993)
    /subsystem=deployment-scanner/scanner=default/:write-attribute(name="scan-interval", value="2000")
    /interface=management/:write-attribute(name="inet-address", value="${jboss.bind.address:openig.example.com}")
    /interface=public/:write-attribute(name="inet-address", value="${jboss.bind.address:openig.example.com}")
  5. Generate a key pair with a self-signed certificate in the keystore:

    $ keytool \
    -genkey \
    -alias jboss \
    -storetype PKCS12 \
    -keyalg RSA \
    -keystore ${JBOSS_HOME}/tmp/keystore \
    -storepass password \
    -keypass password \
    -dname "CN=openig.example.com,O=Example Corp,C=FR"

    Note

    Because KeyStore converts all characters in its key aliases to lower case, use only lowercase in alias definitions of a KeyStore.

  6. Start JBoss as a standalone server:

    $ ${JBOSS_HOME}/bin/standalone.sh
  7. While JBoss is running, in the second terminal, update the batch settings:

    $ ${JBOSS_HOME}/bin/jboss-cli.sh --connect \
    --controller=openig.example.com:9990 command="run-batch -v \
    --file=${JBOSS_HOME}/tmp/batch_settings"
  8. Make sure IG is deployed on port 8080:

    $ ${JBOSS_HOME}/bin/jboss-cli.sh --connect  \
    --controller=openig.example.com:9990 command="deployment list"
  9. Enable SSL:

    1. Enable the SSL server:

      $ ${JBOSS_HOME}/bin/jboss-cli.sh --connect \
      --controller=openig.example.com:9990 command="security enable-ssl-http-server \
      --key-store-path=${JBOSS_HOME}/tmp/keystore \
      --key-store-password=password \
      --key-store-type=PKCS12"
      
      Server reloaded.
      SSL enabled for default-server
      ssl-context is ssl-context-keystore
      key-manager is key-manager-keystore
      key-store   is keystore
    2. Access the IG welcome page on https://openig.example.com:8443.

      If you see warnings that the site is not secure, or that the self-signed certificate is not valid, respond to the warnings to access the site.

Read a different version of :