WildFly Administration Remote Access – WildFly管理远程访问

1. Introduction

1.绪论

WildFly provides different approaches for server administration. The most familiar approach is to use its web interface, but we can use the CLI or XML scripts.

WildFly为服务器管理提供了不同的方法。最熟悉的方法是使用其Web界面，但我们也可以使用CLI或XML脚本。

In this tutorial, we’ll focus on accessing the administration web interface.

在本教程中，我们将重点介绍访问管理网络界面。

We’ll assume that readers already understand the standard WildFly Setup process. 

我们将假设读者已经了解了标准的WildFly设置过程。

2. Remote Access

2.远程访问

The web interface or console is a GWT application that uses WildFly’s HTTP management API to configure either a standalone or a domain-managed server. This API serves two different contexts:

Web界面或控制台是一个GWT应用程序，它使用WildFly的HTTP管理API来配置独立的或域管理的服务器。该API为两种不同的情况服务：

• Web interface: http://<host>:9990/console
• Management operations: http://<host>:9990/management

By default, the web console is only accessible from localhost. That is to say, our configuration files contain only local interfaces to interact with a web console.

默认情况下，网络控制台只能从localhost访问。也就是说，我们的配置文件只包含本地接口，以与web控制台进行交互。

In WildFly jargon, an interface consists of a network interface with selection criteria. In most cases, a selection criterion is the bound IP address to the interface. The local interface is declared as follow :

在WildFly的行话中，一个接口由一个带有选择标准的网络接口组成。在大多数情况下，选择标准是与该接口绑定的 IP 地址。本地接口的声明方式如下：

<interface name="management">
    <inet-address value="${jboss.bind.address.management:127.0.0.1}"/>
</interface>
<!--127.0.0.1 is the localhost IP address. -->

As a result, this management local is attached to socket listener management-http receiving connections for web console from port 9000:

因此，这个management local连接到套接字监听器management-http，从端口9000接收web控制台的连接：

<socket-binding-group name="standard-sockets" default-interface="public" 
  port-offset="${jboss.socket.binding.port-offset:0}">
    <socket-binding name="ajp" port="${jboss.ajp.port:8009}"/>
    <socket-binding name="http" port="${jboss.http.port:8080}"/>
    <socket-binding name="https" port="${jboss.https.port:8443}"/>
    <socket-binding name="management-http" interface="management" 
      port="${jboss.management.http.port:9990}"/>
    <socket-binding name="management-https" interface="management" 
      port="${jboss.management.https.port:9993}"/>
    <socket-binding name="txn-recovery-environment" port="4712"/>
    <socket-binding name="txn-status-manager" port="4713"/>
    <outbound-socket-binding name="mail-smtp">
       <remote-destination host="localhost" port="25"/>
    </outbound-socket-binding>
</socket-binding-group>

To allow access from a remote machine, we first need to create the remote management interface in the appropriate configuration file. If we’re configuring a standalone server, we’ll change standalone/configuration/standalone.xml, and for domain-managed, we’ll change domain/configuration/host.xml:

为了允许从远程机器访问，我们首先需要在适当的配置文件中创建远程管理界面。如果我们配置的是独立服务器，我们将改变 standalone/configuration/standalone.xml，而对于域管理的，我们将改变domain/configuration/host.xml：

<interface name="remoteManagement">
    <inet-address value="${jboss.bind.address.management:REMOTE_HOST_IP}"/> 
</interface> 
<!--REMOTE_HOST_IP is the remote host IP address. (e.g 192.168.1.2) -->

We must also modify the socket binding of management-http to delete the previous local interface  and add the new one:

我们还必须修改 management-http 的socket绑定，以删除之前的本地接口并添加新接口：

<socket-binding-group name="standard-sockets" default-interface="public" 
  port-offset="${jboss.socket.binding.port-offset:0}">
    <!-- same as before -->
    <socket-binding name="management-http" interface="remoteManagement" 
      port="${jboss.management.http.port:9990}"/>
    <socket-binding name="management-https" interface="remoteManagement" 
      port="${jboss.management.https.port:9993}"/>
    <!-- same as before -->
</socket-binding-group>

In the above configuration, we bind the new remoteManagement interface to our HTTP (9990) and HTTPS (9993) ports. It’ll allow the remote host IP to connect to the web interface through HTTP/HTTPS ports.

在上面的配置中，我们将新的remoteManagement接口与我们的HTTP（9990）和HTTPS（9993）端口绑定。这将允许远程主机IP通过HTTP/HTTPS端口连接到Web界面。

3. Authentication

3.认证

WildFly secures all remote connections by default. The default security mechanism is a username/password via HTTP digest authentication.

WildFly默认保护所有远程连接的安全。默认的安全机制是通过HTTP摘要认证的用户名/密码。

But, if we attempt to connect to the admin console before we’ve added a user to the server, we won’t be prompted with login popup.

但是，如果我们在向服务器添加用户之前尝试连接到管理控制台， 我们将不会被弹出登录提示。

To create users, then, WildFly provides an interactive add-user.sh (add-user.bat on Windows platforms) script with several steps:

要创建用户，WildFly提供了一个交互式的add-user.sh（在Windows平台上为add-user.bat）脚本，有几个步骤：

1. Type of user: Either management or application user
2. Realm: The realm name used in the configuration, which is ManagementRealm by default
3. Username: The new user’s username
4. Password: The new user’s password
5. Slave domain controller: A flag indicating whether the user will control slave domains processes in a distributed-domains architecture; it defaults to No

It’s also possible to add users in a non-interactive way by making use of the same script and specifying the input as parameters:

也可以通过使用相同的脚本和指定输入的参数，以非交互式的方式添加用户。

$ ./add-user.sh -u 'adminuser1' -p 'password1!'

adds a management user “adminuser1“ with the password “password1!” to the default realm.

添加一个管理用户 “adminuser1“，密码为 “password1!”到默认领域。

4. Conclusion

4.总结

In this short tutorial, we explored how to setup WildFly to allow remote access to the management web console of the server. Furthermore, we also saw how we can create users using WildFly’s provided scripts.

在这个简短的教程中，我们探讨了如何设置WildFly以允许远程访问服务器的管理网络控制台。此外，我们还看到如何使用WildFly提供的脚本创建用户。