This article demonstrates how inbound request from a webserver (Apache) can be proxied to an application server (WildFly 10) using the Apache JServ Protocol (AJP). For more information on what AJP actually is, take a look at https://en.wikipedia.org/wiki/Apache_JServ_Protocol .
WildFly 10 Configuration
First you have to add an ajp-listener to the undertow subsystem (line 4).
standalone.xml – undertow subsystem:
|
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 |
<subsystem xmlns="urn:jboss:domain:undertow:3.0"> <buffer-cache name="default"/> <server name="default-server"> <ajp-listener name="ajp" socket-binding="ajp" max-post-size="1048576000"/> <http-listener name="default" max-post-size="2048576000" socket-binding="http"/> <host name="default-host" alias="localhost"> <filter-ref name="server-header"/> <filter-ref name="x-powered-by-header"/> </host> </server> <servlet-container name="default"> <jsp-config/> <websockets/> </servlet-container> <filters> <response-header name="server-header" header-name="Server" header-value="WildFly/10"/> <response-header name="x-powered-by-header" header-name="X-Powered-By" header-value="Undertow/1"/> </filters> </subsystem> |
Then you also have to add a socket-binding (line 4).
standalone.xml – socket binding:
|
4 |
<socket-binding name="ajp" port="${jboss.ajp.port:8009}"/> |
Apache Configuration
On my linux I am using the Apache module jk for connecting WildFly 10 with Apache. First you have to check if that module is already installed on your machine.
|
1 |
apache2ctl -M |
If you see a line like the one below the module is already installed.
|
1 |
jk_module (shared) |
Please make sure you run this command as the root user of the operating system.
If the module is not listed, you have to install it. This greatly depends on your linux distribution. On debian it looks like this:
|
1 |
apt-get install libapache2-mod-jk |
Afterwards you also have to enable the module using
|
1 |
a2enmod mod-jk |
Installing this module also generates a default jk-workers.properties.default file. For my linux distribution this file can be found under /etc/apache2. You have to copy that file to jk-workers.properties and put in the settings for the specific Apache JServ Protocol connections. E.g.
|
1 2 3 |
worker.ajp13demo.port=28009 worker.ajp13demo.host=localhost worker.ajp13demo.type=ajp13 |
VirtualHost Configuration
To use the configured Apache JServ Protocol for example for a subdomain, you have to add a new VirtualHost configuration to your Apache server. In my example for SSL this looks like this:
|
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 |
<VirtualHost *:443> ServerName demo.illucit.com DocumentRoot /srv/www/ajp ServerAdmin demo@illucit.com Include /etc/apache2/vhosts.d/ssl_vhost.include # Logfiles: CustomLog /var/log/apache2/illucit.com/ssl.demo.log combined ErrorLog /var/log/apache2/illucit.com/ssl.demo-error.log LogLevel warn RedirectMatch permanent ^/$ /index.jsf JkMount /* ajp13demo JkUnMount /error/* ajp13demo ErrorDocument 503 /error/maintenance.html <Location /> AuthType Basic AuthName "Demo" AuthUserFile /srv/www/.htpasswd AuthGroupFile /srv/www/.htgroup <Limit GET> require group demo </Limit> </Location> </VirtualHost> |
You notice that this configuration uses SSL by taking a look at the first line of the file
|
1 |
<VirtualHost *:443> |
which is the port for SSL. Otherwise port 80 has to be used instead. The line
|
1 |
JkMount /* ajp13demo |
actually takes care of routing all requests to WildFly. JkUnMount removes certain URLs from being routed through Apache JServ Protocol. If WildFly delivers a 503 error, this way a maintenance page is displayed, instead.
Port Offset
If you are running multiple applications servers on the same machine, you do not want to adjust all ports in each standalone.xml separately. Typically you simple set a port offset for the particular application server. This value is added to each port specified in the socket-binding-group section (see above).
The default port offset is 0 as you can see in the first line of the socket-binding-group section.
It can be overridden by a command line argument for the application server, however.
Typically the right way to do this is to put the port offset parameter into the file standalone.conf in the bin directory of WildFly. You simply have to add a line like this:
standalone.conf:
|
1 |
JAVA_OPTS="$JAVA_OPTS -Djboss.socket.binding.port-offset=20000" |
standalone.xml:
So in my example instead of AJP listening on port 8009 like configured in the standalone.xml, it will listen on port 28009. That is also why I configured that port in jk_workers.properties.
Port Offset Bug in WildFly 10
One thing that totally got me confused, however, is the following. After setting this up completely and starting WildFly, I took a look a the console log to see if the listener is actually properly starting up.
In the console log I saw the following lines:
|
1 2 |
[org.wildfly.extension.undertow] (MSC service thread 1-8) WFLYUT0006: Undertow HTTP listener default listening on 0.0.0.0:28080 [org.wildfly.extension.undertow] (MSC service thread 1-4) WFLYUT0006: Undertow AJP listener ajp listening on 0.0.0.0:8009 |
So for the http listener the port offset is correctly added to the port specified in the standalone.xml. For the AJP listener, however, the port offset was not added.
After 2 hour of trying to figure out why WildFly is not listening on the correct port, I actually took a look at netstat.
|
1 |
tcp 0 0 *:28009 *:* LISTEN |
Only then I figured out that actually WildFly was listening on the correct port. Only the console log output seems to be wrong. So if I hadn’t looked at the console log in the first place, everything would have worked just fine…
Summary
This article demonstrates how to set up WildFly 10 and Apache using the Apache JServ Protocol. Since I could only find outdated articles about this on the internet, I hope this will save you some time setting this up. If you have any questions or comments. Please leave a comment below.
“Service Temporarily Unavailable The server is temporarily unable to service your request due to maintenance downtime or capacity problems. Please try again later.
The reason is
connect to 127.0.0.1:18009 failed …. si i think the problem is in the AJP of Wildfly
my port offset is 1000 in standalone.xml
Hi. Is it possible to add the AJP timeout on WF10 ? How?
Please I need a complete guide on how to link apache 2.4 to wildfly in windows 10. I am running windows 10, have wildfly and Apache running independently. Please I want to know how to link them.
Thanks very much, very helpful