WildFly 10如何使用HTTPS配置从主机连接到域

Question

关于WildFly 10域模式和HTTPS的小问题。

我的主机-master.xml.xml参数：

<management>
    <security-realms>
        <security-realm name="ManagementRealm">
            <server-identities>
                <ssl>
                    <keystore path="..." relative-to="jboss.domain.config.dir" keystore-password="..." alias="..." key-password="..." generate-self-signed-certificate-host="localhost"/>
                </ssl>
            </server-identities>
            <authentication>
                <local default-user="$local" skip-group-loading="true"/>
                <properties path="mgmt-users.properties" relative-to="jboss.domain.config.dir"/>
            </authentication>
            <authorization map-groups-to-roles="false">
                <properties path="mgmt-groups.properties" relative-to="jboss.domain.config.dir"/>
            </authorization>
        </security-realm>


        <management-interfaces>
            <native-interface security-realm="ManagementRealm">
                <socket interface="management" port="${jboss.management.native.port:9999}"/>
            </native-interface>
            <http-interface security-realm="ManagementRealm" http-upgrade-enabled="true">
                <socket interface="management" secure-port="${jboss.management.http.port:9990}"/>
            </http-interface>
        </management-interfaces>

我的主机-slve.xml参数：

        <security-realms>
            <security-realm name="SlaveRealm">
                <server-identities>
                    <secret value="..." />
                </server-identities>


   <domain-controller>
        <remote protocol="remote" host="..." port="9999" username='slave' security-realm="SlaveRealm"/>
    </domain-controller>

域服务器启动时没有任何错误，通过HTTPS可以获得Management。但是从节点不会启动，我会收到一条错误消息：

2017-02-23 17:35:05,149 WARN  [org.jboss.as.host.controller] (Controller Boot Thread) WFLYHC0001: Could not connect to remote domain controller remote://...:9999 -- java.lang.IllegalStateException: WFLYHC0110: Unable to connect due to SSL failure.
2017-02-23 17:35:05,149 WARN  [org.jboss.as.host.controller] (Controller Boot Thread) WFLYHC0147: No domain controller discovery options remain.
2017-02-23 17:35:05,150 ERROR [org.jboss.as.host.controller] (Controller Boot Thread) WFLYHC0002: Could not connect to master. Aborting. Error was: java.lang.IllegalStateException: WFLYHC0120: Tried all domain controller discovery option(s) but unable to connect
2017-02-23 17:35:05,150 FATAL [org.jboss.as.host.controller] (Controller Boot Thread) WFLYHC0178: Aborting with exit code 99

我尝试将"<server-identities><ssl><keystore..."部件添加到host-slve.xml中的"SlaveRealm“中，但也收到了相同的错误。

如何正确、简单地配置域和主从式？谢谢。

Answer 1

在host.xml中，您必须指定<interfaces>。还可以在启动通配符时将接口值作为命令行参数传递。

硕士host.xml

<interfaces>
    <interface name="management">
        <inet-address value="${wildfly.bind.address.management:@@master.host.name@@}"/>
    </interface>
    <interface name="public">
        <inet-address value="${wildfly.bind.address:@@master.host.name@@}"/>
    </interface>
    <interface name="unsecure">
        <!-- Used for IIOP sockets in the standard configuration.
             To secure JacORB you need to setup SSL -->
        <inet-address value="${wildfly.bind.address.unsecure:@@master.host.name@@}"/>
    </interface>
</interfaces>

从host.xml

 <management>
    <security-realms>
        <security-realm name="ManagementRealm">
            <server-identities>
                <secret value="@@slave.encrypted.password@@" />
            </server-identities>
            ....
            ....
            ....
        <domain-controller>
    <!--<local/>-->
    <!-- Alternative remote domain controller configuration with a host and port -->
    <remote protocol="remote" host="@@master.host.name@@" port="9999" username="@@slave.account.name@@" security-realm="ManagementRealm"/>
</domain-controller>

<interfaces>
    <interface name="management">
        <inet-address value="${wildfly.bind.address.management:@@slave.host.name@@}"/>
    </interface>
    <interface name="public">
        <inet-address value="${wildfly.bind.address:@@slave.host.name@@}"/>
    </interface>
    <interface name="unsecure">
        <!-- Used for IIOP sockets in the standard configuration.
             To secure JacORB you need to setup SSL -->
        <inet-address value="${wildfly.bind.address.unsecure:@@slave.host.name@@}"/>
    </interface>
</interfaces>

这种配置适用于我们的Dev/QA/生产环境。