Skip to content

Enable Wildfly remote access

Last Updated on 11/11/2020

This tutotial will show how to enable Wildfly remote access, so you can manage your application server remotely as you would at the local machine it is running on.

The Problem

I believe that everyone is very used to install Wildfly on your local machine running a operation system with GUI and a web browsers available. So, when you need to log on Wildfly’s administrative page at http://localhost:8080/ to manage your application server for, by example, adding users or adding datasources, everything works as expected.
However, if your Wildfly is running on a remote machine and you try to access your administrative page through the network by it’s IP address or hostname, let’s say, at http://54.94.240.170:8080/, you will probably see a graceful This webpage is not available error, in another words, Wildfly said “No, thanks, I’m not allowing requests from another guys than the ones at my local machine”.

The First Possible Solution

We are going to jump right into the quickest solution to enable the remote access, but you can find the explanation of why and how it works at the end of this tutorial.

Before moving on, make sure that the machine where you Wildfly is running is accepting TCP connections on ports 8080 and 9990.

If you Wildfly is running, go to it’s bin folder and execute the following commands to stop it:

cd /opt/wildfly-8.2.0.Final/bin
./jboss-cli.sh --connect --command=:shutdown

Next, start your Wildfly using the command below, which add parameters that enable remote access from any source (IP/hostname) to the administrative page:

./standalone.sh -b 0.0.0.0 -bmanagement 0.0.0.0 &

It’s done!

The Second Possible Solution

As an alternative to adding parameters do your start command, you can edit your standalone.xml to enable remote access from any source. This approach is more useful if you need the remote access enabled most of the time, this way, you don’t need to remember to pass aditional parameters to the start command, as shown above.

First, go to your Wildfly configuration folder:

cd /opt/wildfly-8.2.0.Final/standalone/configuration

Next, edit the standalone.xml file using your preferred file editor and do the changes below:
Replace this:

<interface name="management">
	<inet-address value="${jboss.bind.address.management:127.0.0.1}"/>
</interface>
<interface name="public">
	<inet-address value="${jboss.bind.address:0.0.0.0}"/>
</interface>

With this:

<interface name="management">
	<any-address/>
</interface>
<interface name="public">
	<any-address/>
</interface>

Make sure to save your changes and restart your Wildfly:

/opt/wildfly-8.2.0.Final/bin/jboss-cli.sh --connect --command=:reload

Done.

The Explanation

The short story is, because of security reasons, Wildfly doesn’t want to expose its services on ports that can be accessed without proper authorization. One of those services is the JMX service, which is used for monitoring and managing Java servers trought 9990 port.
By default, the JMX service will allow connections from localhost sources only, as we could see on the standalone.xml file. To change this behavior, you need to allow another hosts to connect to the JMX, by one of the proposed solutions.
On production environments and for security reasons, be aware of exposing this service, you may specify which sources you are willing to allow remote connections instead of exposing your service to anyone, as we did on this tutorial.

Hope it helps. Cya!

41 thoughts on “Enable Wildfly remote access”

  1. Pingback: Enabling remote access to Keycloak - Row Coding

  2. Ronal Ardima Kurniawan

    Hi, I tried with second possible solution, but it didn’t work when I use my public IP address.
    And I also tried with 0.0.0.0, but it was same.

    This is the warning:
    This site can’t be reached
    96.9.xx.xxx refused to connect.
    Try:

    Checking the connection
    Checking the proxy and the firewall
    ERR_CONNECTION_REFUSED

  3. Pingback: Habilitar acceso remoto en Wildfly – Repositorio Tecno

  4. Hi. Is the ampersand ( & ) at the end of the standalone command a typo, or does it have any particular purpose? (If so, what is it?)

    Or was it supposed to be part of the “it’s done” line? 🙂

  5. Hi, I would like to know if it is possible to grant access only for an specific IP. For example: I’m running the service in my computer and I need to allow just the IP xxx.xxx.xx to access the port 8080, there is a way to do this? Thanks for the post.

    1. Hi Vinicius! It is indeed possible. Let’s say the IP you would like to allow is 10.11.12.13, then instead of using:
      <any-address/>
      You will use:
      <inet-address value="10.11.12.13"/>

      Thank you for reading.

  6. Pingback: How to add Wildfly 10 as service in Ubuntu | stuetzpunkt

  7. Thanks a lot dude, works like a charm.

    Question, in case I want to revert this option, should I just use 127.0.0.1 ?

    thanks in advance,
    Anderson Santos

  8. This page helped, thanks. Just a side note though, it appears that in Wildfly 10, host.xml must also be changed to reflect

    1. If you change it back it starts again? Have you checked the logs? The described behavior may have been due to a broken xml tag while you were changing it. Please provide more info so I can help you.

    1. Bruno,
      For some reason, I can access the front site remotely on 8080 but not the admin console on 9990.

      I type “netstat -lntpu” on the box and it says that the port is supposed to be open:

      Proto Recv-Q Send-Q Local Address Foreign Address State PID/Program name
      tcp 0 0 0.0.0.0:9990 0.0.0.0:* LISTEN 18562/java

      Any ideas?

      1. Hi Jeshan!

        Have you tried to open telnet remotely on port 9990? Try it on both 8080 and 9990 from your remote machine, and take note of the difference.

        Another question: the machine where your Wildfly is running, sits behind a firewall?

          1. It was what I tought! In cases like this, trying a telnet for troubleshooting is always a good idea.
            I’m glad the problem was solved.

Leave a Reply

Your email address will not be published. Required fields are marked *