Last Updated on 11/11/2020
This tutotial will show how to enable Wildfly remote access, so you can manage your application server remotely as you would at the local machine it is running on.
The Problem
I believe that everyone is very used to install Wildfly on your local machine running a operation system with GUI and a web browsers available. So, when you need to log on Wildfly’s administrative page at http://localhost:8080/ to manage your application server for, by example, adding users or adding datasources, everything works as expected.
However, if your Wildfly is running on a remote machine and you try to access your administrative page through the network by it’s IP address or hostname, let’s say, at http://54.94.240.170:8080/, you will probably see a graceful This webpage is not available error, in another words, Wildfly said “No, thanks, I’m not allowing requests from another guys than the ones at my local machine”.
The First Possible Solution
We are going to jump right into the quickest solution to enable the remote access, but you can find the explanation of why and how it works at the end of this tutorial.
Before moving on, make sure that the machine where you Wildfly is running is accepting TCP connections on ports 8080 and 9990.
If you Wildfly is running, go to it’s bin folder and execute the following commands to stop it:
cd /opt/wildfly-8.2.0.Final/bin ./jboss-cli.sh --connect --command=:shutdown
Next, start your Wildfly using the command below, which add parameters that enable remote access from any source (IP/hostname) to the administrative page:
./standalone.sh -b 0.0.0.0 -bmanagement 0.0.0.0 &
It’s done!
The Second Possible Solution
As an alternative to adding parameters do your start command, you can edit your standalone.xml to enable remote access from any source. This approach is more useful if you need the remote access enabled most of the time, this way, you don’t need to remember to pass aditional parameters to the start command, as shown above.
First, go to your Wildfly configuration folder:
cd /opt/wildfly-8.2.0.Final/standalone/configuration
Next, edit the standalone.xml file using your preferred file editor and do the changes below:
Replace this:
<interface name="management">
<inet-address value="${jboss.bind.address.management:127.0.0.1}"/>
</interface>
<interface name="public">
<inet-address value="${jboss.bind.address:0.0.0.0}"/>
</interface>
With this:
<interface name="management"> <any-address/> </interface> <interface name="public"> <any-address/> </interface>
Make sure to save your changes and restart your Wildfly:
/opt/wildfly-8.2.0.Final/bin/jboss-cli.sh --connect --command=:reload
Done.
The Explanation
The short story is, because of security reasons, Wildfly doesn’t want to expose its services on ports that can be accessed without proper authorization. One of those services is the JMX service, which is used for monitoring and managing Java servers trought 9990 port.
By default, the JMX service will allow connections from localhost sources only, as we could see on the standalone.xml file. To change this behavior, you need to allow another hosts to connect to the JMX, by one of the proposed solutions.
On production environments and for security reasons, be aware of exposing this service, you may specify which sources you are willing to allow remote connections instead of exposing your service to anyone, as we did on this tutorial.
Hope it helps. Cya!
Pingback: Enabling remote access to Keycloak - Row Coding
Hi Bruno,
I’m using keycloak 16.1.0 and This is not working for Windows..
i have same issue but i am using helm chart for deployed widfly
Hi, I tried with second possible solution, but it didn’t work when I use my public IP address.
And I also tried with 0.0.0.0, but it was same.
This is the warning:
This site can’t be reached
96.9.xx.xxx refused to connect.
Try:
Checking the connection
Checking the proxy and the firewall
ERR_CONNECTION_REFUSED
Pingback: Habilitar acceso remoto en Wildfly – Repositorio Tecno
Hi. Is the ampersand ( & ) at the end of the standalone command a typo, or does it have any particular purpose? (If so, what is it?)
Or was it supposed to be part of the “it’s done” line? 🙂
It’s part of the command, not a typo! You need the & to leave the process running in the background without locking your console =]
Thanks, It help me…
thanks a lot
Thanks ! Very helpfull
thanks a lot
Hey, I want to publish my app to http://ejeex.com where should I do to change?
Hi Arid, please check the first two answers, I believe they are what you’ve been looking for:
https://stackoverflow.com/questions/32241906/how-to-deploy-war-file-in-root-context-to-wildfly-ver-9-0-1
An example of the file structure can be found on the repo of one of my projects:
https://github.com/bgasparotto/archproject/tree/master/archproject/src/main/webapp/WEB-INF
Hi, I would like to know if it is possible to grant access only for an specific IP. For example: I’m running the service in my computer and I need to allow just the IP xxx.xxx.xx to access the port 8080, there is a way to do this? Thanks for the post.
Hi Vinicius! It is indeed possible. Let’s say the IP you would like to allow is 10.11.12.13, then instead of using:
<any-address/>You will use:
<inet-address value="10.11.12.13"/>Thank you for reading.
Pingback: How to add Wildfly 10 as service in Ubuntu | stuetzpunkt
Thank you for your posting! You saved my day!!!
You’re welcome! I’m glad to hear it helped you =]
It also works replacing 127.0.0.1 by 0.0.0.0
Thanks
Thanks for the tip!
Thanks a lot dude, works like a charm.
Question, in case I want to revert this option, should I just use 127.0.0.1 ?
thanks in advance,
Anderson Santos
Exactly, just use the previous snippet version of your standalone.xml, 127.0.0.1 means your localhost.
i cant access my access my localhost 8080 for wildfly everytime i run it shows 404 not found
Could you provide the console output? We have to check if it’s failing to start (maybe due to corrupted config files).
thanks a lot……
I’m glad it helped =]
This page helped, thanks. Just a side note though, it appears that in Wildfly 10, host.xml must also be changed to reflect
Thanks for the side note! I’m going to validate it against Wildfly 10 and produce an updated post with the result. Thanks once again.
This does not work. After i changed the standalone.xml i was ot able to start the jboss again. It just closes by itself
If you change it back it starts again? Have you checked the logs? The described behavior may have been due to a broken xml tag while you were changing it. Please provide more info so I can help you.
This just saved me a lot of frustration, thanks!
Bruno,
For some reason, I can access the front site remotely on 8080 but not the admin console on 9990.
I type “netstat -lntpu” on the box and it says that the port is supposed to be open:
Proto Recv-Q Send-Q Local Address Foreign Address State PID/Program name
tcp 0 0 0.0.0.0:9990 0.0.0.0:* LISTEN 18562/java
Any ideas?
Hi Jeshan!
Have you tried to open telnet remotely on port 9990? Try it on both 8080 and 9990 from your remote machine, and take note of the difference.
Another question: the machine where your Wildfly is running, sits behind a firewall?
Well, I no longer remember the issue. It must have been related to the firewall!
It was what I tought! In cases like this, trying a telnet for troubleshooting is always a good idea.
I’m glad the problem was solved.
Thanks, worked for me.
I’m glad to help!
Yes, this helped me a lot, too. Muito obrigado!
You’re welcome =]
Very helpful. Thanks a lot!
You’re welcome!