Build Apache HTTP Server and Wildfly on Oracle Linux 8

!!NOTICE!! The content of this article has been transcribed in the following article together with other steps. Please look there to maintain the posting destination in the future.

[Certificate automatic renewal compatible version] Create with Oracle Cloud, Cloudflare and Let's Encrypt! HSTS preload compatible AP server cluster

Summary of this article

Install Apache HTTP Server and Wildfly (JBossAS) on Oracle Linux 8 on an OCI instance.

Premise

Build Wildfly

1. JDK installation

yum install -y java-1.8.0-openjdk.x86_64

2. Create a wildfly user

groupadd -r wildfly
useradd -r -g wildfly -d /opt/wildfly -s /sbin/nologin wildfly

3. Wildfly DL & Deployment

The URL to wget is as you like.

cd /opt
wget https://download.jboss.org/wildfly/20.0.1.Final/wildfly-20.0.1.Final.zip
unzip -q wildfly-20.0.1.Final.zip
ln -s wildfly-20.0.1.Final wildfly

4. Wildfly startup confirmation

sh /opt/wildfly/bin/standalone.sh

2020-09-15 09:47:48,958 INFO  [org.jboss.as](Controller Boot Thread) WFLYSRV0025: WildFly Full 20.0.1.Final (WildFly Core 12.0.3.Final) started in 13956ms - Started 314 of 580 services (370 services are lazy, passive or on-demand)

It seems that it started up safely. Press Ctrl + C to stop.

5. Start the systemd daemon

Since the script for starting the daemon is already prepared, you can start the daemon immediately by placing it.

mkdir -p /etc/wildfly
cp /opt/wildfly/docs/contrib/scripts/systemd/wildfly.conf /etc/wildfly/
vi /etc/wildfly/wildfly.conf

Edit the definition as necessary. I changed the bind address to 0.0.0.0-> 127.0.0.1.

cp /opt/wildfly/docs/contrib/scripts/systemd/launch.sh /opt/wildfly/bin/
chmod 744 /opt/wildfly/bin/launch.sh
cp /opt/wildfly/docs/contrib/scripts/systemd/wildfly.service /etc/systemd/system/
chown -R wildfly /opt/wildfly*

systemctl daemon-reload
systemctl start wildfly
systemctl enable wildfly

6. Create a Wildfly admin user

You need to configure the admin user to tweak the Wildfly settings from the admin console.

cd /opt/wildfly/bin
./add-user.sh

I will omit the details, but please add the Management User according to the prompt. For more information, go to Official Documentation.

Build Apache HTTP Server

1. Install Apache HTTP Server

yum install -y httpd

2. Security measures

If you keep the default settings, there is a security risk, so correct it.

Delete default content

Eliminate unnecessary content such as welcome pages that are not normally published as much as possible.

cd /etc/httpd/conf.d
mv welcome.conf welcome.conf.org
mv autoindex.conf autoindex.conf.org

Disabling the directory contents list display function

vi /etc/httpd/conf/httpd.conf

#Options Indexes FollowSymLinks
Options FollowSymLinks

Disable TRACE method

Disable the TRACE method as an XST countermeasure.

vi /etc/httpd/conf/httpd.conf

#Added to the end of the file
TraceEnable off

Disabling the version information display function

Do not include the web server version in the HTTP response header.

vi /etc/httpd/conf/httpd.conf

#Added to the end of the file
ServerTokens ProductOnly
ServerSignature off

Allow in-frame page display only within the same domain

As a countermeasure against clickjacking, add the X-Frame-Options header to the HTTP response header.

#Create a new file
vi /etc/httpd/conf.modules.d/headers.conf

#Added to the end of the file
Header append X-FRAME-OPTIONS SAMEORIGIN

Cooperation between Apache HTTP Server and Wildfly

Brings requests to Apache HTTP Server to Wildfly.

1. Reverse proxy settings

Direct access to port 80 to port 8080 (Wildfly's HTTP listener).

#Add new file
vi /etc/httpd/conf.modules.d/wildfly.conf

<VirtualHost *:80>
  ProxyPass / http://127.0.0.1:8080/
  ProxyPassReverse / http://example.net/
</VirtualHost>

2. Definition check & restart

Once this is done, test the definition file and restart Apache HTTP Server.

httpd -t
systemctl restart httpd

Operation check

Simply access port 80, like http \ //example.com, and you'll be successful if you see the Wildfly welcome page.

キャプチャ.PNG

Summary

LB of OCI supports SSL, and I tried to build backend communication with HTTP. If you try to use SSL on the Web / AP server, it will be complicated, so it is nice to be able to terminate with LB.

Reference: Apache's 10 basic security points to review before being attacked

Recommended Posts

Build Apache HTTP Server and Wildfly on Oracle Linux 8
Build Docker environment (Linux 8) and start Apache HTTP Server container
Build a CentOS Linux 8 environment with Docker and start Apache HTTP Server
Source compile Apache2.4 (httpd 2.4.43) + PHP7.4 on Linux and build a Web server ―― 1. Apache introduction
Source compile Apache2.4 (httpd 2.4.43) + PHP7.4 on Linux and build a Web server --2 PHP introduction
[UE4] Build DedicatedServer on Windows and Linux
Build a simple WebDAV server on Linux
Build a Samba server on Arch Linux
Build Oracle Database 19c on Oracle Linux 8.3 (DB Build Part 2)
Web server construction with Apache 2.4 (httpd 2.4.43) + PHP 7.4 on Linux ―― 4. Security (chown and firewalld)
[Part 2] Let's build a web server on EC2 Linux
Compactly build an Oracle database (19c) on Linux on VirtualBox
Build a server on Linux and local network with Raspberry Pi NextCloud and desktop sharing
Source compile Apache2.4 (httpd 2.4.43) + PHP7.4 on Linux to build a Web server --3 MySQL 8.0 introduction
Recording and playback on Linux
Install LAMP on Amazon Linux 2 and build a WordPress environment.
Linux Web server construction (Ubuntu & Apache)
Install oracle java8 on amazon linux2
Build and install OpenCV on Windows
Run a Linux server on GCP
Until you install Apache and Tomcat on Linux (CentOS) and deploy Java apps
Build Linux on a Windows environment. Steps to install Laradock and migrate
Install Python3 and Django on Amazon Linux (EC2) and run your web server
Build a lightweight server in Python and listen for Scratch 2 HTTP extensions
Build a Pypi cache server on QNAP
How to build my own Linux server
Build Python3 and OpenCV environment on Ubuntu 18.04
Install wsl2 and master linux on windows
Django + Apache with mod_wsgi on Windows Server 2016
Build CGI Server running on Python 3 on Docker
Install and launch k3s on Manjaro Linux
Build an LNPP environment on Amazon Linux 2
Learn sshd_config and authorized_keys (on Amazon Linux 2)
Dockerfile: Install Docker on your Linux server
Build jupyter notebook on remote server (CentOS)
Arch on lvm on luks build and initialization
Build a web server on your Chromebook
Replacing rmtrash on Mac and replacing rm on Linux
Effective and simple Web server security measures "Linux"
Let's integrate Django and apache (httpd) on Mac! !!
Invert screen output vertically and horizontally on linux
How to build Java environment on Ubuntu (Linux)
Build an Arch Linux environment on Raspberry Pi
Source compile Apache2.4 + PHP7.4 with Raspberry Pi and build a web server --3. Use MySQL