Menu

What is JBoss? What is JBoss Domain Management ? Install JBOSS-EAP 6.4 Start & Stop JBOSS script. Application Deployment Methods - 1. Application Deployment Methods - 2. Application Deployment Methods - 3. Multiple Instance of JBoss EAP. SSL on JBOSS EAP. WINDOWS service for JBOSS EAP. JBoss EAP 7 - DOMAIN Installation. DOMAIN DEPLOYMENT - GUI MODE. SSL on JBOSS 7.1 Admin console & Application. Apache mod_jk HTTP Connector - JBOSS AS 7.1 Apache Configure mod_proxy as load balancer (LB)- JBoss 7.1 Issue SocketTimeoutException JBoss-Remote JMX Connection (jvisualvm) Apache Mod Cluster as load balancer (LB) - JBoss 6.4 Out of space in CodeCache java.sql.SQLRecoverableException: Closed Connection sun.security.provider.certpath.SunCertPathBuilderException JBOSS EAP 6 TO 7 Migration Host Header injection on JBOSS EAP 7.2 Encrypting Datasource Passwords using Vault in JBOSS
Some useful links of IBM. WAS Installation using command line. Installing Suppliments (IHS/Plugins/WCT) command line. Uninstalling Suppliments (IHS/Plugins/WCT) command line. Installing fix-pack using command line. Profiles in WebSphere® Application Server ND. WebSphere Profiles list & Basics Commands Commands for Custom / Application server / Dmgr Profiles Creating WAS-ND Cluster using GUI MODE. Application Deployment on WAS-ND - Cluster Env. Analyze - JVM logs. What is MustGather script ? PsList to troubleshoot high CPU usage in Windows WebSphere App Server - Updating ports in existing profiles Installation Manager (IM) on non-default location Websphere Base or ND Installation using Command Install or Update FIXPACK on WebSphere 8.5.+ Install SDK 8.0 on Websphere 8.5.5.9+ using Command method. How to Create a Clone of any profiles on WAS. Installation Manager (IM) on non-Administrator user. WebSphere Application Server 7.0.0.X & FIXPACK install / Update on the non-default location. WebSphere ND Migration 7.0 to 8.0 / 9.0 IBM WebSphere 9.0.0.0 and IHS (IBM HTTP SERVR) Installation with Fixapck using Command Line (non-root) user
Configure IHS (IBM HTTP Server) with WAS 8.5.X.X. Multiple IHS in front of WAS (On Single Install). Monitor IBM HTTP Server connections. Self-signed Cert using ikeyman tool. Self-Signed Cert using command line. Decrypt Stash File.
Apache HTTP Server HTTP STATUS CODES Apache Rewrite Rules How to configure Apache MPM. Install Apache HTTP Server 2.4.27 ver. on LINUX Apache Tomcat - 9.0.0.M21 Installation on WIN Apache mod_jk HTTP Connector - JBOSS AS 7.1 Apache Configure mod_proxy as load balancer (LB)- JBoss 7.1 Apache error : Server ran out of threads to serve requests (Windows) Apache Mod Cluster as load balancer (LB) - JBoss 6.4 Redirect traffic during maintenance httpd (Apache) Error: systemd-tty-ask-password-agent tool! SSL certificate supports Weak Ciphers How to install opensource mod_security on Apache 2.4 How to upgrade opensource apache from 2.4.39 to 2.4.46 (Minor Version Upgrade).
What is Nginx & How to install on RHEL Install Nginx plus on RHEL 7.4 / UNIX
Tomcat ghostcat vulnerability (JBoss /Tomcat) SSL certificate supports Weak Ciphers/Encoding (3DES) (Apache 2.4) SSL Medium Strength Cipher Suites Supported (SWEET32) [Tomcat Server] ETag vulnerability & X-Powered-By : jsp/2.2 Missing Security Header(x-xss-protection) & Clickjacking Disable HTTP TRACE / TRACK / OPTIONS/DELETE Method. Information disclosure through server response headers Apache-Coyote & X-Powered-By (JBoss). Local File Inclusion Vulnerabilities OR Directory traversal attack HTTP Host Header Injection (Apache 2.4) Restrict application Accessible by IP Address & HTTP Host Header Injection (Apache 2.4) Disable/Remove Server: Apache header info version (Apache2.4) TLS1.2 Protocol enable for IBM WebSphere with SSL Handshake Debug
how-to-manually-install-new-java-path SunCertPathBuilderException out of space in CodeCache for adapters What is GC , Heap Memory & Metaspace ? Types of GC , analyze GC logging and REDHAT JVM Tool. How to make datasource test-connection to Oracle / PostgreSql / MSSQL DB Instance.. How to make datasource test-connection to MSSQL DB Instance. How to make datasource test-connection to Postgresql DB Instance. How to make datasource test-connection to Oracle DB Instance. How to Check DB latency using Datasource Test-Connection.
Openssl Commands for Wildcard & SAN certificates. What is SSL, What is One-Way SSL & Two-Way SSL? Openssl Self-Signed SAN's certificate SSL certificate supports Weak Ciphers Some SSL issues (Client TLS1.2 , Truststore & SSL debug) with Solutions
Monitor Apache httpd process/thread status Monitor Apache httpd ModJK status Monitor Apache httpd Proxy balancer-manager status Monitoring of JBoss servers through Nagios.
IBM Bluemix - Free 30 Days‎ Create a IBM Bluemix Account IBM WebSphere® Application Server on IBM Bluemix Cloud.
Create a Red Hat Login Account ‎ Create a Oracle Account Download Redhat 7.3 .iso DVD file. Intallation of Linux 7.3 on (VM). Install a new java path to the alternatives. Xmanager and Set Display. Install LAMP on SUSE Linux with example
MiddlewareBox‎

Wednesday 29 May 2019

What is JBoss? What is JBoss Domain Management ?

What is JBoss?
  • JBoss is a Middleware application server like a Weblogic, Websphere application server, glassfish and many more.
  • Initially, JBoss is an opensource and cross-platform application server, then it is acquired by REDHAT.
  • JBoss is still available as an opensource now it is named as Wildfly application server.
  • The new version is Wildfly16 & Redhat JBoss EAP version 7.2

Red Hat JBoss Enterprise Application Platform 7
  • Red Hat JBoss Enterprise Application Platform (JBoss EAP) 7.1 is a certified implementation of the Java Enterprise Edition (Java EE) 7 full platform and Web Profile specifications.
  • Major versions of JBoss EAP are forked from the WildFly community
  • JBoss EAP 7.1 is similar to WildFly 11.
  • JBoss EAP provides two operating modes for JBoss EAP instances: standalone server or a managed domain
  • The standalone server operating mode represents running JBoss EAP as a single server instance. 
  • The managed domain operating mode allows for the management of multiple JBoss EAP instances from a single control point.

Features of JBoss EAP
  • Java EE 7 compliant (Build using JAVA 7)
  • Managed Domain (high availability) 
  • Management console and management CLI (command line utility)
  • Simplified directory layout (Domain & Standalone directory separate) 
  • Modular class-loading mechanism (stop & restart time enhanced)
  • Streamlined datasource management (datasource can be configure using cli / console)
  • Patching (command & console)  & upgradation. (using tool)


 The standalone server operating mode represents running JBoss EAP as a single server instance. 

 The managed domain operating mode allows for the management of multiple JBoss EAP instances from a single control point.

 Below is the snap of Standalone & Domain topology.


********************************************************************************************

 What is Domain Management?
  • DOMAIN MANAGEMENT (CENTRAL MANAGEMENT POINT)
  • The domain system provides management of multiple JBoss instances from a single control point.
  • A domain consists of one domain controller, one or more host controllers, and zero or more server groups per host.
  • 1 (domain controller ) << >>  1 or more (host controller)  << >>  0  or more server groups per host



  1. A domain controller is a central point from which the domain is controlled. The domain controller is also a host controller.
  2. A host controller is a physical or virtual host that interacts with the domain controller to control the lifecycle of the application server. Each host can contain multiple server groups.
  3. A server group is a set of server instances which have JBoss EAP installed on them and are managed and configured as one. The domain controller manages the configuration of and applications deployed onto server groups. 

Domain Controller:
  1. Default configuration file: EAP_HOME/domain/configuration/domain.xml
  2. The domain.xml file contains profiles (default, ha, full & full-ha) for servers.
  3. A Profile contains the detailed settings of the various subsystems available in that profile. The domain configuration also includes the definition of socket groups and the server group definitions.
NOTE:

A JBoss EAP 7 domain controller is able to administer JBoss EAP 6 hosts and servers, as long as the hosts and servers are running JBoss EAP 6.2 or later.

 ********************************************************************************************
What are Subsystems, Extensions, and Profiles?
  • JBoss works on subsystems: Eg. For instance, if an application requires a database, a datasource can be configured in the datasources subsystem and accessed by that application after it is deployed to that JBoss EAP server or domain.
  • Extensions: An extension is a module that extends the core functionality of the server. Extensions are loaded as they are needed by deployments, and are unloaded when they are no longer needed.
  • Profiles: Profile is a set of subsystems combined for different purposes. For domain-mode, four profiles are defined by default. (default, ha, full, full-ha) For standalone-mode, an un-named profile is set.

Configuration File
Purpose
standalone.xml
This standalone configuration file is the default configuration that is used when you start your standalone server. It contains all information about the server, including subsystemsnetworkingdeploymentssocket bindings, and other configurable details. It does not provide the subsystems necessary for messaging or high availability.
standalone-ha.xml
This standalone configuration file includes all of the default subsystems and adds the modcluster and jgroups subsystems for high availability. It does not provide the subsystems necessary for messaging.
standalone-full.xml
This standalone configuration file includes all of the default subsystems and adds the messaging-activemq and iiop-openjdk subsystems. It does not provide the subsystems necessary for high availability.
standalone-full-ha.xml
This standalone configuration file includes support for every possible subsystem, including those for messaging and high availability.
standalone-load-balancer.xml
This standalone configuration file includes the minimum subsystems necessary to use the built-in mod_cluster front-end load balancer to load balance other JBoss EAP instances.


 Reference link :
https://access.redhat.com/documentation/en-us/red_hat_jboss_enterprise_application_platform/7.2/html/configuration_guide/index
https://access.redhat.com/documentation/en-us/
https://developer.jboss.org/thread/266415


Thanks :-)
Read more posts »
Posted by: at No comments:
Tags: , , , , , , , , ,

Tuesday 28 May 2019

Types of GC , analyze GC logging and REDHAT JVM Tool.

1. Serial Garbage Collector.
2. Parallel Garbage Collector.
3. CMS Garbage Collector.
4. G1 Garbage Collector.





1. Serial Garbage Collector (-XX:+UseSerialGC):-

  • The serial GC works on a single thread to perform Garbage Collection. 
  • It is best for single core processor machine.
  • While performing GC, it's stop/freezes all the threads of application(Stop The World).
  • The (-XX:+UseSerialGC) argument have to be used on JVM configuration, to enable Serial Garbage Collector.


2. Parallel Garbage Collector (-XX:+UseParallelGC):-

  • The Parallel  GC works on multiple threads to perform Garbage Collection also known as the throughput collector.
  • Similar to serial, it also freezes all the threads of application(Stop The World).
  • The Parallel collector uses multiple CPU  to perform Garbage Collection.
  • This is default GC collector on most of JVM machines.
  • Parallel GC can be enabled using  (-XX:+UseParallelGC) argument on JVM.
  • Only minor collections are executed in parallel using (-XX:+UseParallelGC) argument.
  • For minor and major collections in parallel GC, we have to put (-XX:+UseParallelOldGC) argument on JVM.
  • The number of GC threads can be controlled with the command line option (-XX: ParallelGCThreads=<N>) argument on JVM.



 3. CMS Garbage Collector (-XX:+UseConcMarkSweepGC):-

  • The CMS stands for Concurrent Mark Sweep (CMS) Garbage Collector. 
  • The CMS uses multiple threads to perform Garbage Collection.
  • Here the Garbage Collection is done concurrently with the application threads. hence it reduces the pause time.
  • This garbage collector is entered stop the world mode only in two cases,
  • 1. During marking the referenced objects in the old generation space.
  • 2. Any change in heap memory in parallel with doing the garbage collection.
  • So, (Stop The World) STW time of CMS garbage collector is very short.




 4. G1 Garbage Collector (–XX:+UseG1GC):-

  • It is the new GC, experimental start on JDK 6update 14 then it is being introduced and supported in JDK 7 update 4.
  • The G1 uses multiple threads to scan the heap and divides it into the regions.
  • The heap is split into approximately 2000 regions.
  • The regions are spanning from minimum size 1MB to maximum size 32MB. (-XX:G1HeapRegionSize).
  • The G1 collector is a parallel, concurrent and compacting low-pause garbage collector.
  • To enable the G1 collector use (-XX:+UseG1GC) argument on JVM.

*****************************************************************************

Logging in Garbage Collection:

Below is the listed flags, which enable the logging.

  • -XX:+PrintGC (or the alias -verbose:gc) Enable the simple logging mode which prints the logs on every minor or major GC.
  • -XX:+PrintGCDateStamps would print the absolute timestamp in the log statement.
  • -XX:+PrintGCDetails property would print the details of how much memory is reclaimed in each generation.
  • -XX:+PrintGCTimeStamps would Print timestamps at garbage collection. 
  • -Xloggc:<filename> makes Log GC verbose output to the specified file.

Below is the snap how to analyze GC logs,



Link:


 *****************************************************************************

IMP Suggestion: The REDHAT labs team provided a JVM Options Configuration Tool online, Where you can get the best JVM argument suggestion.

Link:







Reference links:


Thanks :-)


Read more posts »
Posted by: at No comments:
Tags: , , , , , , ,

Friday 24 May 2019

What is SSL, What is One-Way SSL & Two-Way SSL?

What is SSL?
  • SSL stands for “Secure Sockets Layer”.
  • SSL has been developed by Netscape.
  • The first released version 2.0 was declared in 1995.
  • It is Security technology used to encrypt the data between clients and server or website on browser, mails, etc.

 What is TLS?
  • TLS stands for “Transport Layer Security” protocol.
  • Later the SSL v3.0 has been replaced by TLS1.0
  • The TLS1.0, TLS1.1, TLS 1.2 is available, the TLS 1.3 is the newer version protocol released in 2018.

SSL works on “three basic principles”:

  • A.       Encryption.
  • B.       Authentication.
  • C.       Data Integrity.

A) Encryption: The data which is transferred between two or more Clients and Server should be encrypted. Since the attacker or hacker would unable to understand. 

B) Authentication: The data to be transferred must be to the correct person or user.

C) Data Integrity: The data over transmission should not be tampered or changed.


 SSL works on  “a key pair”:
a)       Public Key.
b)       Private Key.

a) Public Key
  •  As the name says public, means it is available to all people.
  • A public key is basically used for Authentication purpose (The Right Person/User).
  • A CSR (Certificate Signing Request) contains the user detail which is encrypted using the public key.
b) Private Key:
  • As the name says Private, means it is kept secret only available to the owner.
  • This key is having both functionalities of encrypting and decrypting the data during transmission.
  • The private key is generated while creating CSR in an encrypted format.

 Public key infrastructure (PKI) produces public and private keys.
*********************************************************************************

SSL (Secure Sockets Layer) HANDSHAKE :

Basically, the browser works on One-Way SSL authentication mechanism, Where the Client verifies/validates the server certificate with the list of CA's certification authority.
There are three keys are used to set up the SSL connection: (a)the public, (b) private, and (c) session keys.

The SSL connection can be made in two different ways:

 A) One-Way SSL: In this method only client going to verifies, server certificates with the List of CA's certification authority.

 B) Two-Way SSL: In this method, both client and server verify, each other certificates with the list of CA's certification authority.


A) One-Way SSL authentication

1. Client requests for data on HTTPS protocol to the server. That going to initiates the SSL/TLS handshake process. 

2. Server returns with its public certificate and public key to the client along with the server hello message.

3. The client validates/verifies the received server certificates with CA’s certification authority including certificate expiration, unrevoked and Common Name (CN – name).

4. The client sends back with a symmetric session key using the server’s public key.

5. The server decrypts the symmetric session key using its private key and sends back an encrypted session key to start the encrypted session.



B) Two-Way SSL (MUTUAL AUTHENTICATION) :

 1. Client requests for data on HTTPS protocol to the server. That going to initiates the SSL/TLS handshake process. 

 2. Server returns with its public certificate and public key to the client along with the server hello message.

 3. The client validates/verifies the received server certificates with CA’s certification authority including certificate expiration, unrevoked and Common Name (CN – name).

 4. The client sends back a client certificate with a symmetric session key using the server’s public key.

 5. The server validates/verifies the received client certificates with CA’s certification authority for CA digital signed certificates, and checks its certificate expiration status.
6. After completion of the handshake process, client and server communicate and transfer data with each other encrypted with the secret keys shared between the two during a handshake.


Reference Links:
https://www.codeproject.com/Articles/326574/An-Introduction-to-Mutual-SSL-Authentication
https://www.digicert.com/ssl/
http://www.robinhowlett.com/blog/one-way-ssl-authentication-server---client
https://tutorialspedia.com/an-overview-of-one-way-ssl-and-two-way-ssl/



Thanks :-)
Read more posts »
Posted by: at No comments:
Tags: , , , , , , , , ,

Thursday 23 May 2019

Redirect traffic during maintenance or downtime using Apache.

Hi folks!
We have to redirect the traffic to the static HTML maintenance page,  during maintenance or downtime of the application using Apache server.

for this, we have to create a new static HTML maintenance page & maintenancepage.enable file.

   a. maintenancepage.html  
   b. maintenancepage.enable 
   c. Redirecting configurations in httpd.conf/ssl.conf file.


Step A: create a file "maintenancepage.html" and write below HTML code.

-----------------------------------------------------------------------------------

<!doctype html>
<title>Site Maintenance</title>
<style>
  body { text-align: center; padding: 150px; }
  h1 { font-size: 50px; }
  body { font: 20px Helvetica, sans-serif; color: #333; }
  article { display: block; text-align: left; width: 650px; margin: 0 auto; }
  a { color: #dc8100; text-decoration: none; }
  a:hover { color: #333; text-decoration: none; }
</style>

<article>
<h1>Application Name</h1>
    <h1>We&rsquo;ll be back soon!</h1>
    <div>
    <p>Sorry for the inconvenience but we&rsquo;re performing some maintenance at the moment. If you need to you can always <a href="mailto:#">contact us</a>, otherwise we&rsquo;ll be back online shortly!</p>
    <p>&mdash; The MiddlewareBox Team</p>
    </div>
</article>

-----------------------------------------------------------------------------------

Download the code from Github: https://gist.github.com/





Step B. Create a empty file called as "maintenancepage.enable" file.

This file is created to enable and disable maintenance page during no downtime, after configurations and restart of apache server.

If we delete the "maintenancepage.enable" file, it will not redirect the traffics.


NOTE IMP: Save both files in $APACHE_HOME/htdocs folder.

Step C.  Locate to $APACHE_HOME/conf folder and edit "httpd.conf" file and "httpd-ssl.conf", write below configurations.

------------------------------------------------------------------------------

LoadModule headers_module modules/mod_headers.so
LoadModule rewrite_module modules/mod_rewrite.so

RewriteEngine On
RewriteCond %{REMOTE_ADDR} !^127\.0\.0\.1
RewriteCond %{HTTP_HOST} !^localhost$ [NC]
RewriteCond %{DOCUMENT_ROOT}/maintenancepage.html -f
RewriteCond %{DOCUMENT_ROOT}/maintenancepage.enable -f
RewriteCond %{SCRIPT_FILENAME} !maintenancepage.html
RewriteRule ^.*$ /maintenancepage.html [R=503,L]
ErrorDocument 503 /maintenancepage.html
Header always Set Cache-Control "max-age=0, no-store" "expr=%{REQUEST_URI}=='/maintenancepage.html'"

------------------------------------------------------------------------------






Step D. Stop the application and check the redirection of apache to maintenancepage.html using browser.



Refrence:


Thanks :-)
Read more posts »
Posted by: at No comments:
Tags: , , , , , , ,

What is GC , Heap Memory & Metaspace ?


What is GC (Garbage Collection)?
  • GC stands for “Garbage Collection”.
  • The JVM (Java Memory Management) has a feature of Garbage Collection,
  • The GC remove the unused objects from the program in order to make heap memory free.


The GC works in three steps format: “MARK”, “SWEEP” & “Deletion with Compacting”

  1. MARK: This step, mark the live objects in the heap memory.
  2. SWEEP: This step, removes (sweep) the dead/unreferenced objects from the heap memory.
  3. Deletion with Compacting: After removing unreferenced objects, this step compact the live/referenced objects together, which makes more memory allocation faster.

The Heap memory is divided into many generations:



 1. Young Generation.
a.   Eden.
b.  Survivor (S0).
c.  Survivor (S1).
2. Old Generation (Tenured).
3. Permanent generation.
1. Young Generation.    
  • The (YG) young generations are the space where the new objects reside.
  • As young generations full, the Minor GC takes place.
  • Minor GC is always triggered when JVM is unable to allocate space for a new Object in Eden.
  • All Minor GC trigger Stop the world pauses, means stopping the application threads but mostly it is negligible.
  • Referenced objects are moved to the first survivor space (S0). Unreferenced objects are deleted when the Eden space is cleared. 

2. Old Generation (Tenured).
  • The (OG) Old Generation is the space where long survived objects reside.
  • Major GC is used to clean the Tenured space (OG). 

3. Permanent generation (PG).
  • The Permanent generation is also named as “Perm-Gen”, “Non-Heap Memory” and “Metaspace” space from JAVA 8.
  • Perm gen is used to store the class and methods objects, in the native memory which is used by the application.
  • During Full-GC the objects are cleared from Young - Old – Permanent.
  • This Perm gen is separated from main heap memory.

What is Metaspace ?

  • The metaspace is the new memory space. It has been replaced by “perm-gen” space.
  • Dynamic allocation of native memory space during class & memory leak.
  • GC calls, if the dead classes and classloaders reach the “MaxMetaspaceSize”.
  • The memory leaks can be identified by “java.lang.OutOfMemoryError “exception along with stack trace log.

  • java.lang.OutOfMemoryError: Java heap space
  • java.lang.OutOfMemoryError: GC Overhead limit exceeded
  • java.lang.OutOfMemoryError: Requested array size exceeds VM limit
  • java.lang.OutOfMemoryError: Metaspace
  • java.lang.OutOfMemoryError: request size bytes for reason. Out of swap space?
  • java.lang.OutOfMemoryError: Compressed class space
  • java.lang.OutOfMemoryError: reason stack_trace_with_native_method

References :

https://www.journaldev.com/2856/java-jvm-memory
https://plumbr.io/blog/garbage-collection/minor-gc-vs-major-gc
https://docs.oracle.com/javase/8/docs/technotes/guides/
https://docs.oracle.com/javase/8/docs/technotes/guides/


Thanks :-)
Read more posts »
Posted by: at No comments:
Tags: , , , , ,
Subscribe to: Posts (Atom)