[wildfly-dev] Misc questions about WF8

Arun Gupta arun.gupta at gmail.com
Sat Jan 11 05:30:09 EST 2014


+1 on that option as well.

Let the user consciously make a decision about enabling security and
configuring certificates. Providing tools would certainly simplify it
otherwise it would be daunting.

Arun

On Sat, Jan 11, 2014 at 2:22 AM, Darran Lofthouse
<darran.lofthouse at jboss.com> wrote:
> On 11/01/14 10:13, Arun Gupta wrote:
>> Default config is Web profile ?
>>
>> Will HTTPs be not supported there ?
>
> HTTPS is supported just not enabled by default as we don't have keys in
> the distribution to be able to enable it.  This is actually a topic I
> want to discuss next week.
>
> We have a few problems with having it enabled by default: -
>   - If we include keys in the distribution being open source those keys
> are public knowledge.
>   - Also keys are specific to the host name used to connect to the
> server so at best we could assume 'localhost' but in that scenario the
> benefits of SSL are limited.
>   - We could create a new key on start up, this would delay the start up
> time and also we have the default hostname assumption issue again.
>   - We could provide a set of ops and add wizards to the CLI and admin
> console to manage the keys and certificates.
>
> The latter is actually my preferred option but it would involve a little
> bit of work all round but the main benefit being that a wizard gets to
> ask the right questions.
>
> Regards,
> Darran Lofthouse.
>
>>
>> Arun
>>
>> On Sat, Jan 11, 2014 at 2:01 AM, Stuart Douglas
>> <stuart.w.douglas at gmail.com> wrote:
>>>
>>>
>>>
>>> On Sat, Jan 11, 2014 at 10:56 AM, Arun Gupta <arun.gupta at gmail.com> wrote:
>>>>
>>>> - There are a bunch of ports listed in different
>>>> <socket-binding-group>s in domain.xml such as for jacorb, groups-tcp,
>>>> and messaging. I thought that only two ports are exposed by WildFly.
>>>> What purpose do these ports serve ? What about 8443 ?
>>>
>>>
>>> We are only going to have 2 ports in our default config, however when
>>> running in full profile mode there are some additional services that are not
>>> compatible with HTTP upgrade.
>>>
>>> 8443 is the HTTPS port.
>>> Jacorb is for CORBA, which cannot be done over HTTP upgrade.
>>> jgroups is for clustering
>>>
>>> Stuart
>>>
>>>>
>>>> - What is new in jboss-cli.sh in WildFly from AS 7 ?
>>>>
>>>> - Where can I find the complete feature set for everything new in WF8 ?
>>>>
>>>> Thanks
>>>> Arun
>>>> --
>>>> http://blog.arungupta.me
>>>> http://twitter.com/arungupta
>>>> _______________________________________________
>>>> wildfly-dev mailing list
>>>> wildfly-dev at lists.jboss.org
>>>> https://lists.jboss.org/mailman/listinfo/wildfly-dev
>>>
>>>
>>
>>
>>
> _______________________________________________
> wildfly-dev mailing list
> wildfly-dev at lists.jboss.org
> https://lists.jboss.org/mailman/listinfo/wildfly-dev



-- 
http://blog.arungupta.me
http://twitter.com/arungupta


More information about the wildfly-dev mailing list