[wildfly-dev] Using Wildfly as a load balancer
Juraci Paixão Kröhling
jcosta at redhat.com
Mon Jan 19 05:05:38 EST 2015
On 01/17/2015 04:31 AM, Jason T. Greene wrote:
> Right all Java code using this JVM would have access to binding *all ports* (e.g a Java program could bind say the ssh port (assuming it's not running) and sniff passwords). So it would be a good idea to have a dedicated JVM just for WildFly and to limit the execution permission to just a dedicated WildFly user. That way you ensure only the wildfly process can bind these ports.
I guess selinux could help on this scenario. IIRC, selinux blocks
WildFly (the one from the repos) from binding on non default ports
(8080, ...), so, a custom rule to allow it to bind to 80 would be
enough. If WildFly tries to bind to 22, selinux will block.
- Juca.
More information about the wildfly-dev
mailing list