keycloak-scim/topics/network/bind-address.adoc

55 lines
2.7 KiB
Text
Raw Normal View History

2016-04-30 04:39:32 +00:00
2016-04-28 22:25:54 +00:00
[[_bind-address]]
2016-04-28 20:34:44 +00:00
=== Bind Addresses
2016-04-29 20:12:12 +00:00
By default {{book.project.name}} binds to the localhost loopback address `127.0.0.1`. That's not a very useful default if
2016-04-28 20:34:44 +00:00
you want the authentication server available on your network. Generally, what we recommend is that you deploy a reverse proxy
or load balancer on a public network and route traffic to individual {{book.project.name}} server instances on a private network.
2016-04-29 20:12:12 +00:00
In either case though, you still need to set up your network interfaces to bind to something other than `localhost`.
2016-04-28 20:34:44 +00:00
2016-04-29 20:12:12 +00:00
Setting the bind address is quite easy and can be done on the command line with either the _standalone.sh_ or
2016-04-28 20:34:44 +00:00
_domain.sh_ boot scripts discussed in the <<fake/../../operating-mode.adoc#_operating-mode, Choosing an Operating Mode>> chapter.
[source]
----
$ standalone.sh -b 192.168.0.5
----
2016-04-29 20:12:12 +00:00
The `-b` switch sets the IP bind address for any public interfaces.
2016-04-28 20:34:44 +00:00
2016-04-29 20:12:12 +00:00
Alternatively, if you don't want to set the bind address at the command line, you can edit the profile configuration of your deployment.
Open up the profile configuration file (_standalone.xml or _domain.xml_ depending on your
2016-05-04 15:06:04 +00:00
<<fake/../../operating-mode.adoc#_operating-mode, operating mode>>) and look for the `interfaces` XML block.
2016-04-28 20:34:44 +00:00
[source,xml]
----
<interfaces>
<interface name="management">
<inet-address value="${jboss.bind.address.management:127.0.0.1}"/>
</interface>
<interface name="public">
<inet-address value="${jboss.bind.address:127.0.0.1}"/>
</interface>
</interfaces>
----
2016-04-29 20:12:12 +00:00
The `public` interface corresponds to subsystems creating sockets that are available publicly. An example of one
of these subsystems is the web layer which serves up the authentication endpoints of {{book.project.name}}. The `management`
2016-04-28 20:34:44 +00:00
interface corresponds to sockets opened up by the management layer of the {{book.appserver.name}}. Specifically the sockets
2016-04-29 20:12:12 +00:00
which allow you to use the `jboss-cli.sh` command line interface and the {{book.appserver.name}} web console.
2016-04-28 20:34:44 +00:00
2016-04-29 20:12:12 +00:00
In looking at the `public` interface you see that it has a special string `${jboss.bind.address:127.0.0.1}`. This string
denotes a value `127.0.0.1` that can be overriden on the command line by setting a Java system property, i.e.:
2016-04-28 20:34:44 +00:00
[source]
----
$ domain.sh -Djboss.bind.address=192.168.0.5
----
2016-04-29 20:12:12 +00:00
The `-b` is just a shorthand notation for this command. So, you can either change the bind address value directly in the profile config, or change it on the command line when
2016-04-28 20:34:44 +00:00
you boot up.
2016-04-29 20:12:12 +00:00
NOTE: There's a lot more nifty options when setting up `interface` definitions. See the link:{{book.appserver.network.link}}[the network interface]
2016-04-28 20:34:44 +00:00
chapter of the {{book.appserver.network.name}}.