keycloak-scim/server_installation/topics/network/bind-address.adoc

54 lines
2.6 KiB
Text
Raw Normal View History

2016-04-30 04:39:32 +00:00
2016-04-28 22:25:54 +00:00
[[_bind-address]]
=== Bind addresses
2016-04-28 20:34:44 +00:00
2017-08-28 12:50:14 +00:00
By default {project_name} binds to the localhost loopback address `127.0.0.1`. That's not a very useful default if
2016-04-28 20:34:44 +00:00
you want the authentication server available on your network. Generally, what we recommend is that you deploy a reverse proxy
2017-08-28 12:50:14 +00:00
or load balancer on a public network and route traffic to individual {project_name} server instances on a private network.
2016-04-29 20:12:12 +00:00
In either case though, you still need to set up your network interfaces to bind to something other than `localhost`.
2016-04-28 20:34:44 +00:00
2016-04-29 20:12:12 +00:00
Setting the bind address is quite easy and can be done on the command line with either the _standalone.sh_ or
2017-08-28 12:50:14 +00:00
_domain.sh_ boot scripts discussed in the <<_operating-mode, Choosing an Operating Mode>> chapter.
2016-04-28 20:34:44 +00:00
[source]
----
$ standalone.sh -b 192.168.0.5
----
2016-04-29 20:12:12 +00:00
The `-b` switch sets the IP bind address for any public interfaces.
2016-04-28 20:34:44 +00:00
2016-04-29 20:12:12 +00:00
Alternatively, if you don't want to set the bind address at the command line, you can edit the profile configuration of your deployment.
2016-06-01 15:50:46 +00:00
Open up the profile configuration file (_standalone.xml_ or _domain.xml_ depending on your
2017-08-28 12:50:14 +00:00
<<_operating-mode, operating mode>>) and look for the `interfaces` XML block.
2016-04-28 20:34:44 +00:00
[source,xml]
----
<interfaces>
<interface name="management">
<inet-address value="${jboss.bind.address.management:127.0.0.1}"/>
</interface>
<interface name="public">
<inet-address value="${jboss.bind.address:127.0.0.1}"/>
</interface>
</interfaces>
----
2016-04-29 20:12:12 +00:00
The `public` interface corresponds to subsystems creating sockets that are available publicly. An example of one
2017-08-28 12:50:14 +00:00
of these subsystems is the web layer which serves up the authentication endpoints of {project_name}. The `management`
interface corresponds to sockets opened up by the management layer of the {appserver_name}. Specifically the sockets
which allow you to use the `jboss-cli.sh` command line interface and the {appserver_name} web console.
2016-04-28 20:34:44 +00:00
2016-04-29 20:12:12 +00:00
In looking at the `public` interface you see that it has a special string `${jboss.bind.address:127.0.0.1}`. This string
denotes a value `127.0.0.1` that can be overridden on the command line by setting a Java system property, i.e.:
2016-04-28 20:34:44 +00:00
[source]
----
$ domain.sh -Djboss.bind.address=192.168.0.5
----
2016-04-29 20:12:12 +00:00
The `-b` is just a shorthand notation for this command. So, you can either change the bind address value directly in the profile config, or change it on the command line when
2016-04-28 20:34:44 +00:00
you boot up.
2017-08-28 12:50:14 +00:00
NOTE: There are many more options available when setting up `interface` definitions. For more information, see link:{appserver_network_link}[the network interface] in the _{appserver_network_name}_.