KEYCLOAK-4713 Update domain mode config for EAP 7.1
This commit is contained in:
parent
2913ee8e23
commit
4b417c5ae8
6 changed files with 113 additions and 128 deletions
|
@ -15,24 +15,11 @@
|
|||
~ See the License for the specific language governing permissions and
|
||||
~ limitations under the License.
|
||||
-->
|
||||
|
||||
<!-- See src/resources/configuration/ReadMe.txt for how the configuration assembly works -->
|
||||
<config>
|
||||
<subsystems name="load-balancer">
|
||||
<!-- Each subsystem to be included relative to the src/main/resources directory -->
|
||||
<subsystem>logging.xml</subsystem>
|
||||
<subsystem>io.xml</subsystem>
|
||||
<subsystem supplement="domain">jmx.xml</subsystem>
|
||||
<subsystem>naming.xml</subsystem>
|
||||
<subsystem>remoting.xml</subsystem>
|
||||
<subsystem>request-controller.xml</subsystem>
|
||||
<subsystem>security.xml</subsystem>
|
||||
<subsystem>security-manager.xml</subsystem>
|
||||
</subsystems>
|
||||
<subsystems name="auth-server-standalone">
|
||||
<!-- Each subsystem to be included relative to the src/main/resources directory -->
|
||||
<subsystem>logging.xml</subsystem>
|
||||
<subsystem>bean-validation.xml</subsystem>
|
||||
<subsystem>core-management.xml</subsystem>
|
||||
<subsystem supplement="default">keycloak-datasources.xml</subsystem>
|
||||
<subsystem>ee.xml</subsystem>
|
||||
<subsystem>ejb3.xml</subsystem>
|
||||
|
@ -48,17 +35,18 @@
|
|||
<subsystem>naming.xml</subsystem>
|
||||
<subsystem>remoting.xml</subsystem>
|
||||
<subsystem>request-controller.xml</subsystem>
|
||||
<subsystem supplement="domain-wildfly">elytron.xml</subsystem>
|
||||
<subsystem>security.xml</subsystem>
|
||||
<subsystem>security-manager.xml</subsystem>
|
||||
<subsystem>transactions.xml</subsystem>
|
||||
<subsystem>undertow.xml</subsystem>
|
||||
<subsystem>keycloak-server.xml</subsystem>
|
||||
</subsystems>
|
||||
|
||||
<subsystems name="auth-server-clustered">
|
||||
<!-- Each subsystem to be included relative to the src/main/resources directory -->
|
||||
<subsystem>logging.xml</subsystem>
|
||||
<subsystem>bean-validation.xml</subsystem>
|
||||
<subsystem>core-management.xml</subsystem>
|
||||
<subsystem supplement="domain">keycloak-datasources.xml</subsystem>
|
||||
<subsystem>ee.xml</subsystem>
|
||||
<subsystem supplement="ha">ejb3.xml</subsystem>
|
||||
|
@ -76,10 +64,16 @@
|
|||
<subsystem>naming.xml</subsystem>
|
||||
<subsystem>remoting.xml</subsystem>
|
||||
<subsystem>request-controller.xml</subsystem>
|
||||
<subsystem supplement="domain-wildfly">elytron.xml</subsystem>
|
||||
<subsystem>security.xml</subsystem>
|
||||
<subsystem>security-manager.xml</subsystem>
|
||||
<subsystem>transactions.xml</subsystem>
|
||||
<subsystem supplement="ha">undertow.xml</subsystem>
|
||||
<subsystem>keycloak-server.xml</subsystem>
|
||||
</subsystems>
|
||||
<subsystems name="load-balancer">
|
||||
<subsystem>logging.xml</subsystem>
|
||||
<subsystem>io.xml</subsystem>
|
||||
<subsystem>undertow-load-balancer.xml</subsystem>
|
||||
</subsystems>
|
||||
</config>
|
||||
|
|
|
@ -17,7 +17,7 @@
|
|||
~ limitations under the License.
|
||||
-->
|
||||
|
||||
<domain xmlns="urn:jboss:domain:4.0">
|
||||
<domain xmlns="urn:jboss:domain:5.0">
|
||||
|
||||
<extensions>
|
||||
<?EXTENSIONS?>
|
||||
|
@ -60,31 +60,6 @@
|
|||
-->
|
||||
<profile name="load-balancer">
|
||||
<?SUBSYSTEMS socket-binding-group="load-balancer-sockets"?>
|
||||
<subsystem xmlns="urn:jboss:domain:undertow:3.0">
|
||||
<buffer-cache name="default"/>
|
||||
<server name="default-server">
|
||||
<http-listener name="default" socket-binding="http" redirect-socket="https"/>
|
||||
<host name="default-host" alias="localhost">
|
||||
<location name="/" handler="lb-handler"/>
|
||||
<filter-ref name="server-header"/>
|
||||
<filter-ref name="x-powered-by-header"/>
|
||||
</host>
|
||||
</server>
|
||||
<servlet-container name="default">
|
||||
<jsp-config/>
|
||||
<websockets/>
|
||||
</servlet-container>
|
||||
<handlers>
|
||||
<reverse-proxy name="lb-handler">
|
||||
<host name="host1" outbound-socket-binding="remote-host1" scheme="ajp" path="/" instance-id="myroute1"/>
|
||||
<host name="host2" outbound-socket-binding="remote-host2" scheme="ajp" path="/" instance-id="myroute2"/>
|
||||
</reverse-proxy>
|
||||
</handlers>
|
||||
<filters>
|
||||
<response-header name="server-header" header-name="Server" header-value="WildFly/10"/>
|
||||
<response-header name="x-powered-by-header" header-name="X-Powered-By" header-value="Undertow/1"/>
|
||||
</filters>
|
||||
</subsystem>
|
||||
</profile>
|
||||
</profiles>
|
||||
|
||||
|
@ -96,12 +71,8 @@
|
|||
These default configurations require the binding specification to be done in host.xml.
|
||||
-->
|
||||
<interfaces>
|
||||
<interface name="management">
|
||||
<inet-address value="${jboss.bind.address.management:127.0.0.1}"/>
|
||||
</interface>
|
||||
<interface name="public">
|
||||
<inet-address value="${jboss.bind.address:127.0.0.1}"/>
|
||||
</interface>
|
||||
<interface name="management"/>
|
||||
<interface name="public"/>
|
||||
<?INTERFACES?>
|
||||
</interfaces>
|
||||
|
||||
|
@ -114,20 +85,19 @@
|
|||
</socket-binding-group>
|
||||
<!-- load-balancer-sockets should be removed in production systems and replaced with a better softare or hardare based one -->
|
||||
<socket-binding-group name="load-balancer-sockets" default-interface="public">
|
||||
<socket-binding name="ajp" port="${jboss.ajp.port:8009}"/>
|
||||
<socket-binding name="http" port="${jboss.http.port:8080}"/>
|
||||
<socket-binding name="https" port="${jboss.https.port:8443}"/>
|
||||
<outbound-socket-binding name="remote-host1">
|
||||
<remote-destination host="localhost" port="8159"/>
|
||||
</outbound-socket-binding>
|
||||
<outbound-socket-binding name="remote-host2">
|
||||
<remote-destination host="localhost" port="8259"/>
|
||||
</outbound-socket-binding>
|
||||
<!-- Needed for server groups using the 'load-balancer' profile -->
|
||||
<?SOCKET-BINDINGS?>
|
||||
</socket-binding-group>
|
||||
</socket-binding-groups>
|
||||
|
||||
<server-groups>
|
||||
<server-group name="auth-server-group" profile="auth-server-clustered">
|
||||
<jvm name="default">
|
||||
<heap size="64m" max-size="512m"/>
|
||||
</jvm>
|
||||
<socket-binding-group ref="ha-sockets"/>
|
||||
</server-group>
|
||||
|
||||
<!-- load-balancer-group should be removed in production systems and replaced with a better softare or hardare based one -->
|
||||
<server-group name="load-balancer-group" profile="load-balancer">
|
||||
<jvm name="default">
|
||||
|
@ -135,12 +105,6 @@
|
|||
</jvm>
|
||||
<socket-binding-group ref="load-balancer-sockets"/>
|
||||
</server-group>
|
||||
<server-group name="auth-server-group" profile="auth-server-clustered">
|
||||
<jvm name="default">
|
||||
<heap size="64m" max-size="512m"/>
|
||||
</jvm>
|
||||
<socket-binding-group ref="ha-sockets"/>
|
||||
</server-group>
|
||||
</server-groups>
|
||||
|
||||
</domain>
|
||||
|
|
|
@ -22,7 +22,7 @@
|
|||
is also started by this host controller file. The other instance must be started
|
||||
via host-slave.xml
|
||||
-->
|
||||
<host name="master" xmlns="urn:jboss:domain:4.0">
|
||||
<host name="master" xmlns="urn:jboss:domain:5.0">
|
||||
<extensions>
|
||||
<?EXTENSIONS?>
|
||||
</extensions>
|
||||
|
@ -39,6 +39,11 @@
|
|||
</authorization>
|
||||
</security-realm>
|
||||
<security-realm name="ApplicationRealm">
|
||||
<server-identities>
|
||||
<ssl>
|
||||
<keystore path="application.keystore" relative-to="jboss.domain.config.dir" keystore-password="password" alias="server" key-password="password" generate-self-signed-certificate-host="localhost"/>
|
||||
</ssl>
|
||||
</server-identities>
|
||||
<authentication>
|
||||
<local default-user="$local" allowed-users="*" skip-group-loading="true"/>
|
||||
<properties path="application-users.properties" relative-to="jboss.domain.config.dir"/>
|
||||
|
@ -53,8 +58,8 @@
|
|||
<json-formatter name="json-formatter"/>
|
||||
</formatters>
|
||||
<handlers>
|
||||
<file-handler name="host-file" formatter="json-formatter" relative-to="jboss.domain.data.dir" path="audit-log.log"/>
|
||||
<file-handler name="server-file" formatter="json-formatter" relative-to="jboss.server.data.dir" path="audit-log.log"/>
|
||||
<file-handler name="host-file" formatter="json-formatter" path="audit-log.log" relative-to="jboss.domain.data.dir"/>
|
||||
<file-handler name="server-file" formatter="json-formatter" path="audit-log.log" relative-to="jboss.server.data.dir"/>
|
||||
</handlers>
|
||||
<logger log-boot="true" log-read-only="false" enabled="false">
|
||||
<handlers>
|
||||
|
@ -71,7 +76,8 @@
|
|||
<native-interface security-realm="ManagementRealm">
|
||||
<socket interface="management" port="${jboss.management.native.port:9999}"/>
|
||||
</native-interface>
|
||||
<http-interface security-realm="ManagementRealm" http-upgrade-enabled="true">
|
||||
<http-interface security-realm="ManagementRealm">
|
||||
<http-upgrade enabled="true" />
|
||||
<socket interface="management" port="${jboss.management.http.port:9990}"/>
|
||||
</http-interface>
|
||||
</management-interfaces>
|
||||
|
@ -98,6 +104,8 @@
|
|||
<heap size="64m" max-size="256m"/>
|
||||
<jvm-options>
|
||||
<option value="-server"/>
|
||||
<option value="-XX:MetaspaceSize=96m"/>
|
||||
<option value="-XX:MaxMetaspaceSize=256m"/>
|
||||
</jvm-options>
|
||||
</jvm>
|
||||
</jvms>
|
||||
|
|
|
@ -17,7 +17,7 @@
|
|||
~ limitations under the License.
|
||||
-->
|
||||
|
||||
<host xmlns="urn:jboss:domain:4.0">
|
||||
<host xmlns="urn:jboss:domain:5.0">
|
||||
<extensions>
|
||||
<?EXTENSIONS?>
|
||||
</extensions>
|
||||
|
@ -27,7 +27,7 @@
|
|||
<security-realm name="ManagementRealm">
|
||||
<server-identities>
|
||||
<!-- Replace this with either a base64 password of your own, or use a vault with a vault expression -->
|
||||
<secret value="c2xhdmVfdXNlcl9wYXNzd29yZA=="/>
|
||||
<secret value="c2xhdmVfdXMzcl9wYXNzd29yZA=="/>
|
||||
</server-identities>
|
||||
|
||||
<authentication>
|
||||
|
@ -39,6 +39,11 @@
|
|||
</authorization>
|
||||
</security-realm>
|
||||
<security-realm name="ApplicationRealm">
|
||||
<server-identities>
|
||||
<ssl>
|
||||
<keystore path="application.keystore" relative-to="jboss.domain.config.dir" keystore-password="password" alias="server" key-password="password" generate-self-signed-certificate-host="localhost"/>
|
||||
</ssl>
|
||||
</server-identities>
|
||||
<authentication>
|
||||
<local default-user="$local" allowed-users="*" skip-group-loading="true"/>
|
||||
<properties path="application-users.properties" relative-to="jboss.domain.config.dir"/>
|
||||
|
@ -53,8 +58,8 @@
|
|||
<json-formatter name="json-formatter"/>
|
||||
</formatters>
|
||||
<handlers>
|
||||
<file-handler name="host-file" formatter="json-formatter" relative-to="jboss.domain.data.dir" path="audit-log.log"/>
|
||||
<file-handler name="server-file" formatter="json-formatter" relative-to="jboss.server.data.dir" path="audit-log.log"/>
|
||||
<file-handler name="host-file" formatter="json-formatter" path="audit-log.log" relative-to="jboss.domain.data.dir"/>
|
||||
<file-handler name="server-file" formatter="json-formatter" path="audit-log.log" relative-to="jboss.server.data.dir"/>
|
||||
</handlers>
|
||||
<logger log-boot="true" log-read-only="false" enabled="false">
|
||||
<handlers>
|
||||
|
@ -69,15 +74,15 @@
|
|||
</audit-log>
|
||||
<management-interfaces>
|
||||
<native-interface security-realm="ManagementRealm">
|
||||
<socket interface="management" port="${jboss.management.native.port:3456}"/>
|
||||
<socket interface="management" port="${jboss.management.native.port:9999}"/>
|
||||
</native-interface>
|
||||
</management-interfaces>
|
||||
</management>
|
||||
|
||||
<domain-controller>
|
||||
<remote security-realm="ManagementRealm">
|
||||
<remote username="$local" security-realm="ManagementRealm">
|
||||
<discovery-options>
|
||||
<static-discovery name="primary" protocol="${jboss.domain.master.protocol:remote}" host="${jboss.domain.master.address:127.0.0.1}" port="${jboss.domain.master.port:9999}"/>
|
||||
<static-discovery name="primary" protocol="${jboss.domain.master.protocol:remote}" host="${jboss.domain.master.address}" port="${jboss.domain.master.port:9999}"/>
|
||||
</discovery-options>
|
||||
</remote>
|
||||
</domain-controller>
|
||||
|
@ -99,6 +104,8 @@
|
|||
<heap size="64m" max-size="256m"/>
|
||||
<jvm-options>
|
||||
<option value="-server"/>
|
||||
<option value="-XX:MetaspaceSize=96m"/>
|
||||
<option value="-XX:MaxMetaspaceSize=256m"/>
|
||||
</jvm-options>
|
||||
</jvm>
|
||||
</jvms>
|
||||
|
|
|
@ -23,7 +23,7 @@
|
|||
via host-slave.xml
|
||||
-->
|
||||
|
||||
<host name="master" xmlns="urn:jboss:domain:4.0">
|
||||
<host name="master" xmlns="urn:jboss:domain:5.0">
|
||||
<extensions>
|
||||
<?EXTENSIONS?>
|
||||
</extensions>
|
||||
|
@ -40,6 +40,11 @@
|
|||
</authorization>
|
||||
</security-realm>
|
||||
<security-realm name="ApplicationRealm">
|
||||
<server-identities>
|
||||
<ssl>
|
||||
<keystore path="application.keystore" relative-to="jboss.domain.config.dir" keystore-password="password" alias="server" key-password="password" generate-self-signed-certificate-host="localhost"/>
|
||||
</ssl>
|
||||
</server-identities>
|
||||
<authentication>
|
||||
<local default-user="$local" allowed-users="*" skip-group-loading="true"/>
|
||||
<properties path="application-users.properties" relative-to="jboss.domain.config.dir"/>
|
||||
|
@ -54,8 +59,8 @@
|
|||
<json-formatter name="json-formatter"/>
|
||||
</formatters>
|
||||
<handlers>
|
||||
<file-handler name="host-file" formatter="json-formatter" relative-to="jboss.domain.data.dir" path="audit-log.log"/>
|
||||
<file-handler name="server-file" formatter="json-formatter" relative-to="jboss.server.data.dir" path="audit-log.log"/>
|
||||
<file-handler name="host-file" formatter="json-formatter" path="audit-log.log" relative-to="jboss.domain.data.dir"/>
|
||||
<file-handler name="server-file" formatter="json-formatter" path="audit-log.log" relative-to="jboss.server.data.dir"/>
|
||||
</handlers>
|
||||
<logger log-boot="true" log-read-only="false" enabled="false">
|
||||
<handlers>
|
||||
|
@ -72,7 +77,8 @@
|
|||
<native-interface security-realm="ManagementRealm">
|
||||
<socket interface="management" port="${jboss.management.native.port:9999}"/>
|
||||
</native-interface>
|
||||
<http-interface security-realm="ManagementRealm" http-upgrade-enabled="true">
|
||||
<http-interface security-realm="ManagementRealm">
|
||||
<http-upgrade enabled="true" />
|
||||
<socket interface="management" port="${jboss.management.http.port:9990}"/>
|
||||
</http-interface>
|
||||
</management-interfaces>
|
||||
|
@ -80,6 +86,8 @@
|
|||
|
||||
<domain-controller>
|
||||
<local/>
|
||||
<!-- Alternative remote domain controller configuration with a host and port -->
|
||||
<!-- <remote protocol="remote" host="${jboss.domain.master.address}" port="${jboss.domain.master.port:9999}" security-realm="ManagementRealm"/> -->
|
||||
</domain-controller>
|
||||
|
||||
<interfaces>
|
||||
|
@ -99,6 +107,8 @@
|
|||
<heap size="64m" max-size="256m"/>
|
||||
<jvm-options>
|
||||
<option value="-server"/>
|
||||
<option value="-XX:MetaspaceSize=96m"/>
|
||||
<option value="-XX:MaxMetaspaceSize=256m"/>
|
||||
</jvm-options>
|
||||
</jvm>
|
||||
</jvms>
|
||||
|
|
|
@ -19,6 +19,8 @@
|
|||
<!-- See src/resources/configuration/ReadMe.txt for how the configuration assembly works -->
|
||||
<config>
|
||||
<subsystems>
|
||||
<subsystem>core-management.xml</subsystem>
|
||||
<subsystem>jmx.xml</subsystem>
|
||||
<subsystem supplement="host">elytron.xml</subsystem>
|
||||
</subsystems>
|
||||
</config>
|
||||
|
|
Loading…
Reference in a new issue