Wildfly 9.0 Offline CLI and HTTP/2

Yesterday, Wildfly community has just released Wildfly 9.0.0.Final, the last Application Server version. As I talked on my previous French post about Wildfly they are a lot of new cool stuffs. I noticed two of them we could use both together quickly. Into a datacenter, we want setup the first configuration without startup full process and open unnecessary port. I propose in this post to setup HTTP/2 with offline mode, it is quite useful because we could want to start a JBoss instance directly with HTTP/2 protocol enabled.

How to setup HTTP/2 configuration into Wildfly 9.0.0.Final with offline mode.

Download Wildfly

Please download it following this link.

Installation

After downloading it, you just have to unzip it into your folder like this :

tar -zxvf wildfly-9.0.0.Final.tar.gz

X509 Certificate

HTTP/2 doesn’t need an encryption layer for transport, but we gonna implement it in this example.

Create a self-signed certificate

Export it for your web browser

Secure configuration

Due of some JDK 8 limitations, ALPN isn’t supported natively by JDK 8. We will download it from the Eclipse Foundation. This feature is mandatory for the HTTP/2 protocol with encryption.

export ALPN_VERSION=8.1.3.v20150130
curl http://central.maven.org/maven2/org/mortbay/jetty/alpn/alpn-boot/$ALPN_VERSION/alpn-boot-$ALPN_VERSION.jar > `pwd`/alpn-boot-$ALPN_VERSION.jar
export JAVA_OPTS="$JAVA_OPTS -Xbootclasspath/p:`pwd`/alpn-boot-$ALPN_VERSION.jar"

Configure the HTTP/2 into Undertow

Now, the best part, Wildly isn’t running yet and we will execute some Offline CLI commands to configure the standalone instance. To use the offline mode, we just have to use the embed-server command. This command runs an internal Wildly process and will interact directly with it.

As you should know Undertow is now the JBoss embedded HTTP Webserver, we gonna configure it to enable http2 after we’ve configured the new security realm. You should get an output result like this

You are disconnected at the moment. Type 'connect' to connect to the server or 'help' for the list of supported commands.
[disconnected /] embed-server
[standalone@embedded /] /core-service=management/security-realm=https:add()
{"outcome" => "success"}
[standalone@embedded /] /core-service=management/security-realm=https/authentication=truststore:add(keystore-path=server.truststore, keystore-password=password, keystore-relative-to=jboss.server.config.dir)
{
    "outcome" => "success",
    "response-headers" => {
        "operation-requires-reload" => true,
        "process-state" => "reload-required"
    }
}
[standalone@embedded /] /core-service=management/security-realm=https/server-identity=ssl:add(keystore-path=server.keystore, keystore-password=password, keystore-relative-to=jboss.server.config.dir)
{
    "outcome" => "success",
    "response-headers" => {
        "operation-requires-reload" => true,
        "process-state" => "reload-required"
    }
}
[standalone@embedded /] /subsystem=undertow/server=default-server/https-listener=https:add(socket-binding=https, security-realm=https, enable-http2=true)
{
    "outcome" => "success",
    "response-headers" => {"process-state" => "reload-required"}
}
[standalone@embedded /] reload --admin-only=false
[standalone@embedded /]

Startup JBoss

After a full correct configuration, you can startup the JBoss instance as usual.

$JBOSS_HOME/bin/standalone.sh

Check it

After a very quick JBoss startup (about 3s), you can check the welcome page with your favorite browser like Firefox . I use to check HTTP/2 protocol, the network panel available inside Firefox.

Tag

Date