Java – How to run Wildfly best

javajbosswildfly8

Within development I start Wildfly 8 as standalone. Then I copy all my WAR files to /standalone/deployments and run them over http://localhost:8080/projectname/.

When thinking of a productive server environment, how would Wildfly 8 be run best?
Would it be a good approach to automatically start the /bin/standalone.sh after system boot?

Best Answer

Leaving the deployment scanner on is a security risk.

Set scan-enabled="false" like so:

 <subsystem xmlns="urn:jboss:domain:deployment-scanner:1.1">
     <deployment-scanner path="deployments" relative-to="jboss.server.base.dir" scan-enabled="false"/>
 </subsystem>

How you start and stop JBoss is really up to you and how you like to manage your server. There are more important things to consider when running JBoss or WildFly in production. This blog post goes over some stuff for JBoss 5. Some things have changed since then, but there is some still relevant stuff there.

One thing I notice is that you are serving requests over port 8080, directly from WildFly. There is a blog post here about securing JBoss EAP 6 , which will still apply to WildFly. The preferred way to do this, however, would be to front your server with a web server or load balancer (Apache or Nginx would do) and completely lock down your WildFly host from any external requests apart from those coming from Apache.

This is a huge topic, to be quite honest, so you will need to spend a lot of time analysing risk and making sure you understand things before potentially leaving security holes in production.