I would like to control when and where the admin service is accessible
How do I do one of the following (if possible)
Enable the admin console only from localhost (I know about disable-secure-admin, but still I don't want anyone to see the console login page when they add 4848 in the end) I will use SSH tunnle to connect
Or, be able to use a certificate, so only certified clients will be able to even see the console
Or, be able on demand to start / stop the admin service when needed, not opening it to the outside world (e.g. start stop __asadmin virtual server)
Is any of the above possible?
If you cannot log into the administrative console and you must disable administrative security, locate your profile_root /bin directory and first run the wsadmin -conntype NONE command. At the wsadmin prompt, type securityoff and then type exit to return to a command prompt.
To Create a Domain. After installing GlassFish Server and creating the default domain ( domain1 ), you can create additional domains by using the local create-domain subcommand. This subcommand creates the configuration of a domain.
A domain is an administrative boundary that contains a group of GlassFish Server instances that are administered together. Each instance can belong to only one domain. A domain provides a preconfigured runtime for user applications.
Ok, I found it by guess-work
Solution to scenario #1
0.0.0.0
to 127.0.0.1
Solution to scenario #3
I didn't find any command line way to enable / disable virtual servers, network listeners or protocols, but editing domain.xml shows that it's all there, just comment out and restart.
Use asadmin to update the The HTTP Network Listener named admin-listener
.
asadmin enable-secure-admin-principal "Instructs GlassFish Server, when secure admin is enabled, to accept admin requests from clients identified by the specified SSL certificate".
asadmin enable-secure-admin "enables secure admin (if it is not already enabled), optionally changing the alias used for DAS-to-instance admin messages or the alias used for instance-to-DAS admin messages". Also a good blog on the subject. This doesn't turn admin on/off, but enables/disables for remote access to the admin console without the complications of (1).
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With