References
- How To Install Glassfish 4.0 on Ubuntu 12.04.3
- Install Glassfish 4 on a Debian 8 VPS
- How To Determine java heap size From GC Logs
- Tuning Your Java VM
- Java Platform, HotSpot Virtual Machine Garbage Collection Tuning Guide
- What is Java Heap?
Prerequisites
- Debian
- Java
GlassFish is an open-source enterprise level application server with high reliability and performance, which can run any Java EE project.
Clustering
A cluster is a collection of GlassFish Server instances that work together as one logical entity. A cluster provides a runtime environment for one or more Java Platform, Enterprise Edition (Java EE) applications. A cluster provides high availability through failure protection, scalability, and load balancing.
Install Glassfish
To download and install Glassfish application server
|
|
In order to visit admin page (your_server_IP:4848) remotely, you need to enable secure admin not to get “Secure Admin must be enabled to access the DAS remotely” error
|
|
You will receive the below error:
|
|
If it is failed as above, change admin password first (default: username admin, password empty)
|
|
Now run this command again:
|
|
You must restart all running servers for the change in secure admin to take effect.
|
|
To change port from 8080 to 80, edit
|
|
change port to 80
|
|
To change application context root, edit
|
|
change context-root to /
|
|
Configuration Reference
Default Port Assignments
| Default Ports | Listener description |
|---|---|
| 4848 | Administration Console (also for Admin and Monitoring REST interfaces) |
| 8080 | HTTP |
| 8181 | HTTPS |
| 8686 | JMX service |
| 3700 | IIOP |
| 3820 | IIOP/SSL |
| 3920 | IIOP/SSL with mutual authentication |
| 22 | SSH port |
| 9009 | Java debugger |
| 7676 | JMS provider |
| Auto-generated from the operating system’s dynamic port range | Message Queue TCP port |
| Auto-generated from the operating system’s dynamic port range | Message Queue Admin port |
| 9090 | GMS TCP start port |
| 9200 | GMS TCP end port |
| Auto-generated between GMS TCP start and end ports | GMS listener port |
| Auto generated between 2048 and 49151 | GMS multicast port |
Default Paths And File Names
| Placeholder | Value |
|---|---|
| as-install | user’s-home-directory/glassfish7/glassfish |
| as-install-parent | user’s-home-directory/glassfish7 |
| domain-root-dir | as-install/domains/ |
| domain-dir | domain-root-dir/domain-name |
| instance-dir | domain-dir/instance-name |
Default Administration Values
| Description | Default Value or Location |
|---|---|
| Domain name | domain1 |
| Master password | changeit |
| asadmin command-line utility | as-install/bin/asadmin |
| Configuration files | domain-dir/config |
| Log files | domain-dir/logs |
Fine-tuning
Read more
Display a list of command-line options that are passed to the Java application launcher when GlassFish Server is started.
|
|
To change jvm options, edit
|
|
Lists the instrumented HotSpot Java Virtual Machines. Get pid just like ps in linux.
|
|
Prints a histogram of the heap.
|
|
Prints a heap summary.
|
|
Guidelines for Calculating Java Heap Sizing
| Space | Command Line Option | Occupancy Factor |
|---|---|---|
| Java heap | -Xms and -Xmx | 3x to 4x old generation space occupancy after full garbage collection |
| Permanent Generation | -XX:PermSize -XX:MaxPermSize | 1.2x to 1.5x permanent generation space occupancy after full garbage collection |
| Young Generation | -Xmn | 1x to 1.5x old generation space occupancy after full garbage collection |
| Old Generation | Implied from overall Java heap size minus the young generation size | 2x to 3x old generation space occupancy after full garbage collection |
As a sample
- Having 2GB RAM => -Xms512m -Xmx1024m -XX:CompileThreshold=8000 -XX:PermSize=256m -XX:MaxPermSize=512m
- Having 8GB RAM => -Xms2048m -Xmx4096m -XX:CompileThreshold=8000 -XX:PermSize=1024m -XX:MaxPermSize=2048m
Install certificates
This will go into detail on how to install certificates on GLASSFISH Server.
- CREATE DIRECTORY FOR THE KEYSTORE AND CSR:
Open a command prompt and type the following:
|
|
Then cd to the newly created directory by typing the following command:
|
|
- CREATE KEYSTORE:
Use the following command to create a keystore:
|
|
You will be prompted to enter keystore password. The default password that comes with glassfish is changeit except you have changed yours. Afterwards, you will be prompted for the following:
Ensure the details filled in here correspond to those communicated at the point of purchasing,
|
|
When all these have been filled in, you will be shown the summary to confirm accuracy. Type y and press enter. You will then be prompted to enter the key password for youralias. Press enter if you are using the default password.
- GENERATE CSR:
Use the following command to generate a CSR
|
|
Note: Use the same alias name you used for generating the keystore.
- IMPORT ROOT CERTIFICATE TO
cacerts.jksANDkeystore.jks:
|
|
- IMPORT INTERMEDIATE CERTIFICATE TO
cacerts.jksANDkeystore.jks:
|
|
|
|
Note: Use a Unique alias name for each intermediate certificate.
- IMPORT MAIN CERTIFICATE TO
keystore.jks(THE ALIAS SHOULD BE SAME AS THAT OF THE KEYSTORE):
|
|
You should you should receive a message (Certificate reply was installed in keystore) if successful. It should NOT match the output of Step 1 or 2 above.
- CONFIGURE HTTP-LISTENER-2:
On the Glassfish Admin console, go to Configurations -> Server Config -> http-listener-2 and:
- Under the General tab, change the port from 8181 to 443
- Under the SSL tab, change the Certificate NickName from s1as to the alias of the main certificate (youralias) (which should be the same as the keystore alias)
- Save
- REFERENCE INSTALLED CERTIFICATE IN THE DOMAIN.XML:
Open the /config/domain.xml and replace all references of s1as with the alias of the installed certificate (youralias).
Commands
change-master-password
Each asadmin command accepts argument –passwordfile to instruct it to read all the necessary passwords from it to avoid asking for passwords interactively. But it’s a bit tricky to find out how to define passwords in this password file, because it’s used for multiple types of passwords.
- admin password with prefix
AS_ADMIN_PASSWORD, default is empty password - master password with prefix
AS_ADMIN_MASTERPASSWORD, default is “changeit” - user password with prefix
AS_ADMIN_USERPASSWORD - alias password with prefix
AS_ADMIN_ALIASPASSWORD
The default master password is changeit. You may want to change it by following command:
|
|
Using --savemasterpassword=true will save the password to the disk so that asadmin start-domain command doesn’t prompt for password. If you don’t want to store the password, omit this option.
Starting, Stopping, Restarting
|
|
Adding Resources
|
|
Creating AuthRealm
|
|
During the creation of AuthRealm, if you get “remote failure: Creation of Authrealm jdbcbid failed.”, it turns out that the problem was locale language of JVM. After adding the following properties to JVM Options in Glassfish, everything will begin to work properly.
|
|
Then restart server to apply changes.
Deploying, Undeploying
|
|
To prevent password entry each time
In order to save typing “admin username” and “password” every time you deploy or undeploy an application, create a password file pwdfile with content:
|
|
Add –passwordfile in command:
|
|
Now the prompt for username/password won’t appear.
Recover Glassfish admin password
changeit
|
|
empty
|
|
Glassfish mail-resource for domain, gmail and yandex using no-ssl, ssl, tls
Domain settings with no-ssl
|
|
Gmail settings with SMTP Relay, SMTP Authentication and TLS encryption using an App Password
- Enable 2-Step Verification: Gmail account > Security
- Generate an App Password: Gmail account > Security > 2-Step Verification > App Passwords
- Your app password should be something like this;
abcd efgh ijkl mnop. Remove the whitespaces when using it.
|
|
Gmail settings with ssl
|
|
Yandex settings with ssl
|
|
alternatedocroot example
glassfish-web.xml
|
|
xhtml file
|
|
Note: Be sure that there is “/Users/[username]/Developments/backup/images” directory Note: use “value” attribute, not “name” attribute
JDBC connection pool and datasource
|
|
To create a connection pool that supports distributed transaction, use com.mysql.jdbc.jdbc2.optional.MysqlXADataSource as datasourceclassname, and set --restype javax.sql.XADataSource option:
|
|
Run asadmin ping-connection-pool test-pool to verify whether the created connection pool can connect to the database. The database server needs to be running.
Configurations
According to the Glassfish Documentation, you can basically use server-config.
The default-config configuration is a special configuration that acts as a template for creating named configurations. Clusters and instances cannot refer to the default-config configuration. The default-config configuration can only be copied to create configurations.
So, below commands makes the same changes.
|
|
Performance
Refer the documentation Optimize GlassFish Performance in a Production Environment
HTTP Compression
Edit [GLASSFISH_HOME]/glassfish/domains/domain1/config/domain.xml and change http-listener-1 and http-listener-2 under server-config configuration.
|
|
Set/configure the EJB Timer Service’s DataSource
Database setup
Create the table EJB__TIMER__TBL from [GLASSFISH_HOME]/glassfish/lib/install/databases/ejbtimer_[DB_ENGINE].sql. DB_ENGINE is MySQL for example.
|
|
Server configuration
- Start your GlassFish server admin console: usually http://localhost:4848
- On your left navigate to [Configurations] > [server-config] > [EJB Container]
- Then click the TAB up top [EJB Timer Service]
- Then fill out Timer Datasource: with your JDBC Resource eg. [mysql-pu]. ( Note: Defaults to jdbc/__TimerPool)
- Restart the Server
The result
|
|
Still Broken? TimerService just stopped working (it used to work)?
So this happened to me after a day full of “deploy on save”. The TimerService was unavailable all of a sudden.
|
|
Solution:
- Stop the Glassfish server
- Delete all the content from
{GLASSFISH_HOME}/glassfish/domains/yourdomainname/generated - Restart Glassfish
It works, but everytime I need to deploy I need to follow this procedure again.
Useful links
Realm
BASIC
- Go to http://localhost:4848 and login as admin to Admin interface.
- Go to Security -> Realms -> File
- Add a group name (Administrators:Members) to Assign Groups field.
- Open manage users at the top of the page.
- Click New and add an user (testuser) and give a password.
- Add
Administrators:Membersto the Group List. (Separate multiple groups with colon) - Put the below lines to
glassfish-web.xmlandweb.xml.
glassfish-web.xml
|
|
web.xml
|
|
Errors
Out-of-Memory exception
By changing the -Xmx JVM options in GLASSFISH_HOME/domains/domain1/config/domain.xml will solve the problem. Default value is <jvm-options>-Xmx512m</jvm-options>, set a higher value like <jvm-options>-Xmx1024m</jvm-options> instead.
If you have already done that or if it doesn’t resolve the OutOfMemoryError, then try and get a heap dump when the OOME occurs, then analyze it. To get a heap dump, add in domain.xml the following option: <jvm-options>-XX:+HeapDumpOnOutOfMemoryError</jvm-options>. This will cause Glassfish to generate a heap dump file with a .hprof extension. Once you have this file, you can analyze it with a tool such as Eclipse Memory Analyzer Tool to find out which object allocation is causing the JVM to throw an OOME.
software.amazon.awssdk.core.exception.SdkClientException: Unable to execute HTTP request: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
- Amazon AWS Server Authentication
- SunCertPathBuilderException: unable to find valid certification path to requested target
- Let’s Encrypt. Glassfish. AWS EC2.
- Root certificates for Stripe domains
- amazon trust services
Solution:
- openssl s_client -connect server:port -showcerts
- copy the text from cert you want into a file
- keytool -import -trustcacerts -file [-keystore mystore]
Example:
Grab the server certificate and save it to yourcert.pem file
|
|
or directly save it to yourcert.pem file
|
|
Copy the text from cert you want into a file. In this example name it as yourcert.pem
Import root and intermediate certificates to the trusted root certificate
For JAVA
|
|
For GlassFish
|
|
And restart the GlassFish server.
Other useful commands
|
|
java.lang.NoSuchMethodError: sun.security.ssl.Handshaker.setApplicationProtocols([Ljava/lang/String;)V
The problem is that Glassfish embeds an old version of the SUN implementation (sun.security.ssl.SSLSessionImpl). Removing it will resolve the problem.
|
|
other commands to remove a file or a folder
|
|
TLS ALPN (Application-Layer Protocol Negotiation) support is not available. HTTP/2 support will not be enabled.
Error generating artifacts for the following WSDL []. Possible causes can be invoking https when the application is not configured for security.
When try to go to the local SOAP URL both ?WSDL and ?Tester links work fine.
When go to the remote SOAP URL (JAX-WS) ?WSDL link works, but ?Tester is not due to this error.
The problem is caused by the default setting restricting access to External Schema. By default in IDE we use -Djavax.xml.accessExternalSchema=all as vmArg in IDE’s settings or in maven pom file.
If you are deploying to the GlassFish Server you need to modify the configuration file of the GlassFish Server (domain.xml) to enable the server to access external schemas to parse the wsdl file and generate the test client. To enable access to external schemas, open the GlassFish configuration file (GLASSFISH_INSTALL/glassfish/domains/domain1/config/domain.xml) and add the following JVM option element. You will need to restart the server for the change to take effect.
|
|
Connection could not be allocated because: Cannot open file:GLASSFISH_HOME/glassfish/domains/domain1/config/keystore.jks
Add allowPublicKeyRetrieval=true and useSSL=false in GlassFish Admin Console JDBC > JDBC Connection Pools > Additional Properties.
or add them to glassfish-resources.xml
|
|
or import certificate into glassfish and change the master password. In domain.xml, the following 2 lines needed to be added in the jvm-options area.
|
|
The Master Password is required to start the domain. No console, no prompting possible. You should either create the domain with –savemasterpassword=true or provide a password file with the –passwordfile option. Command start-domain failed.
This error occurs after running glassfish image on docker compose.