2.1. Configuring the Firewall(s)
Typically, the application server and database server are deployed behind a router (NAT/firewall) device. The port-forwarding on the device must be configured as follows:
- Allow HTTP traffic: forward port 80 to the web server. Note: the web server may be deployed to the same physical server as the application server.
- Allow Java Naming and Directory Interface (JNDI) traffic: forward to the application server.
- Allow Java Remote Method Invocation (RMI) traffic: forward to the application server.
Note: modern routers support configuration of port-forwarding using a simple web-interface that can be accessed using an admin account. Consult the router vendor’s documentation for details.
In the <application>.properties files, the following settings can be configured:
- The FServer.proxy must be configured to reference the hostname (or IP address) of the router/firewall that the server is behind.
- The FServer.hostname must be configured to reference the hostname (or IP address) of the application server.
- Optionally, the <JNDI Port> can be configured using the FServer.rmiRegistryPort property. The default is 1099.
- Optionally, the <RMI Port> can be configured using the FManager.port property. The default is 1098.
Note: it is very common for both servers and client to have software firewalls which are typically integrated into the operating system. These must be treated in a similar way as hardware firewalls; however, the ports must be ‘opened’ instead of being ‘forwarded’.