On Debian 13:
sudo apt update
sudo apt install openjdk-17-jdk
On RHEL 10:
sudo dnf install java-17-openjdk-devel
Verify:
java -version
sudo useradd --system --home /opt/wildfly --shell /usr/sbin/nologin wildfly
Install unzip if needed.
On Debian 13:
sudo apt install unzip
On RHEL 10:
sudo dnf install unzip
cd /tmp
WILDFLY_VERSION=39.0.1.Final
curl -LO "https://github.com/wildfly/wildfly/releases/download/${WILDFLY_VERSION}/wildfly-${WILDFLY_VERSION}.zip"
sudo mkdir -p /opt/wildfly
sudo unzip -q "wildfly-${WILDFLY_VERSION}.zip" -d /opt
EXTRACTED_DIR="/opt/wildfly-${WILDFLY_VERSION}"
sudo mv "${EXTRACTED_DIR}"/* /opt/wildfly/
sudo chown -R wildfly:wildfly /opt/wildfly
Check the latest version before installation:
https://github.com/wildfly/wildfly/releases
sudo -u wildfly /opt/wildfly/bin/add-user.sh
sudo tee /etc/systemd/system/wildfly.service >/dev/null <<'SERVICE'
[Unit]
Description=WildFly Application Server
After=network.target
[Service]
Type=simple
User=wildfly
Group=wildfly
Environment=WILDFLY_HOME=/opt/wildfly
Environment=JAVA_HOME=/usr/lib/jvm/java-17-openjdk
ExecStart=/opt/wildfly/bin/standalone.sh -b 0.0.0.0
Restart=on-failure
LimitNOFILE=102642
NoNewPrivileges=yes
PrivateTmp=yes
ProtectSystem=full
ProtectHome=true
ProtectControlGroups=yes
ProtectKernelTunables=yes
ProtectKernelModules=yes
LockPersonality=yes
RestrictRealtime=yes
RestrictSUIDSGID=yes
RestrictNamespaces=yes
SystemCallArchitectures=native
CapabilityBoundingSet=
AmbientCapabilities=
[Install]
WantedBy=multi-user.target
SERVICE
Note: On Debian, you may need to set JAVA_HOME to /usr/lib/jvm/java-17-openjdk-amd64.
If your app needs write access outside /opt/wildfly, add ReadWritePaths= entries to the service.
Stronger hardening (optional). This reduces filesystem/device access and may need ReadWritePaths for app data. If WildFly fails to start, remove or relax these:
ProtectSystem=strict
PrivateDevices=yes
ProtectClock=yes
ProtectHostname=yes
ProtectKernelLogs=yes
ProtectProc=invisible
RestrictAddressFamilies=AF_UNIX AF_INET AF_INET6
RestrictFileSystems=ext4 xfs
UMask=0077
Enable and start:
sudo systemctl daemon-reload
sudo systemctl enable --now wildfly
On UFW:
sudo ufw allow 8080/tcp
sudo ufw allow 9990/tcp
On firewalld:
sudo firewall-cmd --permanent --add-port=8080/tcp
sudo firewall-cmd --permanent --add-port=9990/tcp
sudo firewall-cmd --reload
http://SERVER_IP:8080http://SERVER_IP:9990/console9990/tcp in the firewall to trusted admin IPs only.8080.Do you need help or support for WildFly? Feel free to contact us!
Prefer automation? Choose your deployment method:
| Method | Description | Playbook |
|---|---|---|
| Native Installation | Installs WildFly directly on the host system | WildFly Ansible Setup |
| Docker Deployment | Deploys WildFly using Docker Compose | WildFly Docker Ansible Setup |
Prefer manual container setup? See WildFly Docker Setup.
See WildFly Configuration for configuration guidance.
See WildFly Security for hardening and operational security controls.
Any questions?
Feel free to contact us. Find all contact information on our contact page.