4 Replies Latest reply on Jan 23, 2019 8:53 PM by gipathak

WildFly: reverse proxy with https

idannehl Jan 12, 2015 9:16 AM

Hi all,

I use WildFly 8.2.0.Final. I want to configure it as a reverse proxy. The incoming request are received via HTTP but the outgoing request to a remote destination should be sent via HTTPS. WildFly should add the SSL encryption to the request before sending it to the remote destination.

My configuration in standalone.xml:

...

<http-listener name="default" socket-binding="http"/>

<https-listener name="https" socket-binding="https" security-realm="UndertowRealm"/>

<location name="/myservices/services/" handler="myproxy"/>

<filter-ref name="server-header"/>

<filter-ref name="x-powered-by-header"/>

</host>

</server>

...

<reverse-proxy name="myproxy">

<host name="myHost" scheme="https" outbound-socket-binding="https-remote" instance-id="myRoute" path="/myservices/services/"/>

</reverse-proxy>

</handlers>

...

</subsystem>

...

<socket-binding-group name="standard-sockets" default-interface="public" port-offset="${jboss.socket.binding.port-offset:0}">

...

<outbound-socket-binding name="https-remote">

<remote-destination host="myHost" port="8443"/>

</outbound-socket-binding>

</subsystem>

When I use the scheme "http" the reverse proxy works fine. But when I switch to the scheme "https" I get the following error at client side:

"503 - Service Unavailable"

Can anybody help me please to find the right configuration or is HTTPS not supported by the reverse proxy?

Any help would be appreciated.

Thanks

Ines

1. Re: WildFly: reverse proxy with https

ctomc Jan 12, 2015 10:03 AM (in response to idannehl)
This *should* work as support for https proxy was added in 8.2 (Undertow 1.1 that is used in 8.2)

any chance you can configure logging to TRACE
org.wildfly.extension.undertow
io.undertow
org.xnio.nio
categories which should show you what exactly is going on
Actions
2. Re: WildFly: reverse proxy with https

idannehl Jan 13, 2015 3:46 AM (in response to ctomc)

I added the TRACE logging and got the following output:

2015-01-13 08:05:00,476 TRACE [io.undertow.request] (default I/O-1) Opened connection with /127.0.0.1:56256
2015-01-13 08:05:00,507 DEBUG [io.undertow.request] (default I/O-1) Failed to connect: java.io.IOException: UT000065: SSL must be specified to connect to a https URL
    at io.undertow.client.http.HttpClientProvider.connect(HttpClientProvider.java:90)
    at io.undertow.client.UndertowClient.connect(UndertowClient.java:158)
    at io.undertow.server.handlers.proxy.ProxyConnectionPool.openConnection(ProxyConnectionPool.java:204)
    at io.undertow.server.handlers.proxy.ProxyConnectionPool.connect(ProxyConnectionPool.java:419)
    at io.undertow.server.handlers.proxy.LoadBalancingProxyClient.getConnection(LoadBalancingProxyClient.java:277)
    at io.undertow.server.handlers.proxy.ProxyHandler$ProxyClientHandler.run(ProxyHandler.java:255)
    at io.undertow.util.SameThreadExecutor.execute(SameThreadExecutor.java:35)
    at io.undertow.server.Connectors.executeRootHandler(Connectors.java:210)
    at io.undertow.server.protocol.http.HttpReadListener.handleEventWithNoRunningRequest(HttpReadListener.java:181)
    at io.undertow.server.protocol.http.HttpReadListener.handleEvent(HttpReadListener.java:108)
    at io.undertow.server.protocol.http.HttpOpenListener.handleEvent(HttpOpenListener.java:130)
    at io.undertow.server.protocol.http.HttpOpenListener.handleEvent(HttpOpenListener.java:81)
    at io.undertow.server.protocol.http.HttpOpenListener.handleEvent(HttpOpenListener.java:45)
    at org.xnio.ChannelListeners.invokeChannelListener(ChannelListeners.java:92) [xnio-api-3.3.0.Final.jar:3.3.0.Final]
    at org.xnio.ChannelListeners$10.handleEvent(ChannelListeners.java:291) [xnio-api-3.3.0.Final.jar:3.3.0.Final]
    at org.xnio.ChannelListeners$10.handleEvent(ChannelListeners.java:286) [xnio-api-3.3.0.Final.jar:3.3.0.Final]
    at org.xnio.ChannelListeners.invokeChannelListener(ChannelListeners.java:92) [xnio-api-3.3.0.Final.jar:3.3.0.Final]
    at org.xnio.nio.NioTcpServerHandle.handleReady(NioTcpServerHandle.java:53) [xnio-nio-3.3.0.Final.jar:3.3.0.Final]
    at org.xnio.nio.WorkerThread.run(WorkerThread.java:539) [xnio-nio-3.3.0.Final.jar:3.3.0.Final]

Where can I configure the SSL for outgoing requests?

Regards
Ines
Actions
3. Re: Re: WildFly: reverse proxy with https

idannehl Jan 22, 2015 4:24 AM (in response to idannehl)

Hi Tomaz,

I debugged WildFly to find out what causes the problem.
I figured out that the Host in the LoadBalancingProxyClient which is used by the ReverseProxyHostService is always created with ssl = null:

org.wildfly.extension.undertow.handlers.ReverseProxyHandlerHost:
ReverseProxyHostService:
@Override
        public void start(StartContext startContext) throws StartException {
            final LoadBalancingProxyClient client = (LoadBalancingProxyClient) proxyHandler.getValue().getProxyClient();
            try {
                client.addHost(new URI(name), instanceId);
            } catch (URISyntaxException e) {
                throw new StartException(e);
            }
}

io.undertow.server.handlers.proxy.LoadBalancingProxyClient:
public synchronized LoadBalancingProxyClient addHost(final URI host, String jvmRoute) {
        return addHost(host, jvmRoute, null);
    }
public synchronized LoadBalancingProxyClient addHost(final URI host, String jvmRoute, XnioSsl ssl) {

        Host h = new Host(jvmRoute, null, host, ssl, OptionMap.EMPTY);
...
}

This causes the execption.
It seems that the scheme "https" for the reverse proxy is not yet supported in WildFly 8.2.0.Final.
I found no way to configure the ssl for the reverse proxy host in standalone.xml.
When will this be implemented?

Kind regards
Ines
Actions
4. Re: WildFly: reverse proxy with https

gipathak Jan 23, 2019 8:53 PM (in response to idannehl)

Hi Ines, I also having similar problem , I am using "wildfly12 undertow load balancer" with scheme "https" but still getting "503 - Service Unavailable" . I am getting the following error: ERROR [io.undertow.proxy] (default I/O-3) UT005028: Proxy request to /auth failed: java.nio.channels.ClosedChannelException at io.undertow.client.http.HttpClientConnection$5.handleEvent(HttpClientConnection.java:188) at io.undertow.client.http.HttpClientConnection$5.handleEvent(HttpClientConnection.java:167) at org.xnio.ChannelListeners.invokeChannelListener(ChannelListeners.java:92) at org.xnio.StreamConnection.invokeCloseListener(StreamConnection.java:80) at org.xnio.Connection.writeClosed(Connection.java:117) at io.undertow.protocols.ssl.UndertowSslConnection.writeClosed(UndertowSslConnection.java:145) at io.undertow.protocols.ssl.SslConduit.notifyWriteClosed(SslConduit.java:588) at io.undertow.protocols.ssl.SslConduit.closed(SslConduit.java:996) at io.undertow.protocols.ssl.SslConduit.close(SslConduit.java:1092) at io.undertow.protocols.ssl.SslConduit.doUnwrap(SslConduit.java:803) at io.undertow.protocols.ssl.SslConduit.doHandshake(SslConduit.java:648) at io.undertow.protocols.ssl.SslConduit.access$900(SslConduit.java:63) at io.undertow.protocols.ssl.SslConduit$5$1.run(SslConduit.java:1059) at org.xnio.nio.WorkerThread.safeRun(WorkerThread.java:612) at org.xnio.nio.WorkerThread.run(WorkerThread.java:479) Could you please help me on this , how you resolved your problem ?
Actions

Go to original post