4 Replies Latest reply on Feb 23, 2015 11:55 AM by goodlifester

    How to redirect http to https with port forwarding

    goodlifester
    goodlifester Feb 20, 2015 7:41 PM

      Hi, I'm upgrading our app server from 4.2.3 to Wildfly 8.2. Here's my setup:

       

      WildFly 8.2

      Linux - Ubuntu 12.4

      http - port 8080

      https - port 8443

      and use iptables to forward port 80 -> 8080, 443 -> 8443

       

      I have some resources that need to be forwarded to HTTPS if the visitor uses port 80 in the browser, so I added this block to my web.xml:

      <user-data-constraint>

                  <transport-guarantee>CONFIDENTIAL</transport-guarantee>

      </user-data-constraint>

       

      However, the server redirects the page to https://<myresource>:8443, instead of https://<myresource>:443.

       

      Is there a way to make this redirect to the correct port without writing my own custom handler? I'm comfortable to write custom code if I have to, but it would be nice if there's a configuration to accomplish this that I am not aware of.

       

      Thanks very much!

       

      Hong

      • 5516 Views
      • Tags:
        • 1. Re: How to redirect http to https with port forwarding
          xkylex
          xkylex Feb 22, 2015 3:55 AM (in response to goodlifester)

          You may need to:

          1. Define a socket-binding of 443
          2. Specify newly created socket-binding in redirect-socket attribute of http-listener

           

          With jboss-cli you can configure it with following command:

           

          /socket-binding-group=standard-sockets/socket-binding=https-external:add(port=443)

          /subsystem=undertow/server=default-server/http-listener=default:write-attribute(name=redirect-socket,value="https-external")

           

          Also my blog posting looks similar so might be useful: http://www.nailedtothex.org/roller/kyle/entry/configuring-wildfly-as-a-standalone

            • Actions
          • 2. Re: How to redirect http to https with port forwarding
            goodlifester
            goodlifester Feb 23, 2015 11:30 AM (in response to xkylex)

            Thanks for your suggestion, but it doesn't solve the problem I'm asking

             

            The primary reason I need to do port forwarding from 443 to 8443 to begin with is to avoid having a listener on port 443( which would require running the JBoss process with ROOT privilege, not a good practice in a production environment ).

             

            Anyone aware of a solution to this issue?

             

            Thanks!

              • Actions
            • 3. Re: How to redirect http to https with port forwarding
              ctomc
              ctomc Feb 23, 2015 11:34 AM (in response to goodlifester)

              What Kohei suggested is correct fix for this.

               

              you will still have https-listener bound to 8443 but redirect-socket is set to 443.

              What this does is that when server needs to redirect to secure site (transport=confidential) it will take configuration of redirect-socket to redirect to that port.

              in suggested solution that would be 443. When redirect is send to the browser, browser will connect back to :443 where you proxy server is listening and forwarding requests to wildfly on 8443

              1 of 1 people found this helpful
                • Actions
              • 4. Re: How to redirect http to https with port forwarding
                goodlifester
                goodlifester Feb 23, 2015 11:55 AM (in response to ctomc)

                Thanks very much Tomaz for the clarification, and thank you Kohei for the solution, it actually IS the correct solution. What I missed that I don't need a https-listener referencing socket-binding 443.

                  • Actions