Wildfly 10.1 generates invalid redirects when behind multiple proxies
chrispoulsen Jul 13, 2017 9:50 AMHi,
We are trying to setup a system with multiple proxies: AWS load-balancer -> Spring Boot Zuul proxy -> Wildfly (simply forwarding port 80 through the chain exhibits the error).
Wildfly is configured with proxy-address-forwarding="true".
The Zuul proxy appends to the x-forwarded-* headers (like it is supposed to, if I understand the protocol correct). Wildfly generates invalid Location headers in that setup.
The dumped request/response looks like this:
==============================================================
2017-07-13 11:25:36,119 INFO [io.undertow.request.dump] (default task-6)
----------------------------REQUEST---------------------------
URI=/internal/
characterEncoding=null
contentLength=-1
contentType=null
header=accept=text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
header=accept-language=en
header=cache-control=no-cache
header=Accept-Encoding=gzip
header=pragma=no-cache
header=user-agent=Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:55.0) Gecko/20100101 Firefox/55.0
header=Connection=Keep-Alive
header=x-forwarded-proto=http,http
header=x-forwarded-port=80,80
header=x-forwarded-for=<my-ip>, <load-balancer-ip>
header=upgrade-insecure-requests=1
header=x-forwarded-host=<load-balancer-host-name>
header=host=<load-balancer-host-name>
locale=[en]
method=GET
protocol=HTTP/1.1
queryString=
remoteAddr=<my-ip>:0
remoteHost=<my-ip>
scheme=http,http
host=<load-balancer-host-name>
serverPort=0
--------------------------RESPONSE--------------------------
contentLength=0
contentType=null
header=Expires=-1
header=Cache-Control=no-cache
header=X-Powered-By=Undertow/1
header=Set-Cookie=JSESSIONID=gDFvl_3nY5rn9yUcj3sDaXN8dnMvjA6Ti9Lbm1_a.win-m5ucuvcm1t7; path=/internal
header=Server=WildFly/10
header=Location=http,http://<load-balancer-host-name>/internal/login/
header=Accept-Ranges=bytes
header=Date=Thu, 13 Jul 2017 11:25:36 GMT
header=Connection=keep-alive
header=Content-Length=0
status=302
==============================================================
So it seems like Wildfly/undertow does not handle the x-forwarded-proto header correctly (notice the "Location=http,http://<correct-url>" header that is returned in the redirect...)
Is there some kind of configuration magic that we are missing or is this a bug?