Multiple IP/Multiple SSL configs lead to 404 on anything but main IP/SSL combo.
gir489 Sep 13, 2017 3:55 PMI'm trying to implement SSL the same way we had it on JBoss 4, having it return a different SSL certificate based on the domain the user is coming from.
I found the following tutorial on google: Programming Notes and Examples: Wildfly Multiple IP and Multiple SSL Certificate
But whenever I attempt to access .81-.83, I get the SSL certificate back, but then I get a 404. It doesn't seem to be forwarding the request to our web.xml defined struts action. If I connect to it on .80, I get the mainsite SSL certificate, and everything works fine.
Here are the relevant bits of standalone.xml:
<?xml version='1.0' encoding='UTF-8'?> <server xmlns="urn:jboss:domain:4.0"> <management> <security-realms> <security-realm name="ManagementRealm"> <authentication> <local default-user="$local" skip-group-loading="true"/> <properties path="mgmt-users.properties" relative-to="jboss.server.config.dir"/> </authentication> <authorization map-groups-to-roles="false"> <properties path="mgmt-groups.properties" relative-to="jboss.server.config.dir"/> </authorization> </security-realm> <security-realm name="ApplicationRealm"> <authentication> <local default-user="$local" allowed-users="*" skip-group-loading="true"/> <properties path="application-users.properties" relative-to="jboss.server.config.dir"/> </authentication> <authorization> <properties path="application-roles.properties" relative-to="jboss.server.config.dir"/> </authorization> </security-realm> <security-realm name="main"> <server-identities> <ssl> <keystore path="Keystores/mainhost.jks" relative-to="jboss.home.dir" keystore-password="testpassword"/> </ssl> </server-identities> </security-realm> <security-realm name="site1"> <server-identities> <ssl> <keystore path="Keystores/site1.jks" relative-to="jboss.home.dir" keystore-password="testpassword"/> </ssl> </server-identities> </security-realm> <security-realm name="site2"> <server-identities> <ssl> <keystore path="Keystores/site2.jks" relative-to="jboss.home.dir" keystore-password="testpassword"/> </ssl> </server-identities> </security-realm> <security-realm name="site3"> <server-identities> <ssl> <keystore path="Keystores/site3.jks" relative-to="jboss.home.dir" keystore-password="testpassword"/> </ssl> </server-identities> </security-realm> </security-realms> </management> <profile> <subsystem xmlns="urn:jboss:domain:undertow:3.0" instance-id="supercoolwebsite" > <buffer-cache name="default"/> <server name="default-server"> <http-listener name="default" max-parameters="10000" socket-binding="http" redirect-socket="https" /> <https-listener name="https" max-parameters="10000" security-realm="main" socket-binding="https"/> <host name="default-host" alias="localhost"> <access-log prefix="access." directory="./server/standalone/log"/> <filter-ref name="404-handler" predicate="true"/> </host> </server> <server name="site1_server"> <http-listener name="http_site1" max-parameters="10000" socket-binding="http_site1" redirect-socket="https_site1" /> <https-listener name="https_site1" max-parameters="10000" security-realm="site1" socket-binding="https_site1"/> <host name="site1_host" alias="site1.com"> <access-log prefix="access." directory="./server/standalone/log"/> <filter-ref name="404-handler" predicate="true"/> </host> </server> <server name="site2_server"> <http-listener name="http_site2" max-parameters="10000" socket-binding="http_site2" redirect-socket="https_site2" /> <https-listener name="https-site2" max-parameters="10000" security-realm="site2" socket-binding="https_site2"/> <host name="site2_host" alias="site2.com,www.site2.com"> <access-log prefix="access." directory="./server/standalone/log"/> <filter-ref name="404-handler" predicate="true"/> </host> </server> <server name="site3_server"> <http-listener name="http_site3" max-parameters="10000" socket-binding="http_site3" redirect-socket="https_site3" /> <https-listener name="https-site3" max-parameters="10000" security-realm="site3" socket-binding="https_site3"/> <host name="site3_host" alias="site3.com"> <access-log prefix="access." directory="./server/standalone/log"/> <filter-ref name="404-handler" predicate="true"/> </host> </server> <servlet-container name="default" stack-trace-on-error="none"> <jsp-config development="true"/> <websockets/> <session-cookie secure="true" http-only="true" /> </servlet-container> <filters> <error-page name="404-handler" code="404" path="\static\html\404.html"/> </filters> </subsystem> </profile> <interfaces> <interface name="management"> <inet-address value="${jboss.bind.address.management:127.0.0.1}"/> </interface> <interface name="public"> <inet-address value="${jboss.bind.address:127.0.0.1}"/> </interface> <interface name="public_site1"> <inet-address value="192.168.12.81"/> </interface> <interface name="public_site2"> <inet-address value="192.168.12.82"/> </interface> <interface name="public_site3"> <inet-address value="192.168.12.83"/> </interface> </interfaces> <socket-binding-group name="standard-sockets" default-interface="public"> <socket-binding name="management-http" interface="management" port="${jboss.management.http.port:9990}"/> <socket-binding name="management-https" interface="management" port="${jboss.management.https.port:9993}"/> <socket-binding name="ajp" port="${jboss.ajp.port:8009}"/> <socket-binding name="http" port="${jboss.http.port:80}"/> <socket-binding name="https" port="${jboss.https.port:443}"/> <socket-binding name="http_site1" port="${jboss.http.port:80}" interface="public_site1" /> <socket-binding name="https_site1" port="${jboss.https.port:443}" interface="public_site1"/> <socket-binding name="http_site2" port="${jboss.http.port:80}" interface="public_site2" /> <socket-binding name="https_site2" port="${jboss.https.port:443}" interface="public_site2"/> <socket-binding name="http_site3" port="${jboss.http.port:80}" interface="public_site3" /> <socket-binding name="https_site3" port="${jboss.https.port:443}" interface="public_site3"/> </socket-binding-group> </server>