Activate proxy-address-forwarding for Wildfly management console

mobe Jun 7, 2018 1:44 PM

I am trying to access the wildfly management console via an nginx reverse proxy. I have already read some instructions on this.

The proxying works fine when I forward http://myapp.com:9990 to http://internal-wildfly-host:9990.

However, when I change this to HTTPS to HTTP forwarding, i.e.https://myapp.com:9990 to http://internal-wildfly-host:9990, I am receiving 403 Forbidden responses in my browser when the console loads and accesses /management.

This request fails in org.jboss.as.domain.http.server.cors.CorsUtil#matchOrigin as wildfly attempts to construct a default origin with org.jboss.as.domain.http.server.cors.CorsUtil#defaultOrigin. There it retrieves the protocol from the http exchange but this protocol resolves to http instead of https although the request contains an X-Forwarded-Proto header. I have also verified, that io.undertow.server.handlers.ProxyPeerAddressHandler is not invoked for the /management request which is the reason why the correct protocol is not set on the http exchange.

For normal http requests that target my deployed webapps in Wildfly, the proxy peer address handler is invoked. So it seems that <http-listener proxy-address-forwarding="false"/> has no effect on management console requests. So my question is, how can I activate proxy address forwarding for management console requests?

1. Re: Activate proxy-address-forwarding for Wildfly management console

mchoma Jun 8, 2018 8:33 AM (in response to mobe)

That can be problem as management http interface has much less options to configure that undertow http-listener.

Can allowed-origins [1] help in your situation?

[1] WildFly 13.0 Model Reference
Actions