Can't access Wildfly 10 console through TLS/HTTPS port.
alkoch Nov 6, 2018 1:59 PMHello,
I am running Wildfly 10 on Ubuntu 16.4 and have implemented TLS using a certificate from Let's Encrypt. Here is standalone.xml:
<socket-binding-group name="standard-sockets" default-interface="public" port-offset="${jboss.socket.binding.port-offset:0}">
<socket-binding name="management-http" interface="management" port="${jboss.management.http.port:<ConsoleHTTPPort>}"/>
<socket-binding name="management-https" interface="management" port="${jboss.management.https.port:<ConsoleTLSPort>}"/>
<socket-binding name="ajp" port="${jboss.ajp.port:8009}"/>
<socket-binding name="http" port="${jboss.http.port::<AppHTTPPort>}"/>
<socket-binding name="https" port="${jboss.https.port:<AppTLSPort>}"/>
<socket-binding name="txn-recovery-environment" port="4712"/>
<socket-binding name="txn-status-manager" port="4713"/>
<outbound-socket-binding name="mail-smtp">
<remote-destination host="localhost" port="25"/>
</outbound-socket-binding>
</socket-binding-group>
<subsystem xmlns="urn:jboss:domain:undertow:3.1">
<buffer-cache name="default"/>
<server name="default-server">
<http-listener name="default" socket-binding="http" redirect-socket="https" enable-http2="true"/>
<https-listener name="https" socket-binding="https" security-realm="ApplicationRealm" enable-http2="true"/>
...
Everything appears to be functioning properly except that I am not able to access the Wildfly console using HTTPS through the port I associated with HTTPS. I am able to access the console using HTTP.
For example, this connects to the console as http:
http://<DomainInCert>:<ConsoleHTTPPort>/console/App.html#home
But this times out:
https://<DomainInCert>:<ConsoleTLSPort>/console/App.html#home
If it helps I also have seen this:
Submitting https://<DomainInCert>:<AppTLSPort>/ shows the Welcome to WildFly 10 page.
If I hover over the Administration Console link on that page it shows https://<DomainInCert>:<AppTLSPort>/console which seems correct for TLS access.
Clicking that link brings up the console but we get a popup requesting a Login with the message:
http://<DomainInCert>:<ConsoleHTTPPort> is requesting your username and password. The site says: “ManagementRealm”.
Even though the link I clicked was correct for TLS access this message shows a http link.
I log in and the address bar URL shows http://<DomainInCert>:<ConsoleHTTPPort>/console/App.html#home which is an http connection and not TLS.
Can someone tell me what:
1) What do I need to do to get console TRL access?
2) What does redirect-socket do in this:
<http-listener name="default" socket-binding="http" redirect-socket="https" enable-http2="true"/>
Thank you in advance.