3 Replies Latest reply on Jan 22, 2015 4:24 AM by idannehl

    WildFly: reverse proxy with https

    idannehl Newbie

      Hi all,

       

      I use WildFly 8.2.0.Final. I want to configure it as a reverse proxy. The incoming request are received via HTTP but the outgoing request to a remote destination should be sent via HTTPS. WildFly should add the SSL encryption to the request before sending it to the remote destination.

       

      My configuration in standalone.xml:

       

      <subsystem xmlns="urn:jboss:domain:undertow:1.2">

        ...

          

           <server name="default-server">

                <http-listener name="default" socket-binding="http"/>

                <https-listener name="https" socket-binding="https" security-realm="UndertowRealm"/>

                <host name="default-host" alias="localhost">

                     <location name="/" handler="welcome-content"/>

                     <location name="/myservices/services/" handler="myproxy"/>

                     <filter-ref name="server-header"/>

                     <filter-ref name="x-powered-by-header"/>

                </host>

           </server>

           ...

               <handlers>

               <file name="welcome-content" path="${jboss.home.dir}/welcome-content"/>

               <reverse-proxy name="myproxy">    

                    <host name="myHost" scheme="https" outbound-socket-binding="https-remote" instance-id="myRoute" path="/myservices/services/"/>   

               </reverse-proxy>

            </handlers>

           ...

      </subsystem>

      ...

      <socket-binding-group name="standard-sockets" default-interface="public" port-offset="${jboss.socket.binding.port-offset:0}">

           ...    

           <outbound-socket-binding name="https-remote">

            <remote-destination host="myHost" port="8443"/>

        </outbound-socket-binding>

      </subsystem>

       

      When I use the scheme "http" the reverse proxy works fine. But when I switch to the scheme "https" I get the following error at client side:

      "503 - Service Unavailable"

       

      Can anybody help me please to find the right configuration or is HTTPS not supported by the reverse proxy?

      Any help would be appreciated.

       

      Thanks

      Ines

        • 1. Re: WildFly: reverse proxy with https
          Tomaz Cerar Master

          This *should* work as support for https proxy was added in 8.2 (Undertow 1.1 that is used in 8.2)

           

          any chance you can configure logging to TRACE

          • org.wildfly.extension.undertow
          • io.undertow
          • org.xnio.nio

          categories which should show you what exactly is going on

          • 2. Re: WildFly: reverse proxy with https
            idannehl Newbie

            I added the TRACE logging and got the following output:

             

            2015-01-13 08:05:00,476 TRACE [io.undertow.request] (default I/O-1) Opened connection with /127.0.0.1:56256

            2015-01-13 08:05:00,507 DEBUG [io.undertow.request] (default I/O-1) Failed to connect: java.io.IOException: UT000065: SSL must be specified to connect to a https URL

                at io.undertow.client.http.HttpClientProvider.connect(HttpClientProvider.java:90)

                at io.undertow.client.UndertowClient.connect(UndertowClient.java:158)

                at io.undertow.server.handlers.proxy.ProxyConnectionPool.openConnection(ProxyConnectionPool.java:204)

                at io.undertow.server.handlers.proxy.ProxyConnectionPool.connect(ProxyConnectionPool.java:419)

                at io.undertow.server.handlers.proxy.LoadBalancingProxyClient.getConnection(LoadBalancingProxyClient.java:277)

                at io.undertow.server.handlers.proxy.ProxyHandler$ProxyClientHandler.run(ProxyHandler.java:255)

                at io.undertow.util.SameThreadExecutor.execute(SameThreadExecutor.java:35)

                at io.undertow.server.Connectors.executeRootHandler(Connectors.java:210)

                at io.undertow.server.protocol.http.HttpReadListener.handleEventWithNoRunningRequest(HttpReadListener.java:181)

                at io.undertow.server.protocol.http.HttpReadListener.handleEvent(HttpReadListener.java:108)

                at io.undertow.server.protocol.http.HttpOpenListener.handleEvent(HttpOpenListener.java:130)

                at io.undertow.server.protocol.http.HttpOpenListener.handleEvent(HttpOpenListener.java:81)

                at io.undertow.server.protocol.http.HttpOpenListener.handleEvent(HttpOpenListener.java:45)

                at org.xnio.ChannelListeners.invokeChannelListener(ChannelListeners.java:92) [xnio-api-3.3.0.Final.jar:3.3.0.Final]

                at org.xnio.ChannelListeners$10.handleEvent(ChannelListeners.java:291) [xnio-api-3.3.0.Final.jar:3.3.0.Final]

                at org.xnio.ChannelListeners$10.handleEvent(ChannelListeners.java:286) [xnio-api-3.3.0.Final.jar:3.3.0.Final]

                at org.xnio.ChannelListeners.invokeChannelListener(ChannelListeners.java:92) [xnio-api-3.3.0.Final.jar:3.3.0.Final]

                at org.xnio.nio.NioTcpServerHandle.handleReady(NioTcpServerHandle.java:53) [xnio-nio-3.3.0.Final.jar:3.3.0.Final]

                at org.xnio.nio.WorkerThread.run(WorkerThread.java:539) [xnio-nio-3.3.0.Final.jar:3.3.0.Final]

             

            Where can I configure the SSL for outgoing requests?

             

            Regards

            Ines

            • 3. Re: Re: WildFly: reverse proxy with https
              idannehl Newbie

              Hi Tomaz,

               

              I debugged WildFly to find out what causes the problem.

              I figured out that the Host in the LoadBalancingProxyClient which  is used by the ReverseProxyHostService is always created with ssl = null:


              org.wildfly.extension.undertow.handlers.ReverseProxyHandlerHost:

              ReverseProxyHostService:

              @Override

                      public void start(StartContext startContext) throws StartException {

                          final LoadBalancingProxyClient client = (LoadBalancingProxyClient) proxyHandler.getValue().getProxyClient();

                          try {

                              client.addHost(new URI(name), instanceId);

                          } catch (URISyntaxException e) {

                              throw new StartException(e);

                          }

              }


              io.undertow.server.handlers.proxy.LoadBalancingProxyClient:

              public synchronized LoadBalancingProxyClient addHost(final URI host, String jvmRoute) {

                      return addHost(host, jvmRoute, null);

                  }

              public synchronized LoadBalancingProxyClient addHost(final URI host, String jvmRoute, XnioSsl ssl) {

               

                      Host h = new Host(jvmRoute, null, host, ssl, OptionMap.EMPTY);

              ...

              }


              This causes the execption.

              It seems that the scheme "https" for the reverse proxy is not yet supported in WildFly 8.2.0.Final.

              I found no way to configure the ssl for the reverse proxy host in standalone.xml.

              When will this be implemented?


              Kind regards

              Ines