1 Reply Latest reply on Jun 8, 2018 8:33 AM by Martin Choma

    Activate proxy-address-forwarding for Wildfly management console

    Moritz Becker Newbie

      I am trying to access the wildfly management console via an nginx reverse proxy. I have already read some instructions on this.

       

      The proxying works fine when I forward http://myapp.com:9990 to http://internal-wildfly-host:9990.

       

      However, when I change this to HTTPS to HTTP forwarding, i.e.https://myapp.com:9990 to http://internal-wildfly-host:9990, I am receiving 403 Forbidden responses in my browser when the console loads and accesses /management.

      This request fails in org.jboss.as.domain.http.server.cors.CorsUtil#matchOrigin as wildfly attempts to construct a default origin with org.jboss.as.domain.http.server.cors.CorsUtil#defaultOrigin. There it retrieves the protocol from the http exchange but this protocol resolves to http instead of https although the request contains an X-Forwarded-Proto header. I have also verified, that io.undertow.server.handlers.ProxyPeerAddressHandler is not invoked for the /management request which is the reason why the correct protocol is not set on the http exchange.

       

      For normal http requests that target my deployed webapps in Wildfly, the proxy peer address handler is invoked. So it seems that <http-listener proxy-address-forwarding="false"/> has no effect on management console requests. So my question is, how can I activate proxy address forwarding for management console requests?