0 Replies Latest reply on Sep 5, 2019 12:40 AM by AJ List

    Proxy Protocol configuration in Wildfly

    AJ List Newbie

      I am using Wildfly 15 and HAProxy as a front end load balancer.  Wildfly added support for Proxy Protocol a few versions ago.  According to the documentation, the https listener needs a proxy-protocol="true" attribute.

       

      I'm surprised there aren't more people interested in this, to get the actual client IP through a load balanced TCP connection, but maybe everyone is doing SSL termination on the load balancer instead.  (Everything in my app is done over https)

       

      Anyway, trying to connect from a Java client application, HAProxy is passing the traffic, but the client gets a "Remote host closed connection during handshake." error with Wildfly.

       

      in HAProxy, my backend is configured as follows, using Proxy Protocol v1 (according to the Wildfly docs, only v1 is supported, but I've tried with v2 as well:)

      backend app-test-backend

              mode tcp

              balance source

              stick-table type ip size 1m expire 10s store http_req_rate(10s)

              server dev-app-f1 X.X.X.X:8443 check send-proxy

              server dev-app-f2 X.X.X.Y:8443 check send-proxy

              stats enable

       

      in Wildfly, my listeners are configured as follows:

       

      <http-listener name="default" socket-binding="http" redirect-socket="https" enable-http2="true"/>

      <https-listener name="https" socket-binding="https" max-post-size="104857600" security-realm="ApplicationRealm" enabled-protocols="TLSv1.2" enable-http2="true" proxy-protocol="true"/>

       

      Everything works fine with the send-proxy attribute removed from HAPproxy and the proxy-protocol attribute removed in Wildfly - I just see the IP of the load balancer instead of the actual client IP.  What else needs to be done to get this to work?  Thanks in advance.