RConfig Reverse Proxy for Wildfly / Apache
Prerequisites
- Installed WildFly application server
- Running on port 8080 (or adjust configuration below)
- Console running on port 9990 (or adjust configuration below)
Necessary Headers
(to enable applications to serve correct URLs to the clients)
Forwarded(or allX-Forwarded-*headers below)X-Forwarded-ForX-Forwarded-Host/X-Original-HostX-Forwarded-Proto/X-Forwarded-SSL/X-ARR-SSL(on IIS)X-Original-URLX-Real-IP
Configuration Examples
IIS
All following configurations are to be placed in a sub directory of C:\inetpub\wwwroot.
Web.config for mapedit-core (in sub directory, e.g. mapedit-core)
<?xml version="1.0" encoding="UTF-8"?>
<configuration>
<system.webServer>
<rewrite>
<rules>
<!-- place this file in a folder named "mapedit-core" in "C:\inetpub\wwwroot\" folder -->
<rule name="ReverseProxyInboundMapEditCore" enabled="true" stopProcessing="true">
<match url="(.*)" />
<!-- adjust this URL to match WildFly server name and port -->
<action type="Rewrite" url="http://localhost:8080/mapedit-core/{R:1}" />
<serverVariables>
<!-- add this server variables in IIS to allowed server variables in URL Rewrite view -->
<set name="HTTP_X_Original_Host" value="{HTTP_HOST}" />
<set name="HTTP_X_Real_IP" value="{REMOTE_ADDR}" />
<set name="HTTP_X_Forwarded_SSL" value="{HTTPS}" />
</serverVariables>
</rule>
</rules>
</rewrite>
</system.webServer>
</configuration>
Web.config for reverse proxy of all WildFly applications (in sub directory, e.g. wildfly for applications)
<?xml version="1.0" encoding="UTF-8"?>
<configuration>
<system.webServer>
<rewrite>
<rules>
<rule name="ReverseProxyInboundWildFlyApps" enabled="true" stopProcessing="true">
<match url="(.*)" />
<!-- adjust this URL to match WildFly server name and port -->
<action type="Rewrite" url="http://localhost:8080/{R:1}" />
<serverVariables>
<!-- add this server variables in IIS to allowed server variables in URL Rewrite view -->
<set name="HTTP_X_Original_Host" value="{HTTP_HOST}" />
<set name="HTTP_X_Real_IP" value="{REMOTE_ADDR}" />
<set name="HTTP_X_Forwarded_SSL" value="{HTTPS}" />
</serverVariables>
</rule>
</rules>
</rewrite>
</system.webServer>
</configuration>
Web.config (in sub directory, e.g. console for WildFly console)
<?xml version="1.0" encoding="UTF-8"?>
<configuration>
<system.webServer>
<rewrite>
<rules>
<rule name="ReverseProxyInboundWildFlyConsole" enabled="true" stopProcessing="true">
<match url="(.*)" />
<!-- adjust this URL to match WildFly server name -->
<action type="Rewrite" url="http://localhost:9990/{R:1}" />
<serverVariables>
<!-- add this server variables in IIS to allowed server variables in URL Rewrite view -->
<set name="HTTP_X_Original_Host" value="{HTTP_HOST}" />
<set name="HTTP_X_Real_IP" value="{REMOTE_ADDR}" />
<set name="HTTP_X_Forwarded_SSL" value="{HTTPS}" />
</serverVariables>
</rule>
</rules>
</rewrite>
</system.webServer>
</configuration>
IIS sets the headers X-Original-URL, X-Forwarded-For and X-ARR-SSL by itself.
But the headers HTTP_X_Original_Host, HTTP_X_Real_IP and HTTP_X_Forwarded_SSL need to be added to the allowed server variables in the URL rewrite configuration.
To do this open the URL Rewrite option in IIS configuration utility for the folder the web.config resides in and click "Show server variables" and add them there.
Apache HTTP Server
/etc/apache2/sites-available/MYSERVER.conf
# Redirect requests to WildFly
ProxyPreserveHost On
RequestHeader unset Origin
ProxyPass "/console" "http://localhost:9990/console"
ProxyPassReverse "/console" "http://localhost:9990/console"
ProxyPass "/management" "http://localhost:9990/management"
ProxyPassReverse "/management" "http://localhost:9990/management"
ProxyPass "/management-upload" "http://localhost:9990/management-upload"
ProxyPassReverse "/management-upload" "http://localhost:9990/management-upload"
# map applications under server/wildfly/
ProxyPass "/wildfly/" "http://localhost:8080/"
ProxyPassReverse "/wildfly/" "http://localhost:8080/"
# set correct headers
# automatically added are "X-Forwarded-For", "X-Forwarded-Host", "X-Forwarded-Server"
RequestHeader set "X-Forwarded-Proto" expr=%{REQUEST_SCHEME}
RequestHeader set "X-Forwarded-SSL" expr=%{HTTPS}
RequestHeader set "X-Original-URL" expr=%{REQUEST_URI}
RequestHeader set "X-Real-IP" expr=%{REMOTE_ADDR}
nginx
# WildFly console
location /console/ {
proxy_set_header X-Forwarded-Host $host:$server_port;
proxy_set_header X-Forwarded-Server $host;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header X-Original-URL $request_uri;
proxy_set_header X-Real-IP $remote_addr;
proxy_pass http://localhost:9990/console;
proxy_redirect default;
}
location /management/ {
proxy_set_header X-Forwarded-Host $host:$server_port;
proxy_set_header X-Forwarded-Server $host;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header X-Original-URL $request_uri;
proxy_set_header X-Real-IP $remote_addr;
proxy_pass http://localhost:9990/management;
proxy_redirect default;
}
location /management-upload/ {
proxy_set_header X-Forwarded-Host $host:$server_port;
proxy_set_header X-Forwarded-Server $host;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header X-Original-URL $request_uri;
proxy_set_header X-Real-IP $remote_addr;
proxy_pass http://localhost:9990/management-upload;
proxy_redirect default;
}
# Applications
location / {
proxy_set_header X-Forwarded-Host $host:$server_port;
proxy_set_header X-Forwarded-Server $host;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header X-Original-URL $request_uri;
proxy_set_header X-Real-IP $remote_addr;
proxy_pass http://localhost:8080;
proxy_redirect default;
}