Home / server / Questions / 597516
In Process
Marko
Asked: 2014-05-22 06:19:59 +0800 CST

nginx as ssl reverse proxy for wildfly

  • 772

I am trying to setup nginx to be reverse proxy for wildfly 8.0.0.Final.

Part of my configuration file for HTTPS redirect:

location /console {
  include          conf.d/proxy.conf;
  proxy_pass       http://127.0.0.1:9990/console;
  proxy_redirect   http://127.0.0.1:9990/console  https://X.Y.W.Z/console;
}
 ... similar location for...
/management
/logout
/error
... 

location / {
  include          conf.d/proxy.conf;
  proxy_pass       http://127.0.0.1:8080/;
}

proxy.conf: 

proxy_set_header        Host            $host;
proxy_set_header        X-Forwarded-Proto $scheme;
add_header              Front-End-Https   on;

Problem is - when I login to /console I get error message:

Access Denied: Insufficient privileges to access this interface.

I don't even have idea what is causing this. Any help is appreciated!

nginx

3 Answers

  1. Marko, maybe too late, but I was able to get nginx and wildfly working following your configuration, let me share that:

    In proxy_headers.conf:

    proxy_set_header Host $host;
proxy_set_header X-Forwarded-Proto $scheme;
add_header Front-End-Https on;

    In my app.conf

    location / {
   include conf.d/proxy_headers.conf;
   proxy_pass http://127.0.0.1:8080;
}

location /management {
   include conf.d/proxy_headers.conf;
   proxy_pass http://127.0.0.1:9990/management;
}

location /console {
   include conf.d/proxy_headers.conf;
   proxy_pass http://127.0.0.1:9990/console;
}

location /logout {
   include conf.d/proxy_headers.conf;
   proxy_pass http://127.0.0.1:9990/logout;
}

location /error {
   include conf.d/proxy_headers.conf;
   proxy_pass http://127.0.0.1:9990;
}

    Before I did this I faced the same error as you so using developer tools in Chrome I figured out that ajax requests to /management and the others paths are done so I took care of them.

    • 3

  2. Try to add this in server config:

    add_header Cache-Control "no-cache, no-store";
    • 1

  3. Perhaps a little late, but this info may help.

    I has the same issue with a front-end Nginx proxy (without SSL) and WildFly 8.2.0.Final in Docker. Same error when trying to access the Administration Console through Nginx.

    Discovered that WildFly expects the Host header in the form of HOST:PORT (by comparing headers from packets captured through tcpdump and analysed in Wireshark).

    Here's my configuration, should it help anyone:

    upstream app-debug {
  ip_hash;
  server AA.BB.CC.DD:32862 max_fails=3 fail_timeout=20 weight=1;
}

server {
  listen 9990 default_server;
  location / {
    proxy_pass http://app-debug;
    proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
    proxy_set_header Host $server_addr:$server_port;
    proxy_set_header X-Real-IP $remote_addr;
  }
}

    Hope this helps.

    • 1