在Wildfly 10.0上强制HTTPS重定向指向https：// localhost：8443 [英] Forcing HTTPS redirect on Wildfly 10.0 directs to https://localhost:8443

问题描述

我在Bitnami Ubutnu Wildfly 10安装上非常具有挑战性地强制使用HTTPS。

I am having a very challenging time forcing HTTPS on a Bitnami Ubutnu Wildfly 10 install.

HTTPS工作正常（例如 https://example.com 效果很好）

The HTTPS works fine (e.g. https://example.com works great)

我尝试过很多不同的事情但没有结果。以下是我所做的一些亮点：

I have tried many different things with no result. Here are some highlights of what I've done:

我修改了我的web.xml来添加它（注意MYWEBNAME被替换为我的war文件名）：

I modified my web.xml to add this (note MYWEBNAME was replaced with my war file name):

<security-constraint>
    <web-resource-collection>
        <web-resource-name>MYWEBNAME</web-resource-name>
        <url-pattern>/*</url-pattern>
    </web-resource-collection>
    <user-data-constraint>
        <transport-guarantee>CONFIDENTIAL</transport-guarantee>
    </user-data-constraint>
</security-constraint>          

我修改了/opt/bitnami/apache2/conf/bitnami/bitnami.conf（按照 https://docs.bitnami.com/aws/components/apache/ ：

I modified /opt/bitnami/apache2/conf/bitnami/bitnami.conf (as per https://docs.bitnami.com/aws/components/apache/):

        <VirtualHost _default_:80>
              DocumentRoot /opt/bitnami/apache2/htdocs"
ADD:          RewriteEngine On
ADD:          RewriteCond %{HTTPS} !=on
ADD:          RewriteRule ^/(.*) https://%{SERVER_NAME}/$1 [R,L]
          ...
        </VirtualHost>

我修改了standalone.xml

I modified standalone.xml

     <management-interfaces>
        <http-interface security-realm="ApplicationRealm" http-upgrade-enabled="true">
            <socket-binding https="management-https"/>
        </http-interface>
    </management-interfaces>

我修改了我的root index.html以重定向至：

I modified my root index.html to redirect to:

<SCRIPT>document.location="https://example.com";</SCRIPT>

根据 Wildfly 9 http到https ，我试过这个：

    <http-interface security-realm="ManagementRealm" http-upgrade-enabled="true">
        <socket interface="management" secure-port="${jboss.management.http.port:9990}"/>
    </http-interface>

这导致503错误和野生蝇死亡，所以我删除了它。

this resulted in a 503 error and wildfly to die, so I removed it.

我现在所拥有的是 http://example.com 重定向到< a href =https：// localhost：8443 =nofollow noreferrer> https：// localhost：8443

What I have now, is http://example.com redirecting to https://localhost:8443

所以我觉得它很接近，我无法弄清楚如何将其重定向到 https://example.com:8443 而不是

So I think it's close, I just cannot figure out how to make it redirect to https://example.com:8443 instead

推荐答案

对于寻找解决方案的其他人来说，这是我所做的总结 - 所有这一切都在一个地方。这是这个帖子中链接的摘要，所以h / t是那些回答问题的作者。信用证属于他们，这只是对我有用的摘要。

For others looking for a solution, here's a summary of what I did - all in one spot. This is a summary of the links located in this thread, so h/t to those authors who answered the question. The credit belongs to them, this is just a summary of what worked for me.

1. 添加 IPTABLES 路由规则到路由端口443到8443.。

1. Add an IPTABLES routing rule to route port 443 to 8443.

sudo iptables -t nat -A PREROUTING -p tcp --dport 443 -j REDIRECT --to-port 8443

提示：要查看您已有的规则，请使用：

sudo iptables -t nat -L -n -v

2. 在配置中添加重写过滤器和 Predicate 。添加代码段第10行和第24行所示的条目。

2. Add a Rewrite Filter and a Predicate to the configuration. Add the entries shown on line 10 and 24 of the snippet.

<subsystem xmlns="urn:jboss:domain:undertow:3.0">
    <buffer-cache name="default"/>
    <server name="default-server">
        <http-listener name="default" socket-binding="http" redirect-socket="https"/>
        <https-listener name="default-ssl" security-realm="ApplicationRealm" socket-binding="https"/>
        <host name="default-host" default-web-module="YOURWARFILENAMEHERE.war" alias="localhost">
            <location name="/" handler="welcome-content"/>
            <filter-ref name="server-header"/>
            <filter-ref name="x-powered-by-header"/>
            <filter-ref name="http-to-https" predicate="equals(%p,8080)"/>
            <!-- ADD THE filter-ref ENTRY ABOVE -->
        </host>
    </server>
    <servlet-container name="default">
        <jsp-config/>
        <websockets/>
    </servlet-container>
    <handlers>
        <file name="welcome-content" path="${jboss.home.dir}/welcome-content"/>
    </handlers>
    <filters>
        <response-header name="server-header" header-name="Server" header-value="WildFly/10"/>
        <response-header name="x-powered-by-header" header-name="X-Powered-By" header-value="Undertow/1"/>
        <rewrite name="http-to-https" redirect="true" target="https://DOMAINNAMEHERE:8443%U"/>
        <!-- ADD THE rewrite ENTRY ABOVE, BE SURE TO SUBSTITUTE YOUR DOMAIN NAME -->
    </filters>
</subsystem>

注意：我想知道如果使用步骤1中的命令添加从8080到8443的iptables重新路由就足够了，并且不需要第2步。但是第2步对我有用，所以我选择了它。如果他们愿意，我会将该选项留给读者。

3.修改管理界面部分standalone.xml。

3. Modify The Management Interfaces section of the standalone.xml.

<management-interfaces>
    <http-interface security-realm="ManagementRealm" http-upgrade-enabled="true">
        <socket-binding https="management-https"/>
    </http-interface>
</management-interfaces>

请注意，这取代了绑定到http。另请注意，此步骤可能与将HTTP转发到HTTPS无直接关系，而只是HTTPS设置中的一个步骤。

Note that this replaced the binding to http. Also note this step may not be directly related to the forwarding of HTTP to HTTPS but rather just a step in the HTTPS setup.

4. 重新启动Wildfly实例。

4. Restart your Wildfly instance.

这篇关于在Wildfly 10.0上强制HTTPS重定向指向https：// localhost：8443的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！