在Wildfly 10.0上强制HTTPS重定向指向https:// localhost:8443(Forcing HTTPS redirect on Wildfly 10.0 directs to https://localhost:8443)

其他开发 IT屋
百度翻译此文   有道翻译此文
问 题

I am having a very challenging time forcing HTTPS on a Bitnami Ubutnu Wildfly 10 install.

The HTTPS works fine (e.g. https://example.com works great)

I have tried many different things with no result. Here are some highlights of what I've done:

I modified my web.xml to add this (note MYWEBNAME was replaced with my war file name):

<security-constraint>
    <web-resource-collection>
        <web-resource-name>MYWEBNAME</web-resource-name>
        <url-pattern>/*</url-pattern>
    </web-resource-collection>
    <user-data-constraint>
        <transport-guarantee>CONFIDENTIAL</transport-guarantee>
    </user-data-constraint>
</security-constraint>          

I modified /opt/bitnami/apache2/conf/bitnami/bitnami.conf (as per https://docs.bitnami.com/aws/components/apache/):

        <VirtualHost _default_:80>
              DocumentRoot /opt/bitnami/apache2/htdocs"
ADD:          RewriteEngine On
ADD:          RewriteCond %{HTTPS} !=on
ADD:          RewriteRule ^/(.*) https://%{SERVER_NAME}/$1 [R,L]
          ...
        </VirtualHost>

I modified standalone.xml

     <management-interfaces>
        <http-interface security-realm="ApplicationRealm" http-upgrade-enabled="true">
            <socket-binding https="management-https"/>
        </http-interface>
    </management-interfaces>

I modified my root index.html to redirect to:

<SCRIPT>document.location="https://example.com";</SCRIPT>

As per Wildfly 9 http to https, I tried this:

    <http-interface security-realm="ManagementRealm" http-upgrade-enabled="true">
        <socket interface="management" secure-port="${jboss.management.http.port:9990}"/>
    </http-interface>

this resulted in a 503 error and wildfly to die, so I removed it.

What I have now, is http://example.com redirecting to https://localhost:8443

So I think it's close, I just cannot figure out how to make it redirect to https://example.com:8443 instead

解决方案

For others looking for a solution, here's a summary of what I did - all in one spot. This is a summary of the links located in this thread, so h/t to those authors who answered the question. The credit belongs to them, this is just a summary of what worked for me.

1. Add an IPTABLES routing rule to route port 443 to 8443.

sudo iptables -t nat -A PREROUTING -p tcp --dport 443 -j REDIRECT --to-port 8443

Hint: to see what rules you already have in place, use:

sudo iptables -t nat -L -n -v

2. Add a Rewrite Filter and a Predicate to the configuration. Add the entries shown on line 10 and 24 of the snippet.

<subsystem xmlns="urn:jboss:domain:undertow:3.0">
    <buffer-cache name="default"/>
    <server name="default-server">
        <http-listener name="default" socket-binding="http" redirect-socket="https"/>
        <https-listener name="default-ssl" security-realm="ApplicationRealm" socket-binding="https"/>
        <host name="default-host" default-web-module="YOURWARFILENAMEHERE.war" alias="localhost">
            <location name="/" handler="welcome-content"/>
            <filter-ref name="server-header"/>
            <filter-ref name="x-powered-by-header"/>
            <filter-ref name="http-to-https" predicate="equals(%p,8080)"/>
            <!-- ADD THE filter-ref ENTRY ABOVE -->
        </host>
    </server>
    <servlet-container name="default">
        <jsp-config/>
        <websockets/>
    </servlet-container>
    <handlers>
        <file name="welcome-content" path="${jboss.home.dir}/welcome-content"/>
    </handlers>
    <filters>
        <response-header name="server-header" header-name="Server" header-value="WildFly/10"/>
        <response-header name="x-powered-by-header" header-name="X-Powered-By" header-value="Undertow/1"/>
        <rewrite name="http-to-https" redirect="true" target="https://DOMAINNAMEHERE:8443%U"/>
        <!-- ADD THE rewrite ENTRY ABOVE, BE SURE TO SUBSTITUTE YOUR DOMAIN NAME -->
    </filters>
</subsystem>

Note: I wondered if adding an iptables reroute from 8080 to 8443 using the command in step 1 would be sufficient and eliminate the need for step 2. But step 2 worked for me so I went with it. I'll leave trying that option up to the reader if they want.

3. Modify The Management Interfaces section of the standalone.xml.

<management-interfaces>
    <http-interface security-realm="ManagementRealm" http-upgrade-enabled="true">
        <socket-binding https="management-https"/>
    </http-interface>
</management-interfaces>

Note that this replaced the binding to http. Also note this step may not be directly related to the forwarding of HTTP to HTTPS but rather just a step in the HTTPS setup.

4. Restart your Wildfly instance.

本文地址:IT屋 » Forcing HTTPS redirect on Wildfly 10.0 directs to https://localhost:8443

问 题

我在Bitnami Ubutnu Wildfly 10安装上非常具有挑战性地强制使用HTTPS。



HTTPS工作正常(例如 https://example.com 效果很好)



我尝试过很多不同的事情但没有结果。以下是我所做的一些亮点:



我修改了我的web.xml来添加它(注意MYWEBNAME被替换为我的war文件名):



 < security-constraint> 
< web-resource-collection>
< web-resource-name> MYWEBNAME< / web-resource-name>
< url-pattern> / *< / url-pattern>
< / web-resource-collection>
< user-data-constraint>
< transport-guarantee> CONFIDENTIAL< / transport-guarantee>
< / user-data-constraint>
< / security-constraint>


我修改了/opt/bitnami/apache2/conf/bitnami/bitnami.conf(按照 https://docs.bitnami.com/aws/components/apache/



 < VirtualHost _default_:80> 
DocumentRoot / opt / bitnami / apache2 / htdocs“
ADD:RewriteEngine On
ADD:RewriteCond%{HTTPS}!= on
ADD:RewriteRule ^ /(。*)https ://%{SERVER_NAME} / $ 1 [R,L]
...
< / VirtualHost>


我修改了standalone.xml



 < management-interfaces> 
< http-interface security-realm =“ApplicationRealm”http-upgrade-enabled =“true”>
< socket-binding https =“management-https”/>
< / http-interface> ;
< / management-interfaces>


我修改了我的root index.html以重定向至:



 < SCRIPT> document.location =“https://example.com”;< / SCRIPT> 


根据 Wildfly 9 http到https ,我试过这个:



 < http-interface security-realm =“ManagementRealm”http-upgrade-enabled =“true”> 
< socket interface =“management”secure-port =“$ {jboss.management.http.port:9990}”/>
< / http-interface>


这导致503错误和野生蝇死亡,所以我删除了它。



我现在所拥有的是 http://example.com 重定向到 https:// localhost:8443



所以我觉得它很接近,我无法弄清楚如何将其重定向到 https://example.com:8443 而不是


解决方案

对于寻找解决方案的其他人来说,这是我所做的总结 - 所有这一切都在一个地方。这是这个帖子中链接的摘要,所以h / t是那些回答问题的作者。信用证属于他们,这只是对我有用的摘要。



1. 添加 IPTABLES 路由规则到路由端口443到8443.。



  sudo iptables -t nat -A PREROUTING -p tcp --dport 443 -j REDIRECT --to -port 8443 


提示:要查看您已有的规则,请使用:



  sudo iptables -t nat -L -n -v 


2. 在配置中添加重写过滤器 Predicate 。添加代码段第10行和第24行所示的条目。



 < subsystem xmlns =“urn:jboss:domain:undertow:3.0”> < buffer-cache name =“default”/> < server name =“default-server”> < http-listener name =“default”socket-binding =“http”redirect-socket =“https”/> < https-listener name =“default-ssl”security-realm =“ApplicationRealm”socket-binding =“https”/> < host name =“default-host”default-web-module =“YOURWARFILENAMEHERE.war”alias =“localhost”> < location name =“/”handler =“welcome-content”/> < filter-ref name =“server-header”/> < filter-ref name =“x-powered-by-header”/> < filter-ref name =“http-to-https”predicate =“equals(%p,8080)”/> <! - 添加过滤器参考输入 - > < /宿主GT; < /服务器> < servlet-container name =“default”> < JSP的配置/> <的WebSockets /> < / servlet的容器​​> <处理> < file name =“welcome-content”path =“$ {jboss.home.dir} / welcome-content”/> < /处理程序> <过滤器> < response-header name =“server-header”header-name =“Server”header-value =“WildFly / 10”/> < response-header name =“x-powered-by-header”header-name =“X-Powered-By”header-value =“Undertow / 1”/> < rewrite name =“http-to-https”redirect =“true”target =“https:// DOMAINNAMEHERE:8443%U”/> <! - 添加上面的重写输入,确保替换您的域名 - > < / filters>< / subsystem>  



注意:我想知道如果使用步骤1中的命令添加从8080到8443的iptables重新路由就足够了,并且不需要第2步。但是第2步对我有用,所以我选择了它。如果他们愿意,我会将该选项留给读者。



3.修改管理界面部分standalone.xml。



 < management-interfaces> < http-interface security-realm =“ManagementRealm”http-upgrade-enabled =“true”> < socket-binding https =“management-https”/> < / http-interface>< / management-interfaces>  



请注意,这取代了绑定到http。另请注意,此步骤可能与将HTTP转发到HTTPS无直接关系,而只是HTTPS设置中的一个步骤。



4. 重新启动Wildfly实例。


本文地址:IT屋 » 在Wildfly 10.0上强制HTTPS重定向指向https:// localhost:8443

官方微信
扫一扫关注IT屋
微信公众号搜索 “ IT屋 ” ,选择关注
与百万开发者在一起