在Wildfly 10.0上强制HTTPS重定向指向https:// localhost:8443 [英] Forcing HTTPS redirect on Wildfly 10.0 directs to https://localhost:8443
问题描述
我在Bitnami Ubutnu Wildfly 10安装上非常具有挑战性地强制使用HTTPS。
I am having a very challenging time forcing HTTPS on a Bitnami Ubutnu Wildfly 10 install.
HTTPS工作正常(例如 https://example.com 效果很好)
The HTTPS works fine (e.g. https://example.com works great)
我尝试过很多不同的事情但没有结果。以下是我所做的一些亮点:
I have tried many different things with no result. Here are some highlights of what I've done:
我修改了我的web.xml来添加它(注意MYWEBNAME被替换为我的war文件名):
I modified my web.xml to add this (note MYWEBNAME was replaced with my war file name):
<security-constraint>
<web-resource-collection>
<web-resource-name>MYWEBNAME</web-resource-name>
<url-pattern>/*</url-pattern>
</web-resource-collection>
<user-data-constraint>
<transport-guarantee>CONFIDENTIAL</transport-guarantee>
</user-data-constraint>
</security-constraint>
我修改了/opt/bitnami/apache2/conf/bitnami/bitnami.conf(按照 https://docs.bitnami.com/aws/components/apache/ :
I modified /opt/bitnami/apache2/conf/bitnami/bitnami.conf (as per https://docs.bitnami.com/aws/components/apache/):
<VirtualHost _default_:80>
DocumentRoot /opt/bitnami/apache2/htdocs"
ADD: RewriteEngine On
ADD: RewriteCond %{HTTPS} !=on
ADD: RewriteRule ^/(.*) https://%{SERVER_NAME}/$1 [R,L]
...
</VirtualHost>
我修改了standalone.xml
I modified standalone.xml
<management-interfaces>
<http-interface security-realm="ApplicationRealm" http-upgrade-enabled="true">
<socket-binding https="management-https"/>
</http-interface>
</management-interfaces>
我修改了我的root index.html以重定向至:
I modified my root index.html to redirect to:
<SCRIPT>document.location="https://example.com";</SCRIPT>
根据 Wildfly 9 http到https ,我试过这个:
<http-interface security-realm="ManagementRealm" http-upgrade-enabled="true">
<socket interface="management" secure-port="${jboss.management.http.port:9990}"/>
</http-interface>
这导致503错误和野生蝇死亡,所以我删除了它。
this resulted in a 503 error and wildfly to die, so I removed it.
我现在所拥有的是 http://example.com 重定向到< a href =https:// localhost:8443 =nofollow noreferrer> https:// localhost:8443
What I have now, is http://example.com redirecting to https://localhost:8443
所以我觉得它很接近,我无法弄清楚如何将其重定向到 https://example.com:8443 而不是
So I think it's close, I just cannot figure out how to make it redirect to https://example.com:8443 instead
推荐答案
对于寻找解决方案的其他人来说,这是我所做的总结 - 所有这一切都在一个地方。这是这个帖子中链接的摘要,所以h / t是那些回答问题的作者。信用证属于他们,这只是对我有用的摘要。
For others looking for a solution, here's a summary of what I did - all in one spot. This is a summary of the links located in this thread, so h/t to those authors who answered the question. The credit belongs to them, this is just a summary of what worked for me.
1. 添加 IPTABLES 路由规则到路由端口443到8443.。
1. Add an IPTABLES routing rule to route port 443 to 8443.
sudo iptables -t nat -A PREROUTING -p tcp --dport 443 -j REDIRECT --to-port 8443
提示:要查看您已有的规则,请使用:
sudo iptables -t nat -L -n -v
2. 在配置中添加重写过滤器和 Predicate 。添加代码段第10行和第24行所示的条目。
2. Add a Rewrite Filter and a Predicate to the configuration. Add the entries shown on line 10 and 24 of the snippet.
<subsystem xmlns="urn:jboss:domain:undertow:3.0">
<buffer-cache name="default"/>
<server name="default-server">
<http-listener name="default" socket-binding="http" redirect-socket="https"/>
<https-listener name="default-ssl" security-realm="ApplicationRealm" socket-binding="https"/>
<host name="default-host" default-web-module="YOURWARFILENAMEHERE.war" alias="localhost">
<location name="/" handler="welcome-content"/>
<filter-ref name="server-header"/>
<filter-ref name="x-powered-by-header"/>
<filter-ref name="http-to-https" predicate="equals(%p,8080)"/>
<!-- ADD THE filter-ref ENTRY ABOVE -->
</host>
</server>
<servlet-container name="default">
<jsp-config/>
<websockets/>
</servlet-container>
<handlers>
<file name="welcome-content" path="${jboss.home.dir}/welcome-content"/>
</handlers>
<filters>
<response-header name="server-header" header-name="Server" header-value="WildFly/10"/>
<response-header name="x-powered-by-header" header-name="X-Powered-By" header-value="Undertow/1"/>
<rewrite name="http-to-https" redirect="true" target="https://DOMAINNAMEHERE:8443%U"/>
<!-- ADD THE rewrite ENTRY ABOVE, BE SURE TO SUBSTITUTE YOUR DOMAIN NAME -->
</filters>
</subsystem>
注意:我想知道如果使用步骤1中的命令添加从8080到8443的iptables重新路由就足够了,并且不需要第2步。但是第2步对我有用,所以我选择了它。如果他们愿意,我会将该选项留给读者。
3.修改管理界面部分standalone.xml。
3. Modify The Management Interfaces section of the standalone.xml.
<management-interfaces>
<http-interface security-realm="ManagementRealm" http-upgrade-enabled="true">
<socket-binding https="management-https"/>
</http-interface>
</management-interfaces>
请注意,这取代了绑定到http。另请注意,此步骤可能与将HTTP转发到HTTPS无直接关系,而只是HTTPS设置中的一个步骤。
Note that this replaced the binding to http. Also note this step may not be directly related to the forwarding of HTTP to HTTPS but rather just a step in the HTTPS setup.
4. 重新启动Wildfly实例。
4. Restart your Wildfly instance.
这篇关于在Wildfly 10.0上强制HTTPS重定向指向https:// localhost:8443的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!