Reveerse proxy and management interface

[Ganesh R]

I have been trying to setup Wildfly (24.0.1 or even 25) to work with NGINX reverse proxy. 

I have wildfly fly listening on normal http at 127.0.0.1 including the management interface and divert /management and /console to respective 127.0.0.1:9990/xx sites. Since this server only has wildfly, I divert / to 127.0.0.1:8080.

The standard page (8080) works fine but when I click on the Administration console, I get a blank page. 

The issue clearly is at Wildfly end since regular interface without nginx works fine. But this means I have to use 8080 port and 9990 ports which are non-SSL. I prefer to have Nginx as front.

I also tried in Apache with similar results. 

I have tried to find exact documentation on how to go about it and they are mostly for older versions or without SSL. Or SSL without Nginx etc. 

Thanks!

[Bartosz Baranowski]

Hmm. I found this one: https://www.howtoforge.com/tutorial/ubuntu-wildfly-jboss-installation/

Honestly I have not put my fingers in this basket recently, will have to give it a try.

[Ganesh R]

Thanks very much. 

I realised my original post is not clear enough about the issue. It was the SSL part that is the problem. I am using Let's encrypt certificate

The entire setup works, including SSL, as far as the main site (:8080) goes. But once I click on the Management interface (:9990) link, I get a blank page. 

Thanks!

[Darran Lofthouse]

I suspect somewhere in there we could have a redirect to an absolute address that may be getting confused with the http vs https connections in use.

As things are in the clear between Nginx and WildFly I would suggest that is a good place to trace the network calls to see the HTTP requests going back and forth up until the point it stops.

[Ganesh R]

Thanks Darran yes I will try to isolate the issue. I have set /management and /console to go to 127.0.0.1:9990/management and console - this fails. 

And / to divert to 127.0.0.1:8080 - this works OK.

[Bartosz Baranowski]

I had a bit of time to follow through. Setting up on plain does work as per linked doc. With SSL its a bit tricky, as nginx does not like self signed certs? There is blog article about WFLY setup:
https://www.mastertheboss.com/jbossas/jboss-security/complete-tutorial-for-configuring-ssl-https-on-wildfly/

NOTE it does not switch management interface to HTTPS/SSL. Secondly simple switch does not seem to be enough when it comes to authentication.
I do wonder, you keep mentioning 8080, but from WFLY conf:
<socket-binding name="http" port="${jboss.http.port:8080}"/>
<socket-binding name="https" port="${jboss.https.port:8443}"/>
<socket-binding name="management-http" interface="management" port="${jboss.management.http.port:9990}"/>
<socket-binding name="management-https" interface="management" port="${jboss.management.https.port:9993}"/>

[Ganesh R]

Actually I suspect it is something at Wildfly end not NGINX (which is also why I am posting here). 

Because I tried replacing Nginx with Apache with exactly same result - white page for 9990 management interface and 8080 works ok with SSL.

Bartosz, I couldn't figure out your comment. The Wildfly itself runs insecure. The SSL is at the web end and it routes to the Wildfly running without SSL. Is that OK? So the 8443 etc., doesnt matter.

Later I will startup the cloud server and try to post actual config files.

Thanks

[Darran Lofthouse]

Please trace the unencrypted portion of the HTTP requests first - that should give a better understanding of where the calls get to.  I suspect if you are hitting the /console endpoint one of the first things you should see is a redirect so an early question will be to see if the browser gets that far.