WildFly console served with nginx

Question

I stuck to configure a simple reverse proxy on AWS. Since we have one host (reverse proxy nginx) serving the public access I decided to follow the rules and created the following configuration.

server {
    listen      9990;
    server_name project-wildfly.domain.me;

    access_log  /var/log/nginx/wildfly.access.log;
    error_log   /var/log/nginx/wildfly.error.log;

    proxy_buffers 16 64k;
    proxy_buffer_size 128k;

    root   /var/www/;
    index  index.html index.htm;

    location /console {
        proxy_set_header Host $server_addr:$server_port;
        proxy_set_header X-Forwarded-Proto $scheme;

        add_header Cache-Control "no-cache, no-store";
        proxy_pass http://10.124.1.120:9990/console;
    }

    location /management {
        proxy_set_header Host $server_addr:$server_port;
        proxy_set_header X-Forwarded-Proto $scheme;

        add_header Cache-Control "no-cache, no-store";
        proxy_pass http://10.124.1.120:9990/management;
    }
}

This will serve the admin console and I'm able to log in with the user. Then this message appears:

Access Denied

Insufficient privileges to access this interface.

Nothing within the error log. Thanks for any hint!

score 6 · Answer 1 · answered Jan 26 '19 at 22:06

I had the same issue when configuring Wildfly 15 and nginx 1.10.3 as reverse proxy. Setup was very similar to the first post, redirecting /management & /console to wildflyhost:9990.

I was able to access the console directly via :9990 and when comparing the network traffic between direct and nginx-proxied traffic, I noticed that Origin and Host were different.

So in my case the solution was to force the Origin and Host headers in Nginx to something that Wildfly is expecting. I couldn't find this solution elsewhere, so I'm posting it here for future reference anyhow although the thread is old.

location /.../ {
    proxy_set_header Host $host:9990;
    proxy_set_header Origin http://$host:9990;

    proxy_redirect off;
    proxy_http_version 1.1;
    proxy_set_header X-Real-IP $remote_addr;
    proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
    proxy_set_header X-Forwarded-Proto $scheme;
    proxy_pass_request_headers on;
    proxy_pass http://wildflyhost:9990
...
}

Thanks for this post. This helped solving the same issue with Wildfly 25 and nginx 1.22 as a reverse proxy. The two first directives (setting Host and Origin) were sufficient to solve the issue in may case, as the other settings were already set or by default). — LaurentV, Jul 24 '22 at 12:46
Actullay, I added an additional directive : proxy_set_header X-Forwarded-Port 9990; This helped solved secondary mistakes. — LaurentV, Jul 24 '22 at 13:03

score 0 · Answer 2 · answered Apr 14 '23 at 13:13

Thanks guys, my solution to access wildfly 27 through nginx was:

on standalone.xml

<interface name="management">
    <any-address/>
</interface>
<interface name="public">
    <any-address/>
</interface>

On nginx.conf I've created this 2 locations:

location /console {
    proxy_set_header Host *wildflyserver*:9990;
    proxy_set_header Origin http://*wildflyserver*:9990;
    proxy_pass http://*wildflyserver*:9990/console;
}

location /management {
    proxy_set_header Host *wildflyserver*:9990;
    proxy_set_header Origin http://*wildflyserver*:9990;
    proxy_pass http://*wildflyserver*:9990/management;
}

score -1 · Answer 3 · answered Nov 13 '17 at 16:13

-1

Maybe you need turn on management module.

Try this:sh standalone.sh -b 0.0.0.0 -bmanagement 0.0.0.0 &

answered Nov 13 '17 at 16:13

calrrox

329
4
8

WildFly console served with nginx

3 Answers3