Reputation: 183
Wildfly Admin Page returning 403
I have default WildFly setup where management interface is listening on http instead of https. However I've changed port to be 8990. This is the config:
<management-interfaces>
<http-interface http-authentication-factory="management-http-authentication">
<http-upgrade enabled="true" sasl-authentication-factory="management-sasl-authentication"/>
<socket-binding http="management-http"/>
</http-interface>
</management-interfaces>
When using curl to reach management interface http://127.0.0.1:8990/management it's successful. I do need to use --digest and provide credentials to login.
However, I've configured traefik in front of wildfly, both management and web. Traefik entrypoint is listening to 9990:
mgmt:
http2:
maxConcurrentStreams: 250
address: :9990
transport:
respondingTimeouts:
readTimeout: 0
And this is configuration regarding management interface:
http:
routers:
router-mgmt-secure:
rule: Host(`host.domain.com`)
service: gateway-mgmt
entryPoints:
- mgmt
middlewares:
- hsts-header
tls: {}
middlewares:
hsts-header:
headers:
browserXSSFilter: true
contentTypeNosniff: true
forceSTSHeader: true
stsIncludeSubdomains: true
stsSeconds: 63072000
frameDeny: true
services:
gateway-mgmt:
loadBalancer:
serversTransport: insecureTransport
servers:
- url: http://127.0.0.1:8990/
passHostHeader: true
serversTransports:
insecureTransport:
insecureSkipVerify: true
When visiting WildFly admin page, i get prompted for credentials. I input them, they get accepted but i get a blank page.
When checking browser developer console, i see 403 on following urls:
- https://host.domain.com:9990/management
- https://host.domain.com:9990/console/OpenSans-Regular-webfont.b6d3c411.woff2
- https://host.domain.com:9990/console/OpenSans-Regular-webfont.e5de314f.woff
- https://host.domain.com:9990/console/OpenSans-Regular-webfont.8bd2b33b.ttf
However, if i change WildFly management interface to use ssl, like this:
<management-interfaces>
<http-interface http-authentication-factory="management-http-authentication" ssl-context="applicationSSC">
<http-upgrade enabled="true" sasl-authentication-factory="management-sasl-authentication"/>
<socket-binding https="management-http"/>
</http-interface>
</management-interfaces>
And change configuration in traefik to use https:// instead of http:// it works fine.
What would be the issue?
Traefik version: 3.1.0 WildFly version: 26.1.3
Upvotes: 0
Views: 98
Answers (0)
Related Questions
- Keycloak does not work on https after setting up SSL
- Configuring security to access EJB through WS -- WFLYEJB0364 Connection rejected
- Can't expose Keycloak Server on AWS with Traefik Ingress Controller and AWS HTTPS Load Balancer
- wildfly crashes with WFLYPRT0053: Could not connect to http-remoting
- Getting "404 - Not found" error with Wildfly and springboot
- wildfly 12 and spring java config, not working , 403 error
- Tiles + Spring + wildfly 11 + java 8: java.lang.UnsupportedOperationException: This parser does not support specification "null" version "null"
- Error(389/703 with Wildfly 11 server
- Page load failed with error: The network connection was lost. Using Eclipse
- context.lookup("datasource") returns org.jboss.jca.adapters.jdbc.WrapperDataSource