JBoss AS7 / EAP 6 behind an SSL terminating Reverse Proxy

Malte Finsterwalder
red6
Published in
2 min readDec 4, 2017

--

If you have a proxy, like HAProxy for example, that terminates your SSL, the proxy forwards your traffic to JBoss via HTTP. So your JBoss is accessed via HTTP and “thinks”, it’s accessed in an unsecure way. This may have no consequences, but sometimes it does.

But you can configure your proxy and your JBoss in a way, so that the proxy forwards the information, that the access really was encrypted via SSL. That’s what the “x-forwarded-…”-headers are for:

x-forwarded-for — contains the real clients IP address, where the request originated.
x-forwarded-proto — contains the protocol that was used between the client and the proxy.

Your proxy needs to send these headers. How to configure your proxy to do so is not part of this post.

Now you need to tell JBoss to read and interpret these headers.

For that you need to add a RemoteIPValve to your connector-configuration.
You can do that in two ways: Edit your standalone.xml or domain.xml directly or execute a CLI script.

Add the following to your standalone.xml

Or execute the following CLI Skript

That’s all there is to it!

Wildfly / JBoss EAP 7

A details description on how to set up Wildfly can be found here:
Configuring Wildfly behind a reverse proxy with TLS

--

--

Malte Finsterwalder
red6

Software Developer, New Work Enthusiast, Interested in new Management and Leadership in Organizations