In this tutorial we will learn how to configure WildFly or JBoss to reverse proxy requests to another application server. We will first discuss the basics of reverse proxying and then we will show the commands to achieve the correct configuration.
Reverse Proxy vs. Forward Proxy
Before diving into Undertow’s reverse proxy capabilities, it’s essential to clarify the difference between reverse and forward proxies.
- Forward Proxy: A forward proxy sits between a client and a destination server. Clients must be configured to use the proxy, and it acts as an intermediary, forwarding requests to the target server.
- Reverse Proxy: Unlike a forward proxy, a reverse proxy is typically invisible to the client. It sits in front of one or more servers, receiving client requests and directing them to appropriate backend servers. Clients are unaware of the proxy’s existence.
Typical Usage of a Reverse Proxy
- Access Control: Provides internet users access to a server behind a firewall.
- Load Balancing: Balances load among several back-end servers.
- Caching: Provides caching for a slower back-end server.
- URL Space Management: Brings several servers into the same URL space.
Configuring Undertow for Reverse Proxy
The Undertow web server can provide reverse proxy functionalities with just a few configuration tweaks. Let’s create an example scenario where we want to proxy incoming requests to the WildFly server at 192.168.10.1
using AJP as the protocol.
We will first show the CLI commands to configure the Reverse Proxy and then we will take a look at the outcome in the XML configuration .
Firstly, add a new Reverse Proxy Handler to the Undertow subsystem:
/subsystem=undertow/configuration=handler/reverse-proxy=RevProxy:add(connection-idle-timeout=60,session-cookie-names=JSESSIONID)
The above command will create a new reverse-proxy
object with some basic settings. There are several other options available that you can add. Check WildFly model to find out the reverse proxy options.
Then, add an outbound socket to the WildFly target Host. Assuming that the target Hosts is 192.168.10.1
and the protocol is AJP:
/socket-binding-group=standard-sockets/remote-destination-outbound-socket-binding=backend-node/:add(host=192.168.10.1,port=8109)
Next, target the reverse-proxy
to the outbound-socket-binding
for the application /TargetApp
:
/subsystem=undertow/configuration=handler/reverse-proxy=RevProxy/host=backend-node/:add(instance-id=node1,outbound-socket-binding=backend-node,path=/TargetApp,scheme=ajp)
Finally, add the handler to the undertow’s default-server:
/subsystem=undertow/server=default-server/host=default-host/location=\/TargetApp/:add(handler=RevProxy)
Reverse Proxy XML Configuration
After you execute the above commands, you should see the following changes in your XML configuration. Here is the undertow relevant part:
<subsystem xmlns="urn:jboss:domain:undertow:14.0" default-virtual-host="default-host" default-servlet-container="default" default-server="default-server" statistics-enabled="${wildfly.undertow.statistics-enabled:${wildfly.statistics-enabled:false}}" default-security-domain="other"> <!-- . . . --> <server name="default-server"> <http-listener name="default" socket-binding="http" redirect-socket="https" enable-http2="true"/> <https-listener name="https" socket-binding="https" ssl-context="applicationSSC" enable-http2="true"/> <host name="default-host" alias="localhost"> <location name="/" handler="welcome-content"/> <location name="/TargetApp" handler="RevProxy"/> <http-invoker http-authentication-factory="application-http-authentication"/> </host> </server> <handlers> <file name="welcome-content" path="${jboss.home.dir}/welcome-content"/> <reverse-proxy name="RevProxy" session-cookie-names="JSESSIONID" connection-idle-timeout="60"> <host name="backend-node" outbound-socket-binding="backend-node" scheme="ajp" instance-id="node1" path="/TargetApp"/> </reverse-proxy> </handlers> </subsystem>
Also, you should have the following outbound socket definition:
<outbound-socket-binding name="backend-node"> <remote-destination host="192.168.10.1" port="8109"/> </outbound-socket-binding>
That’s all! Now your requests from http://localhost:8080/TargetApp will land on the proxy WildFly server running on 192.168.10.1.
Related articles: Configuring Proxy address forwarding with WildFly
Conclusion
By understanding the fundamental differences between reverse and forward proxies, you can effectively leverage Undertow’s capabilities to optimize application performance, security, and scalability. This article provided a foundational overview of reverse proxies and demonstrated how Undertow can function as a robust and efficient solution for routing and managing incoming requests.