Configuring WildFly as Reverse Proxy

In this tutorial we will learn how to configure WildFly or JBoss to reverse proxy requests to another application server. We will first discuss the basics of reverse proxying and then we will show the commands to achieve the correct configuration.  

Reverse Proxy vs. Forward Proxy

Before diving into Undertow’s reverse proxy capabilities, it’s essential to clarify the difference between reverse and forward proxies.

  • Forward Proxy: A forward proxy sits between a client and a destination server. Clients must be configured to use the proxy, and it acts as an intermediary, forwarding requests to the target server.
  • Reverse Proxy: Unlike a forward proxy, a reverse proxy is typically invisible to the client. It sits in front of one or more servers, receiving client requests and directing them to appropriate backend servers. Clients are unaware of the proxy’s existence.

Typical Usage of a Reverse Proxy

  • Access Control: Provides internet users access to a server behind a firewall.
  • Load Balancing: Balances load among several back-end servers.
  • Caching: Provides caching for a slower back-end server.
  • URL Space Management: Brings several servers into the same URL space.

Configuring Undertow for Reverse Proxy

The Undertow web server can provide reverse proxy functionalities with just a few configuration tweaks. Let’s create an example scenario where we want to proxy incoming requests to the WildFly server at 192.168.10.1 using AJP as the protocol.

wildfly jboss configure reverse proxy

We will first show the CLI commands to configure the Reverse Proxy and then we will take a look at the outcome in the XML configuration .

Firstly, add a new Reverse Proxy Handler to the Undertow subsystem:

/subsystem=undertow/configuration=handler/reverse-proxy=RevProxy:add(connection-idle-timeout=60,session-cookie-names=JSESSIONID)

The above command will create a new reverse-proxy object with some basic settings. There are several other options available that you can add. Check WildFly model to find out the reverse proxy options.

Then, add an outbound socket to the WildFly target Host. Assuming that the target Hosts is 192.168.10.1 and the protocol is AJP:

/socket-binding-group=standard-sockets/remote-destination-outbound-socket-binding=backend-node/:add(host=192.168.10.1,port=8109)

Next, target the reverse-proxy to the outbound-socket-binding for the application /TargetApp :

/subsystem=undertow/configuration=handler/reverse-proxy=RevProxy/host=backend-node/:add(instance-id=node1,outbound-socket-binding=backend-node,path=/TargetApp,scheme=ajp)

Finally, add the handler to the undertow’s default-server:

/subsystem=undertow/server=default-server/host=default-host/location=\/TargetApp/:add(handler=RevProxy)

Reverse Proxy XML Configuration

After you execute the above commands, you should see the following changes in your XML configuration. Here is the undertow relevant part:

 <subsystem xmlns="urn:jboss:domain:undertow:14.0" default-virtual-host="default-host" default-servlet-container="default" default-server="default-server" statistics-enabled="${wildfly.undertow.statistics-enabled:${wildfly.statistics-enabled:false}}" default-security-domain="other">
	<!--  . . .  -->
	<server name="default-server">
		<http-listener name="default" socket-binding="http" redirect-socket="https" enable-http2="true"/>
		<https-listener name="https" socket-binding="https" ssl-context="applicationSSC" enable-http2="true"/>
		<host name="default-host" alias="localhost">
			<location name="/" handler="welcome-content"/>
			<location name="/TargetApp" handler="RevProxy"/>
			<http-invoker http-authentication-factory="application-http-authentication"/>
		</host>
	</server>
	 
	<handlers>
		<file name="welcome-content" path="${jboss.home.dir}/welcome-content"/>
		<reverse-proxy name="RevProxy" session-cookie-names="JSESSIONID" connection-idle-timeout="60">
			<host name="backend-node" outbound-socket-binding="backend-node" scheme="ajp" instance-id="node1" path="/TargetApp"/>
		</reverse-proxy>
	</handlers>
 
</subsystem>

Also, you should have the following outbound socket definition:

<outbound-socket-binding name="backend-node">
            <remote-destination host="192.168.10.1" port="8109"/>
</outbound-socket-binding>

That’s all! Now your requests from http://localhost:8080/TargetApp will land on the proxy WildFly server running on 192.168.10.1.

Related articles: Configuring Proxy address forwarding with WildFly

Conclusion

By understanding the fundamental differences between reverse and forward proxies, you can effectively leverage Undertow’s capabilities to optimize application performance, security, and scalability. This article provided a foundational overview of reverse proxies and demonstrated how Undertow can function as a robust and efficient solution for routing and managing incoming requests.