How to redirect HTTP to HTTPS in WildFly

In some cases it may be necessary to redirect your incoming HTTP traffic to HTTPS to ensure that your connection is encrypted. Let’s see what changes are required in your Undertow configuration to allow automatic redirection from HTTP to HTTPS.

In order to redirect HTTP traffic to HTTPS you need to:

  • Create a Rewrite filter which contains the target destination (for example https://localhost:8443).
  • Specify with a predicate expression which is the criteria to redirect request to the target destination (for example, port = 8080)

For instance, assuming we want to redirect incoming traffic from http://localhost:8080 to https://locahost:8443 the following CLI commands will do:

/subsystem=undertow/configuration=filter/rewrite=http-to-https:add(redirect="true",target="https://localhost:8443%U")
/subsystem=undertow/server=default-server/host=default-host/filter-ref=http-to-https:add(predicate="equals(%p,8080)")

Here is an explanation for the Exchange attributes contained in the command:

%pLocal port
%URequested URL path

The full list of attributes is available here: https://undertow.io/undertow-docs/undertow-docs-2.0.0/predicates-attributes-handlers.html

As a result, you should see the following configuration in the undertow subsystem:

        <subsystem xmlns="urn:jboss:domain:undertow:12.0" default-server="default-server" default-virtual-host="default-host" default-servlet-container="default" default-security-domain="other" statistics-enabled="${wildfly.undertow.statistics-enabled:${wildfly.statistics-enabled:false}}">
            <buffer-cache name="default"/>
            <server name="default-server">
                <http-listener name="default" socket-binding="http" redirect-socket="https" enable-http2="true"/>
                <https-listener name="https" socket-binding="https" security-realm="ApplicationRealm" enable-http2="true"/>
                <host name="default-host" alias="localhost">
                    <location name="/" handler="welcome-content"/>
                    <filter-ref name="hsts-header"/>
                    <filter-ref name="http-to-https" predicate="equals(%p,8080)"/>
                    <http-invoker security-realm="ApplicationRealm"/>
                </host>
            </server>
            <servlet-container name="default">
                <jsp-config/>
                <websockets/>
            </servlet-container>
            <handlers>
                <file name="welcome-content" path="${jboss.home.dir}/welcome-content"/>
            </handlers>
            <filters>
                <rewrite name="http-to-https" target="https://localhost:8443%U" redirect="true"/>
            </filters>
        </subsystem>

Therefore, if you try to connect to the default server port, it will be redirected to the secured one:

$ curl -I http://localhost:8080/
HTTP/1.1 302 Found
Connection: keep-alive
Location: https://localhost:8443/
Content-Length: 0
Date: Wed, 21 Jul 2021 07:39:44 GMT

In conclusion, in this article we have covered how to redirect traffic from HTTP to HTTPS using WildFly.

Found the article helpful? if so please follow us on Socials