When using a load balancer or other reverse proxy in the following way, Wildfly may redirect requests by using an incorrect URI scheme.
- The reverse proxy terminates TLS sessions
- Non-TLS connections (HTTP instead of HTTPS) are used between the proxy and CustomerID
With this configuration, Widlfy may use HTTP instead of HTTPS in redirects. In this case you can, for example, go to the CustomerID login screen and authenticate, but you cannot see the CustomerID main page after authentication.
For configuring Wildfly always to use HTTPS in redirects, you can use the following configurations:
In Wildfly configuration, set proxy-address-forwarding for the http-listener:
In the reverse proxy configuration, add X-Forwarded-Proto header to the requests forwarded to CustomerID. For example, haproxy can be configured as follows: