Reverse proxy for Wildfly Management Console (HAL) with traefik

Hi all,

For quite a while now I am trying to get traefik (v2.1.4) working as a reverse proxy for the wildfly management console. After fixing a 403 error I am now stuck at the automatic redirect to /management that Wildfly seemingly does when accessing /console/index.html:

The Wildfly container exposes the management interface at http://foo.bar:9680 (-p 9680:9080) and this works without problems. I want to access the console at https://foo.bar/cess/ (or at least https://foo.bar/cess/console/index.html). In order to do this, I added the following labels to the container (TLS is configured in traefik config):

--label "traefik.enable=true" 
--label "traefik.http.routers.cess-mgmt.service=cess-mgmt" 
--label "traefik.http.routers.cess-mgmt.rule=PathPrefix(\"/cess/\")" 
--label "traefik.http.routers.cess-mgmt.middlewares=cess-mgmt-strip,cess-mgmt-header" 
--label "traefik.http.middlewares.cess-mgmt-header.headers.customrequestheaders.Origin=http://foo.bar" 
--label "traefik.http.middlewares.cess-mgmt-strip.stripprefix.prefixes=/cess" 
--label "traefik.http.middlewares.cess-mgmt-strip.stripprefix.forceslash=false" 
--label "traefik.http.routers.cess-mgmt.priority=80" 
--label "traefik.http.routers.cess-mgmt.tls=true" 
--label "traefik.http.routers.cess-mgmt.entrypoints=websecure" 
--label "traefik.http.services.cess-mgmt.loadbalancer.server.port=9080"

When I browse to https://foo.bar/cess/console/index.html, it opens the page but when trying to access /management, it gets a 404, since it is looking at https://foo.bar/management instead of https://foo.bar/cess/management:

Oddly enough, browsing https://foo.bar/cess/management returns "400 - Bad Request" instead of the json output I get at http://foo.bar:9680/management. But it still seems to be two separate problems. If the redirect would work properly, I would expect a 400 as well in the case where I try to open the management console.

Background is, that I have several Wildflys running on one host and want to access the management consoles of all those containers without using ports. I have been experimenting and googling for the whole last week but couldn't figure out how to do this. So any help is greatly appreciated.

Thanks,
Marius

Might be wrong here, but this does not seem like a problem with traefik configuration and more of a problem with how hal-0.js is initiating the xhr request. It seems to me that the script get the host and appends /management to it and runs with it.

Try to inspect the code and put breakpoints around the line 65326 to see how it initiates the requests.

Additionally, if it is the case I mentioned above, try setting up a subdomain instead of a sub path.

Thanks for your help. I think you are right that this might be a problem from HAL side. I now set up a subdomain and this works without problems. For us, this is a viable solution.

Concerning your other tip: I could not find the file hal-0.js. Neither in the running wildfly nor via google. So I could not follow up on this lead.