QUESTION: How to set a reverse proxy with Undertow

I need to configure Undertow to work as a reverse proxy. Its a laboratory experience and security is not important right now. i have a domain, mydomain.com e its correctly pointed to my public ip adress. I want to acess the welcome page of wildfly and then management console. With nginx was super easy, but i really want to do it with Undertow. It must be Undertow. Im self-taught guy and you already know that im a oob, avery curious and obssessed one. My latest atempt, it did not work. the error says: WFLYCTL0193: Failed executing subsystem undertow boot operations.

 <subsystem xmlns="urn:jboss:domain:undertow:14.0" default-virtual-host="default-host" default-servlet-container="default" default-server="default-server" statistics-enabled="${wildfly.undertow.statistics-enabled:${wildfly.statistics-enabled:false}}" default-security-domain="other">
       <byte-buffer-pool name="default"/>
       <buffer-cache name="default"/>
       <server name="default-server">
           <http-listener name="default" socket-binding="http" redirect-socket="https" enable-http2="true"/>
           <https-listener name="https" socket-binding="https" ssl-context="applicationSSC" enable-http2="true"/>
           <host name="default-host" alias="localhost">
               <location name="/" handler="reverse-proxy"/>
               <filter-ref name="server-header"/>
               <filter-ref name="x-powered-by-header"/>
               <http-invoker http-authentication-factory="application-http-authentication"/>
           </host>
       </server>
       <servlet-container name="default">
           <jsp-config/>
           <websockets/>
       </servlet-container>
       <handlers>
           <file name="welcome-content" path="${jboss.home.dir}/welcome-content"/>
           <reverse-proxy name="reverse-proxy" connections-per-thread="30">
           <host name="default-host"/>
       </reverse-proxy>
       </handlers>
       <filters>
           <response-header name="server-header" header-name="Server" header-value="Wildfly 31"/>
           <response-header name="x-powered-by-header" header-name="X-Powered-By" header-value="Undertow 14"/>
       </filters>
       <application-security-domains>
           <application-security-domain name="other" security-domain="ApplicationDomain"/>
       </application-security-domains>
   </subsystem>

<socket-binding-group name="standard-sockets" default-interface="public" port-offset="${jboss.socket.binding.port-offset:0}">
   <socket-binding name="ajp" port="${jboss.ajp.port:8009}"/>
   <socket-binding name="http" port="${jboss.http.port:8080}"/>
   <socket-binding name="https" port="${jboss.https.port:8443}"/>
   <socket-binding name="management-http" interface="management" port="${jboss.management.http.port:9990}"/>
   <socket-binding name="management-https" interface="management" port="${jboss.management.https.port:9993}"/>
   <socket-binding name="txn-recovery-environment" port="4712"/>
   <socket-binding name="txn-status-manager" port="4713"/>
   <outbound-socket-binding name="mail-smtp">
       <remote-destination host="${jboss.mail.server.host:localhost}" port="${jboss.mail.server.port:25}"/>
   </outbound-socket-binding>
   <outbound-socket-binding name="reverse-proxy-outbound">
       <remote-destination host="default-host" port="9990"/>
   </outbound-socket-binding>        
</socket-binding-group>

Welcome to the Ranch, Thiago!

I've never studied Undertow, but since it's written in Java, it's not what I'd use for a reverse proxy server if the intent was to proxy ports 80 and 443 like I would with nginx or Apache.

That's because Java does not have user reassignment capabilities, unlike nginx and Apache. Meaning that the Undertow server could only listen on ports with numbers less than 4096 (like 80 and 443) if it ran as a privileged user. Which is a serious security risk.

Apache and nginx launch as privileged users, open ports 80 and 443 for listening and then downshift to a non-privileged user (typically named "apache", "nginx" or "httpd"). That's not a "write-once/run-anywhere" capability, so Java apps cannot do that.

Thanks a lot for your quick response and your kind answer. I didn't gave more context but I'll give now. This whole thing is for learning purpose. The fact that is sooooo hard to find useful stuff about undertow web server evidences that I should use apache or nginx. In fact, I did and it was very easy to do the reverse proxy with nginx. Im a self taught guy and with a mission: understand Jboss/wildfly. In my company, in my position there it would be very nice to have this kind of knowledge. You have no idea of how many things I've learned only by trying to do a pointless thing as this (and others..). By the way, you just taught me a valious one. My laboratory is a disposable and free AWS VM. Im no concerned with security in this moment. I just want to understand more about Undertow, set the reverse proxy, close this chapter and move on to another obsession I'm my project. Please help me.

Truthfully, I've only heard of Undertow as an alternative web container in Spring Boot. The others being Tomcat and jetty. Tomcat and Jetty are not suitable as reverse proxy servers, but they are popular as lightweight JEE containers for case where you don't need the full stack of services that servers like Wildfly provide. That is, no built-in JPA, JSF, JMS, and so forth.

So my take on it is that while it couldn't hurt to become proficient with Undertow, it's likely not to be a make-or-break skill in most IT shops.

Tim Holloway wrote:Truthfully, I've only heard of Undertow as an alternative web container in Spring Boot. The others being Tomcat and jetty. Tomcat and Jetty are not suitable as reverse proxy servers, but they are popular as lightweight JEE containers for case where you don't need the full stack of services that servers like Wildfly provide. That is, no built-in JPA, JSF, JMS, and so forth.

So my take on it is that while it couldn't hurt to become proficient with Undertow, it's likely not to be a make-or-break skill in most IT shops.

Ill continue to investigate the how-to procedure, im really obssessed and i have absolute conviction that im already there and its very easy too. https://docs.wildfly.org/25/wildscribe/subsystem/undertow/configuration/handler/reverse-proxy/host/index.html