Advanced SOAP server topics
Running behind a reverse proxy
SOAP requests aimed towards services running on Quarkus can be routed through proxies that generate additional headers
(e.g. X-Forwarded-Host
) to keep information from the client-facing side of the proxy servers that is altered or lost when they are involved.
In those scenarios, Quarkus can be configured to automatically update information like protocol, host, port and URI reflecting the values in these headers.
Refer to Quarkus HTTP reference for more details. |
CXF Extensions for Quarkus support for various X-Forwarded
headers works in line with Quarkus configuration.
Activating this feature leaves the server exposed to several security issues (i.e. information spoofing). Consider activating it only when running behind a reverse proxy. |
These are the relevant Quarkus properties and their effect on CXF Extensions for Quarkus:
-
quarkus.http.proxy.proxy-address-forwarding
- the main switch to enable the rewriting of the request destination parts.-
If enabled, the rewriting of the request fields will be effective throughout the whole CXF server stack.
-
If enabled, the values passed via
X-Forwarded-Proto
andX-Forwarded-Port
headers will be used to set the protocol part and the port part of the URL returned byjakarta.servlet.http.HttpServletRequest.getRequestURL()
respectively. -
If enabled, the value passed via
X-Forwarded-For
will be returned byjakarta.servlet.ServletRequest.getRemoteAddr()
.
-
-
quarkus.http.proxy.enable-forwarded-host
- enable the rewriting of the host part of URL returned byjakarta.servlet.http.HttpServletRequest.getRequestURL()
. The actual host name is taken from the header configured viaquarkus.http.proxy.forwarded-host-header
(default isX-Forwarded-Host
). -
quarkus.http.proxy.enable-forwarded-prefix
- enable the rewriting of the path part of the URL returned byjakarta.servlet.http.HttpServletRequest.getRequestURL()
and of the URI returned byjakarta.servlet.http.HttpServletRequest.getRequestURI()
. The actual path prefix is taken from the header configured viaquarkus.http.proxy.forwarded-prefix-header
(default isX-Forwarded-Prefix
).
Here is the most common snippet to copy to your application.properties
:
quarkus.http.proxy.proxy-address-forwarding = true
quarkus.http.proxy.enable-forwarded-host = true
quarkus.http.proxy.enable-forwarded-prefix = true
One of the observable effects of these settings is the change of the location value in WSDL served
on http://localhost:8080/services/my-service?wsdl
.
For example, if the request contains the following headers
X-Forwarded-Proto: https
X-Forwarded-Host: api.example.com
X-Forwarded-Port: 443
X-Forwarded-Prefix: /my-prefix
then the WSDL served on http://localhost:8080/services/my-service?wsdl
would contain the following location
:
...
<soap:address location="https://api.example.com:443/my-prefix/services/my-service"/>
...