Technical : Administration : Configuring a proxy for Wildfly for Amazon SNS push notifications (on-premise)
Configuring a proxy for Wildfly for Amazon SNS push notifications (on-premise)
In on-premise environments where outbound internet access is only allowed via a proxy, you must configure the proxy on the Wildfly application server.
Push notifications using Amazon SNS are processed by Wildfly; if the proxy is only configured on the web server (Tomcat) or at OS level, SNS communication may still bypass the proxy and device registrations will fail.
Required JVM proxy properties
For an on-premise Planon installation using Wildfly with the Tanuki service wrapper, you configure the Java system properties for the Wildfly JVM in the Wildfly wrapper configuration file.
Typical location/name (may vary per customer installation). for example:
…/wildfly/conf/wrapper.conf
…/wildfly/conf/wrapper-default.conf
Open the file and configure the following Java system properties for the Wildfly JVM so that outbound HTTP(S) traffic to Amazon SNS is routed via the proxy:
-Dhttp.proxyHost=<proxy-host>
-Dhttp.proxyPort=<proxy-port>
-Dhttps.proxyHost=<proxy-host>
-Dhttps.proxyPort=<proxy-port>
Replace <proxy-host> and <proxy-port> with the hostname and port of your organization’s proxy server.
To prevent internal traffic from going through the proxy (for example, communication between the Appserver and Webserver or other internal services), configure the non-proxy hosts:
-Dhttp.nonProxyHosts="localhost|127.0.0.1|*.your-internal-domain.com|<appserver-host>|<webserver-host>"
-Dhttps.nonProxyHosts="localhost|127.0.0.1|*.your-internal-domain.com|<appserver-host>|<webserver-host>"
Use a |-separated list and ensure that the host names match how they are used in your environment (short name vs FQDN).
Applying the settings in Wildfly startup configuration
In typical on-premise installations, Wildfly is started via a service wrapper (for example, Tanuki). In that case, add the proxy properties to the Wildfly startup configuration, for example:
wrapper.java.additional.25=-Dhttp.proxyHost=proxy.example.com
wrapper.java.additional.26=-Dhttp.proxyPort=3128
wrapper.java.additional.27=-Dhttp.nonProxyHosts="localhost|127.0.0.1|*.example.local|appserver-host|webserver-host"
wrapper.java.additional.28=-Dhttps.proxyHost=proxy.example.com
wrapper.java.additional.29=-Dhttps.proxyPort=3128
wrapper.java.additional.30=-Dhttps.nonProxyHosts="localhost|127.0.0.1|*.example.local|appserver-host|webserver-host"
Adjust the numbers of the wrapper.java.additional.* entries and the host names according to your local configuration.
After restarting Wildfly with these settings, push notifications via Amazon SNS can be sent successfully in on-premise environments that require a proxy.