I have an application running on WildFly 26.1.3 that I've been securing to use only HTTPS. I've got almost everything sorted out, except for the JMS connections generated by the messaging-activemq subsystem. Any remote JMS connection objects created from this subsystem use the IP address of my server instead of the hostname or fully qualified domain name for the connection URL. My SSL certificates don't like that.
Example client java code where I see the problem:
// Using JNDI to get a TopicConnectionFactory from the Wildfly server
Hashtable<String, String> p = new Hashtable<String, String>();
p.put(Context.INITIAL_CONTEXT_FACTORY, "org.wildfly.naming.client.WildFlyInitialContextFactory");
p.put(Context.PROVIDER_URL, "https://<serverFQDN>:9090");
Context jndiContext;
jndiContext = new InitialContext(p);
myTopicConnFac = (TopicConnectionFactory)jndiContext.lookup(topicConnFacName); // JNDI look up succeeds
myTopicConnection = myTopicConnFac.createTopicConnection(); // Throws SSL connection error due to IP address usage
Is there a configuration option I can use to instruct the TopicConnectionFactory to use the hostname instead of the IP address for this?
Here are the pertinent pieces of my standalone.xml:
...
<subsystem xmlns="urn:jboss:domain:messaging-activemq:13.1">
<server name="default">
<statistics enabled="${wildfly.messaging-activemq.statistics-enabled:${wildfly.statistics-enabled:false}}"/>
<security enabled="false"/>
<address-setting name="#" dead-letter-address="jms.queue.DLQ" expiry-address="jms.queue.ExpiryQueue" max-size-bytes="10485760" page-size-bytes="2097152" message-counter-history-day-limit="10"/>
<http-connector name="https-connector" socket-binding="https" endpoint="https-acceptor">
<param name="ssl-enabled" value="true"/>
</http-connector>
<http-connector name="https-connector-throughput" socket-binding="https" endpoint="https-acceptor-throughput">
<param name="batch-delay" value="50"/>
</http-connector>
<http-acceptor name="https-acceptor" http-listener="default"/>
<http-acceptor name="https-acceptor-throughput" http-listener="default">
<param name="batch-delay" value="50"/>
<param name="direct-deliver" value="false"/>
</http-acceptor>
...
<connection-factory name="RemoteConnectionFactory" retry-interval="1000" reconnect-attempts="1000" entries="java:jboss/exported/jms/RemoteConnectionFactory java:jboss/exported/com.rsc.mmpl.TopicConnectionFactory java:jboss/exported/com.rsc.mmpl.Log4jTopicConnectionFactory" connectors="http-connector"/>
</server>
<subsystem/>
...
<interfaces>
...
<!-- jboss.bind.address is set to the server's FQDN, not IP address -->
<interface name="public">
<inet-address value="${jboss.bind.address:127.0.0.1}"/>
</interface>
</interfaces>
<socket-binding-group name="standard-sockets" default-interface="public" port-offset="${jboss.socket.binding.port-offset:0}">
...
<socket-binding name="https" port="${jboss.https.port:9090}"/>
...
</socket-binding-group>
I've tried adding several different parameters (local-address, host, hostname) to the http-connector section, to no avail.
I'm presuming that you are running behind a firewall. You need to follow the guide on the full set of changes needed for running behind NAT