I have a Wildfly behind a load balancer, the connection between them is always HTTP. The connection between the client and the load balancer can be HTTP or HTTPS.

The load balancer sets a header (X-Forwarded-Proto) to let the Wildfly know which protocol the client is using.

I'm trying to write an Undertow rule to redirect to HTTPS taking into account all the conditions above.

This is one of my more successful tries (this rule is written in the undertow-handlers.conf file and it's the only thing in that file):

regex('/(.*)') and regex(pattern='http',value='%{i,X-Forwarded-Proto}',full-match=true)-> redirect(https://server.com/${1})

When the client try to access an url like: http://server.com/myapp is redirected to https://server.com, but the path /myapp is missing.

How can I fix my Undertow rule to keep the full path?

Try:

equals('http', %{SCHEME}) -> redirect(https://server.com/%U)

Or

equals('http', %{i,X-Forwarded-Proto}) -> redirect(https://server.com/%U)

Depending on if you have enabled proxy-address-forwarding in the HTTP listener (if you have undertow will automatically handle the X-Forwarded-Proto so it shows up under %{SCHEME}).