Error when Zuul routing to a HTTPS url

后端未结

关注

 1  1835

余生分开走 2021-01-06 17:45

I have a Spring Boot application (recently enabled it for HTTPS + self signed certificate) which is registered in Eureka and visible in the Eureka dashboard.

We have

1条回答

伪装坚强ぢ (楼主)

2021-01-06 18:05

It has been a little while since I have played with this because we ended up not being able to use it due to the limitation of not being able to pass the users certificate through the proxy. However, you asked for my help, so I'll try to share what I did have working.

I was able to get 2-way SSL working between both the ZUUL, acting as an Edge Server, and the Services on the backend while running in their own VMs (i.e. doing a mvn spring-boot:run on each service).

Here is my Zuul Conifg:

info:
  component: Zuul Server

endpoints:
  restart:
    enabled: true
  shutdown:
    enabled: true
  health:
    sensitive: false

zuul:
  routes:
    ui: /**
    api: /api/**

logging:
  level:
    ROOT: INFO
    org.springframework.web: DEBUG

server:
  port: 8443
  ssl:
      key-store: classpath:dev/localhost.jks
      key-store-password: yourpassword
      keyStoreType: JKS
      keyAlias: localhost
      clientAuth: want
      trust-store: classpath:dev/localhost.jks

ribbon:
    IsSecure: true

The Edge Server itself is nothing interesting:

@SpringBootApplication
@Controller
@EnableAutoConfiguration
@EnableZuulProxy
public class ZuulEdgeServer {
    public static void main(String[] args) {
        new SpringApplicationBuilder(ZuulEdgeServer.class).web(true).run(args);
    }
}

Now in my other services I had the following in their application.yml files:

server:
  port: 8444
  ssl:
      key-store: classpath:dev/localhost.jks
      key-store-password: yourpassword
      keyStoreType: JKS
      keyAlias: localhost
      clientAuth: want
      trust-store: classpath:dev/localhost.jks

eureka:
  instance: 
    nonSecurePortEnabled: false
    securePortEnabled: true
    securePort: ${server.port}
    homePageUrl: https://${eureka.instance.hostname}:${server.port}/
    secureVirtualHostName: ${spring.application.name}

My Eureka Config doesn't have much too it, but just in case:

server:
  port: 8761

eureka:
  client:
    registerWithEureka: false
    fetchRegistry: false
  server:
    waitTimeInMsWhenSyncEmpty: 0

My bootstrap.yml's in most the applications look like this:

spring:
  application:
    name: eureka
  cloud:
    config:
      uri: ${vcap.services.${PREFIX:}configserver.credentials.uri:http://user:password@localhost:8888}

I mainly found I needed the spring.application.name in there to resolve conflicts when running the applications within the same container.

If I remember right, the important parts from above were:

ribbon.isSecure = true in the zuul config
eureka.instance.securePortEnabled = true and the securePort in the backend services.

I can't remember if the secureVirtualHostName was important or not.

Hopefully this info can help you out though!

0 讨论(0)