Error when Zuul routing to a HTTPS url

后端 未结 1 1839
余生分开走
余生分开走 2021-01-06 17:45

I have a Spring Boot application (recently enabled it for HTTPS + self signed certificate) which is registered in Eureka and visible in the Eureka dashboard.

We have

相关标签:
1条回答
  • 2021-01-06 18:05

    It has been a little while since I have played with this because we ended up not being able to use it due to the limitation of not being able to pass the users certificate through the proxy. However, you asked for my help, so I'll try to share what I did have working.

    I was able to get 2-way SSL working between both the ZUUL, acting as an Edge Server, and the Services on the backend while running in their own VMs (i.e. doing a mvn spring-boot:run on each service).

    Here is my Zuul Conifg:

    info:
      component: Zuul Server
    
    endpoints:
      restart:
        enabled: true
      shutdown:
        enabled: true
      health:
        sensitive: false
    
    zuul:
      routes:
        ui: /**
        api: /api/**
    
    logging:
      level:
        ROOT: INFO
        org.springframework.web: DEBUG
    
    server:
      port: 8443
      ssl:
          key-store: classpath:dev/localhost.jks
          key-store-password: yourpassword
          keyStoreType: JKS
          keyAlias: localhost
          clientAuth: want
          trust-store: classpath:dev/localhost.jks
    
    ribbon:
        IsSecure: true
    

    The Edge Server itself is nothing interesting:

    @SpringBootApplication
    @Controller
    @EnableAutoConfiguration
    @EnableZuulProxy
    public class ZuulEdgeServer {
        public static void main(String[] args) {
            new SpringApplicationBuilder(ZuulEdgeServer.class).web(true).run(args);
        }
    }
    

    Now in my other services I had the following in their application.yml files:

    server:
      port: 8444
      ssl:
          key-store: classpath:dev/localhost.jks
          key-store-password: yourpassword
          keyStoreType: JKS
          keyAlias: localhost
          clientAuth: want
          trust-store: classpath:dev/localhost.jks
    
    eureka:
      instance: 
        nonSecurePortEnabled: false
        securePortEnabled: true
        securePort: ${server.port}
        homePageUrl: https://${eureka.instance.hostname}:${server.port}/
        secureVirtualHostName: ${spring.application.name}
    

    My Eureka Config doesn't have much too it, but just in case:

    server:
      port: 8761
    
    eureka:
      client:
        registerWithEureka: false
        fetchRegistry: false
      server:
        waitTimeInMsWhenSyncEmpty: 0
    

    My bootstrap.yml's in most the applications look like this:

    spring:
      application:
        name: eureka
      cloud:
        config:
          uri: ${vcap.services.${PREFIX:}configserver.credentials.uri:http://user:password@localhost:8888}
    

    I mainly found I needed the spring.application.name in there to resolve conflicts when running the applications within the same container.

    If I remember right, the important parts from above were:

    • ribbon.isSecure = true in the zuul config
    • eureka.instance.securePortEnabled = true and the securePort in the backend services.

    I can't remember if the secureVirtualHostName was important or not.

    Hopefully this info can help you out though!

    0 讨论(0)
提交回复
热议问题