Spring Boot HTTPS redirect loop after Swisscom Application Cloud update

不羁的心 提交于 2019-12-07 16:37:41

问题


We are using the Swisscom Application Cloud to run our Spring Boot application. After their "Migration to multi-cloud environment" on 2018-02-22 (Swisscom Status Page), our application completely failed to serve any request.

The problem was found to be the automated redirection of HTTP to HTTPS. We were doing this in the SecurityConfiguration of our application like this:

@Configuration
public class SecurityConfiguration extends WebSecurityConfigurerAdapter {

    // [...]

    @Override
    protected void configure(HttpSecurity http) throws Exception {
        // [...]
        if (env.acceptsProfiles(SPRING_PROFILE_PRODUCTION)) {
            http.requiresChannel().anyRequest().requiresSecure();
        }
    }
}

How can Spring Boot be configured to only allow HTTPS connections while at the same time not fall into a redirect loop using the Swisscom Application Cloud?


回答1:


As part of the migration to multi-cloud there was a major change in the used IP ranges.

Due to this the tomcat buildpack has issues with redirection as these IPs are not trusted. We fixed this in the latest version of the system buildpack.

Please restage your application to make apply those changes. Further information can be found in our docs: https://docs.developer.swisscom.com/devguide-sc/buildpacks/java/caveats.html

Update:

Unfortunately, if you're using Spring boot with an embedded Tomcat, our buildpack can not do this configuration for you. You have to configure the internal proxies whitelist in your app config. Please see the instructions in the docs above.

Update 28th Nov: We've updated the config in our buildpacks for the new ranges that CF now uses with Envoy. If you use your own buildpack, please update the ranges.

As described in: https://docs.spring.io/spring-boot/docs/current/reference/html/howto-embedded-servlet-containers.html#howto-customize-tomcat-behind-a-proxy-server

We'll update the documentation right away.



来源:https://stackoverflow.com/questions/48945000/spring-boot-https-redirect-loop-after-swisscom-application-cloud-update

易学教程内所有资源均来自网络或用户发布的内容,如有违反法律规定的内容欢迎反馈
该文章没有解决你所遇到的问题?点击提问,说说你的问题,让更多的人一起探讨吧!