问题
I have a zuul proxy acting as an edge server and my microservices are non jvm applications and I dont use ribbon or eureka. These microservices are accessible over https only and require client certs to communicate with them. Does zuul support mutual auth with certs for downstream? If so how do i set it up on my zuul server.
回答1:
If you're using Spring Cloud Zuul, you can provide your own Http Client by define CloseableHttpClient bean like below. (supported from Edgware release)
@Bean
public CloseableHttpClient httpClient() throws Throwable {
return HttpClients.custom()
.......ssl context or sslsocketfactory settging.
.build();
}
If you provides this type of bean, Zuul will use this bean when making http request. Therefore you can define your custom SSL context to support client certificate. You can find many examples to support client certificate in apache http client like this or this.
来源:https://stackoverflow.com/questions/48334463/tls-mutual-authentication-between-zuul-and-microservice-with-certificates