Spring Boot with Embedded Undertow behind AWS ELB - HTTP to HTTPS redirect

匆匆过客 提交于 2019-11-28 02:13:21

This worked for me when I had the same problem:

Expose the port 80 from jhipster (you can change it in the application-prod.yml).

Amazon ELB when redirecting from http to https adds some headers, which you should address in the same file:

server: use-forward-headers: true port: 80

Also, you need to enforce the https from jhipster: https://jhipster.github.io/tips/007_tips_enforce_https.html

Just in case if somebody wants a working solution for redirecting all http requests to https with HTTP/2 in Spring Boot 1.5.19, following is the setting in application.properties file:

server.ssl.protocol=TLSv1.2
server.ssl.key-store-type=PKCS12
server.ssl.key-store=keystore.p12
server.ssl.key-store-password=xxxxxxx
server.port=443
server.use-forward-headers=true

And the following Java configuration:

import io.undertow.UndertowOptions;
import io.undertow.servlet.api.SecurityConstraint;
import io.undertow.servlet.api.SecurityInfo;
import io.undertow.servlet.api.TransportGuaranteeType;
import io.undertow.servlet.api.WebResourceCollection;
import org.springframework.boot.context.embedded.undertow.UndertowBuilderCustomizer;
import org.springframework.boot.context.embedded.undertow.UndertowEmbeddedServletContainerFactory;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
import org.springframework.context.annotation.PropertySource;


@Configuration
public class ConnectorConfig {

    @Bean
    public UndertowEmbeddedServletContainerFactory embeddedServletContainerFactory() {

        UndertowEmbeddedServletContainerFactory factory = new UndertowEmbeddedServletContainerFactory();

        factory.addBuilderCustomizers((UndertowBuilderCustomizer) builder -> {
            builder.setServerOption(UndertowOptions.ENABLE_HTTP2, true);
            builder.addHttpListener(80, "0.0.0.0");
        });

        factory.addDeploymentInfoCustomizers(deploymentInfo -> {
            deploymentInfo.addSecurityConstraint(
                    new SecurityConstraint()
                            .addWebResourceCollection(new WebResourceCollection().addUrlPattern("/*"))
                            .setTransportGuaranteeType(TransportGuaranteeType.CONFIDENTIAL)
                            .setEmptyRoleSemantic(SecurityInfo.EmptyRoleSemantic.PERMIT))
                    .setConfidentialPortManager(exchange -> 443);
        });

        return factory;
    }
}

Everything will be working perfectly.

易学教程内所有资源均来自网络或用户发布的内容,如有违反法律规定的内容欢迎反馈
该文章没有解决你所遇到的问题?点击提问,说说你的问题,让更多的人一起探讨吧!