带有SSL / HTTPS的Spring Boot项目无法在AWS Elastic Beanstalk上运行

Question

My Spring Boot project works fine on https / ssl, when serving locally, using a p12 cert, but fails when uploading to AWS Elastic Beanstalk.

The following is the application.properties configuration:

security.require-ssl=true
server.use-forward-headers=true

server.port=8443
server.ssl.key-store: classpath:keystore.p12
server.ssl.key-store-password: jonathan
server.ssl.keyStoreType: PKCS12
server.ssl.keyAlias: tomcat

The WebSecurityConfigurerAdapter subclass, configure(HttpSecurity http) method, contains the following line, to enable HTTPS / SSL:

http.requiresChannel().antMatchers("/**").requiresSecure();

Attached is classic load configurer configuration, inside AWS elastic beanstalk console:

Here is the SSL Certificate issued with the grasshapper.net domain, under AWS Certificate Manager:

I also have settings for under .ebextensions, the file with path is, src/main/resources/.ebextensions/.config (not sure if even needed):

option_settings:
  aws:elb:listener:8443:
    SSLCertificateId: [keeping private]
    ListenerProtocol: HTTPS
    InstancePort: 80
    InstanceProtocol: HTTP
  aws:elb:listener:80:
    ListenerEnabled: false

Note (SSLCertifcateId): the ID is taken from the ARN, my AWS Certifcate manager SSL Certificate (if you expand the SSL Certificate you will see the ARN).

Answer 1

Does the proxy have a trusted IP address?

By default, IP addresses in 10/8, 192.168/16, 169.254/16 and 127/8 are trusted. You can customize the valve's configuration by adding an entry to application.properties, as shown in the following example:

server.tomcat.internal-proxies=192\\.168\\.\\d{1,3}\\.\\d{1,3}

Reference: https://docs.spring.io/spring-boot/docs/current-SNAPSHOT/reference/html/howto-embedded-web-servers.html#howto-customize-tomcat-behind-a-proxy-server