[英]Spring Boot project with SSL / HTTPS not working on AWS Elastic Beanstalk
My Spring Boot project works fine on https / ssl, when serving locally, using a p12 cert, but fails when uploading to AWS Elastic Beanstalk. 当使用p12证书在本地服务时,我的Spring Boot项目在https / ssl上可以正常工作,但是在上载到AWS Elastic Beanstalk时失败。
The following is the application.properties configuration: 以下是application.properties配置:
security.require-ssl=true
server.use-forward-headers=true
server.port=8443
server.ssl.key-store: classpath:keystore.p12
server.ssl.key-store-password: jonathan
server.ssl.keyStoreType: PKCS12
server.ssl.keyAlias: tomcat
The WebSecurityConfigurerAdapter subclass, configure(HttpSecurity http) method, contains the following line, to enable HTTPS / SSL: WebSecurityConfigurerAdapter子类的configure(HttpSecurity http)方法包含以下行,以启用HTTPS / SSL:
http.requiresChannel().antMatchers("/**").requiresSecure();
Attached is classic load configurer configuration, inside AWS elastic beanstalk console: 附件是AWS Elastic beantalk控制台内部的经典负载配置器配置:
Here is the SSL Certificate issued with the grasshapper.net domain, under AWS Certificate Manager: 这是在AWS Certificate Manager下随grasshapper.net域颁发的SSL证书:
I also have settings for under .ebextensions, the file with path is, src/main/resources/.ebextensions/.config (not sure if even needed): 我在.ebextensions下也有设置,带有路径的文件是src / main / resources / .ebextensions / .config(不确定是否需要):
option_settings:
aws:elb:listener:8443:
SSLCertificateId: [keeping private]
ListenerProtocol: HTTPS
InstancePort: 80
InstanceProtocol: HTTP
aws:elb:listener:80:
ListenerEnabled: false
Note (SSLCertifcateId): the ID is taken from the ARN, my AWS Certifcate manager SSL Certificate (if you expand the SSL Certificate you will see the ARN). 注意(SSLCertifcateId):ID是从ARN(我的AWS Certifcate管理器SSL证书)获取的(如果您展开SSL证书,则会看到ARN)。
Does the proxy have a trusted IP address? 代理是否具有受信任的IP地址?
By default, IP addresses in 10/8, 192.168/16, 169.254/16 and 127/8 are trusted.
默认情况下,信任10 / 8、192.168 / 16、169.254 / 16和127/8中的IP地址。 You can customize the valve's configuration by adding an entry to application.properties, as shown in the following example:
您可以通过在application.properties中添加一个条目来自定义阀门的配置,如以下示例所示:
server.tomcat.internal-proxies=192\\.168\\.\\d{1,3}\\.\\d{1,3}
server.tomcat.internal的代理= 192 \\ .168 \\。\\ d {1,3} \\。\\ d {1,3}
Reference: https://docs.spring.io/spring-boot/docs/current-SNAPSHOT/reference/html/howto-embedded-web-servers.html#howto-customize-tomcat-behind-a-proxy-server 参考: https : //docs.spring.io/spring-boot/docs/current-SNAPSHOT/reference/html/howto-embedded-web-servers.html#howto-customize-tomcat-behind-a-proxy-server
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.