如何使用 Aws ELB 使用 SSL 证书保护 Spring 云网关
[英]How to secure Spring Cloud Gateway with SSL certificate using Aws ELB
问题描述
Currently, I have an ec2 instance I use as a sort of dev/test server, running multiple microservices.
目前,我有一个 ec2 实例用作开发/测试服务器,运行多个微服务。
In front of these services, I have a Spring cloud gateway routing the traffic to the different services.在这些服务前面,我有一个 Spring 云网关将流量路由到不同的服务。
In front of the ec2 instance, I have an Application Load balancer (ELB) configured with AWS and with a certificate attached that was provided by AWS Certificate Manager (domain hosted in go daddy).在 ec2 实例前面,我有一个使用 AWS 配置的应用程序负载均衡器 (ELB),并附加了由 AWS Certificate Manager 提供的证书(域托管在 go daddy)。
This is all good and well and works perfectly if HTTPS is not set on lb, but once I switch over to HTTPS on lb I only get如果 HTTPS 没有设置在 lb 上,这一切都很好,而且效果很好,但是一旦我切换到 lb 上的 HTTPS,我只会得到
502 Bad Gateway
In the gateway logs I get the following exception:在网关日志中,我得到以下异常:
decoding failed: DefaultFullHttpRequest(decodeResult: failure(java.lang.IllegalArgumentException: text is empty (possibly HTTP/0.9)), version: HTTP/1.0, content: UnpooledByteBufAllocator$InstrumentedUnpooledUnsafeHeapByteBuf(ridx: 0, widx: 0, cap: 0))
GET /bad-request HTTP/1.0 :
After some searching I found that you have to explicitly enable SSL using:经过一番搜索,我发现您必须使用以下命令显式启用 SSL:
server:
ssl:
enabled: true
but once I do that seems like it required the rest of the details since I get the following.但是一旦我这样做了,似乎它需要 rest 的详细信息,因为我得到了以下信息。
org.springframework.boot.web.server.WebServerException: Could not load key store 'null'
As far as I understand you have to upload the certificate into the jvm cert store, but the problem is as far as I am aware you can't export the certificate provided by AWS Cert Manager.据我了解,您必须将证书上传到 jvm 证书存储区,但据我所知,问题是您无法导出 AWS Cert Manager 提供的证书。
I previously did the exact same thing for a dot-net-core environment and had no issue (maybe because it's had like a web server running it within the same docker image) I am not sure How to proceed in Java.我以前为 dot-net-core 环境做了同样的事情并且没有问题(可能是因为它就像 web 服务器在同一个 docker 映像中运行它)我不确定如何在 ZD52387880E1EA2189DZ 中进行操作。 Maybe my approach is wrong, and this architecture cant work.也许我的方法是错误的,这个架构行不通。
Please assist to point out my problem, or suggest a solution as I have exhausted all my options请协助指出我的问题,或提出解决方案,因为我已经用尽了所有选择
1 个解决方案
解决方案1
0 2021-12-14 22:32:26
If you are using ALB, then you deploy your SSL cert from ACM on the ALB itself.如果您使用的是 ALB,那么您从 ACM 将 SSL 证书部署在 ALB本身上。 Your spring application has nothing to do with that.您的 spring 应用程序与此无关。 The process of setting up the SSL cert on ALB is explained in:在 ALB 上设置 SSL 证书的过程解释如下:
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.