zuul和微服务之间使用证书进行的tls相互身份验证 [英] tls mutual authentication between zuul and microservice with certificates

问题描述

我有一个充当边缘服务器的zuul代理，而我的微服务是非jvm应用程序，并且我不使用功能区或eureka.这些微服务只能通过https访问，并且需要客户端证书才能与其通信. zuul是否支持与下游证书的相互认证?如果是这样，我该如何在zuul服务器上进行设置.

I have a zuul proxy acting as an edge server and my microservices are non jvm applications and I dont use ribbon or eureka. These microservices are accessible over https only and require client certs to communicate with them. Does zuul support mutual auth with certs for downstream? If so how do i set it up on my zuul server.

推荐答案

如果您使用的是Spring Cloud Zuul，则可以通过定义CloseableHttpClient bean来提供自己的Http Client，如下所示. (受Edgware版本支持)

If you're using Spring Cloud Zuul, you can provide your own Http Client by define CloseableHttpClient bean like below. (supported from Edgware release)

@Bean
public CloseableHttpClient httpClient() throws Throwable {
    return HttpClients.custom()
           .......ssl context or sslsocketfactory settging.
           .build();
}

如果提供了这种类型的bean，Zuul在发出http请求时将使用该bean.因此，您可以定义自定义SSL上下文以支持客户端证书.您可以找到许多示例来支持apache http客户端中的客户端证书，例如此.

If you provides this type of bean, Zuul will use this bean when making http request. Therefore you can define your custom SSL context to support client certificate. You can find many examples to support client certificate in apache http client like this or this.

这篇关于zuul和微服务之间使用证书进行的tls相互身份验证的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！