Zuul通过HTTPS/SSL支持AWS ELB [英] Zuul behind an AWS ELB over HTTPS/SSL

问题描述

我有一个带有域证书的AWS Elastic Load Balancer，它终止了SSL通信. ELB在https端口上具有侦听器，并将其作为http转发到Zuul.

I have an AWS Elastic Load Balancer with the certificates for my domain and which terminates the SSL traffic. The ELB has a listener on the https port and forwards it as http to Zuul.

当我使用Spring Boot HATEOAS时，Zuul将用正确的地址替换链接，但用http代替https:

When I use Spring Boot HATEOAS, Zuul will replace the links with the correct address but with http instead of https:

"_links": {
  "self": {
    "href": "http://my.domain.com:80/rest/foo/bar"
  }
}

但是我想要的是:

"_links": {
  "self": {
    "href": "https://my.domain.com/rest/foo/bar"
  }
}

生成该响应的请求是通过https

The request that generates this response is made over https

因为Zuul在ELB的后面，所以我猜它不知道它应该通过https接收流量.

Because Zuul is behind the ELB I'm guessing it cannot know that it should receive traffic through https.

即使通过http接收到未加密的流量，有没有办法告诉Zuul用https替换链接?

Is there a way to tell Zuul to replace links with https even though it receives un-encrypted traffic through http?

我想一种替代方法是使用具有自签名证书的https部署Zuul，但是如果可以的话，我宁愿避免这种复杂性.

I guess an alternative is to deploy Zuul with https with a self-signed certificate but I'd rather ovoid this complication if I can.

推荐答案

按照Zuul小组的建议，可以通过添加pre Zuul过滤器来解决此问题，该过滤器将在PreDecorationFilter之后应用(第5项):

Following recommendation from the Zuul team, this issue can be fixed by adding a pre Zuul filter, to be applied after PreDecorationFilter (order 5):

new ZuulFilter() {
        @Override
        public String filterType() {
            return "pre";
        }

        @Override
        public int filterOrder() {
            return 6; //PreDecorationFilter=5 + 1
        }

        @Override
        public boolean shouldFilter() {
            return true;
        }

        @Override
        public Object run() {
            RequestContext ctx = RequestContext.getCurrentContext();
            log.info(String.format("Before filter ['%s': '%s', '%s': '%s']",
                    ZuulHeaders.X_FORWARDED_PROTO.toLowerCase(),
                    ctx.getZuulRequestHeaders().get(ZuulHeaders.X_FORWARDED_PROTO.toLowerCase()),
                    "X-Forwarded-Port",
                    ctx.getZuulRequestHeaders().get("x-forwarded-port")));


            final String originalXForwardedProto = ctx.getRequest().getHeader(ZuulHeaders.X_FORWARDED_PROTO.toLowerCase());
            final String originalXForwardedPort = ctx.getRequest().getHeader("x-forwarded-port");

            if (!StringUtils.isEmpty(originalXForwardedProto)) {
                ctx.addZuulRequestHeader(ZuulHeaders.X_FORWARDED_PROTO.toLowerCase(), originalXForwardedProto);
            }

            if (!StringUtils.isEmpty(originalXForwardedPort)) {
                ctx.addZuulRequestHeader("x-forwarded-port", originalXForwardedPort);
            }

            log.info(String.format("After filter ['%s': '%s', '%s': '%s']",
                    ZuulHeaders.X_FORWARDED_PROTO.toLowerCase(),
                    ctx.getZuulRequestHeaders().get(ZuulHeaders.X_FORWARDED_PROTO.toLowerCase()),
                    "X-Forwarded-Port",
                    ctx.getZuulRequestHeaders().get("x-forwarded-port")));

            return null;
        }
    };
}

这篇关于Zuul通过HTTPS/SSL支持AWS ELB的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！