Zuul通过HTTPS/SSL支持AWS ELB [英] Zuul behind an AWS ELB over HTTPS/SSL
问题描述
我有一个带有域证书的AWS Elastic Load Balancer
,它终止了SSL
通信. ELB
在https
端口上具有侦听器,并将其作为http
转发到Zuul
.
I have an AWS Elastic Load Balancer
with the certificates for my domain and which terminates the SSL
traffic. The ELB
has a listener on the https
port and forwards it as http
to Zuul
.
当我使用Spring Boot HATEOAS
时,Zuul将用正确的地址替换链接,但用http
代替https
:
When I use Spring Boot HATEOAS
, Zuul will replace the links with the correct address but with http
instead of https
:
"_links": {
"self": {
"href": "http://my.domain.com:80/rest/foo/bar"
}
}
但是我想要的是:
"_links": {
"self": {
"href": "https://my.domain.com/rest/foo/bar"
}
}
生成该响应的请求是通过https
The request that generates this response is made over https
因为Zuul
在ELB的后面,所以我猜它不知道它应该通过https接收流量.
Because Zuul
is behind the ELB I'm guessing it cannot know that it should receive traffic through https.
即使通过http
接收到未加密的流量,有没有办法告诉Zuul
用https
替换链接?
Is there a way to tell Zuul
to replace links with https
even though it receives un-encrypted traffic through http
?
我想一种替代方法是使用具有自签名证书的https
部署Zuul
,但是如果可以的话,我宁愿避免这种复杂性.
I guess an alternative is to deploy Zuul
with https
with a self-signed certificate but I'd rather ovoid this complication if I can.
推荐答案
按照Zuul小组的建议,可以通过添加pre
Zuul过滤器来解决此问题,该过滤器将在PreDecorationFilter
之后应用(第5项):
Following recommendation from the Zuul team, this issue can be fixed by adding a pre
Zuul filter, to be applied after PreDecorationFilter
(order 5):
new ZuulFilter() {
@Override
public String filterType() {
return "pre";
}
@Override
public int filterOrder() {
return 6; //PreDecorationFilter=5 + 1
}
@Override
public boolean shouldFilter() {
return true;
}
@Override
public Object run() {
RequestContext ctx = RequestContext.getCurrentContext();
log.info(String.format("Before filter ['%s': '%s', '%s': '%s']",
ZuulHeaders.X_FORWARDED_PROTO.toLowerCase(),
ctx.getZuulRequestHeaders().get(ZuulHeaders.X_FORWARDED_PROTO.toLowerCase()),
"X-Forwarded-Port",
ctx.getZuulRequestHeaders().get("x-forwarded-port")));
final String originalXForwardedProto = ctx.getRequest().getHeader(ZuulHeaders.X_FORWARDED_PROTO.toLowerCase());
final String originalXForwardedPort = ctx.getRequest().getHeader("x-forwarded-port");
if (!StringUtils.isEmpty(originalXForwardedProto)) {
ctx.addZuulRequestHeader(ZuulHeaders.X_FORWARDED_PROTO.toLowerCase(), originalXForwardedProto);
}
if (!StringUtils.isEmpty(originalXForwardedPort)) {
ctx.addZuulRequestHeader("x-forwarded-port", originalXForwardedPort);
}
log.info(String.format("After filter ['%s': '%s', '%s': '%s']",
ZuulHeaders.X_FORWARDED_PROTO.toLowerCase(),
ctx.getZuulRequestHeaders().get(ZuulHeaders.X_FORWARDED_PROTO.toLowerCase()),
"X-Forwarded-Port",
ctx.getZuulRequestHeaders().get("x-forwarded-port")));
return null;
}
};
}
这篇关于Zuul通过HTTPS/SSL支持AWS ELB的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!