如何在使用AWS ElasticBeanstalk和Nginx上的OAuth2的Spring Boot应用程序上强制使用SSL? [英] How do I force SSL on my Spring Boot app that uses OAuth2 on AWS ElasticBeanstalk and Nginx?

问题描述

我正在尝试使用参考文档强制使用SSL

I'm trying to force SSL using the reference documentation

https://docs.spring.io/spring-boot/docs/current/reference/html/howto-security.html#howto-enable-https

但是，我已经有

@Configuration
class WebSecurityConfiguration  {

当我添加extends WebSecurityConfigurerAdapter，甚至不添加protected void configure(HttpSecurity http)时，对非Oauth2页面/home/的请求都会无缘无故地重定向到/login.它与属性设置一起使用.仅通过扩展类extends WebSecurityConfigurerAdapter即可中断应用程序. OAuth2保护其他不相关的路由.在设置Oauth2之前，我已经看到了这种不确定的随机行为.

When I add extends WebSecurityConfigurerAdapter, and not even protected void configure(HttpSecurity http), then requests to a non-Oauth2 page /home/ are redirected to /login for no reason. It works with the property settings. Just by extending the class extends WebSecurityConfigurerAdapter breaks the app. There are other unrelated routes secured by OAuth2. I've seen this non-deterministic random behavior before while setting up Oauth2.

这是WebSecurityConfiguration类的概述.

@Configuration
class WebSecurityConfiguration {

    @Autowired
    UserMapper userMapper;

    @Bean
    PasswordEncoder passwordEncoder() {

    @Bean
    protected UserDetailsService userDetailsService() {

就是这样.

在此答案中，我尝试添加Nginx配置以重定向到SSL， https://stackoverflow.com/a/53310987/148844 ，但是没有用.它确实重定向到SSL，但所有路径都出现404错误

I tried to add a Nginx configuration to redirect to SSL, in this answer https://stackoverflow.com/a/53310987/148844, but it didn't work. It does redirect to SSL but I get 404 errors for all paths

HTTP状态404-/home
类型状态报告
消息/home
说明请求的资源不可用.
Apache Tomcat/8.0.47

HTTP Status 404 - /home
type Status report
message /home
description The requested resource is not available.
Apache Tomcat/8.0.47

因此它强制使用SSL并访问Tomcat，但是Spring Boot应用程序完全混乱了.好像ZIP中的WAR文件从未部署过.

So it is forcing SSL and accessing Tomcat, but the Spring Boot app is completely messed up. It's as if the WAR file in the ZIP was never deployed.

参考: https://docs.aws.amazon.com/elasticbeanstalk/latest/dg/java-tomcat-proxy.html#java-tomcat-proxy-nginx

推荐答案

我为此放弃使用Spring Boot，因为它是如此的脆弱并诉诸于Nginx配置选项.这行得通，尽管仅仅制作ZIP显得过于冗长.还有一个额外的问题，就是Elastic Beanstalk中的错误！

I gave up using Spring Boot for this as it's so flaky and resorted to an Nginx configuration option. This worked, though it seems excessively verbose for just making a ZIP. There was the additional problem of a bug in Elastic Beanstalk!

AWS Elastic Beanstalk Tomcat与.war一起使用，但不是.zip

在部署ZIP时，它不会部署WAR！因此，我不得不创建一种变通方法来在ZIP中创建两个 WAR文件. (即使是一个叫ROOT.war的电话，也无法使用.)

When deploying the ZIP, it would not deploy the WAR! So I had to create a workaround to create two WAR files in the ZIP. (Just one, even called ROOT.war, would not work.)

我找不到用Maven创建空文件的方法，因此我在项目根目录中创建了一个空的empty.war文件，并将其捆绑在ZIP中，以诱使Elastic Beanstalk正确地工作和部署该应用程序.真是一团糟！好吧！

I could not find a way to create an empty file with Maven, so I created an empty empty.war file in the project root directory and bundled it inside the ZIP to trick Elastic Beanstalk into working and deploying the app properly. What a mess! Oy vey!

        <plugin> <!-- To add .ebextensions/ Nginx config for ElasticBeanstalk -->
          <artifactId>maven-assembly-plugin</artifactId>
          <configuration>
            <descriptors>
              <descriptor>assembly.xml</descriptor>
            </descriptors>
          </configuration>
          <executions>
            <execution>
              <id>make-assembly</id>
              <phase>package</phase>
              <goals>
                <goal>single</goal>
              </goals>
            </execution>
          </executions>
        </plugin>           

assembly.xml

<assembly 
  xmlns="http://maven.apache.org/plugins/maven-assembly-plugin/assembly/1.1.0" 
  xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
  xsi:schemaLocation="http://maven.apache.org/plugins/maven-assembly-plugin/assembly/1.1.0 http://maven.apache.org/xsd/assembly-1.1.0.xsd">
  <id>bin</id>
  <baseDirectory>/</baseDirectory>
  <formats>
    <format>zip</format>
  </formats>
  <files>
    <file>
      <source>empty.war</source>
      <outputDirectory/>
    </file>
    <file>
      <source>${project.build.directory}/AppName-0.0.3-SNAPSHOT.war</source>
      <outputDirectory/>
      <destName>ROOT.war</destName>
    </file>
  </files>

  <fileSets>
    <fileSet>
      <directory>${project.basedir}</directory>
      <outputDirectory>/.ebextensions/nginx/conf.d/elasticbeanstalk/</outputDirectory>
      <includes>
        <include>force-https.conf</include>
      </includes>
    </fileSet>
  </fileSets>
</assembly>

并且配置文件仅在项目根目录中.我不知道该把它放在哪里-它不是源代码.

And the configuration file is just in the project root. I didn't know where else to put it - it's not source code.

if ($http_x_forwarded_proto = 'http') {
    return 301 https://$host$request_uri;
}

http://maven.apache.org/plugins/maven -assembly-plugin/assembly.html

这篇关于如何在使用AWS ElasticBeanstalk和Nginx上的OAuth2的Spring Boot应用程序上强制使用SSL?的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！