Swisscom Application Cloud更新后的Spring Boot HTTPS重定向循环 [英] Spring Boot HTTPS redirect loop after Swisscom Application Cloud update

问题描述

我们正在使用Swisscom Application Cloud运行我们的Spring Boot应用程序.在2018年2月22日迁移到多云环境"(瑞士电信状态页面)之后，我们的应用程序完全无法满足任何请求.

We are using the Swisscom Application Cloud to run our Spring Boot application. After their "Migration to multi-cloud environment" on 2018-02-22 (Swisscom Status Page), our application completely failed to serve any request.

发现问题是HTTP自动重定向到HTTPS.我们正在应用程序的SecurityConfiguration中执行以下操作:

The problem was found to be the automated redirection of HTTP to HTTPS. We were doing this in the SecurityConfiguration of our application like this:

@Configuration
public class SecurityConfiguration extends WebSecurityConfigurerAdapter {

    // [...]

    @Override
    protected void configure(HttpSecurity http) throws Exception {
        // [...]
        if (env.acceptsProfiles(SPRING_PROFILE_PRODUCTION)) {
            http.requiresChannel().anyRequest().requiresSecure();
        }
    }
}

如何将Spring Boot配置为仅允许HTTPS连接，同时又不使用Swisscom Application Cloud进入重定向循环?

How can Spring Boot be configured to only allow HTTPS connections while at the same time not fall into a redirect loop using the Swisscom Application Cloud?

推荐答案

作为向多云迁移的一部分，使用的IP范围发生了重大变化.

As part of the migration to multi-cloud there was a major change in the used IP ranges.

由于这个原因，tomcat buildpack的重定向存在问题，因为这些IP不可信.我们已在最新版本的系统buildpack中修复了此问题.

Due to this the tomcat buildpack has issues with redirection as these IPs are not trusted. We fixed this in the latest version of the system buildpack.

请重新启动您的应用程序以应用这些更改.可以在我们的文档中找到更多信息: https://docs .developer.swisscom.com/devguide-sc/buildpacks/java/caveats.html

Please restage your application to make apply those changes. Further information can be found in our docs: https://docs.developer.swisscom.com/devguide-sc/buildpacks/java/caveats.html

更新:

不幸的是，如果您将Spring Boot与嵌入式Tomcat一起使用，则我们的buildpack无法为您执行此配置.您必须在应用程序配置中配置内部代理白名单.请参阅上面文档中的说明.

Unfortunately, if you're using Spring boot with an embedded Tomcat, our buildpack can not do this configuration for you. You have to configure the internal proxies whitelist in your app config. Please see the instructions in the docs above.

11月28日更新: 我们已经更新了构建包中的配置，以获取CF现在与Envoy一起使用的新范围.如果您使用自己的buildpack，请更新范围.

Update 28th Nov: We've updated the config in our buildpacks for the new ranges that CF now uses with Envoy. If you use your own buildpack, please update the ranges.

如以下内容所述: 我们将立即更新文档.

这篇关于Swisscom Application Cloud更新后的Spring Boot HTTPS重定向循环的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！