在AWS ELB后面具有嵌入式Undertow的Spring Boot-HTTP到HTTPS重定向 [英] Spring Boot with Embedded Undertow behind AWS ELB - HTTP to HTTPS redirect
问题描述
我正在AWS EC2实例的端口8080上运行Spring Boot(Jhipster/Undertow)应用程序.
I'm running a Spring boot (Jhipster/Undertow) application on port 8080 on an AWS EC2 instance.
我已将AWS ELB配置为重定向
I have an AWS ELB configured to redirect
80 -> 8080
443 (SSL termination happens here) -> 8080
该应用程序使用Spring Security,如果用户到达 http://example.com ,我希望它重定向到 https://example.com ,以使用SSL.
The application uses Spring Security and if you user arrives to http://example.com I want it to redirect to https://example.com, to use SSL.
我在中找到了配置此示例的各种示例Tomcat ,但不使用Undertow.
I have found various examples of configuring this in Tomcat but none using Undertow.
我尝试使用第二个端口8089进行此操作,并且确实按要求重定向,但这会导致端口8080也重定向我不想要的端口.
I have tried this, with a second port 8089, and it does redirect as required, but this causes port 8080 to also redirects which I don't want.
80 -> 8089
443 (SSL termination happens here) -> 8080
@Bean
public EmbeddedServletContainerFactory undertow() {
UndertowEmbeddedServletContainerFactory undertow = new UndertowEmbeddedServletContainerFactory();
undertow.addBuilderCustomizers(builder -> builder.addHttpListener(8089, "0.0.0.0"));
undertow.addDeploymentInfoCustomizers(deploymentInfo -> {
deploymentInfo.addSecurityConstraint(new SecurityConstraint()
.addWebResourceCollection(new WebResourceCollection()
.addUrlPattern("/*"))
.setTransportGuaranteeType(TransportGuaranteeType.CONFIDENTIAL)
.setEmptyRoleSemantic(SecurityInfo.EmptyRoleSemantic.PERMIT))
.setConfidentialPortManager(exchange -> 443);
});
return undertow;
}
如何配置Undertow来实现这一目标?
How can I configure Undertow to achieve this?
推荐答案
当我遇到相同的问题时,这对我有用:
This worked for me when I had the same problem:
从jhipster暴露端口80(您可以在application-prod.yml
中进行更改).
Expose the port 80 from jhipster (you can change it in the application-prod.yml
).
从http重定向到https时,Amazon ELB添加了一些标头,您应该在同一文件中处理这些标头:
Amazon ELB when redirecting from http to https adds some headers, which you should address in the same file:
server:
use-forward-headers: true
port: 80
server:
use-forward-headers: true
port: 80
此外,您需要从jhipster强制执行https: https://jhipster.github.io/tips/007_tips_enforce_https.html
Also, you need to enforce the https from jhipster: https://jhipster.github.io/tips/007_tips_enforce_https.html
这篇关于在AWS ELB后面具有嵌入式Undertow的Spring Boot-HTTP到HTTPS重定向的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!