如何处理 Spring Boot 2.2.0 中的 x-forwarded-headers?(反向代理背后的Spring Web MVC) [英] How to cope with x-forwarded-headers in Spring Boot 2.2.0? (Spring Web MVC behind reverse proxy)
问题描述
我的带有 Spring Web MVC 的 Spring Boot 2.2.0 应用程序在反向代理后面运行.Spring 如何正确处理 X-Forwarded-{Prefix,Host,Proto}
-headers 以识别向服务器发出的实际请求?
My Spring Boot 2.2.0 application with Spring Web MVC is running behind a reverse proxy. How can Spring cope properly with X-Forwarded-{Prefix,Host,Proto}
-headers to recognize the actual request made to the server?
推荐答案
对于 Spring Boot <= 2.1.x,您必须提供一个 ForwardedHeaderFilter
-Bean.从 Spring Boot 2.2.0 开始,您不必再这样做了.只需将 server.forward-headers-strategy=NATIVE
或 server.forward-headers-strategy=FRAMEWORK
添加到您的 application.properties
文件.
With Spring Boot <= 2.1.x you had to provide a ForwardedHeaderFilter
-Bean. Since Spring Boot 2.2.0 you don't have to do this anymore. Just add server.forward-headers-strategy=NATIVE
or server.forward-headers-strategy=FRAMEWORK
to your application.properties
-file.
NATIVE
意味着 servlet 容器(例如 undertow、tomcat)正在解析 x-forwarded-*
-headers,这在大多数情况下都很好.如果您依赖 X-Forwarded-Prefix
,则必须使用 FRAMEWORK
以便 request.getContextPath()
正确设置.
NATIVE
means that the servlet container (e.g. undertow, tomcat) is resolving the x-forwarded-*
-headers which is fine in most cases. If you rely on X-Forwarded-Prefix
than you must use FRAMEWORK
so that request.getContextPath()
is set properly.
示例:
- 用户在浏览器中输入:
https://mydomain.tld/my-microservice/actuator
- 微服务my-microservice"(例如user-service)应处理请求;它在本地主机上运行:8080
反向代理像这样转发请求:
- User types into browser:
https://mydomain.tld/my-microservice/actuator
- the microservice "my-microservice" (e.g. user-service) shall handle the request; it's running on localhost:8080
reverse-proxy forwards the request like this:
// Forwarded-Request from Reverse Proxy to your microservice
GET http://localhost:8080/actuator/
X-Forwarded-Host: mydomain.tld
X-Forwarded-Proto: https
X-Forwarded-Prefix: /my-microservice
调试到 HttpServletRequest 将导致:
Debugging into a HttpServletRequest will result in:
request.getRequestURL(): "https://mydomain.tld/my-microservice/actuator/"
request.getScheme(): "https"
request.getContextPath(): "/my-microservice"
new UrlPathHelper().getPathWithinApplication(request): "/actuator"
这篇关于如何处理 Spring Boot 2.2.0 中的 x-forwarded-headers?(反向代理背后的Spring Web MVC)的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!