在 AWS ELB 后面带有嵌入式 Undertow 的 Spring Boot - HTTP 到 HTTPS 重定向 [英] Spring Boot with Embedded Undertow behind AWS ELB - HTTP to HTTPS redirect

问题描述

我正在 AWS EC2 实例的端口 8080 上运行 Spring Boot (Jhipster/Undertow) 应用程序.

I'm running a Spring boot (Jhipster/Undertow) application on port 8080 on an AWS EC2 instance.

我有一个配置为重定向的 AWS ELB

I have an AWS ELB configured to redirect

 80 -> 8080
 443 (SSL termination happens here) -> 8080

应用程序使用 Spring Security，如果您的用户到达 http://example.com 我希望它重定向到 https://example.com，使用 SSL.

The application uses Spring Security and if you user arrives to http://example.com I want it to redirect to https://example.com, to use SSL.

我在中找到了各种配置示例Tomcat 但没有使用 Undertow.

I have found various examples of configuring this in Tomcat but none using Undertow.

我已经尝试过这个，使用第二个端口 8089，它确实根据需要重定向，但这会导致端口 8080 也重定向我不想要的.

I have tried this, with a second port 8089, and it does redirect as required, but this causes port 8080 to also redirects which I don't want.

80 -> 8089
443 (SSL termination happens here) -> 8080

@Bean
public EmbeddedServletContainerFactory undertow() {

    UndertowEmbeddedServletContainerFactory undertow = new UndertowEmbeddedServletContainerFactory();
    undertow.addBuilderCustomizers(builder -> builder.addHttpListener(8089, "0.0.0.0"));
    undertow.addDeploymentInfoCustomizers(deploymentInfo -> {
        deploymentInfo.addSecurityConstraint(new SecurityConstraint()
                .addWebResourceCollection(new WebResourceCollection()
                        .addUrlPattern("/*"))
                .setTransportGuaranteeType(TransportGuaranteeType.CONFIDENTIAL)
                .setEmptyRoleSemantic(SecurityInfo.EmptyRoleSemantic.PERMIT))
                .setConfidentialPortManager(exchange -> 443);
    });
    return undertow;
}

如何配置 Undertow 来实现这一点?

How can I configure Undertow to achieve this?

推荐答案

当我遇到同样的问题时，这对我有用:

This worked for me when I had the same problem:

从 jhipster 中暴露 80 端口(您可以在 application-prod.yml 中更改它).

Expose the port 80 from jhipster (you can change it in the application-prod.yml).

Amazon ELB 在从 http 重定向到 https 时添加了一些标头，您应该在同一文件中处理这些标头:

Amazon ELB when redirecting from http to https adds some headers, which you should address in the same file:

<代码>服务器:使用转发标题:true端口:80

此外，您需要从 jhipster 强制执行 https:https://jhipster.github.io/tips/007_tips_enforce_https.html

Also, you need to enforce the https from jhipster: https://jhipster.github.io/tips/007_tips_enforce_https.html

这篇关于在 AWS ELB 后面带有嵌入式 Undertow 的 Spring Boot - HTTP 到 HTTPS 重定向的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！