如何自动重定向到https与Spring启动 [英] How to redirect automatically to https with Spring Boot

问题描述

我怎样才能轻松地配置嵌入式Tomcat服务器重定向所有的HTTP流量为https？我有一个EC2实例，它是落后的弹性负载均衡器运行春季启动。我已经配置了ELB处理SSL对我来说（这是真棒），并将其设置的X转发-PROTO标题为https。我想检测时没有设置，并且将用户重定向到迫使他们使用https，如果他们没有了。

到目前为止，我曾尝试加入以下到我的application.properties没有运气文件：

  server.tomcat.protocol头= X-转发，原
security.require-SSL =真
 

解决方案

我的回答是有点晚了，但我刚刚有这个问题，并要张贴这为我工作的解决方案。

本来，我以为tomcat的设置使用的X转发头就足够了，但是从Tomcat的RemoteIPValve，它通常应处理这种情况下，没有工作对我来说。

我的解决办法是增加一个EmbeddedServletContainerCustomizer并添加ConnectorCustomizer： （注意，我使用Tomcat 8此处）

  @Component
公共类TomcatContainerCustomizer实现EmbeddedServletContainerCustomizer {

    私有静态最后记录仪记录仪= LoggerFactory.getLogger（TomcatContainerCustomizer.class）;

    @覆盖
    公共无效定制（最终ConfigurableEmbeddedServletContainer容器）{
        如果（集装箱的instanceof TomcatEmbeddedServletContainerFactory）{
                最后TomcatEmbeddedServletContainerFactory的tomcat =（TomcatEmbeddedServletContainerFactory）容器中;
                tomcat.addConnectorCustomizers（连接器 - ＆GT; {
                    connector.setScheme（https开头）;
                    connector.setProxyPort（443）;
                }）;
                LOGGER.info（启用安全模式（HTTPS）。）;
        } 其他 {
            LOGGER.warn（无法改变的协议方案，因为Tomcat没有用作Servlet容器。）;
        }
    }
}
 

最重要的是，你不仅设置计划为https也是ProxyPort没有从春天启动所有内部重定向路由到端口80。

希望有所帮助： - ）

How I can easily configure the embedded tomcat server to redirect all http traffic to https? I have Spring Boot running on an ec2 instance that is behind an elastic load balancer. I have configured the ELB to handle ssl for me (which is awesome) and it sets the X-FORWARDED-PROTO header to "https". I want to detect when that isn't set, and redirect the user to force them to use https if they aren't already.

So far, I have tried adding the following to my application.properties file with no luck:

server.tomcat.protocol-header=x-forwarded-proto
security.require-ssl=true

解决方案

My answer is a little late but I just recently had this problem and want to post a solution which worked for me.

Originally, I thought that setting tomcat up to use the X-Forwarded headers would suffice but the RemoteIPValve from Tomcat, which should normally handle this case, didnt work for me.

My solution was to add an EmbeddedServletContainerCustomizer and add a ConnectorCustomizer: (note that I am using Tomcat 8 here)

    @Component
public class TomcatContainerCustomizer implements EmbeddedServletContainerCustomizer {

    private static final Logger LOGGER = LoggerFactory.getLogger(TomcatContainerCustomizer.class);

    @Override
    public void customize(final ConfigurableEmbeddedServletContainer container) {
        if (container instanceof TomcatEmbeddedServletContainerFactory) {
                final TomcatEmbeddedServletContainerFactory tomcat = (TomcatEmbeddedServletContainerFactory) container;
                tomcat.addConnectorCustomizers(connector -> { 
                    connector.setScheme("https");
                    connector.setProxyPort(443);
                });
                LOGGER.info("Enabled secure scheme (https).");
        } else {
            LOGGER.warn("Could not change protocol scheme because Tomcat is not used as servlet container.");
        }
    }
}

The important thing is that you not only set the Scheme to https but also the ProxyPort without which all internal redirects from Spring Boot were routed to port 80.

Hope that helps :-)

这篇关于如何自动重定向到https与Spring启动的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！