I am migrating my application from Zuul to Spring Cloud Gateway. How can I replace the sensitive header part of below code in Spring Cloud Gateway?
zuul:
routes:
tableau:
path:/test/**
sensitiveHeaders:
url: https://example.com
stripPrefix: false
Related
In Spring Boot Microservices architecture, we generally register our each microservice (its many instances) into Eureka server by doing eureka.client.register-with-eureka=true, eureka.client.fetch-registry=true and eureka.client.serviceUrl.defaultZone=http://localhost:8761/eureka. So Eureka acts as service registry for these services (service-name, hostname and its IP).
Spring Cloud API Gateway acts as a single point of entry for any microservice call. It can work as a proxy service to route a request to the concerned microservice, abstracting the producer details. It has route information only, then how Spring Cloud API gateway comes to know which microservice instance to call to? How API Gateway and Eureka communicates and load balance?
spring:
application:
name: api-gateway
cloud:
gateway:
discovery:
locator:
enabled: true
lower-case-service-id: true
routes:
- id: user-service
uri: lb://user-service
predicates:
- Path=/users/**
- id: order-service
uri: lb://department-service
predicates:
- Path=/departments/**
spring:
cloud:
gateway:
discovery:
locator:
enabled: true
With the Discovery Locator enabled in API Gateway, you do not have to manually configure the routes unless absolutely needed.
The way API Gateway knows which Eureka Service to route the incoming request to is as follows:
Assuming,
Orders Service runs on http://localhost:8080
API Gateway runs on http://localhost:8082
Eureka Service name for Orders Service - order-service
Then if order-service getOrders endpoint: http://localhost:8080/orders, then with Discovery Locator enabled the request needs to be routed through the API gateway with the following URL: https://localhost:8082/order-service/orders, i.e., {ApiGatewayHost}/{EurekaServiceId}/{ActualEndpoint}.
Register Gatway to Eureka Server
I'm using spring stack (Spring Boot 2.0.0.RELEASE) for creating a site that delegues user authentication/registration to Google via OAuth2. It is implemented as a few Spring Cloud microservices with a Zuul gateway running on port 8080.
Google Auth Server
Zuul Gateway(:8080)
/ \
/ \
/ \
Other OAuth2 Client Microservice(:8000)
Microservices
I use Google as an OAuth2 server, and use spring-security-oauth2 as a client, which is implemented as a separate microservice. If all my cloud is deployed at localhost everything works fine. But if my microservices are deployed at different machines, e.g. Docker, OAuth2 login doesn't work. getting invalid redirect Uri parameter error.
Zuul configuration for Docker:
zuul:
ignoredServices: '*'
host:
connection-timeout-millis: 20000
socket-timeout-millis: 20000 routes:
authserver_oauth:
path: /oauth2/**
serviceId: authserver
stripPrefix: false
sensitiveHeaders:
Eureka Configuration for Docker:
eureka:
instance:
prefer-ip-address: false
client:
serviceUrl:
defaultZone: http://eureka-server:8761/eureka/
Authserver configuration:
spring:
security:
oauth2:
client:
registration:
google:
clientId: ***
clientSecret: ***
redirectUriTemplate: "{baseUrl}/oauth2/callback/{registrationId}"
scope:
- email
- profile
When I debug for Oauth2 condition I am getting unequal uri for request and response:
authorizationResponse.getRedirectUri()
(java.lang.String) http://authserver:8080/oauth2/callback/google
authorizationRequest.getRedirectUri()
(java.lang.String) http://localhost:8080/oauth2/callback/google
I had a similar issue with Spring boot 2.2.2RELEASE with a cloud environment (NGINX, Docker, Cubernettes) where customising NGINX configuration was not an option at all. Tried methods like setting the x-forwarded-for property, mocking the prod with docker, NGINX setup (https://juplo.de/how-to-redirect-to-spring-security-oauth2-behind-a-gateway-proxy-hiding-the-app-behind-a-reverse-proxy-gateway/) but nothing works. Finally I updated my Spring boot version to 2.4.1 and it worked without any other configuration.
Through reading various books / tutorials, it appears that it is possible to auto-configure routes in Zuul when using it in combination with Eureka service discovery. That means that I don't have to explicitly add routes to Zuul's application.properties.
So I understand this correctly? Or do I still need to add routes explicitly to Zuul in order it to work as a gateway?
I would like it to automatically create routes from the application name's that are registered with Eureka. Is this possible?
(Note: I have actually tried this, but when I go to http://localhost:8762/routes I just get an error page.)
Sure. In most microservices implementations, internal microservices endpoints are not exposed outside. A set of public services will be exposed to the clients using an API gateway.
The zuul proxy internally uses the Eureka Server for service discovery.
I would like it to automatically create routes from the application name's that are registered with Eureka. Is this possible?
Sure. I will show you gateway example.
1. Create your service project (user-service)
create application.properties file
# --- Spring Config
spring:
application:
name: OVND-USER-SERVICE
# Eureka client
eureka:
client:
serviceUrl:
defaultZone: ${EUREKA_URL:http://localhost:8761/eureka/}
2. Setting up Zuul project (Gateway-service)
1.#EnableZuulproxy to tell Spring Boot that this is a Zuul proxy
#SpringBootApplication
#EnableZuulProxy
#EnableDiscoveryClient
public class GatewayServiceApplication {
2.create an application.properties file
# =======================================
# Gateway-service Server Configuration
# =======================================
# --- Spring Config
spring:
application:
name: gateway-service
server:
port: ${PORT:8080}
# Eureka client
eureka:
client:
serviceUrl:
defaultZone: ${EUREKA_URL:http://localhost:8761/eureka/}
zuul:
host:
routes:
## By default, all requests to user service for example will start with: "/user/"
## What will be sent to the user service is what comes after the path defined,
## So, if request is "/user/v1/user/tedkim", user service will get "/v1/user/tedkim".
user-service:
path: /user/**
service-id: OVND-USER-SERVICE
another-service:
path: /another/**
service-id: OVND-ANOTHER-SERVICE
Eureka website ( localhost:8761 )
Yes. You can integrate Zuul with Eureka and configure the routes based on application names registered in Eureka. Just add the following configuration to Zuul application:
zuul:
ignoredServices: "*"
routes:
a-service: /a-service/**
b-service: /b-service/**
c-service: /c-service/**
d-service: /d-service/**
Is it possible to define/configure route : endpoint Url mapping in Zuul when spring-cloud / spring boot is not used?
Yes, for services without spring you can specify the url.
More info: http://cloud.spring.io/spring-cloud-static/Camden.SR6/#netflix-zuul-reverse-proxy
zuul:
routes:
users:
path: /myusers/**
url: http://example.com/users_service
I am using Zuul as reverse proxy deployed as a service using Spring Boot. And I have a configuration like:
zuul:
routes:
home:
path: /**
url: localhost:8080
But I want to use the /routes,/info,/health endpoints of the zuul server. Also I want add some endpoints to the zuul server. The problem is that I lost those endpoints because all requests are routed to localhost:8080.
ignoredPatterns in the latest version of ZUUL can help prevent reaching the /** mapping:
zuul:
ignoredPatterns: "/routes/**,/info/**,/custom/**"