I encountered a problem with TSL/SSL configuration. Everything is configured like in the documentation https://cloud.spring.io/spring-cloud-gateway/multi/multi__tls_ssl.html
server:
port: 8080
ssl:
enabled: true
key-password: password
key-store-password: password
key-store: certificate.p12
key-store-type: PKCS12
spring:
cloud:
gateway:
httpclient:
ssl:
trustedX509Certificates:
- someCert.pem
With this configuration it's impossible to call endpoint with tls, the responses never arrives. Instead,if I conf endpoints whithout tls, works.
I also use Eureka.
however the microservice is completing the call and 200 is returned from it, but the body is not received in my gateway..
Could you help me?
Thanks,
Related
If I'm trying to connect to my Vault Engine, I get a Error 503 Service Unavailable. If I'm sending the call to a local WireMock which redirects the call with less headers to the same address, it works. Spring Cloud Version is 3.1.1
Cannot enhance VaultToken to a LoginToken: Token self-lookup failed: 503 <html><body><h1>503 Service Unavailable</h1>
The bootstrap config looks like this
spring:
cloud:
vault:
scheme: https
host: <uri-to-the-vault>
port: 443
uri: <uri-to-the-vault>
authentication: token
token: "TOKEN"
enabled: true
kv:
enabled: true
backend: <backend-name>
profiles: <profile-name>
application-name: <application-name>
I tried to setup a connection through WireMock to look if the call is incorrect. I tried to redirect the call. Wiremock takes the call and sends it just to the same base url written above but only with the token as a header and it works. Postman takes the same call and it works aswell.
Thanks for taking the time to read my post.
My issue is as such. I have 2 microservices (auth-service and image-service) deployed on Heroku, as well as a server Eureka and a gateway Zuul.
In local, all of this works.
However, when deployed, the same calls give me 404 errors : for example :
zuul is deployed on port 8762 in local,
so http://localhost:8762/images/user/create works, it points to http://localhost:8200/user/create of the image-service.
Deployed, https://croquis-time-image.herokuapp.com/user/create works, but https://croquis-time-zuul.herokuapp.com/images/user/create throws a 404 error.
On eureka however, all my services are registered, so the trouble doesn't come from there. I thought perhaps zuul didn't manage to get all the services from Eureka, but I'm not sure how to check.
More information :
application.yml of zuul deployed :
server:
port: 8762
eureka:
client:
serviceUrl:
defaultZone: https://croquis-time-eureka.herokuapp.com/eureka/
instance:
hostName: croquis-time-eureka.herokuapp.com
zuul:
#Service will be mapped under the /api URI
prefix: /api
# Uncomment to disable auto-registering all services read from Eureka
# ignoredServices: '*'
routes:
image-service:
path: /images/**
serviceId: image-service
auth-service:
path: /auth/**
serviceId: auth-service
stripPrefix: false
sensitiveHeaders: Cookie,Set-Cookie
spring:
application:
name: zuul-server
security:
jwt:
uri: /auth/**
prefix: Bearer
expiration: 86400
header: Authorization
secret: *****************
The application.yml of eureka deployed
server:
port: 8761
eureka:
instance:
hostname: croquis-time-eureka.herokuapp.com
client:
registerWithEureka: false
fetchRegistry: false
serviceUrl:
defaultZone: https://croquis-time-eureka.herokuapp.com/eureka/
spring:
application:
name: eureka-server
The image service I'm trying to call :
server:
port: 8200
eureka:
client:
serviceUrl:
defaultZone: https://croquis-time-eureka.herokuapp.com/eureka/
instance:
hostName: croquis-time-eureka.herokuapp.com
spring:
application:
name: image-service
jpa:
showSql: true
hibernate:
ddlAuto: update
datasource:
url: jdbc:mysql://***********:3306/croquis-time
username: ******************
password: ****************
I have tried removing and adding the "ignored-services" from zuul to see if that was the problem, but it didn't change anything.
I'm very willing to edit my question with more information if you require more, I'm not sure where is the origin of the problem, so I'm a bit at a loss as to what to add.
Thanks !
you have an issue with the configuration of .yml in zuul server
Your .yml of zuul server must be:
instance:
hostName: croquis-time-zuul.herokuapp.com
And your .yml of image must be:
instance:
hostName: croquis-time-image.herokuapp.com
because instance.hostname is the host of your application acting as the eureka client. if you need more information please visit: https://blog.heroku.com/managing_your_microservices_on_heroku_with_netflix_s_eureka
I am introducing in microservices with spring and kubernetes.
I have gateway services made with spring-cloud-starter-netflix-zuul that works like an apigateway
I define Zull gateway like this:
server:
port: 8080
use-forward-headers: true
security:
basic:
enabled: false
oauth2:
resource:
jwk.key-set-uri: ${OAUTH_KEYSETURI}
spring:
config:
name: proxy-service
application:
name: proxy-service
zuul:
routes:
service-one:
path: /service-one/**
url: http://service-one:8080
serviceId: service-one
service-two:
path: /service-two/**
url: http://service-two:8080
serviceId: service-two
ribbon:
eureka:
enabled: false
eureka:
client:
enabled: false
error:
whitelabel:
enabled: false
But I found some problems, for example, that the requests have a limit per service, so I added the following lines:
zuul:
host:
max-per-route-connections: 100000
max-total-connections: 100000
I want to know. What is the most performant way to integrate spring-zuul with Kubernetes? I have read that it can also be integrated with spring-kubernetes-config, ribbon, and eureka. But doing it is more performant?
Recently I also read about spring-cloud-gateway. What is the difference with this project? Why spring has two gateway projects very similar? Are there differences in performance? Will both be supported in the future? What do you recommend to use?
In local machine, I ran Vault server with default policy and wrote the following key value.
vault write secret/my-application username=Test
bootstrap.yml (Working)
spring:
application:
name: my-application
cloud:
vault:
authentication: TOKEN
token: sometoken
host: localhost
port: 8200
scheme: http
#uri: http://localhost:8200
connection-timeout: 5000
read-timeout: 15000
config:
order: -10
I was able to fetch the value using Spring Cloud Vault i.e. when I use default mount (secret). But If I hit the QA server with the custom mount(group) I am getting the following error.
org.springframework.vault.VaultException: Status 403 secret/group/grouptype/groupname/DB: permission denied
(Not sure why secret is prefixed)
bootstrap.yml (Not working)
spring:
application:
name: group/grouptype/groupname/DB
cloud:
vault:
authentication: TOKEN
token: sometoken
host: 10.20.30.40
port: 8200
scheme: http
#uri: http://10.20.30.40:8200
connection-timeout: 5000
read-timeout: 15000
config:
order: -10
But if I hit the API from POSTMAN it is working as expected.
GET
http://10.20.30.40:8200/v1/group/grouptype/groupname/DB
Header:
X-Vault-Token:sometoken
How to make custom proxy work with Spring boot application. How to exclude secret from the context
For a custom mount, we have to add generic
spring:
application:
name: grouptype/groupname/DB
cloud:
vault:
authentication: TOKEN
token: sometoken
generic:
enabled: true
backend: group
default-conext: grouptype/groupname/DB
host: 10.20.30.40
port: 8200
scheme: http
#uri: http://10.20.30.40:8200
connection-timeout: 5000
read-timeout: 15000
config:
order: -10
Here "group" is the mount name
I am trying to register an application available through https only. I have problem with correct configuration and links displayed in eureka's dashboard are not correct. I have tried some configurations but I can't get the right effect i.e. working dashboard links in Eureka.
My base configuration.
server:
port: 9999
context-path: /ctx
ssl:
key-store: classpath:keystore.jks
key-store-password: 'kspass'
key-password: 'kpass'
keyAlias: ssl
spring:
application:
name: app-ctx
cloud:
loadbalancer:
retry:
enabled: true
eureka:
client:
serviceUrl:
defaultZone: https://localhost:8761/eureka/
instance:
hostname: localhost
secure-port-enabled: true
non-secure-port-enabled: false
secure-port: ${server.port}
health-check-url: https://${eureka.hostname}:XYZ/ctx/health
status-page-url: https://${eureka.hostname}:XYZ/ctx/info
home-page-url: https://${eureka.hostname}:XYZ/ctx
I have tried following versions of health/status/home URLs:
Absolute URLs without port
Example: health-check-url: https://${eureka.hostname}/ctx/health
Result: https://localhost/ctx/info
Absolute URLs with ${server.port} replacement
Example: health-check-url: https://${eureka.hostname}:${server.port}/ctx/health)
Result: ${server.port} not resolved, url in dashboard is:
https://localhost:${server.port}/ctx/info
Relative URLs
Example: health-check-url-path: /ctx/health
Result:
http://localhost:9999/ctx/info, no https.
Last one is quite close to my expectations, but there is no https.
Finally I've got solution for my problem. Not sure it that's the best one because as far as I can see it doesn't work with random ports i.e. server.port = 0. In that case eureka registers application with port 0 and on dashboard there is link with port that does not forward to correct location and that's not expected behavior.
Instead of using ${server.port} placeholder that is related to current application we have to use eureka's part of configuration ${eureka.instance.secure-port} i.e.
server:
port: 9999
context-path: /ctx
ssl:
key-store: classpath:keystore.jks
key-store-password: 'kspass'
key-password: 'kpass'
keyAlias: ssl
spring:
application:
name: app-ctx
cloud:
loadbalancer:
retry:
enabled: true
eureka:
client:
serviceUrl:
defaultZone: https://localhost:8761/eureka/
instance:
hostname: localhost
secure-port-enabled: true
non-secure-port-enabled: false
secure-port: ${server.port}
health-check-url: https://${eureka.instance.hostname}:${eureka.instance.secure-port}/ctx/health
status-page-url: https://${eureka.instance.hostname}:${eureka.instance.secure-port}/ctx/info
home-page-url: https://${eureka.instance.hostname}:${eureka.instance.secure-port}/ctx