For secure reasons I need my backend receive traffic only through Nginx. Is it possible to block outside all traffic to spring boot. And only NGINX can accept and send requests to Spring Boot application. Thanks for advice. Sorry for asking question in wrong so without code.
Related
Small question regarding how to convert http requests into RSocket please.
The server setup is a very straightforward RSocket server.
The server is dockerized and deployed in Kubernetes.
Now there are many clients, I do not have control over them. The clients would like to talk to this RSocket server. The JSON payload the clients sends are all compatible with the RSocket server. However, all clients are just using http clients, not RSocket.
May I ask what is the easiest solution to convert the https requests send from the clients please?
What I tried: Built a layer in between, using Spring Cloud Gateway to take as input a http request, and forward it using a RSocket client.
The drawback of this solution is that there is now another app in the picture. Instead of maintaining one business RSocket application, there is a need to implement and maintain another web server entirely.
May I ask if there is some kind of sidecar pattern using maybe ngnix, istio, Kubernetes services, that can perform the same, without having to full blown develop another web app please?
May I ask what is the easiest solution to convert the https requests send from the clients please?
Thank you
May I ask if there is some kind of sidecar pattern using maybe ngnix, istio, Kubernetes services, that can perform the same, without having to full blown develop another web app please?
No, The concept maybe called broker gateway but not sidecar pattern. You should implements a broker gateway to conevert the protocol, such as HTTP(Rest), GraphQL, gRPC. You can refer a sample project alibaba-rsocket-broker.
I want to consume the spring boot rest services deployed behind a firewall. Need a solution for the above scenario. Thank you.
To access a Rest API behind a firewall you need to open the default HTTP ports in that firewall(80 for HTTP and 443).
That has nothing to do with the technology that you are using to implement the Rest API.
Please provide more details about your question if this is not enough answer for you...
I am adding the secure port with the non-secure port already opened. I wants to separate the traffic between two and forward to different Spring boot 2 Controllers. Wonder how I can achieve that?
In most solutions I have seen so far, https / SSL is terminated infront of Tomcat or Spring Boot application, so that Tomcat / Spring Controller receives only http requests on port 8080 (for example).
Termination of SSL in front of Tomcat / Spring Boot could be done with a Reverse Proxy or Web Server, like Apache2 or nginx.
Then the communication flow looks like this:
User ==HTTP-80==> Apache2 ==HTTP-8080==> Tomcat/Spring Boot
User ==HTTPS-443==> Apache2 ==HTTP-8080==> Tomcat/Spring Boot
("HTTP-80" means HTTP protocol on port 80. "== ==>" is arrow showing communication flow.)
I have deployed a Spring Boot application via Elastic Beanstalk. I'm using a load balancer, so this is the flow (as far as I understand):
Internet/Browser request ---HTTPS---> Load Balancer ---HTTP---> Spring Boot App Server
So essentially, the SSL terminates at the load balancer and the app server just deals with plain old HTTP.
But in the case of a HTTP request from the browser, I would like the load balancer to automatically redirect to HTTPS.
There are several questions about this issue:
Spring Boot with Embedded Tomcat behind AWS ELB - HTTPS redirect
How to redirect automatically to https with Spring Boot
Spring Boot redirect HTTP to HTTPS
But none of the answers to these questions make sense to me. Perhaps I'm misunderstanding, but all the answers basically make the Spring Boot app only server HTTPS request (for example when using http.requiresChannel().anyRequest().requiresSecure()).
However, this goes against the flow because I'm perfectly fine with the SSL terminating at the load balancer and the Spring Boot app server just dealing with HTTP. So if I require SSL at the spring boot level, then I'll need to do an end-to-end SSL connection, which isn't really required for my application.
I have also used the following properties, which don't seem to help either:
server.tomcat.remote-ip-header=x-forwarded-for
server.tomcat.protocol-header=x-forwarded-proto
With the help of this article, I was finally able to figure out how to do this for a Spring Boot app in an ELB environment.
I had to create a conf file in src/main/webapp/.ebextensions/nginx/conf.d. I just called it myconf.conf.
In myconf.conf, I put this code in:
server {
listen 80;
server_name www.my-site.com;
if ($http_x_forwarded_proto != "https") {
rewrite ^(.*)$ https://$server_name$REQUEST_URI permanent;
}
}
Also, make sure that both HTTP and HTTPS listeners are open for the load balancer.
Additionally, my spring boot app only opens up HTTP since the load balancer already terminates SSL.
AWS Load balancer cannot handle redirection. You may do it via your server or by using cloudfront distributions.
Based on an answer from #andy-wilkinson to a past Spring Boot question, it appears that with the exception of a couple parameters (port for example), the management server leverages the same configuration as the regular servlet container.
I would like to configure the main Spring Boot server to use HTTPS (for the application/service it is serving) and to use just HTTP for the actuator endpoints. Has anyone done this? Is this even possible?
-Joshua
It's not possible at the moment. Please open an issue if it's an enhancement that you'd like to see.