I want to consume the spring boot rest services deployed behind a firewall. Need a solution for the above scenario. Thank you.
To access a Rest API behind a firewall you need to open the default HTTP ports in that firewall(80 for HTTP and 443).
That has nothing to do with the technology that you are using to implement the Rest API.
Please provide more details about your question if this is not enough answer for you...
Related
Small question regarding how to convert http requests into RSocket please.
The server setup is a very straightforward RSocket server.
The server is dockerized and deployed in Kubernetes.
Now there are many clients, I do not have control over them. The clients would like to talk to this RSocket server. The JSON payload the clients sends are all compatible with the RSocket server. However, all clients are just using http clients, not RSocket.
May I ask what is the easiest solution to convert the https requests send from the clients please?
What I tried: Built a layer in between, using Spring Cloud Gateway to take as input a http request, and forward it using a RSocket client.
The drawback of this solution is that there is now another app in the picture. Instead of maintaining one business RSocket application, there is a need to implement and maintain another web server entirely.
May I ask if there is some kind of sidecar pattern using maybe ngnix, istio, Kubernetes services, that can perform the same, without having to full blown develop another web app please?
May I ask what is the easiest solution to convert the https requests send from the clients please?
Thank you
May I ask if there is some kind of sidecar pattern using maybe ngnix, istio, Kubernetes services, that can perform the same, without having to full blown develop another web app please?
No, The concept maybe called broker gateway but not sidecar pattern. You should implements a broker gateway to conevert the protocol, such as HTTP(Rest), GraphQL, gRPC. You can refer a sample project alibaba-rsocket-broker.
For secure reasons I need my backend receive traffic only through Nginx. Is it possible to block outside all traffic to spring boot. And only NGINX can accept and send requests to Spring Boot application. Thanks for advice. Sorry for asking question in wrong so without code.
I recently have learnt and practicing Microservice using Spring technology. I am currently writing a small program that has Eureka Server, Configuration Server, Gateway and Account service. I have all of my services register its instance to Eureka and have my Gateway gets its configuration from Configuration Server. After that, I got some question, should I my Account Service fetch its configuration directly from Configuration Server, or from Gateway because it can be done in both way. I think, if I decide to fetch it through Gateway, it might be better because Gateway is a load balancer, so in case if there are multiple Configuration Servers out there, I don't need to worry if any of them failed or down as Gateway can handle this for me. But, doing so, isn't I put too much weight on Gateway because it need to handle this and another requests. Furthermore, I am not sure and I can't find any information about if there is a way to load balancing Gateway or is it makes sense to do so?
Please advice and explain. Thank you.
Only user's requests from UI need to be passed via Gateway. Services should be able to fetch their configuration during startup disregarding whether gateway is online or doesn't exist at all.
Also I'd advise you to avoid registering config service in Discovery (Eureka). I suppose there is no need for your users to send requests to config service.
Along with spring cloud config and gateway documentation I'd recommend you to get familiar with these 2 books:
https://www.manning.com/books/enterprise-java-microservices
https://www.manning.com/books/spring-microservices-in-action
I am building a middle tier which will consume information from multiple downstream systems. The ask is to talk to them over 1 way SSL. I looked up samples but this concept is a bit if a mystery to me. Please help.
The question is too vague IMHO, I'll try to provide general insights
The answer may vary depending on the actual requirements in your organization security department and your actual spring boot configuration.
Spring Boot is a Java framework that usually allows the deployment architecture with an embedded tomcat, jetty or undertow servers that serve Http endpoints exposed by Spring MVC or without an embedded server at all (usually for legacy deployments)
If you in a "legacy" mode (build a WAR) - then HTTPs configuration should be done on the actual server and not in spring boot application.
If you use an embedded server, then the actual technical solution can actually depend on the server you use underneath, at least to some extent.
Indeed like Steffen Ullrich has stated in the comment section, there are many examples of doing this.
For example, take a look at This one
If you want to redirect HTTP requests to HTTPs you should configure your server to do so, and this solution is Tomcat specific.
Another thing to consider is whether you want to use SSL at the level of spring boot at all. Maybe you're running under the gateway / some kind of proxy. In this case, it can make sense to use https for accessing the proxy from outside, but from a proxy to java application you could use HTTP.
I know I'm just speculating about this solution, I've just decided to mention it because in my experience there are many organizations that work like this.
In addition, since spring boot is used for microservice development, the chances are that you have many spring boot artifacts that somehow "talk" to each other, so maybe running HTTPs between them is redundant.
Based on an answer from #andy-wilkinson to a past Spring Boot question, it appears that with the exception of a couple parameters (port for example), the management server leverages the same configuration as the regular servlet container.
I would like to configure the main Spring Boot server to use HTTPS (for the application/service it is serving) and to use just HTTP for the actuator endpoints. Has anyone done this? Is this even possible?
-Joshua
It's not possible at the moment. Please open an issue if it's an enhancement that you'd like to see.