We are using Spring Cloud Gateway before multiple microservices with consul as service discovery. There are several microservices developed in different languages.
Please find build.gradle for the application
buildscript {
ext {
springBootVersion = '2.1.2.RELEASE'
}
repositories {
mavenCentral()
}
dependencies {
classpath("org.springframework.boot:spring-boot-gradle-plugin:${springBootVersion}")
}
}
apply plugin: 'java'
apply plugin: 'org.springframework.boot'
apply plugin: 'io.spring.dependency-management'
group = 'com.demo'
version = '0.0.1-SNAPSHOT'
sourceCompatibility = '1.8'
repositories {
mavenCentral()
maven { url 'https://repo.spring.io/milestone' }
}
ext {
set('springCloudVersion', 'Greenwich.RELEASE')
}
dependencies {
implementation 'org.springframework.boot:spring-boot-starter-actuator'
implementation 'org.springframework.cloud:spring-cloud-starter-consul-config'
implementation 'org.springframework.cloud:spring-cloud-starter-consul-discovery'
implementation 'org.springframework.cloud:spring-cloud-starter-gateway'
implementation 'org.springframework.boot:spring-boot-starter-security'
// https://mvnrepository.com/artifact/io.netty/netty-tcnative-boringssl-static
compile group: 'io.netty', name: 'netty-tcnative-boringssl-static', version: '2.0.20.Final'
runtimeOnly 'org.springframework.boot:spring-boot-devtools'
compileOnly 'org.projectlombok:lombok'
testImplementation 'org.springframework.boot:spring-boot-starter-test'
}
dependencyManagement {
imports {
mavenBom "org.springframework.cloud:spring-cloud-dependencies:${springCloudVersion}"
}
}
Below is the example of API gateway configuration
application.yaml
server:
port: 10000
http:
port: 9000
# enable HTTP2
http2:
enabled: true
# enable compression
compression:
enabled: true
mime-types: text/html,text/xml,text/plain,text/css,text/javascript,application/javascript,application/json
ssl:
enabled: true
key-store: /var/.conf/self-signed.p12
key-store-type: PKCS12
key-store-password: "something"
key-alias: athenasowl
trust-store: /var/.conf/self-signe.p12
trust-store-password: "something"
spring:
application:
name: api-gateway
cloud:
gateway:
discovery:
locator:
enabled: true
predicates:
- Path="'/api/' + serviceId + '/**'"
filters:
- RewritePath="'/api/' + serviceId + '/(?<remaining>.*)'", "serviceId + '/${remaining}'"
management:
security:
enabled: false
server:
port: 10001
ssl:
enabled: false
endpoint:
gateway:
enabled: true
endpoints:
web:
exposure:
include: "*"
health:
sensitive: false
logging:
level:
root: DEBUG
org:
springframework:
web: INFO
pattern:
console: "%-5level %d{dd-MM-yyyy HH:mm:ss,SSS} [%F:%L] VTC : %msg%n"
file: "%-5level %d{dd-MM-yyyy HH:mm:ss,SSS} [%F:%L] VTC : %msg%n"
file: /tmp/log_files/apigateway.log
security:
basic:
enabled: false
There are a few configuration issues which we are facing, they are listed below:
Rewrite URL prefixed with /api/ to respective serviceId registered on consul: We tried to configure predicate to get path prefixed with api to rewrite path and remove api, but still it's not working. So there is another service /hello-service/ registered with consul server, but we want to do API call with /api/hello-service/
Redirect unmatched request to default path: We want to redirect all unmatched request to UI.
Redirecting HTTP to HTTPS on spring cloud gateway: We want to force all request coming to spring gateway to be https
Forwarding HTTPS request to HTTP serviceId registered with consul: Services registered with consul are on HTTP except for the API gateway, we want to be able to send HTTPS request to HTTP backend i.e. terminating HTTPS at API Gateway only.
Any help in solving the above issue would be good
Edit 1:
After some help from #spencergibb, we had setup the spring cloud gateway with https. But There are some additional issues which we faced
If HTTPS is enabled on both API gateway and service both, we received below error
javax.net.ssl.SSLException: handshake timed out at
io.netty.handler.ssl.SslHandler.handshake(...)(Unknown Source)
~[netty-handler-4.1.31.Final.jar:4.1.31.
If HTTPS is enabled on only API gateway, we received below error
There was an unexpected error (type=Not Found, status=404).
org.springframework.web.server.ResponseStatusException: 404 NOT_FOUND
and received
for path https://localhost:8443/api/hello-service/hello/message
Unable to Connect
for path http://localhost:8080/hello-service/hello/message
Please find the link for the sample applications
Instructions:
navigate to consul directory and Start consul server using command ./consul agent -dev
run api-gateway spring boot gradle project
run rest-demo spring boot gradle project
Edit 2
Thank You #spencergibb, We were able to successfully apply ssl on gateway and call the registered services on HTTP. Since Spring Webflux with Netty does not support listening on two ports, we created an additional tcp server bind to http port based on this answer.
There is still some issue we are facing with RewritePath for /api/ rule
predicates:
- name: Path
args:
pattern: "'/api/'+serviceId.toLowerCase()+'/**'"
filters:
- name: RewritePath
args:
regexp: "'/api/' + serviceId.toLowerCase() + '/(?<remaining>.*)'"
replacement: "'/${remaining}'"
below is the complete trace for the request
DEBUG 13-02-2019 03:32:01 [FilteringWebHandler.java:86] VTC : Sorted
gatewayFilterFactories:
[OrderedGatewayFilter{delegate=GatewayFilterAdapter{delegate=org.springframework.cloud.gateway.filter.AdaptCachedBodyGlobalFilter#257505fd},
order=-2147482648},
OrderedGatewayFilter{delegate=GatewayFilterAdapter{delegate=org.springframework.cloud.gateway.filter.GatewayMetricsFilter#400caab4},
order=-2147473648},
OrderedGatewayFilter{delegate=GatewayFilterAdapter{delegate=org.springframework.cloud.gateway.filter.NettyWriteResponseFilter#36e2c50b},
order=-1},
OrderedGatewayFilter{delegate=GatewayFilterAdapter{delegate=org.springframework.cloud.gateway.filter.ForwardPathFilter#66f0c66d}, order=0},
OrderedGatewayFilter{delegate=org.springframework.cloud.gateway.filter.factory.RewritePathGatewayFilterFactory$$Lambda$360/1720581802#5821f2e6,
order=0},
OrderedGatewayFilter{delegate=GatewayFilterAdapter{delegate=org.springframework.cloud.gateway.filter.RouteToRequestUrlFilter#27119239},
order=10000},
OrderedGatewayFilter{delegate=GatewayFilterAdapter{delegate=org.springframework.cloud.gateway.filter.LoadBalancerClientFilter#568a9d8f},
order=10100},
OrderedGatewayFilter{delegate=GatewayFilterAdapter{delegate=org.springframework.cloud.gateway.filter.WebsocketRoutingFilter#6ba77da3},
order=2147483646},
OrderedGatewayFilter{delegate=GatewayFilterAdapter{delegate=org.springframework.cloud.gateway.filter.NettyRoutingFilter#73c24516},
order=2147483647},
OrderedGatewayFilter{delegate=GatewayFilterAdapter{delegate=org.springframework.cloud.gateway.filter.ForwardRoutingFilter#461a9938},
order=2147483647}] TRACE 13-02-2019 03:32:01
[RouteToRequestUrlFilter.java:59] VTC : RouteToRequestUrlFilter start
TRACE 13-02-2019 03:32:02 [NettyWriteResponseFilter.java:68] VTC :
NettyWriteResponseFilter start TRACE 13-02-2019 03:32:02
[GatewayMetricsFilter.java:101] VTC : Stopping timer
'gateway.requests' with tags
[tag(outcome=CLIENT_ERROR),tag(routeId=rewrite_response_upper),tag(routeUri=http://httpbin.org:80),tag(status=NOT_FOUN
A number of things were needed
disable http2
Disable ssl configuration of httpclient
Update locator predicates and filters to use verbose configuration.
Here is the resulting portions of application.yml
server:
port: 8443
http:
port: 8080
servlet:
# enable HTTP2
# http2:
# enabled: true
# enable compression
# ... removed for brevity
spring:
application:
name: api-gateway
cloud:
consul:
enabled: true
gateway:
# httpclient:
# ssl:
# handshake-timeout-millis: 10000
# close-notify-flush-timeout-millis: 3000
# close-notify-read-timeout-millis: 0
# routes:
# - id: ui_path_route
# predicates:
# - Path="'/**'"
# filters:
# - RewritePath="'/**'", "/ui"
discovery:
instanceId: ${spring.application.name}:${vcap.application.instance_id:${spring.application.instance_id:${random.value}}}
locator:
enabled: true
predicates:
- name: Path
args:
pattern: "'/api/' + serviceId + '/**'"
filters:
- name: RewritePath
args:
regexp: "'/api/' + serviceId + '/(?<remaining>.*)'"
replacement: "'/${remaining}'"
#... removed for brevity
Related
I am trying to setup a openapi specification and publish the API with Apache Camel and Spring. I tried using restConfiguration, adding the property in the application.yaml, and using the #OpenApiProperty on the app. Everytime the generated yaml reads:
- servers
- url: ""
platform:
# not used
urlrewrite:
enabled: false
token: ${LOCAL_TOKEN:}
apim:
token_ep: ${x/token}
client:
username: ${apim_client_username:}
password: ${apim_client_password:}
consumerKey: ${apim_client_id:}
consumerSecret: ${apim_client_secret:}
endpointsOrchestrated:
server: myServer
emr-endpoint: xxxxxxxx
triggerName: ${PLATFORM_MODULE_ID}
env: dev
domain: ${PLATFORM_MODULE_DOMAIN}
openapi:
title: My Sample api
version: 1.0.0
camel:
dataformat:
jackson:
auto-discover-object-mapper: true
springboot:
tracing: false
rest:
host: myhost.com
port: 8080
spring:
application:
name: aaa
profiles:
active: ${ENV:local}
server:
servlet:
context-path: /
port: ${TOMCAT_PORT:8080}
host: localhost
# MAX HTTP THREADS
tomcat:
threads:
max: ${MAIN_HTTP_THREADS:200}
I have a third party webapplication having websocket connections. It is expecting Upgrade, Connection header names to be case sensitive. I am using spring cloud gateway as a reverse proxy to this webapp. All the http calls are success but for websocket requests i am getting the following error
io.netty.handler.codec.http.websocketx.WebSocketClientHandshakeException:
Invalid handshake response getStatus: 404 Not Found at
io.netty.handler.codec.http.websocketx.WebSocketClientHandshaker13.verify(WebSocketClientHandshaker13.java:272)
~[netty-codec-http-4.1.65.Final.jar:4.1.65
WebSocketClientHandshaker is setting the upgrade and connection headers and it is in lower case. How do I override these header values ?
application.yml configuration is as below
spring:
main:
web-application-type: reactive
profiles:
active: dev
cloud:
gateway:
globalcors:
corsConfigurations:
'[/**]':
allowedOrigins: "*"
allowedMethods: "*"
allowedHeaders: "*"
httpclient:
pool:
max-idle-time: 10s
ssl:
useInsecureTrustManager: true
filter:
remove-non-proxy-headers:
headers:
- Keep-Alive
- TE
- Trailer
- Transfer-Encoding
routes:
- id : no_op
uri: no://op
predicates:
- Path=/falcon/tunneling/**
- id: reroute_ws
uri: ws://localhost:5555
predicates:
- Path=/websocket/**
- id: reroute_2
uri: http://localhost:5555
predicates:
- Path=/**
I am using configuration mode. Where is multiple (20) routes. But my server is accessible behind the URL PATH prefix http://prefixHere/method:port?property=value due Firewall and this can not be changed.
So when I have 20 of different methods (each ends in other service) then I must define 20 times.
I want to define the StripPrefix only once. This was working in previous Zuul gateway. How to do in cloud gateway?
Here is my config:
spring:
cloud:
gateway:
discovery:
locator:
lower-case-service-id: true
enabled: true
routes:
- id: auth-service
uri: lb://server-auth
predicates:
- Path=/prefixHere/auth/**
filters:
**- StripPrefix=1**
- id: operation-service
uri: lb://operation-service
predicates:
- Path=/prefixHere/operation/**
filters:
**- StripPrefix=1**
Yes, use "default-filters:" and it will be applied to all routes at once.
spring:
application:
name: gateway
cloud:
gateway:
default-filters:
- StripPrefix=1
E.g:
spring:
application:
name: GATEWAY-SERVICE
cloud:
gateway:
default-filters:
- StripPrefix=1
discovery:
locator:
enabled: true
lowerCaseServiceId: true
routes:
- id: department-service
uri: lb://department-service
predicates:
- Path=/api/departments/**
- id: user-service
uri: lb://USER-SERVICE
predicates:
- Path=/api/users/**
Reference: Introduction to spring cloud gateway
Hi I am haveing a spring boot rest based application . I have added a couple of properties related to elastic search in my application-dev.yml and application-prod.yml file . These properties are injected into my PerformanceReportingRepository class . however they are set to null .
so following is my yml definition .
# ===================================================================
# Standard Spring Boot properties.
# Full reference is available at:
# http://docs.spring.io/spring-boot/docs/current/reference/html/common-application-properties.html
# ===================================================================
logging:
level:
ROOT: TRACE
com.openmind.primecast: DEBUG
io.github.jhipster: TRACE
spring:
profiles:
active: dev
include: swagger
devtools:
restart:
enabled: true
livereload:
enabled: false # we use gulp + BrowserSync for livereload
jackson:
serialization.indent_output: true
data:
cassandra:
contactPoints: localhost
protocolVersion: V4
compression: LZ4
keyspaceName: Openmind
mail:
host: localhost
port: 25
username:
password:
properties:
mail:
smtp:
auth: true
starttls.enable: true
messages:
cache-seconds: 1
thymeleaf:
cache: false
http:
multipart:
maxFileSize: 150MB
maxRequestSize: 150MB
# ===================================================================
# To enable SSL, generate a certificate using:
# keytool -genkey -alias primecast -storetype PKCS12 -keyalg RSA -keysize 2048 -keystore keystore.p12 -validity 3650
#
# You can also use Let's Encrypt:
# https://maximilian-boehm.com/hp2121/Create-a-Java-Keystore-JKS-from-Let-s-Encrypt-Certificates.htm
#
# Then, modify the server.ssl properties so your "server" configuration looks like:
#
# server:
# port: 8443
# ssl:
# key-store: keystore.p12
# key-store-password: <your-password>
# key-store-type: PKCS12
# key-alias: primecast
# ===================================================================
server:
port: 8080
# ===================================================================
# JHipster specific properties
#
# Full reference is available at: http://www.jhipster.tech/common-application-properties/
# ===================================================================
jhipster:
http:
version: V_1_1 # To use HTTP/2 you will need SSL support (see above the "server.ssl" configuration)
cache: # Cache configuration
hazelcast: # Hazelcast distributed cache
time-to-live-seconds: 3600
backup-count: 1
management-center: # Full reference is available at: http://docs.hazelcast.org/docs/management-center/3.9/manual/html/Deploying_and_Starting.html
enabled: false
update-interval: 3
url: http://localhost:8180/mancenter
# CORS is only enabled by default with the "dev" profile, so BrowserSync can access the API
cors:
allowed-origins: "*"
allowed-methods: "*"
allowed-headers: "*"
exposed-headers: "Authorization,Link,X-Total-Count"
allow-credentials: true
max-age: 1800
security:
authentication:
jwt:
secret: my-secret-token-to-change-in-production
# Token is valid 24 hours
token-validity-in-seconds: 86400
token-validity-in-seconds-for-remember-me: 2592000
mail: # specific JHipster mail property, for standard properties see MailProperties
from: primecast#localhost
base-url: http://127.0.0.1:8080
metrics: # DropWizard Metrics configuration, used by MetricsConfiguration
jmx.enabled: true
graphite: # Use the "graphite" Maven profile to have the Graphite dependencies
enabled: false
host: localhost
port: 2003
prefix: primecast
prometheus: # Use the "prometheus" Maven profile to have the Prometheus dependencies
enabled: false
endpoint: /prometheusMetrics
logs: # Reports Dropwizard metrics in the logs
enabled: false
report-frequency: 60 # in seconds
logging:
logstash: # Forward logs to logstash over a socket, used by LoggingConfiguration
enabled: false
host: localhost
port: 5000
queue-size: 512
google:
accessToken: AIzaSyBasWNyK7ELbLlopD3anXrJCgtXUPRZYN8
endpoint: https://www.googleapis.com/urlshortener/v1/url
urlshortener:
is.gd:
endpoint: https://is.gd
http:
proxyEnabled: false
proxyHost:
proxyPort:
password:
expiryInDays: 90
historyCount: 3
expiryEmailAlertInDays: 3
policy: '^(?!.*(.)\1\1)(?=.*?[A-Z])(?=.*?[a-z])(?=.*?[0-9])(?=.*?[#?!#$%^&*-]).{8,}.*$'
file:
size: 5242880
elasticsearch:
host: localhost
port: 9200
and my repository class is
#Repository
public class PerformanceReportingRepository {
#Value("${elasticsearch.host}")
private String host;
#Value("${elasticsearch.port}")
private Integer port;
#Value("${file.size}")
private long fileUploadSizeLimit;
private RestHighLevelClient elasticSearchClient;
public PerformanceReportingRepository() {
System.out.println(this.fileUploadSizeLimit);
this.elasticSearchClient = new RestHighLevelClient(RestClient.builder(new HttpHost(host, port)));
}
public void setElasticSearchClient(RestHighLevelClient elasticSearchClient) {
this.elasticSearchClient = elasticSearchClient;
}
}
However the bean creation fails because host and port are not resolved from the yaml file.
I am sharing the project in https://github.com/prasanthmp500/mep.git
please checkout the branch ENG-170-performance-reports
appreciate any help
thanks a lot
I'm using spring cloud to manage my microservices.
For security reasons, for one specific microservice (name it ms_secure), I want to use custom route choose a specific microservice version depending on client IP.
My gateway config looks like this:
spring:
cloud:
gateway:
discovery:
locator:
enabled: true
routes:
- id: ms_secure_v1
uri: lb://ms_secure_v1
predicates:
- Path=/ms_secure/**
filters:
- RewritePath=/ms_secure/(?<segment>.*), /$\{segment}
- name: <my filter>
args:
xForwardedForHeaderName: X-Forwarded-For
hosts:
- <IP1>
- <IP2>
- id: ms_secure
uri: lb://ms_secure_v2
predicates:
- Path=/ms_secure/**
filters:
- RewritePath=/ms_secure/(?<segment>.*), /$\{segment}
- name: <my filter>
args:
xForwardedForHeaderName: X-Forwarded-For
hosts:
- <IP3>
- <IP4>
When when requesting /ms_secure:
IP1 and IP2 will be redirected to ms_secure_v1
IP3 and IP4 will be redirected to ms_secure_v2
My problem is that all my clients will also be able to access directly ms_secure_v1 or ms_secure_v2 by using the default routes:
http:///ms_secure_v1/...
http:///ms_secure_v2/...
I tried to disable these routes by using SetStatus GatewayFilter:
- id: setstatusstring_route
uri: lb://ms-gateway
predicates:
- Path=/ms_secure_v**
filters:
- SetStatus=403
But this route is not matched.
Is there a way to disable these default routes in spring gateway?
The following creates routes in gateway based on services registered:
spring:
cloud:
gateway:
discovery:
locator:
enabled: true
Set it to false (which is the default), if you don't want this.