Spring Cloud:为Zuul和Eureka启用SSL

时间:2015-07-19 16:55:25

标签: spring-cloud netflix-eureka netflix-zuul

我正在尝试为我的Spring Cloud应用程序启用SSL。现在它由少数服务组成,Eureka和Zuul(No Ribbon或Feighn)。我找到了一些提示如何为Eureka启用SSL的提示,但无法使其工作。在Zuul方面,我找不到任何信息,除了这个:Zuul SSL Support有效禁止使用随机端口:(server.port = 0)。我的应用程序的application.yml:

server:
  port: 0
  ssl:
    key-store: classpath:keystore.jks
    key-store-password: password
    key-password: password       
endpoints:
  restart:
     enabled: true
  shutdown:
     enabled: true
  health:
    sensitive: false

eureka:
  instance:
    leaseRenewalIntervalInSeconds: 10
    metadataMap:
     instanceId:      ${vcap.application.instance_id:${spring.application.name}:${spring.application.instance_id:${server.port}}}
 client:
   registryFetchIntervalSeconds: 5
  logging:
    level:
     com.netflix.discovery: 'OFF'

Eureka服务器application.yml:

    server: 
  port: 8761
  ssl:
    key-store: classpath:keystore.jks
    key-store-password: password
    key-password: password    

eureka: 
  instance:
     hostname: localhost
     securePort: ${server.port}
     securePortEnabled: true  
     nonSecurePortEnabled: false 
     secureVirtualHostName: ${spring.application.name}
     homePageUrl: https://${eureka.instance.hostname}:${server.port}/
     statusPageUrl: https://${eureka.instance.hostname}:${server.port}/admin/info

     metadataMap:
       hostname : ${eureka.instance.hostname}
       securePort: ${server.port}

  server:
    waitTimeInMsWhenSyncEmpty: 0

  client: 
    registerWithEureka: false
    fetchRegistry: false
    serviceUrl:
      defaultZone: http://${eureka.instance.hostname}:${server.port}/eureka/

我不确定我需要将什么放入Zuul的application.yml以允许SSL,所以我正在跳过它。

当我启动Eureka和我的应用程序时,我会反复出现例外情况:

2015-07-19 12:46:42.527  INFO 7972 --- [pool-7-thread-1] o.a.http.impl.client.DefaultHttpClient   : I/O exception (org.apache.http.NoHttpResponseException) caught when processing request to {}->http://localhost:8761: The target server failed to respond
2015-07-19 12:46:42.527  INFO 7972 --- [pool-7-thread-1] o.a.http.impl.client.DefaultHttpClient   : Retrying request to {}->http://localhost:8761

我正在向curl命令获取404:

curl -k -i -X GET https://localhost:8761/eureka

Zuul无法启动,因为它无法连接到Eureka。

我很确定我将配置etries放入错误的application.yml文件中(我仍然不知道如何配置Zuul)。

我想知道是否有任何文档说明如何在所有Netflix组件中启用SSL。

1 个答案:

答案 0 :(得分:0)

为zuul服务(边缘代理)和eureka启用HTTPS时,我们需要在zuul服务级别使用此属性

<强> ribbon.IsSecure:真

相关问题
最新问题