Spring Boot-Apache反向代理背后的Spring安全性

时间:2019-01-19 11:44:38

标签: spring-boot spring-security reverse-proxy vhosts mod-proxy

我有3个spring-boot应用程序:

  • 前部:(8084中的角形包裹在springboot中)
  • :8082上的资源(弹簧启动)
  • 在:8081上进行身份验证(spring-boot春季安全性)。

这是我的虚拟主机:

<VirtualHost *:80>
    ServerName www.website.com
    Redirect / https://www.website.com/
    RewriteEngine on
    RewriteCond %{SERVER_NAME} =www.website.com
    RewriteRule ^ https://%{SERVER_NAME}%{REQUEST_URI} [END,NE,R=permanent]
</VirtualHost>

<VirtualHost *:443>
    SSLEngine on
    SSLProxyEngine on

    ServerName www.website.com

    ProxyPass /auth https://127.0.0.1:8081
    ProxyPassReverse /auth https://127.0.0.1:8081

    ProxyPass /api https://127.0.0.1:8082
    ProxyPassReverse /api https://127.0.0.1:8082

    ProxyPass / https://127.0.0.1:8084/
    ProxyPassReverse / https://127.0.0.1:8084/


    SSLCertificateFile /etc/letsencrypt/live/www.website.com/fullchain.pem
    SSLCertificateKeyFile /etc/letsencrypt/live/www.website.com/privkey.pem
    Include /etc/letsencrypt/options-ssl-apache.conf
</VirtualHost>

这是有效的,当调用https://www.website.com/auth/oauth/authorize端点时,我在https://www.website.com/auth/login上被重定向,并看到我的登录表单。

问题是未加载jquery或css之类的资源,原因是它试图通过URL https://www.website.com/resources/jquery.min.js(尽管应该为https://www.website.com/auth/resources/jquery.min.js)到达它们。

我在这里尝试了解决方法:Spring-boot with embedded Tomcat behind Apache proxy 所以我有Vhost:

<VirtualHost *:443>
    SSLEngine on
    SSLProxyEngine on
    ProxyPreserveHost On

    ServerName www.website.com

    ProxyPass /auth https://127.0.0.1:8081
    ProxyPassReverse /auth https://127.0.0.1:8081
    RequestHeader set X-Forwarded-Proto https
    RequestHeader set X-Forwarded-Port 443

    ProxyPass /api https://127.0.0.1:8082
    ProxyPassReverse /api https://127.0.0.1:8082

    ProxyPass / https://127.0.0.1:8084/
    ProxyPassReverse / https://127.0.0.1:8084/

    SSLCertificateFile /etc/letsencrypt/live/www.website.com/fullchain.pem
    SSLCertificateKeyFile /etc/letsencrypt/live/www.website.com/privkey.pem
    Include /etc/letsencrypt/options-ssl-apache.conf
</VirtualHost>

我已经添加了

server.use-forward-headers=true

在application.properties中。

但是当调用https://www.website.com/auth/oauth/authorize时,我在https://www.website.com/login上被重定向-> / auth部分丢失了,所以我得到了404。

不确定我应该设置什么以及在哪里进行设置?

1 个答案:

答案 0 :(得分:0)

实际上,我找到了解决方案,只要它可以帮助某人:

虚拟主机必须为:

Yesterday = 
CALCULATE(
          MAX('sample'[Price]),
          FILTER(
                'sample',
                'sample'[DATE]<EARLIER('sample'[DATE])
                )
         )

在application.properties中:

ProxyPreserveHost On
...
ProxyPass /auth https://127.0.0.1:8081/auth
ProxyPassReverse /auth https://127.0.0.1:8081/auth
RequestHeader set X-Forwarded-Proto https
RequestHeader set X-Forwarded-Port 443
...
相关问题
最新问题