问题描述:
只有https://开头的请求才可以访问X-service服务,但是X-service服务注册到eurake上的时候对外暴露的请求是http://,所以使用feign无法请求到X-service,虽然X-service有把http重定向到https的功能,但是端口号却对不上,配置如下
server:
ssl:
key-store-type: JKS
key-store: classpath:keystore/ccc.jks
key-store-password: 6cc
port: 443
http:
port: 80
注册到Eurake上是http://hostname:443而不是https://hostname:443
安全端口443,不安全端口80,重定向只能把http://hostname:80重定向到https://hostname:443,但是不能把http:hostname:443重定向到https:hostname:443,也许也是可以的,但是我不知道怎么做…
解决:
eureka:
instance:
hostname: localhost
securePort: ${server.port}
securePortEnabled: true
nonSecurePortEnabled: false
homePageUrl: https://${eureka.instance.hostname}:${server.port}/
statusPageUrl: https://${eureka.instance.hostname}:${server.port}/
上边的hostname是不可缺少的
还需要增加feign的配置处理,使feign绕过ssl安全验证:
@Configuration
public class SSLFeignClientConfig {
@Bean
@ConditionalOnMissingBean
public Client feignClient(CachingSpringLoadBalancerFactory cachingFactory,
SpringClientFactory clientFactory) throws NoSuchAlgorithmException, KeyManagementException {
SSLContext ctx = SSLContext.getInstance("SSL");
X509TrustManager tm = new X509TrustManager() {
@Override
public void checkClientTrusted(X509Certificate[] chain,
String authType) throws CertificateException {
}
@Override
public void checkServerTrusted(X509Certificate[] chain,
String authType) throws CertificateException {
}
@Override
public X509Certificate[] getAcceptedIssuers() {
return null;
}
};
ctx.init(null, new TrustManager[]{tm}, null);
return new LoadBalancerFeignClient(new Client.Default(ctx.getSocketFactory(),
(hostname, session) -> true),
cachingFactory, clientFactory);
}
}
feignClient使用:
@FeignClient(name="xxx-service", configuration = {SSLFeignClientConfig.class})