我在AWS EC2实例上的端口8080上运行了Spring Boot(JHIPSTER/UNCERTSOW)。
我有一个配置为重定向的AWS ELB
80 -> 8080
443 (SSL termination happens here) -> 8080
该应用程序使用Spring Security,如果用户到达http://example.com,我希望它重定向到https://example.com,使用SSL。
我找到了在tomcat中配置此示例的各种示例
我已经尝试了第二个端口8089,并且确实根据需要重定向,但这会导致端口8080也重定向。
80 -> 8089
443 (SSL termination happens here) -> 8080
@Bean
public EmbeddedServletContainerFactory undertow() {
UndertowEmbeddedServletContainerFactory undertow = new UndertowEmbeddedServletContainerFactory();
undertow.addBuilderCustomizers(builder -> builder.addHttpListener(8089, "0.0.0.0"));
undertow.addDeploymentInfoCustomizers(deploymentInfo -> {
deploymentInfo.addSecurityConstraint(new SecurityConstraint()
.addWebResourceCollection(new WebResourceCollection()
.addUrlPattern("/*"))
.setTransportGuaranteeType(TransportGuaranteeType.CONFIDENTIAL)
.setEmptyRoleSemantic(SecurityInfo.EmptyRoleSemantic.PERMIT))
.setConfidentialPortManager(exchange -> 443);
});
return undertow;
}
我该如何配置实现这一目标?
当我遇到同样的问题时,这对我有用:
从Jhipster公开端口80(您可以在application-prod.yml中更改它)。
Amazon Elb从HTTP重定向到HTTPS时添加了一些标题,您应该在同一文件中解决这些标题:
server:
use-forward-headers: true
port: 80
另外,您需要从Jhipster执行HTTP:https://jhipster.github.io/tips/007_tips_enforce_https.html
以防万一有人想要一个工作解决方案,以重定向所有 http 请求 httpps htttp/http/http/2 在Spring Boot 1.5.19中,以下是application.properties文件中的设置:
server.ssl.protocol=TLSv1.2
server.ssl.key-store-type=PKCS12
server.ssl.key-store=keystore.p12
server.ssl.key-store-password=xxxxxxx
server.port=443
server.use-forward-headers=true
和以下Java配置:
import io.undertow.UndertowOptions;
import io.undertow.servlet.api.SecurityConstraint;
import io.undertow.servlet.api.SecurityInfo;
import io.undertow.servlet.api.TransportGuaranteeType;
import io.undertow.servlet.api.WebResourceCollection;
import org.springframework.boot.context.embedded.undertow.UndertowBuilderCustomizer;
import org.springframework.boot.context.embedded.undertow.UndertowEmbeddedServletContainerFactory;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
import org.springframework.context.annotation.PropertySource;
@Configuration
public class ConnectorConfig {
@Bean
public UndertowEmbeddedServletContainerFactory embeddedServletContainerFactory() {
UndertowEmbeddedServletContainerFactory factory = new UndertowEmbeddedServletContainerFactory();
factory.addBuilderCustomizers((UndertowBuilderCustomizer) builder -> {
builder.setServerOption(UndertowOptions.ENABLE_HTTP2, true);
builder.addHttpListener(80, "0.0.0.0");
});
factory.addDeploymentInfoCustomizers(deploymentInfo -> {
deploymentInfo.addSecurityConstraint(
new SecurityConstraint()
.addWebResourceCollection(new WebResourceCollection().addUrlPattern("/*"))
.setTransportGuaranteeType(TransportGuaranteeType.CONFIDENTIAL)
.setEmptyRoleSemantic(SecurityInfo.EmptyRoleSemantic.PERMIT))
.setConfidentialPortManager(exchange -> 443);
});
return factory;
}
}
一切都可以完美地工作。