How to configure Gateway to respect Non-Secure(HTTP and registered to Eureka) and Secure(HTTPS and not registered to Eureka) back-end services? #1799
Comments
stiyyagura
changed the title
|
Also with the above configuration the request is not reaching to https://thirdparty.com/ this is due to the shouldFilter method of RibbonRoutingFilter is returning false as the context don't have serviceId. This is service i didn't register to Eureka. Is there a way i can have mix of services register to eureka and not register to eureka where Ribbon Routing configuration supports both. |
|
@spencergibb or @ryanjbaxter this is a blocker for me can you help please. |
|
If Is |
|
@ryanjbaxter Yes |
Once I do above in Gateway i am not able to get the routes from https://localhost:8091/routes All i want is Gateway should support forwarding the requests HTTPS back-end services. |
|
I don't think there is anything special you need to do here. When I enabled SSL on my Zuul proxy than all the actuator endpoints were secured. I needed to set I was also able to reach a service without ssl enabled via Ribbon and Eureka through Zuul as well as a route with ssl enabled via a URL. Here is what my Zuul |
|
@ryanjbaxter thank you. The question i have asked is not to make Zuul proxy SSL enabled but Zuul should support SSL enabled for origin-services and i think by having the origin-services certificate during Zuul proxy start up is enough for this. Second issue which i am still having a question is after i upgraded to Camden.SR6 i figured out that for |
I guess I am still not understanding the problem. This sounds like Zuul is having a problem proxying a request to a service because the certificate used for that service is not trusted, is that correct?
Yes. In the case where you are specifing the url for a route in the Zuul configuration |
|
Yes @ryanjbaxter you are right. Having the certificate add to keystore and supply the jks file at the Zuul proxy startup is not enough? Thanks for confirming on the second question. But for every time i restart the registry, gateway, services application for the first request i am getting the below issue but second call work fine. |
|
Here is the message in the debug i can see |
|
|
This Shouldn't be required as it is the default if you are using the starters correctly. This doesn't exists with the service prefix: |
|
Can you show us your build file? |
|
@spencergibb thats my maven dependencies |
|
The raw pom.xml would be better. |
|
|
@ryanjbaxter @spencergibb could you please validate and let me know if any issue with my pom.xml |
|
Nothing looks out of the ordinary. |
|
@ryanjbaxter @spencergibb Ok but if i remove |
|
I think we're to the point of our helpfulness without a project that reproduces the problem. |
|
Sure I will try get you a poc project as I can't share the same project |
|
I will close this for now. I am not seeing this error any more. |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
I have my Gateway with routes for HTTP (non-secured) and HTTPS (secured) origin services (back-end services) once I enable HTTPS for Gateway instance () its not behaving as it used to be.
This is how enabled Gateway as secure: But this is making entire Gateway as https but my requirement is only few routes need to go https and few should go to http.
server.ssl.enabled=true
server.ssl.key-store=keystore.jks
server.ssl.key-store-password=inv123
server.ssl.key-store-type=JKS
FYI - I am using Ribbon Routing Filter not SimpleHostRouting filter (due to #1663).
zuul.SimpleHostRoutingFilter.route.disable= true
zuul.routes.apiservices.serviceId=apiservices
zuul.routes.apiservices.path=/myapi/**
zuul.routes.thirdparty.serviceId=thirdparty
zuul.routes.thirdparty.path=/thridparty/**
zuul.routes.thirdparty.url=https://thirdparty.com/
Here thirdparty service is not registred to Eureka and they don't want to register in future as well.
Please let me know what is the right way to achieve this configuration.
The text was updated successfully, but these errors were encountered: