时间戳

首页 > 解决方案 > Spring Cloud Gateway 不使用 HTTPS

spring-boot - Spring Cloud Gateway 不使用 HTTPS

问题描述

当使用 Spring Cloud Gateway 时server.ssl.enabled=true,我得到:ERR_SSL_VERSION_OR_CIPHER_MISMATCH Unsupported protocol 客户端和服务器不支持常见的 SSL 协议版本或密码套件。

只有禁用 SSL 我才能使用网关(server.ssl.enabled=false

如何通过 Spring Cloud Gateway 强制使用 HTTPS?

完整的源代码,包括发现服务和一个演示用户-ws,位于:https ://github.com/bcfernandez/Demo-SpringCloud.git

users-ws 入口点正在使用 HTTPS:https://localhost:8181/users/status 但是,当我尝试通过网关访问 users-ws 时(https://localhost:8011/users/v1/status ),我明白了ERR_SSL_VERSION_OR_CIPHER_MISMATCH

网关 app.properties 如下:

server.port=8011
spring.application.name=trm-api-gateway
spring.devtools.restart.enabled=true

# WARNING: TO BE REMOVED ON PRODUCTION
spring.cloud.gateway.discovery.locator.enabled=true
spring.cloud.gateway.discovery.locator.lowerCaseServiceId=true

#Routes filtering
spring.cloud.gateway.routes[0].id=users-service_v1
spring.cloud.gateway.routes[0].predicates[0]=Path=/users/v1/**
spring.cloud.gateway.routes[0].predicates[1]=Method=GET
spring.cloud.gateway.routes[0].filters[0]=RewritePath=/users/v1(?<segment>/?.*), /users${segment}
spring.cloud.gateway.routes[0].uri=lb://users-ws

#WARNING: TO BE REMOVED ON PRODUCTION ENVIRONMENT
#Using an insecure trust manager is not suitable for production. For a production deployment, you can     configure the gateway with a set of known certificates that it can trust 
spring.cloud.gateway.httpclient.ssl.useInsecureTrustManager=true

# Eureka Info
eureka.client.serviceUrl.defaultZone=http://localhost:8010/eureka
eureka.instance.hostname=localhost
eureka.instance.non-secure-port-enabled=false
eureka.instance.secure-port-enabled=true

#SSL Key Info
server.ssl.enabled=true
server.ssl.key-alias=mySelfSignedKey
server.ssl.key-store-password=password@2020
server.ssl.key-store=myKeyStore.p12
server.ssl.key-store-type=pkcs12

# Properties set for development purposes only
logging.level.web=DEBUG
logging.level.org.springframework.cloud.gateway=DEBUG
debug=true

标签: spring-bootspring-cloudspring-cloud-gateway

解决方案

推荐阅读