java - Spring boot admin:客户端无法通过 https 向管理服务器注册
问题描述
我有一些 spring-boot 微服务,它们在 spring-boot-admin (SBA) 中注册。当我在本地运行微服务和 SBA 服务器时,客户端能够通过 HTTP 向 SBA 服务器注册自己。
当我将应用程序部署到 Kubernetes 集群时,向 SBA 注册是通过 HTTPS(通过Ingress)完成的,我javax.net.ssl.SSLHandshakeException在日志中得到一个
d.c.b.a.c.r.ApplicationRegistrator : Failed to register application as Application(name=my-app, managementUrl=https://my-app-dev.mydomain.com/actuator, healthUrl=https://my-app-dev.mydomain.com/actuator/health, serviceUrl=https://my-app-dev.mydomain.com) at spring-boot-admin ([https://my-admin-dev.mydomain.com/instances]): I/O error on POST request for "https://my-admin-dev.mydomain.com/instances": Received fatal alert: protocol_version; nested exception is javax.net.ssl.SSLHandshakeException: Received fatal alert: protocol_version. Further attempts are logged on DEBUG level
在微服务(SBA 客户端)中,我使用以下依赖项
<dependency>
<groupId>de.codecentric</groupId>
<artifactId>spring-boot-admin-starter-client</artifactId>
<version>2.4.0</version>
</dependency>
以下是application.yaml
spring.boot.admin.client:
url: "https://my-admin-dev.mydomain.com"
instance.service-url: "https://my-app-dev.mydomain.com"
解决方案
我能够戳入spring-boot-admin-starter-client代码。首先,我ApplicationRegistrator从导致我进入一个可覆盖BlockingRegistrationClient实例的日志消息开始(耶!)
public class SpringBootAdminClientAutoConfiguration {
...
@Configuration(proxyBeanMethods = false)
@ConditionalOnBean(RestTemplateBuilder.class)
public static class BlockingRegistrationClientConfig {
@Bean
@ConditionalOnMissingBean
public BlockingRegistrationClient registrationClient(ClientProperties client) {
RestTemplateBuilder builder = new RestTemplateBuilder().setConnectTimeout(client.getConnectTimeout())
.setReadTimeout(client.getReadTimeout());
if (client.getUsername() != null && client.getPassword() != null) {
builder = builder.basicAuthentication(client.getUsername(), client.getPassword());
}
return new BlockingRegistrationClient(builder.build());
}
}
按照我的指导使用这篇文章,我能够创建一个RestTemplate将信任存储加载到SSLContext. BlockingRegistrationClient然后我可以用我自己的覆盖自定义的实例RestTemplate。
@Bean
public BlockingRegistrationClient registrationClient(
@Value("${ssl.protocol}") String protocol,
@Value("${ssl.trustStore.path}") String trustStorePath,
@Value("${ssl.trustStore.password}") String trustStorePassword,
ClientProperties client) throws Exception {
SSLContext sslContext = SSLContextBuilder.create()
.loadTrustMaterial(new File(trustStorePath), trustStorePassword.toCharArray())
.setProtocol(protocol)
.build();
CloseableHttpClient httpClient = HttpClientBuilder.create()
.setSSLContext(sslContext)
.build();
RestTemplateBuilder builder = new RestTemplateBuilder()
.setConnectTimeout(client.getConnectTimeout())
.setReadTimeout(client.getReadTimeout())
.requestFactory(() -> new HttpComponentsClientHttpRequestFactory(httpClient));
if (client.getUsername() != null && client.getPassword() != null) {
builder = builder.basicAuthentication(client.getUsername(), client.getPassword());
}
return new BlockingRegistrationClient(builder.build());
}
应用程序.yaml
ssl:
protocol: TLSv1.2
trustStore:
path: "/opt/java/openjdk/lib/security/cacerts"
password: "*****"
推荐阅读
- php - 无法在ubuntu上再次重新安装php
- rest - DocuSign Rest API:将文档上传到信封并添加文档字段以保存数据
- python - python cx_Oracle 无效标识符
- z3 - 新变量未显示在找到的模型中
- javascript - 如何在 JavaScript 中使用 replaceAll()?
- python - 如何将此 txt 文件转换为 pandas DataFrame?
- javascript - 导出 neo4j 图形以进行 d3 可视化
- python - 如何在使用 cv2.VideoCapture() 时降低 CPU 利用率
- spring-webflux - 在 Spring 响应式 cassandra 中进行数据转换的 Mono Slice
- java - Java 比较 10<-5 为真