Spring Boot Admin 使用 HTTP 而不是 HTTPS Actuator Endpoints

【问题标题】:Spring Boot Admin uses HTTP instead of HTTPS Actuator EndpointsSpring Boot Admin 使用 HTTP 而不是 HTTPS Actuator Endpoints
【发布时间】:2018-12-10 17:09:11
【问题描述】:

在 Spring Boot Admin (SBA) Server 上注册后,客户端的一些执行器的地址是http://springapplication.com/actuator,而不是https://springapplication.com/actuator。 为什么它将端点更改为 HTTP 并且不停留在 HTTPS?可以定制吗?

这里有一些日志和 Java/YML 文件。

日志:

2018-07-02 06:13:27.683  INFO 3194 --- [-client-epoll-7] d.c.b.a.server.services.StatusUpdater    : Couldn't retrieve status for Instance(id=0d47f12b0a94, version=57, registration=Registration(name=springbootapplication-Name, managementUrl=https://springbootapplication.com/actuator, healthUrl=https://springbootapplication.com/actuator/health, serviceUrl=https://springbootapplication.com, source=http-api), registered=true, statusInfo=StatusInfo(status=UP, details={}), statusTimestamp=2018-07-02T05:06:08.423Z, info=Info(values={}), endpoints=Endpoints(endpoints={httptrace=Endpoint(id=httptrace, url=http://springbootapplication.com/actuator/httptrace), flyway=Endpoint(id=flyway, url=http://springbootapplication.com/actuator/flyway), loggers=Endpoint(id=loggers, url=http://springbootapplication.com/actuator/loggers), health=Endpoint(id=health, url=https://springbootapplication.com/actuator/health), env=Endpoint(id=env, url=http://springbootapplication.com/actuator/env), heapdump=Endpoint(id=heapdump, url=http://springbootapplication.com/actuator/heapdump), scheduledtasks=Endpoint(id=scheduledtasks, url=http://springbootapplication.com/actuator/scheduledtasks), mappings=Endpoint(id=mappings, url=http://springbootapplication.com/actuator/mappings), beans=Endpoint(id=beans, url=http://springbootapplication.com/actuator/beans), configprops=Endpoint(id=configprops, url=http://springbootapplication.com/actuator/configprops), threaddump=Endpoint(id=threaddump, url=http://springbootapplication.com/actuator/threaddump), metrics=Endpoint(id=metrics, url=http://springbootapplication.com/actuator/metrics), conditions=Endpoint(id=conditions, url=http://springbootapplication.com/actuator/conditions), auditevents=Endpoint(id=auditevents, url=http://springbootapplication.com/actuator/auditevents), info=Endpoint(id=info, url=http://springbootapplication.com/actuator/info), jolokia=Endpoint(id=jolokia, url=http://springbootapplication.com/actuator/jolokia)}), buildVersion=null)

Application.yml(服务器):

server:
  port: 5100
spring: 
  security:
    user:
      name: admin
      password: password

SecuritySecureConfig.java(服务器):

import org.springframework.context.annotation.Configuration;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
import org.springframework.security.web.authentication.SavedRequestAwareAuthenticationSuccessHandler;

import de.codecentric.boot.admin.server.config.AdminServerProperties;

@Configuration
public class SecuritySecureConfig extends WebSecurityConfigurerAdapter {
    private final String adminContextPath;

    public SecuritySecureConfig(AdminServerProperties adminServerProperties) {
        this.adminContextPath = adminServerProperties.getContextPath();
    }

    @Override
    protected void configure(HttpSecurity http) throws Exception {
        SavedRequestAwareAuthenticationSuccessHandler successHandler = new SavedRequestAwareAuthenticationSuccessHandler();
        successHandler.setTargetUrlParameter("redirectTo");

        http.authorizeRequests().antMatchers(adminContextPath + "/assets/**").permitAll()
                .antMatchers(adminContextPath + "/login").permitAll().anyRequest().authenticated().and().formLogin()
                .loginPage(adminContextPath + "/login").successHandler(successHandler).and().logout()
                .logoutUrl(adminContextPath + "/logout").and().httpBasic().and().csrf().disable();
    }
}

SpringBootAdminApplication.java(服务器):

import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.boot.SpringApplication;
import org.springframework.boot.autoconfigure.EnableAutoConfiguration;
import org.springframework.boot.autoconfigure.SpringBootApplication;
import org.springframework.context.annotation.PropertySource;
import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;

import de.codecentric.boot.admin.server.config.EnableAdminServer;

@EnableAutoConfiguration
@EnableWebSecurity
@EnableAdminServer
@SpringBootApplication(scanBasePackages = "administration")
@PropertySource(value = "META-INF/build-info.properties", ignoreResourceNotFound = true)
public class SpringBootAdminApplication {

    private static final Logger log = LoggerFactory.getLogger(SpringBootAdminApplication.class);

    public static void main(final String[] args) {
        SpringApplication.run(SpringBootAdminApplication.class, args);
    }
}

Application.yml(客户端):

spring:
  application:
    name: springapplication
  boot:
    admin:
      client:
        username: ${application.security.usernameAdmin}
        password: ${application.security.passwordAdmin}
        url: "https://springBootAdminServerURL.com"
        instance:
          service-base-url: https://http://springapplication.com/
          metadata:
            user.name: ${application.security.usernameAdmin}
            user.password: ${application.security.passwordAdmin}                 
management:
  endpoints:
    web:
      exposure:
        include: "*"
application:
  security:
    usernameAdmin: admin
    passwordAdmin: password

【问题讨论】:

  • 嗨,你有没有找到解决方案?

标签: java spring spring-mvc spring-boot spring-boot-admin


【解决方案1】:

我遇到了同样的问题。查看您的应用程序/actuator 端点。是否将网址报告为 http?它对我有用,即使健康使用 https。为我解决的问题是添加server.use-forward-headers=true,它添加了所有X-Forwarded-*,包括标识方案(http/https)的X-Forwared-Proto

请记住,如果您的应用位于 NGINX 等反向代理之后,您还需要进行配置。 NGINX 示例

location / {
  proxy_set_header   X-Forwarded-Proto $scheme;
  ...
}

【讨论】:

    【解决方案2】:

    需要在配置文件中更正以下表示为的属性

    用于计算要注册的服务 url 的基本 url。路径是 在运行时推断,并附加到基本 url。

    spring.boot.admin.client.instance.service-base-url


instance:
          service-base-url: https://springapplication.com/

    【讨论】:

    • 嗨 Rizwan,谢谢您的回复。将service-base-url 更改为service-url 后,客户端在服务器上注册了自己,但仍处于非活动状态。执行器的 URL 也保留为 http。
    • 服务 url 对于同一应用程序的所有实例都是相同的。那么,如何在启用 SSL 时捕获每个实例指标而不是服务 url。
    【解决方案3】:

    根据我的经验,这通常是由于两个问题。

    1. 端口配置不正确
    2. 不受信任的 SSL 证书

    要解决第一个问题,您需要确保您的客户端应用程序正确通知 Eureka 使用安全端口:

    eureka:
  instance:
    nonSecurePortEnable: false
    securePortEnabled: true

    要修复第二个问题,您需要确保运行 Spring Boot Admin 的 JVM 信任 SSL 证书。只需使用 keytool 将您的证书安装到 JRE 的 cacert 文件中。我建议在尝试使其工作时启用 SSL 调试日志记录。

    -Djavax.net.debug=SSL

    这两个步骤为我解决了这个问题。

    【讨论】:

      猜你喜欢
      • 1970-01-01
      • 2021-12-12
      • 1970-01-01
      • 2017-06-27
      • 2016-04-27
      • 1970-01-01
      • 2015-05-17
      • 1970-01-01
      • 2019-02-04
      相关资源
      最近更新 更多
      热门标签
      Java Python linux javascript Mysql C# Docker 算法 前端 SpringBoot Redis Vue spring 设计模式 .net core .net kubernetes c++ 数据库 数据结构 大数据 js 机器学习 微服务 Android Go 程序员 面试 JVM ASP.net core 云原生 人工智能 后端 PHP git CSS golang k8s Nginx Django mybatis 深度学习 多线程 React 架构 devops 爬虫 云计算 Spring Boot LeetCode