【发布时间】:2017-09-11 16:17:24
【问题描述】:
我已经为此苦苦挣扎了几天。我想将 Cloud Foundry 的 Spring Cloud Data Flow Server 部署到我组织的企业 Pivotal Cloud Foundry 实例。我的问题是强制所有数据流服务器 web 请求到 TLS/HTTPS。这是我尝试使其正常工作的配置示例:
# manifest.yml
---
applications:
- name: gdp-dataflow-server
buildpack: java_buildpack_offline
host: dataflow-server
memory: 2G
disk_quota: 2G
instances: 1
path: spring-cloud-dataflow-server-cloudfoundry-1.2.3.RELEASE.jar
env:
SPRING_APPLICATION_NAME: dataflow-server
SPRING_CLOUD_DEPLOYER_CLOUDFOUNDRY_URL: https://api.system.x.x.io
SPRING_CLOUD_DEPLOYER_CLOUDFOUNDRY_ORG: my-org
SPRING_CLOUD_DEPLOYER_CLOUDFOUNDRY_SPACE: my-space
SPRING_CLOUD_DEPLOYER_CLOUDFOUNDRY_DOMAIN: my-domain.io
SPRING_CLOUD_DEPLOYER_CLOUDFOUNDRY_USERNAME: user
SPRING_CLOUD_DEPLOYER_CLOUDFOUNDRY_PASSWORD: pass
SPRING_CLOUD_DEPLOYER_CLOUDFOUNDRY_STREAM_SERVICES: dataflow-mq
SPRING_CLOUD_DEPLOYER_CLOUDFOUNDRY_STREAM_BUILDPACK: java_buildpack_offline
SPRING_CLOUD_DEPLOYER_CLOUDFOUNDRY_TASK_SERVICES: dataflow-db
SPRING_APPLICATION_JSON: |
{
"server": {
"use-forward-headers": true,
"tomcat": {
"remote-ip-header": "x-forwarded-for",
"protocol-header": "x-forwarded-proto"
}
},
"management": {
"context-path": "/management",
"security": {
"enabled": true
}
},
"security": {
"require-ssl": true,
"basic": {
"enabled": true,
"realm": "Data Flow Server"
},
"user": {
"name": "dataflow-admin",
"password": "nimda-wolfatad"
}
}
services:
dataflow-db
dataflow-redis
尽管SPRING_APPLICATION_JSON 中有security 块,数据流服务器的Web 端点仍然可以通过不安全的HTTP 访问。如何强制所有请求都使用 HTTPS?我是否需要为 Cloud Foundry 自定义我自己构建的 Data Flow Server?我知道 PCF 的代理正在负载均衡器处终止 SSL/TLS,但是配置转发标头应该会导致 Spring Security/Tomcat 以我想要的方式运行,不是吗?我必须在这里遗漏一些明显的东西,因为这似乎是一个不应该如此困难的共同愿望。
谢谢。
【问题讨论】:
标签: cloud-foundry spring-cloud-dataflow