我已成功配置Apache(2.4.7)以要求客戶端證書,並且 - 作爲反向代理 - 將證書內的信息轉發給Tomcat 8服務器。通過Apache反向代理進行Spring Boot證書認證
當試圖實現與Spring引導一樣的,但是,它失敗
The proxy server received an invalid response from an upstream server
The proxy server could not handle the request GET /myapp
,並返回一個HTTP 502錯誤代碼。
相關,工作Tomcat的配置是:
<Connector SSLEnabled="true" clientAuth="want" keyAlias="myalias"
keystoreFile="mystore.jks" keystorePass="mypassword" maxThreads="150"
port="8443" protocol="HTTP/1.1" scheme="https" secure="true"
sslProtocol="TLS" truststoreFile="mystore.jks" truststorePass="mypassword"/>
春天啓動的相關部分的application.properties文件,該文件將無法正常工作:
server.context-path=/myapp
server.port=8443
server.ssl.enabled=true
server.use-forward-headers=true
server.ssl.protocol=TLS
server.ssl.client-auth=need
server.ssl.key-alias=myalias
server.ssl.key-store=/path/to/mykeystore.jks
server.ssl.key-store-password=mypassword
server.ssl.key-password=mypassword
server.ssl.trust-store=/path/to/mykeystore.jks
server.ssl.trust-store-password=mypassword
server.tomcat.remote-ip-header=x-forwarded-for
server.tomcat.port-header=x-forwarded-port
注意,直接訪問應用程序時(即請求https://myapp.company.tld:12345/myapp)它工作得很好,但使用反向代理(即https://proxy-load-balancer.company.tld:12345/myapp)會拋出上述錯誤。
端口差異(12345與配置的8443)是由於中間Docker層造成的:反向代理和應用程序都在一個容器中運行,並且它們的開放端口(Apache爲443,Tomcat/Spring Boot爲8443)映射到不同的端口,即12345.