1. 首頁
  2. 問答
  3. 服務不想使用SSL

服務不想使用SSL

2016-11-24 60 views
0

我需要用我的微服務以https尤里卡上註冊,所以我改變這樣我尤里卡配置:服務不想使用SSL

info: 
    component: Eureka 
server: 
    port: 8761 
    ssl: 
     enabled: true 
     ciphers: TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256, TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA,TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384, TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA, TLS_RSA_WITH_AES_128_CBC_SHA256,TLS_RSA_WITH_AES_128_CBC_SHA,TLS_RSA_WITH_AES_256_CBC_SHA256, TLS_RSA_WITH_AES_256_CBC_SHA 
     key-store: target/classes/keystore/keystore.jks 
     key-store-password: ..... 
     key-alias: ..... 
     key-password: ..... 
     protocol: TLS 
eureka: 
    instance: 
     hostname: localhost 
     securePort: ${server.port} 
     nonSecurePortEnabled: false 
     securePortEnabled: true 
     secureVirtualHostName: ${spring.application.name} 
     homePageUrl: https://${eureka.instance.hostname}:${server.port}/ 
     statusPageUrl: https://${eureka.instance.hostname}:${server.port}/admin/info 
     metadataMap: 
      hostname : ${eureka.instance.hostname} 
      securePort: ${server.port} 
    client: 
     registerWithEureka: false 
     fetchRegistry: false 
     healthcheck: 
      enable: true 
     serviceUrl: 
      defaultZone: https://${eureka.instance.hostname}:${server.port}/eureka/ 
    server: 
     waitTimeInMsWhenSyncEmpty: 0 
     enableSelfPreservation: true

它開始沒有問題,我可以去上網站。

我的微服務(configServer)在https上運行,但不在Eureka上註冊。我沒有錯誤消息。配置文件:

info: 
    component: Config Server 
server: 
    port: 8889 
    ssl: 
     enabled: true 
     ciphers: TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256, TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA,TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384, TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA, TLS_RSA_WITH_AES_128_CBC_SHA256,TLS_RSA_WITH_AES_128_CBC_SHA,TLS_RSA_WITH_AES_256_CBC_SHA256, TLS_RSA_WITH_AES_256_CBC_SHA 
     key-store: target/classes/keystore/keystore.jks 
     key-store-password: ..... 
     key-alias: ..... 
     key-password: .... 
     protocol: TLS 
spring: 
    cloud: 
     config: 
      server: 
       git: 
        uri: ....... 
eureka: 
    client: 
     registerWithEureka: true 
     fetchRegistry: true 
     registryFetchIntervalSeconds: 5 
     securePortEnabled: true 
     serviceUrl: 
      defaultZone: https://127.0.0.1:8761/eureka/ 
     healthcheck: 
      enabled: true 
    instance: 
     statusPageUrlPath: https://${management.context_path}/info 
     healthCheckUrlPath: https://${management.context_path}/health 
     leaseRenewalIntervalInSeconds: 10 
     securePort: ${server.port} 
     securePortEnabled: true 
     nonSecurePortEnabled: false

日誌我在調試模式下獲得:

2016-11-29 10:47:35.324 DEBUG 12032 --- [freshExecutor-0] .a.h.i.c.DefaultClientConnectionOperator : Connecting to localhost:8761 
2016-11-29 10:47:35.328 DEBUG 12032 --- [freshExecutor-0] o.a.h.impl.conn.DefaultClientConnection : Connection [email protected] closed 
2016-11-29 10:47:35.328 DEBUG 12032 --- [freshExecutor-0] o.a.h.impl.conn.DefaultClientConnection : Connection [email protected] shut down 
2016-11-29 10:47:35.328 DEBUG 12032 --- [freshExecutor-0] o.a.h.impl.conn.DefaultClientConnection : Connection [email protected] closed

沒有HTTPS,我沒有問題。你知道什麼是錯的嗎?

來源

2016-11-24 BokC

+0

沒有錯誤消息?你打開客戶端上的調試日誌記錄嗎? – spencergibb

+0

是的。我在主帖中登錄了 – BokC

回答

0

您的客戶端與

eureka: 
    client: 
     enabled: true

這是在你的配置服務器配置中缺少被激活。

來源

2016-11-27 12:09:21

+0

這還不夠。如果我不在ssl中,我沒有問題 – BokC

0

我有一個類似的問題:配置服務器通過http正確註冊但不通過https(服務在Eureka上列出,但沒有主機或端口被暴露)。

使用彈簧雲依賴關係Edgware.RELEASEspring-cloud-commons碰撞到1.3.1.RELEASE和一個自簽名證書(添加到我的JREs cacerts)。

這裏是我使用config的作品都通過HTTP(沒有配置文件設置)和HTTPS(HTTPS配置文件)

服務發現application.properties

spring.application.name=service-discovery 
server.port=8161 
server.ssl.enabled=false 

eureka.instance.hostname=${DISCOVERY_HOSTNAME} 
eureka.instance.non-secure-port-enabled=true 
eureka.instance.non-secure-port=${server.port} 
eureka.instance.secure-port-enabled=false 

eureka.client.serviceUrl.defaultZone=${DISCOVERY_SERVICE} 
eureka.client.register-with-eureka=false 
eureka.client.fetch-registry=true 

logging.level.com.netflix.eureka=OFF 
logging.level.com.netflix.discovery=OFF

服務發現應用-https.properties

server.ssl.enabled=true 

eureka.instance.non-secure-port-enabled=false 
eureka.instance.secure-port-enabled=true 
eureka.instance.secure-port=${server.port} 
eureka.instance.statusPageUrl=https://${eureka.hostname}:${server.port}/info 
eureka.instance.healthCheckUrl=https://${eureka.hostname}:${server.port}/health 
eureka.instance.homePageUrl=https://${eureka.hostname}:${server.port}/ 

ribbon.IsSecure=true

配置個bootstrap.properties

eureka.client.serviceUrl.defaultZone=${DISCOVERY_SERVICE}

配置application.properties

spring.application.name=config 
server.port=8181 
server.ssl.enabled=false 

security.user.name=${SPRING_CLOUD_CONFIG_USERNAME} 
security.user.password=${SPRING_CLOUD_CONFIG_PASSWORD} 
security.user.role=SYSTEM 

eureka.instance.non-secure-port-enabled=true 
eureka.instance.non-secure-port=${DISCOVERY_PORT} 
eureka.instance.secure-port-enabled=false 

eureka.client.healthcheck.enabled=true 
eureka.client.region=default 
eureka.client.registry-fetch-interval-seconds=10 

ribbon.IsSecure=true

配置application-https.properties

server.ssl.enabled=true 

eureka.instance.non-secure-port-enabled=false 
eureka.instance.secure-port-enabled=true 
eureka.instance.secure-port=${server.port} 
eureka.instance.statusPageUrl=https://${eureka.hostname}:${server.port}/info 
eureka.instance.healthCheckUrl=https://${eureka.hostname}:${server.port}/health 
eureka.instance.homePageUrl=https://${eureka.hostname}:${server.port}/ 

ribbon.IsSecure=true

和這裏的環境變量,我用:

setx DISCOVERY_USERNAME "discoveryUser" 
setx DISCOVERY_PASSWORD "change-me" 
setx DISCOVERY_HOSTNAME "localhost" 
setx DISCOVERY_PORT "8167" 
setx DISCOVERY_SERVICE "http://${DISCOVERY_USERNAME}:${DISCOVERY_PASSWORD}@${DISCOVERY_HOSTNAME}:${DISCOVERY_PORT}/eureka/" 

setx SPRING_CLOUD_CONFIG_SERVER_GIT_URI "C:/change-me/spring-rest-oauth-config" 
setx SPRING_CLOUD_CONFIG_USERNAME "configUser" 
setx SPRING_CLOUD_CONFIG_PASSWORD "change-me" 
setx SPRING_CLOUD_CONFIG_DISCOVERY_SERVICE-ID "config" 

rem something like "c:/users/ch4mp/.ssl/localhost-self-signed.p12" 
setx SSL_KEY_STORE_PATH "change-me" 

setx SERVER_SSL_KEY_STORE file:%SSL_KEY_STORE_PATH% 
setx SERVER_SSL_KEY_STORE_PASSWORD "change-me" 
setx SERVER_SSL_KEY_ALIAS "spring-rest-oauth" 
setx SERVER_SSL_KEY_STORE_TYPE PKCS12

請注意DISCOVERY_SERVICE方案必須修改爲https使用HTTPS時概況

來源

2018-01-16 09:15:14 ch4mp

+0

這並不能解答問題。一旦你有足夠的[聲譽](https://stackoverflow.com/help/whats-reputation),你將可以[對任何帖子發表評論](https://stackoverflow.com/help/privileges/comment);相反,[提供不需要提問者澄清的答案](https://meta.stackexchange.com/questions/214173/why-do-i-need-50-reputation-to-comment-what-c​​an- I-DO-代替)。 - [來自評論](/ review/low-quality-posts/18529471) –

+0

這並沒有真正回答這個問題。如果您有不同的問題,可以通過單擊[提問](https://stackoverflow.com/questions/ask)來提問。您可以[添加賞金](https://stackoverflow.com/help/privileges/set-bounties)在您擁有足夠的[聲譽](https://stackoverflow.com/help/)後吸引更多關注此問題什麼聲譽)。 - [來自評論](/ review/low-quality-posts/18529471) – EvZ

+0

最初的評論不是一個答案,它只是一個...評論。正如我有同樣的問題,我沒有發佈一個新的。只是希望這個線程能夠回來。現在我找到了一個解決方案,我編輯它 – ch4mp

相關問題

 相關問題