1. 首页
  2. 问答
  3. 服务不想使用SSL

服务不想使用SSL

2016-11-24 57 views
0

我需要用我的微服务以https尤里卡上注册,所以我改变这样我尤里卡配置:服务不想使用SSL

info: 
    component: Eureka 
server: 
    port: 8761 
    ssl: 
     enabled: true 
     ciphers: TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256, TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA,TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384, TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA, TLS_RSA_WITH_AES_128_CBC_SHA256,TLS_RSA_WITH_AES_128_CBC_SHA,TLS_RSA_WITH_AES_256_CBC_SHA256, TLS_RSA_WITH_AES_256_CBC_SHA 
     key-store: target/classes/keystore/keystore.jks 
     key-store-password: ..... 
     key-alias: ..... 
     key-password: ..... 
     protocol: TLS 
eureka: 
    instance: 
     hostname: localhost 
     securePort: ${server.port} 
     nonSecurePortEnabled: false 
     securePortEnabled: true 
     secureVirtualHostName: ${spring.application.name} 
     homePageUrl: https://${eureka.instance.hostname}:${server.port}/ 
     statusPageUrl: https://${eureka.instance.hostname}:${server.port}/admin/info 
     metadataMap: 
      hostname : ${eureka.instance.hostname} 
      securePort: ${server.port} 
    client: 
     registerWithEureka: false 
     fetchRegistry: false 
     healthcheck: 
      enable: true 
     serviceUrl: 
      defaultZone: https://${eureka.instance.hostname}:${server.port}/eureka/ 
    server: 
     waitTimeInMsWhenSyncEmpty: 0 
     enableSelfPreservation: true

它开始没有问题,我可以去上网站。

我的微服务(configServer)在https上运行,但不在Eureka上注册。我没有错误消息。配置文件:

info: 
    component: Config Server 
server: 
    port: 8889 
    ssl: 
     enabled: true 
     ciphers: TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256, TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA,TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384, TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA, TLS_RSA_WITH_AES_128_CBC_SHA256,TLS_RSA_WITH_AES_128_CBC_SHA,TLS_RSA_WITH_AES_256_CBC_SHA256, TLS_RSA_WITH_AES_256_CBC_SHA 
     key-store: target/classes/keystore/keystore.jks 
     key-store-password: ..... 
     key-alias: ..... 
     key-password: .... 
     protocol: TLS 
spring: 
    cloud: 
     config: 
      server: 
       git: 
        uri: ....... 
eureka: 
    client: 
     registerWithEureka: true 
     fetchRegistry: true 
     registryFetchIntervalSeconds: 5 
     securePortEnabled: true 
     serviceUrl: 
      defaultZone: https://127.0.0.1:8761/eureka/ 
     healthcheck: 
      enabled: true 
    instance: 
     statusPageUrlPath: https://${management.context_path}/info 
     healthCheckUrlPath: https://${management.context_path}/health 
     leaseRenewalIntervalInSeconds: 10 
     securePort: ${server.port} 
     securePortEnabled: true 
     nonSecurePortEnabled: false

日志我在调试模式下获得:

2016-11-29 10:47:35.324 DEBUG 12032 --- [freshExecutor-0] .a.h.i.c.DefaultClientConnectionOperator : Connecting to localhost:8761 
2016-11-29 10:47:35.328 DEBUG 12032 --- [freshExecutor-0] o.a.h.impl.conn.DefaultClientConnection : Connection [email protected] closed 
2016-11-29 10:47:35.328 DEBUG 12032 --- [freshExecutor-0] o.a.h.impl.conn.DefaultClientConnection : Connection [email protected] shut down 
2016-11-29 10:47:35.328 DEBUG 12032 --- [freshExecutor-0] o.a.h.impl.conn.DefaultClientConnection : Connection [email protected] closed

没有HTTPS,我没有问题。你知道什么是错的吗?

来源

2016-11-24 BokC

+0

没有错误消息?你打开客户端上的调试日志记录吗? – spencergibb

+0

是的。我在主帖中登录了 – BokC

回答

0

您的客户端与

eureka: 
    client: 
     enabled: true

这是在你的配置服务器配置中缺少被激活。

来源

2016-11-27 12:09:21

+0

这还不够。如果我不在ssl中,我没有问题 – BokC

0

我有一个类似的问题:配置服务器通过http正确注册但不通过https(服务在Eureka上列出,但没有主机或端口被暴露)。

使用弹簧云依赖关系Edgware.RELEASEspring-cloud-commons碰撞到1.3.1.RELEASE和一个自签名证书(添加到我的JREs cacerts)。

这里是我使用config的作品都通过HTTP(没有配置文件设置)和HTTPS(HTTPS配置文件)

服务发现application.properties

spring.application.name=service-discovery 
server.port=8161 
server.ssl.enabled=false 

eureka.instance.hostname=${DISCOVERY_HOSTNAME} 
eureka.instance.non-secure-port-enabled=true 
eureka.instance.non-secure-port=${server.port} 
eureka.instance.secure-port-enabled=false 

eureka.client.serviceUrl.defaultZone=${DISCOVERY_SERVICE} 
eureka.client.register-with-eureka=false 
eureka.client.fetch-registry=true 

logging.level.com.netflix.eureka=OFF 
logging.level.com.netflix.discovery=OFF

服务发现应用-https.properties

server.ssl.enabled=true 

eureka.instance.non-secure-port-enabled=false 
eureka.instance.secure-port-enabled=true 
eureka.instance.secure-port=${server.port} 
eureka.instance.statusPageUrl=https://${eureka.hostname}:${server.port}/info 
eureka.instance.healthCheckUrl=https://${eureka.hostname}:${server.port}/health 
eureka.instance.homePageUrl=https://${eureka.hostname}:${server.port}/ 

ribbon.IsSecure=true

配置个bootstrap.properties

eureka.client.serviceUrl.defaultZone=${DISCOVERY_SERVICE}

配置application.properties

spring.application.name=config 
server.port=8181 
server.ssl.enabled=false 

security.user.name=${SPRING_CLOUD_CONFIG_USERNAME} 
security.user.password=${SPRING_CLOUD_CONFIG_PASSWORD} 
security.user.role=SYSTEM 

eureka.instance.non-secure-port-enabled=true 
eureka.instance.non-secure-port=${DISCOVERY_PORT} 
eureka.instance.secure-port-enabled=false 

eureka.client.healthcheck.enabled=true 
eureka.client.region=default 
eureka.client.registry-fetch-interval-seconds=10 

ribbon.IsSecure=true

配置application-https.properties

server.ssl.enabled=true 

eureka.instance.non-secure-port-enabled=false 
eureka.instance.secure-port-enabled=true 
eureka.instance.secure-port=${server.port} 
eureka.instance.statusPageUrl=https://${eureka.hostname}:${server.port}/info 
eureka.instance.healthCheckUrl=https://${eureka.hostname}:${server.port}/health 
eureka.instance.homePageUrl=https://${eureka.hostname}:${server.port}/ 

ribbon.IsSecure=true

和这里的环境变量,我用:

setx DISCOVERY_USERNAME "discoveryUser" 
setx DISCOVERY_PASSWORD "change-me" 
setx DISCOVERY_HOSTNAME "localhost" 
setx DISCOVERY_PORT "8167" 
setx DISCOVERY_SERVICE "http://${DISCOVERY_USERNAME}:${DISCOVERY_PASSWORD}@${DISCOVERY_HOSTNAME}:${DISCOVERY_PORT}/eureka/" 

setx SPRING_CLOUD_CONFIG_SERVER_GIT_URI "C:/change-me/spring-rest-oauth-config" 
setx SPRING_CLOUD_CONFIG_USERNAME "configUser" 
setx SPRING_CLOUD_CONFIG_PASSWORD "change-me" 
setx SPRING_CLOUD_CONFIG_DISCOVERY_SERVICE-ID "config" 

rem something like "c:/users/ch4mp/.ssl/localhost-self-signed.p12" 
setx SSL_KEY_STORE_PATH "change-me" 

setx SERVER_SSL_KEY_STORE file:%SSL_KEY_STORE_PATH% 
setx SERVER_SSL_KEY_STORE_PASSWORD "change-me" 
setx SERVER_SSL_KEY_ALIAS "spring-rest-oauth" 
setx SERVER_SSL_KEY_STORE_TYPE PKCS12

请注意DISCOVERY_SERVICE方案必须修改为https使用HTTPS时概况

来源

2018-01-16 09:15:14 ch4mp

+0

这并不能解答问题。一旦你有足够的[声誉](https://stackoverflow.com/help/whats-reputation),你将可以[对任何帖子发表评论](https://stackoverflow.com/help/privileges/comment);相反,[提供不需要提问者澄清的答案](https://meta.stackexchange.com/questions/214173/why-do-i-need-50-reputation-to-comment-what-c​​an- I-DO-代替)。 - [来自评论](/ review/low-quality-posts/18529471) –

+0

这并没有真正回答这个问题。如果您有不同的问题,可以通过单击[提问](https://stackoverflow.com/questions/ask)来提问。您可以[添加赏金](https://stackoverflow.com/help/privileges/set-bounties)在您拥有足够的[声誉](https://stackoverflow.com/help/)后吸引更多关注此问题什么声誉)。 - [来自评论](/ review/low-quality-posts/18529471) – EvZ

+0

最初的评论不是一个答案,它只是一个...评论。正如我有同样的问题,我没有发布一个新的。只是希望这个线程能够回来。现在我找到了一个解决方案,我编辑它 – ch4mp

相关问题

 相关问题