在AWS ELB后面具有嵌入式Undertow的Spring Boot

本文介绍了在AWS ELB后面具有嵌入式Undertow的Spring Boot-HTTP到HTTPS重定向的处理方法，对大家解决问题具有一定的参考价值，需要的朋友们下面随着小编来一起学习吧！ 问题描述

我正在AWS EC2实例的端口8080上运行Spring Boot(Jhipster/Undertow)应用程序.

I'm running a Spring boot (Jhipster/Undertow) application on port 8080 on an AWS EC2 instance.

我已将AWS ELB配置为重定向

I have an AWS ELB configured to redirect

80 -> 8080 443 (SSL termination happens here) -> 8080

该应用程序使用Spring Security，如果用户到达 example ，我希望它重定向到 example ，以使用SSL.

The application uses Spring Security and if you user arrives to example I want it to redirect to example, to use SSL.

我在中找到了配置此示例的各种示例Tomcat ，但不使用Undertow.

I have found various examples of configuring this in Tomcat but none using Undertow.

我尝试使用第二个端口8089进行此操作，并且确实按要求重定向，但这会导致端口8080也重定向我不想要的端口.

I have tried this, with a second port 8089, and it does redirect as required, but this causes port 8080 to also redirects which I don't want.

80 -> 8089 443 (SSL termination happens here) -> 8080

@Bean public EmbeddedServletContainerFactory undertow() { UndertowEmbeddedServletContainerFactory undertow = new UndertowEmbeddedServletContainerFactory(); undertow.addBuilderCustomizers(builder -> builder.addHttpListener(8089, "0.0.0.0")); undertow.addDeploymentInfoCustomizers(deploymentInfo -> { deploymentInfo.addSecurityConstraint(new SecurityConstraint() .addWebResourceCollection(new WebResourceCollection() .addUrlPattern("/*")) .setTransportGuaranteeType(TransportGuaranteeType.CONFIDENTIAL) .setEmptyRoleSemantic(SecurityInfo.EmptyRoleSemantic.PERMIT)) .setConfidentialPortManager(exchange -> 443); }); return undertow; }

如何配置Undertow来实现这一目标?

How can I configure Undertow to achieve this?

推荐答案

当我遇到相同的问题时，这对我有用:

This worked for me when I had the same problem:

从jhipster暴露端口80(您可以在application-prod.yml中进行更改).

Expose the port 80 from jhipster (you can change it in the application-prod.yml).

从http重定向到https时，Amazon ELB添加了一些标头，您应该在同一文件中处理这些标头:

Amazon ELB when redirecting from http to https adds some headers, which you should address in the same file:

server: use-forward-headers: true port: 80

server: use-forward-headers: true port: 80

此外，您需要从jhipster强制执行https: jhipster.github.io/tips/007_tips_enforce_https.html

Also, you need to enforce the https from jhipster: jhipster.github.io/tips/007_tips_enforce_https.html