Dan*_*ass 11 spring spring-boot spring-cloud
我们希望将HTTPS用于基于Feign和Ribbon的微服务通信.这些服务基于spring boot并且正确设置了tomcat.实例已在Eureka上的HTTPS URL和securePort上注册.但是,当我们通过Feign调用另一个微服务时,底层功能区无法识别协议并回退到HTTP.我可以通过将协议添加到FeignClient注释来解决这个问题,如下所示:
@FeignClient("https://users")
但似乎Zuul代理和Hystrix/Turbine也在内部使用Ribbon具有相同的HTTP回退问题.有没有办法集中配置Ribbon以使用HTTPS作为默认值或使用注册的eureka实例的securePort设置?
Eureka实例配置:
eureka.instance.hostname=localhost
eureka.instance.securePort = ${server.port}
eureka.instance.securePortEnabled = true
eureka.instance.nonSecurePortEnabled = false
eureka.instance.metadataMap.hostname = ${eureka.instance.hostname}
eureka.instance.metadataMap.securePort = ${server.port}
eureka.instance.homePageUrl = https://${eureka.instance.hostname}:${server.port}/
eureka.instance.statusPageUrl = https://${eureka.instance.hostname}:${server.port}/admin/info
通过这些设置,它在Eureka中看起来就像服务在HTTPS上运行一样.Zuul代理运行正常,但使用HTTP URL来调用服务.您必须通过在密钥库中提供服务器证书来在Spring Boots嵌入式Tomcat中启用SSL:
server.ssl.key-store=server.jks
server.ssl.key-store-password=<pw>
server.ssl.keyStoreType=jks
server.ssl.keyAlias=tomcat
server.ssl.key-password=<pw>
Tomcat只运行在HTTPS上,HTTP端口被阻止,但比我得到的:localhost:8081 failed to respond因为HTTP URL用于调用服务.通过设置ribbon.IsSecure=true用户服务URL正确生成,但Ribbon负载均衡器无法在Eureka中查找用户服务:Load balancer does not have available server for client: users.我users.ribbon.IsSecure=trueaslo 试图只在zuul代理中设置,但仍然得到相同的错误.
Caused by: com.netflix.client.ClientException: Load balancer does not have available server for client: user
at com.netflix.loadbalancer.LoadBalancerContext.getServerFromLoadBalancer(LoadBalancerContext.java:468)
at com.netflix.loadbalancer.reactive.LoadBalancerCommand$1.call(LoadBalancerCommand.java:184)
at com.netflix.loadbalancer.reactive.LoadBalancerCommand$1.call(LoadBalancerCommand.java:180)
at rx.Observable$1.call(Observable.java:145)
at rx.Observable$1.call(Observable.java:137)
at rx.Observable$1.call(Observable.java:145)
at rx.Observable$1.call(Observable.java:137)
at rx.Observable.unsafeSubscribe(Observable.java:7304)
at rx.internal.operators.OperatorRetryWithPredicate$SourceSubscriber$1.call(OperatorRetryWithPredicate.java:112)
at rx.schedulers.TrampolineScheduler$InnerCurrentThreadScheduler.enqueue(TrampolineScheduler.java:81)
at rx.schedulers.TrampolineScheduler$InnerCurrentThreadScheduler.schedule(TrampolineScheduler.java:59)
at rx.internal.operators.OperatorRetryWithPredicate$SourceSubscriber.onNext(OperatorRetryWithPredicate.java:77)
at rx.internal.operators.OperatorRetryWithPredicate$SourceSubscriber.onNext(OperatorRetryWithPredicate.java:45)
at rx.internal.util.ScalarSynchronousObservable$1.call(ScalarSynchronousObservable.java:41)
at rx.internal.util.ScalarSynchronousObservable$1.call(ScalarSynchronousObservable.java:30)
at rx.Observable$1.call(Observable.java:145)
at rx.Observable$1.call(Observable.java:137)
at rx.Observable$1.call(Observable.java:145)
at rx.Observable$1.call(Observable.java:137)
at rx.Observable$1.call(Observable.java:145)
at rx.Observable$1.call(Observable.java:137)
at rx.Observable.subscribe(Observable.java:7393)
at rx.observables.BlockingObservable.blockForSingle(BlockingObservable.java:441)
at rx.observables.BlockingObservable.single(BlockingObservable.java:340)
at com.netflix.client.AbstractLoadBalancerAwareClient.executeWithLoadBalancer(AbstractLoadBalancerAwareClient.java:102)
at com.netflix.client.AbstractLoadBalancerAwareClient.executeWithLoadBalancer(AbstractLoadBalancerAwareClient.java:81)
at org.springframework.cloud.netflix.zuul.filters.route.RibbonCommand.forward(RibbonCommand.java:129)
at org.springframework.cloud.netflix.zuul.filters.route.RibbonCommand.run(RibbonCommand.java:103)
at org.springframework.cloud.netflix.zuul.filters.route.RibbonCommand.run(RibbonCommand.java:1)
at com.netflix.hystrix.HystrixCommand$1.call(HystrixCommand.java:298)
我们现在通过设置解决了zuul代理问题
ribbon.IsSecure=true
eureka.instance.secureVirtualHostName=${spring.application.name}
这样所有服务也都在安全的虚拟主机池中com.netflix.discovery.shared.Applications.这有助于发现过程在eureka中查找实例.
但是,Hystrix仪表板仍然存在类似的问题
| 归档时间: |
|
| 查看次数: |
13745 次 |
| 最近记录: |