Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Update Eureka client status URL based on SSL configuration #1843

Open
raiRaiyan opened this issue Apr 7, 2017 · 12 comments
Open

Update Eureka client status URL based on SSL configuration #1843

raiRaiyan opened this issue Apr 7, 2017 · 12 comments
Labels
enhancement help wanted

Comments

@raiRaiyan
Copy link

Hi,

If I use secure-port in my configuration and I don't specify the management.port, then spring cloud does not change my eureka statusPageUrl and other url's to https.
The if condition at line number 114 in EurekaClientAutConfiguraiton.java (spring-cloud-netflix-eureka-client: 1.2.6 release) prevents it from changing the scheme and it lets netflix configure the url . In netflix's InstanceInfo.java there is no check for secure port and the protocol is hardcoded to http.

I am not sure where to raise this issue, but since I am using spring-cloud-netflix I am putting this here
@ryanjbaxter
Copy link
Contributor

Can you show us the configuration that you think should work?

@raiRaiyan
Copy link
Author

raiRaiyan commented Apr 7, 2017
edited
Loading 

eureka:
  instance:
    hostname: localhost
    secure-port-enabled: true
    secure-port: 8080

This should configure the statusPageUrl as https://localhost:8080/info. Instead the url is http://localhost:8080/info

All eureka meta url's are configured to http

I can specify an explicit url, but will the above not be easier? Moreover, if I specify a different management port it configures it properly.

@ryanjbaxter
Copy link
Contributor

Is that all of the configuration? Shouldnt you also be enabling SSL via Spring Boot configuration?

@raiRaiyan
Copy link
Author

Yes. I think I have that. Here is my full configuration

spring:
  application:
    name: test-app

server:
  port: 8762
  ssl:
    key-store: classpath:keystore-local.p12
    key-store-password: abcd123
    keyStoreType: PKCS12
    keyAlias: 1
    enabled: true

eureka:
  instance:
    non-secure-port-enabled: false
    hostname: 172.25.1.2
    prefer-ip-address: false 
    secure-port-enabled: true
    secure-port: ${server.port}
  client:
    service-url:
      defaultZone: https://localhost:8761/eureka

Am I missing some other ssl configuration?

@ryanjbaxter
Copy link
Contributor

Looks like your configuration is a little off, it should be


eureka:
  instance:
    nonSecurePortEnabled: false
    hostname: 172.25.1.2
    prefer-ip-address: false 
    securePortEnabled: true
    secure-port: ${server.port}
  client:
    service-url:
      defaultZone: https://localhost:8761/eureka

As far as the status page URL goes, looks like this was discussed in #176. Looks like the behavior you are observing has been that way for a while. Does it effect other service discovery clients?

@raiRaiyan
Copy link
Author

configuration is a little off

Hmm... but everything works fine with my current configuration and /eureka/apps shows these configurations as expected.

<hostName>172.25.1.2</hostName>
<app>TEST-APP</app>
<ipAddr>192.168.1.2</ipAddr>
<status>UP</status>
<overriddenstatus>UNKNOWN</overriddenstatus>
<port enabled="false">8081</port>
<securePort enabled="true">8081</securePort>

Does it effect other service discovery clients?

Except for the status page url and other health check url's everything works fine. Are there any plans to change that (auto configure the url's) or should I just provide the absolute url in my config file?

@ryanjbaxter
Copy link
Contributor

I am going off what our documentation states about registering secure applications. I would stick with what the documentation states.

We dont have any plans that I know of to change how things work. We can mark this issue an an enhancement and if we get enough interest in making the change we can take a look at it. Or if you (or someone else) would like to submit a PR for the change that is always welcome as well.

@raiRaiyan
Copy link
Author

raiRaiyan commented Apr 10, 2017
edited
Loading

Ok. Thanks for your help and clarificaitons.

@ryanjbaxter ryanjbaxter changed the title Eureka metadata url not properly auto-configured for 'https' Update Eureka client status URL based on SSL configuration Apr 10, 2017
@REME-AlarmTILT
Copy link

REME-AlarmTILT commented Aug 9, 2017
edited
Loading

I think it's will be interesting to make it auto configurable.
In my case, i use config server (spring cloud) and it will be useful to manage this configuration only on application-profile.properties for all services, because with the current version and as @raiRaiyan said, the https url for health check and status must be hardcoded for every service with eureka.instance.health-check-url and eureka.instance.status-page-url as :${eureka.instance.secure-port} is not considered for this properties.

@spencergibb
Copy link
Member

I don't understand why eureka.instance.secure-port can't be used as a placeholder.

@REME-AlarmTILT
Copy link

REME-AlarmTILT commented Aug 11, 2017
edited
Loading

with this configuration

spring:
  application:
    name: secureclient
server:
  port: 5678
  ssl:
    enabled: true
    key-store: classpath:keystore.jks
    key-store-password: password1234
    key-store-provider: SUN
    key-store-type: JKS

eureka:
  client:
    service-url:
      defaultZone: https://localhost:8761/eureka
  instance:
    non-secure-port-enabled: false
    secure-port-enabled: true
    secure-port: ${server.port}
    statusPageUrl: https://${eureka.hostname}:${eureka.instance.secure-port}/info
    healthCheckUrl: https://${eureka.hostname}:${eureka.instance.secure-port}/health
    homePageUrl: https://${eureka.hostname}:${eureka.instance.secure-port}/

the https://localhost:8761/eureka/apps return

<homePageUrl>https://localhost:${eureka.instance.secure-port}/</homePageUrl>
<statusPageUrl>https://localhost:${eureka.instance.secure-port}/info</statusPageUrl>
<healthCheckUrl>https://localhost:${eureka.instance.secure-port}/health</healthCheckUrl>
<secureHealthCheckUrl>https://localhost:5678/health</secureHealthCheckUrl>

@seanlei
Copy link

seanlei commented Aug 18, 2017
edited
Loading

@REME-AlarmTILT
you can change the EurekaInstanceConfigBean, set the urls above when EmbeddedservletContainerInitializedEvent fired

    @EventListener(EmbeddedServletContainerInitializedEvent.class)
    public void onApplicationEvent(EmbeddedServletContainerInitializedEvent event) {
        int localPort = event.getEmbeddedServletContainer().getPort();
        EurekaInstanceConfigBean configBean = event.getApplicationContext().getBean(EurekaInstanceConfigBean.class);
        String hostname = configBean.getHostname();
        configBean.setInstanceId(hostname + COLON + configBean.getVirtualHostName() + COLON + localPort);
        if (securePortEnable) {
            configBean.setSecurePort(localPort);
            configBean.setHomePageUrl(HTTPS_PROTOCOL + hostname + COLON + localPort);
            configBean.setHealthCheckUrl(HTTPS_PROTOCOL + hostname + COLON + localPort + configBean.getHealthCheckUrlPath());
            configBean.setStatusPageUrl(HTTPS_PROTOCOL + hostname + COLON + localPort + configBean.getStatusPageUrlPath());
        }
    }

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
enhancement help wanted
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
5 participants
@ryanjbaxter @spencergibb @seanlei @raiRaiyan @REME-AlarmTILT