spring-cloud-gateway icon indicating copy to clipboard operation
spring-cloud-gateway copied to clipboard
verified publisher icon spring-cloud

Document TLS/SSL Configuration for Spring Cloud MVC Gateway

Open ashah2012 opened this issue 1 year ago • 5 comments

Feature Request: TLS/SSL Configuration for Spring Cloud MVC Gateway

Description: Currently, Spring Cloud Reactor Gateway provides properties to configure TLS and SSL settings for the HTTP client. However, Spring Cloud MVC Gateway lacks similar configuration options. This feature request is to add support for configuring TLS and SSL properties in Spring Cloud MVC Gateway using application properties.

Proposed Solution: Add properties to the application.properties or application.yml file to configure TLS and SSL settings for the HTTP client in Spring Cloud MVC Gateway. These properties should include options for specifying the key store, trust store, protocols, and other relevant SSL/TLS settings.

Example Configuration:

spring.mvc.gateway.httpclient.ssl.key-store=classpath:keystore.jks
spring.mvc.gateway.httpclient.ssl.key-store-password=changeit
spring.mvc.gateway.httpclient.ssl.trust-store=classpath:truststore.jks
spring.mvc.gateway.httpclient.ssl.trust-store-password=changeit
spring.mvc.gateway.httpclient.ssl.protocol=TLS

Benefits:

  • Enhanced security by allowing users to configure SSL/TLS settings.
  • Consistency with Spring Cloud Reactor Gateway, making it easier for users to switch between the two.
  • Simplified configuration management through application properties.

Use Cases:

  • Secure communication between the MVC Gateway and backend services.
  • Compliance with security policies requiring specific SSL/TLS configurations.

References:

Thank you for considering this feature request. I'm happy to submit a PR for the changes.

ashah2012 avatar Dec 29 '24 16:12 ashah2012

The ssl link for boot is for the server. This is for the RestClient which is what would need to be used https://docs.spring.io/spring-boot/reference/io/rest-client.html#io.rest-client.restclient.ssl

PRs welcome.

spencergibb avatar Jan 23 '25 00:01 spencergibb

Actually, this is already supported by spring.http.client properties https://docs.spring.io/spring-boot/appendix/application-properties/index.html#application-properties.web.spring.http.client.ssl.bundle

See https://github.com/spring-cloud/spring-cloud-gateway/commit/55124043ac50c28f487d68c948a00c20acdeede0

Let's turn this into an issue for documentation.

spencergibb avatar Jan 23 '25 00:01 spencergibb

Sorry, I was not aware, I had to create beans for rest clients with SSL Context to enable m-tls. And how do we turn this into a note?

ashah2012 avatar Jan 30 '25 20:01 ashah2012

No worries, it should probably be a new file in https://github.com/spring-cloud/spring-cloud-gateway/tree/main/docs/modules/ROOT/pages/spring-cloud-gateway-server-webmvc

spencergibb avatar Jan 30 '25 20:01 spencergibb

Okay, I will add the documentation

ashah2012 avatar Feb 15 '25 06:02 ashah2012