spring-cloud
Update Eureka client status URL based on SSL configuration
Hi,
If I use secure-port in my configuration and I don't specify the management.port, then spring cloud does not change my eureka statusPageUrl and other url's to https.
The if condition at line number 114 in EurekaClientAutConfiguraiton.java (spring-cloud-netflix-eureka-client: 1.2.6 release) prevents it from changing the scheme and it lets netflix configure the url . In netflix's InstanceInfo.java there is no check for secure port and the protocol is hardcoded to http.
I am not sure where to raise this issue, but since I am using spring-cloud-netflix I am putting this here
eureka:
instance:
hostname: localhost
secure-port-enabled: true
secure-port: 8080
This should configure the statusPageUrl as https://localhost:8080/info. Instead the url is http://localhost:8080/info
All eureka meta url's are configured to http
I can specify an explicit url, but will the above not be easier? Moreover, if I specify a different management port it configures it properly.
Is that all of the configuration? Shouldnt you also be enabling SSL via Spring Boot configuration?
Yes. I think I have that. Here is my full configuration
spring:
application:
name: test-app
server:
port: 8762
ssl:
key-store: classpath:keystore-local.p12
key-store-password: abcd123
keyStoreType: PKCS12
keyAlias: 1
enabled: true
eureka:
instance:
non-secure-port-enabled: false
hostname: 172.25.1.2
prefer-ip-address: false
secure-port-enabled: true
secure-port: ${server.port}
client:
service-url:
defaultZone: https://localhost:8761/eureka
Am I missing some other ssl configuration?
Looks like your configuration is a little off, it should be
eureka:
instance:
nonSecurePortEnabled: false
hostname: 172.25.1.2
prefer-ip-address: false
securePortEnabled: true
secure-port: ${server.port}
client:
service-url:
defaultZone: https://localhost:8761/eureka
As far as the status page URL goes, looks like this was discussed in #176. Looks like the behavior you are observing has been that way for a while. Does it effect other service discovery clients?
configuration is a little off
Hmm... but everything works fine with my current configuration and /eureka/apps shows these configurations as expected.
<hostName>172.25.1.2</hostName>
<app>TEST-APP</app>
<ipAddr>192.168.1.2</ipAddr>
<status>UP</status>
<overriddenstatus>UNKNOWN</overriddenstatus>
<port enabled="false">8081</port>
<securePort enabled="true">8081</securePort>
Does it effect other service discovery clients?
Except for the status page url and other health check url's everything works fine. Are there any plans to change that (auto configure the url's) or should I just provide the absolute url in my config file?
I am going off what our documentation states about registering secure applications. I would stick with what the documentation states.
We dont have any plans that I know of to change how things work. We can mark this issue an an enhancement and if we get enough interest in making the change we can take a look at it. Or if you (or someone else) would like to submit a PR for the change that is always welcome as well.
I think it's will be interesting to make it auto configurable.
In my case, i use config server (spring cloud) and it will be useful to manage this configuration only on application-profile.properties for all services, because with the current version and as @raiRaiyan said, the https url for health check and status must be hardcoded for every service with eureka.instance.health-check-url and eureka.instance.status-page-url as :${eureka.instance.secure-port} is not considered for this properties.
I don't understand why eureka.instance.secure-port can't be used as a placeholder.
with this configuration
spring:
application:
name: secureclient
server:
port: 5678
ssl:
enabled: true
key-store: classpath:keystore.jks
key-store-password: password1234
key-store-provider: SUN
key-store-type: JKS
eureka:
client:
service-url:
defaultZone: https://localhost:8761/eureka
instance:
non-secure-port-enabled: false
secure-port-enabled: true
secure-port: ${server.port}
statusPageUrl: https://${eureka.hostname}:${eureka.instance.secure-port}/info
healthCheckUrl: https://${eureka.hostname}:${eureka.instance.secure-port}/health
homePageUrl: https://${eureka.hostname}:${eureka.instance.secure-port}/
the https://localhost:8761/eureka/apps return
<homePageUrl>https://localhost:${eureka.instance.secure-port}/</homePageUrl>
<statusPageUrl>https://localhost:${eureka.instance.secure-port}/info</statusPageUrl>
<healthCheckUrl>https://localhost:${eureka.instance.secure-port}/health</healthCheckUrl>
<secureHealthCheckUrl>https://localhost:5678/health</secureHealthCheckUrl>
@REME-AlarmTILT you can change the EurekaInstanceConfigBean, set the urls above when EmbeddedservletContainerInitializedEvent fired
@EventListener(EmbeddedServletContainerInitializedEvent.class)
public void onApplicationEvent(EmbeddedServletContainerInitializedEvent event) {
int localPort = event.getEmbeddedServletContainer().getPort();
EurekaInstanceConfigBean configBean = event.getApplicationContext().getBean(EurekaInstanceConfigBean.class);
String hostname = configBean.getHostname();
configBean.setInstanceId(hostname + COLON + configBean.getVirtualHostName() + COLON + localPort);
if (securePortEnable) {
configBean.setSecurePort(localPort);
configBean.setHomePageUrl(HTTPS_PROTOCOL + hostname + COLON + localPort);
configBean.setHealthCheckUrl(HTTPS_PROTOCOL + hostname + COLON + localPort + configBean.getHealthCheckUrlPath());
configBean.setStatusPageUrl(HTTPS_PROTOCOL + hostname + COLON + localPort + configBean.getStatusPageUrlPath());
}
}
