36 lines
6.1 KiB
HTML
36 lines
6.1 KiB
HTML
<html><head>
|
|
<meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1">
|
|
<title>116. TLS / SSL</title><link rel="stylesheet" type="text/css" href="css/manual-multipage.css"><meta name="generator" content="DocBook XSL Stylesheets V1.78.1"><link rel="home" href="multi_spring-cloud.html" title="Spring Cloud"><link rel="up" href="multi__spring_cloud_gateway.html" title="Part XV. Spring Cloud Gateway"><link rel="prev" href="multi__global_filters.html" title="115. Global Filters"><link rel="next" href="multi__configuration_2.html" title="117. Configuration"></head><body bgcolor="white" text="black" link="#0000FF" vlink="#840084" alink="#0000FF"><div class="navheader"><table width="100%" summary="Navigation header"><tr><th colspan="3" align="center">116. TLS / SSL</th></tr><tr><td width="20%" align="left"><a accesskey="p" href="multi__global_filters.html">Prev</a> </td><th width="60%" align="center">Part XV. Spring Cloud Gateway</th><td width="20%" align="right"> <a accesskey="n" href="multi__configuration_2.html">Next</a></td></tr></table><hr></div><div class="chapter"><div class="titlepage"><div><div><h2 class="title"><a name="_tls_ssl" href="#_tls_ssl"></a>116. TLS / SSL</h2></div></div></div><p>The Gateway can listen for requests on https by following the usual Spring server configuration. Example:</p><p><b>application.yml. </b>
|
|
</p><pre class="programlisting"><span xmlns:d="http://docbook.org/ns/docbook" class="hl-attribute">server</span>:
|
|
<span xmlns:d="http://docbook.org/ns/docbook" class="hl-attribute"> ssl</span>:
|
|
<span xmlns:d="http://docbook.org/ns/docbook" class="hl-attribute"> enabled</span>: <span xmlns:d="http://docbook.org/ns/docbook" class="hl-keyword">true</span>
|
|
<span xmlns:d="http://docbook.org/ns/docbook" class="hl-attribute"> key-alias</span>: scg
|
|
<span xmlns:d="http://docbook.org/ns/docbook" class="hl-attribute"> key-store-password</span>: scg1234
|
|
<span xmlns:d="http://docbook.org/ns/docbook" class="hl-attribute"> key-store</span>: classpath:scg-keystore.p12
|
|
<span xmlns:d="http://docbook.org/ns/docbook" class="hl-attribute"> key-store-type</span>: PKCS12</pre><p>
|
|
</p><p>Gateway routes can be routed to both http and https backends. If routing to a https backend then the Gateway can be configured to trust all downstream certificates with the following configuration:</p><p><b>application.yml. </b>
|
|
</p><pre class="programlisting"><span xmlns:d="http://docbook.org/ns/docbook" class="hl-attribute">spring</span>:
|
|
<span xmlns:d="http://docbook.org/ns/docbook" class="hl-attribute"> cloud</span>:
|
|
<span xmlns:d="http://docbook.org/ns/docbook" class="hl-attribute"> gateway</span>:
|
|
<span xmlns:d="http://docbook.org/ns/docbook" class="hl-attribute"> httpclient</span>:
|
|
<span xmlns:d="http://docbook.org/ns/docbook" class="hl-attribute"> ssl</span>:
|
|
<span xmlns:d="http://docbook.org/ns/docbook" class="hl-attribute"> useInsecureTrustManager</span>: <span xmlns:d="http://docbook.org/ns/docbook" class="hl-keyword">true</span></pre><p>
|
|
</p><p>Using an insecure trust manager is not suitable for production. For a production deployment the Gateway can be configured with a set of known certificates that it can trust with the follwing configuration:</p><p><b>application.yml. </b>
|
|
</p><pre class="programlisting"><span xmlns:d="http://docbook.org/ns/docbook" class="hl-attribute">spring</span>:
|
|
<span xmlns:d="http://docbook.org/ns/docbook" class="hl-attribute"> cloud</span>:
|
|
<span xmlns:d="http://docbook.org/ns/docbook" class="hl-attribute"> gateway</span>:
|
|
<span xmlns:d="http://docbook.org/ns/docbook" class="hl-attribute"> httpclient</span>:
|
|
<span xmlns:d="http://docbook.org/ns/docbook" class="hl-attribute"> ssl</span>:
|
|
<span xmlns:d="http://docbook.org/ns/docbook" class="hl-attribute"> trustedX509Certificates</span>:
|
|
- cert1.pem
|
|
- cert2.pem</pre><p>
|
|
</p><p>If the Spring Cloud Gateway is not provisioned with trusted certificates the default trust store is used (which can be overriden with system property javax.net.ssl.trustStore).</p><div class="section"><div class="titlepage"><div><div><h2 class="title" style="clear: both"><a name="_tls_handshake" href="#_tls_handshake"></a>116.1 TLS Handshake</h2></div></div></div><p>The Gateway maintains a client pool that it uses to route to backends. When communicating over https the client initiates a TLS handshake. A number of timeouts are assoicated with this handshake. These timeouts can be configured (defaults shown):</p><p><b>application.yml. </b>
|
|
</p><pre class="programlisting"><span xmlns:d="http://docbook.org/ns/docbook" class="hl-attribute">spring</span>:
|
|
<span xmlns:d="http://docbook.org/ns/docbook" class="hl-attribute"> cloud</span>:
|
|
<span xmlns:d="http://docbook.org/ns/docbook" class="hl-attribute"> gateway</span>:
|
|
<span xmlns:d="http://docbook.org/ns/docbook" class="hl-attribute"> httpclient</span>:
|
|
<span xmlns:d="http://docbook.org/ns/docbook" class="hl-attribute"> ssl</span>:
|
|
<span xmlns:d="http://docbook.org/ns/docbook" class="hl-attribute"> handshake-timeout-millis</span>: <span class="hl-number">10000</span>
|
|
<span xmlns:d="http://docbook.org/ns/docbook" class="hl-attribute"> close-notify-flush-timeout-millis</span>: <span class="hl-number">3000</span>
|
|
<span xmlns:d="http://docbook.org/ns/docbook" class="hl-attribute"> close-notify-read-timeout-millis</span>: <span class="hl-number">0</span></pre><p>
|
|
</p></div></div><div class="navfooter"><hr><table width="100%" summary="Navigation footer"><tr><td width="40%" align="left"><a accesskey="p" href="multi__global_filters.html">Prev</a> </td><td width="20%" align="center"><a accesskey="u" href="multi__spring_cloud_gateway.html">Up</a></td><td width="40%" align="right"> <a accesskey="n" href="multi__configuration_2.html">Next</a></td></tr><tr><td width="40%" align="left" valign="top">115. Global Filters </td><td width="20%" align="center"><a accesskey="h" href="multi_spring-cloud.html">Home</a></td><td width="40%" align="right" valign="top"> 117. Configuration</td></tr></table></div></body></html> |