Eureka安全发现:使用端口0的Eureka服务器注册Eureka客户端

Question

我在Eureka发现服务器、Config Server和其他Eureka客户端中启用了ssl。配置服务器能够安全地向Discovery注册，Eureka仪表板显示了Config Server正确的健康检查URL信息。配置服务器有一个硬编码端口，但是，其他Eureka客户端已经被配置为被分配了一个随机端口。这些客户端可以在Eureka服务器注册，但是这些客户端的端口在Eureka仪表板上显示为0。不知道我在这里错过了什么。请查看下面的Yaml配置：

尤里卡服务器：

server:
   ssl:
      enabled: true
      key-store: classpath:nonprod.p12
      key-store-password: password
      key-store-type: PKCS12
      key-alias: dev-env-only

配置服务器

server:
  port: 8888
  ssl:
     enabled: true
     key-store: classpath:nonprod.p12
     key-store-password: password
     key-store-type: PKCS12
     key-alias: dev-env-only

eureka:
  client:
    healthcheck:
      enabled: true
    register-with-eureka: true
    fetch-registry: true
  instance:
     secure-port-enabled: true
     non-secure-port-enabled: false
     status-page-url: https://${eureka.hostname}:${server.port}/actuator/info
     health-check-url: https://${eureka.hostname}:${server.port}/actuator/health
     home-page-url: https://${eureka.hostname}:${server.port}/eureka

另一个尤里卡客户

server: 
  port: 0
  ssl:
     enabled: true
     key-store: classpath:nonprod.p12
     key-store-password: password
     key-store-type: PKCS12
     key-alias: dev-env-only

    eureka:
      client:
        healthcheck:
          enabled: true
        register-with-eureka: true
        fetch-registry: true
      instance:
         secure-port-enabled: true
         non-secure-port-enabled: false
         status-page-url: https://${eureka.hostname}:${server.port}/actuator/info
         health-check-url: https://${eureka.hostname}:${server.port}/actuator/health
         home-page-url: https://${eureka.hostname}:${server.port}/eureka

我发现了一些文章(例如https://github.com/spring-cloud/spring-cloud-netflix/issues/1843)，其中讨论了如何通过为事件WebServerInitializedEvent实现ApplicationListener来更新EurekaInstanceConfigBean的属性。解决方案也不起作用，因为此事件是在客户端向Eureka Server注册后触发的。

private void updateHealthCheckUrls(WebServerInitializedEvent event) {

        EurekaInstanceConfigBean configBean = event.getApplicationContext().getBean(EurekaInstanceConfigBean.class);
        String hostname = configBean.getHostname();
        int port = configBean.getSecurePort();
        if (securePortEnable) {
            configBean.setHomePageUrl(HTTPS_PROTOCOL + hostname + COLON + port);
            configBean.setHealthCheckUrl(
                    HTTPS_PROTOCOL + hostname + COLON + port + configBean.getHealthCheckUrlPath());
            configBean.setStatusPageUrl(
                    HTTPS_PROTOCOL + hostname + COLON + port + configBean.getStatusPageUrlPath());
        }
    }

为了进一步发挥作用，我实现了一个类似于EurekaAutoServiceRegistration的类(使其为主bean)，以覆盖start方法的实现，以便在调用serviceRegistry.register(this.registration)之前更新EurekaInstanceConfigBean属性；它也没起作用。这里的任何帮助都将不胜感激。

Answer 1

在服务向Eureka注册之前，我们可以在该服务中实现WebServerFactoryCustomizer。这将确保将动态端口分配给服务，并将同一个端口传播到Eureka服务器和Healthcheck端点

@Configuration
@Slf4j
public class CustomPortConfiguration implements WebServerFactoryCustomizer<ConfigurableServletWebServerFactory> {

    @Value("${port.number.min:1}")
    private Integer minPort;

    @Value("${port.number.max:65000}")
    private Integer maxPort;
    
    @Value("${server.port}")
    private String initialServerPort;

    @Override
    public void customize(ConfigurableServletWebServerFactory factory) {
        int port = SocketUtils.findAvailableTcpPort(minPort, maxPort);
        
        if(initialServerPort.equals("0")) {
            log.info("Port is 0, let's assign a dynamic port..");
            factory.setPort(port);
            System.getProperties().put("server.port", port);
        }
    }
}