Spring boot admin:客户端无法通过https向管理服务器注册
Spring boot admin:客户端无法通过https向管理服务器注册
提问于 2021-02-25 22:10:20
我有几个spring-boot微服务,它们将自己注册到spring-boot-admin (SBA)。当我在本地运行微服务和SBA服务器时,客户端能够通过HTTP向SBA服务器注册自己。
当我将应用程序部署到Kubernetes集群时,向SBA的注册是通过HTTPS完成的(通过Ingress)我得到一个
javax.net.ssl.SSLHandshakeException在日志中
d.c.b.a.c.r.ApplicationRegistrator : Failed to register application as Application(name=my-app, managementUrl=https://my-app-dev.mydomain.com/actuator, healthUrl=https://my-app-dev.mydomain.com/actuator/health, serviceUrl=https://my-app-dev.mydomain.com) at spring-boot-admin ([https://my-admin-dev.mydomain.com/instances]): I/O error on POST request for "https://my-admin-dev.mydomain.com/instances": Received fatal alert: protocol_version; nested exception is javax.net.ssl.SSLHandshakeException: Received fatal alert: protocol_version. Further attempts are logged on DEBUG level在微服务( SBA客户端)中,我使用以下依赖项
de.codecentric
spring-boot-admin-starter-client
2.4.0和以下内容application.yaml
spring.boot.admin.client:
url: "https://my-admin-dev.mydomain.com"
instance.service-url: "https://my-app-dev.mydomain.com"回答 1
Stack Overflow用户
回答已采纳
发布于 2021-02-25 22:14:42
我能够深入到spring-boot-admin-starter-client代码。首先,我从ApplicationRegistrator从日志消息中找到了一个可重写的BlockingRegistrationClient实例(耶!)
public class SpringBootAdminClientAutoConfiguration {
...
@Configuration(proxyBeanMethods = false)
@ConditionalOnBean(RestTemplateBuilder.class)
public static class BlockingRegistrationClientConfig {
@Bean
@ConditionalOnMissingBean
public BlockingRegistrationClient registrationClient(ClientProperties client) {
RestTemplateBuilder builder = new RestTemplateBuilder().setConnectTimeout(client.getConnectTimeout())
.setReadTimeout(client.getReadTimeout());
if (client.getUsername() != null && client.getPassword() != null) {
builder = builder.basicAuthentication(client.getUsername(), client.getPassword());
}
return new BlockingRegistrationClient(builder.build());
}
}使用此post作为我的指南,我能够创建一个RestTemplate将信任存储区加载到SSLContext。然后,我可以重写BlockingRegistrationClient实例,它包装了自定义的RestTemplate。
@Bean
public BlockingRegistrationClient registrationClient(
@Value("${ssl.protocol}") String protocol,
@Value("${ssl.trustStore.path}") String trustStorePath,
@Value("${ssl.trustStore.password}") String trustStorePassword,
ClientProperties client) throws Exception {
SSLContext sslContext = SSLContextBuilder.create()
.loadTrustMaterial(new File(trustStorePath), trustStorePassword.toCharArray())
.setProtocol(protocol)
.build();
CloseableHttpClient httpClient = HttpClientBuilder.create()
.setSSLContext(sslContext)
.build();
RestTemplateBuilder builder = new RestTemplateBuilder()
.setConnectTimeout(client.getConnectTimeout())
.setReadTimeout(client.getReadTimeout())
.requestFactory(() -> new HttpComponentsClientHttpRequestFactory(httpClient));
if (client.getUsername() != null && client.getPassword() != null) {
builder = builder.basicAuthentication(client.getUsername(), client.getPassword());
}
return new BlockingRegistrationClient(builder.build());
}application.yaml
ssl:
protocol: TLSv1.2
trustStore:
path: "/opt/java/openjdk/lib/security/cacerts"
password: "*****"页面原文内容由Stack Overflow提供。腾讯云小微IT领域专用引擎提供翻译支持
原文链接:
https://stackoverflow.com/questions/66370140
复制相关文章
相似问题
腾讯云开发者
Copyright © 2013 - 2026 Tencent Cloud. All Rights Reserved. 腾讯云 版权所有
深圳市腾讯计算机系统有限公司 ICP备案/许可证号:粤B2-20090059 
粤公网安备44030502008569号
腾讯云计算(北京)有限责任公司 京ICP证150476号 | 京ICP备11018762号