Spring Cloud Config enable https
preface
This article mainly sorts out how spring cloud config enables https and how microservices access the configuration file on the spring cloud config server through https.
Project engineering
It includes a eurekaServer server, a eureka client client, and a cloud config server configuration center.
Enable https in the spring cloudconfig configuration center
Like the previous articles, the configuration center is actually a spring boot project. Just add the ssl certificate and the account password of the configuration certificate. Here's a simple comb.
First, generate the certificate configServer.keystore in the spring cloud config configuration center. For certificate generation, see the previous article.
Place the certificate in the resources directory of the configuration center project, and add the following configuration in the configuration file:
server:
port: 8888
ssl:
enabled: true # Start ssl authentication
key-alias: configServer # Certificate alias
key-store: classpath:configServer.keystore # Certificate location
key-store-type: JKS # Keystore storage type
key-store-password: 123456 # Keystore password
The spring cloud config configuration center is also a eureka client and needs to be registered to the Eureka server through https.
Add the trustStore.keystore file to the resource directory of the project. The truststore contains eureka's certificate
Set the truststore information in the configuration file
server:
port: 8888
ssl:
trust-store: classpath:trustStore.keystore # Truststore certificate location
trust-store-type: JKS # Truststore secret key storage type
trust-store-password: 123456 # Keystore password
Inject a bean of DiscoveryClientOptionalArgs, and set the trustStore property of its SSLContext to the information of the set trustStore
/**
* SSLContext Object sets the trust store information
*
* @author yuanzhihao
* @since 2021/11/28
*/
@Configuration
public class SSLContextConfig {
@Value("${server.ssl.trust-store}")
private String trustStorePath;
@Value("${server.ssl.trust-store-password}")
private String trustStorePassword;
@Bean
public SSLContext sslContext() throws Exception {
return SSLContextBuilder.
create().
loadTrustMaterial(ResourceUtils.getFile(trustStorePath), trustStorePassword.toCharArray()).
build();
}
}
// Register to eureka via https
@Bean
public DiscoveryClient.DiscoveryClientOptionalArgs discoveryClientOptionalArgs(SSLContext sslContext) {
DiscoveryClient.DiscoveryClientOptionalArgs discoveryClientOptionalArgs = new DiscoveryClient.DiscoveryClientOptionalArgs();
discoveryClientOptionalArgs.setSSLContext(sslContext);
return discoveryClientOptionalArgs;
}
Start the spring cloud config configuration center and find that the configServer has been registered on the eureka server:
The client reads the configuration file of the spring cloud config configuration center through https
The client accesses the spring cloud config configuration center through https. It is preferred to add the certificate of the configuration center to the truststore file. For details on how to import the certificate, please refer to my previous blog.
Modify spring.cloud.config.uri in the configuration file to https
spring:
application:
name: eureka-client1
cloud:
config:
name: config # Specifies the name of the read configuration file
uri: https://localhost:8888 # specifies the address of the config server
profile: default # Specifies that the configuration file version defaults to default
After that, I need to overwrite the RestTemplate object used in the call between the client and the configuration center. At first, I didn't overwrite it, resulting in a call error.
Here, I refer to a blog and the official document of spring cloud config. I put the reference link at the end~
The specific operations are as follows:
First, you need to implement a ConfigServicePropertySourceLocator configuration class. I understand that it overrides the default configuration of spring cloud config
/**
* Customize the configuration class of spring config server
*
* @author yuanzhihao
* @since 2021/11/28
*/
@Configuration
public class CustomConfigServiceBootstrapConfiguration {
// spring cloud config configuration file information
@Autowired
private ConfigClientProperties clientProperties;
@Value("${server.ssl.trust-store}")
private String trustStorePath;
@Value("${server.ssl.trust-store-password}")
private String trustStorePassword;
@Bean
public ConfigServicePropertySourceLocator configServicePropertySourceLocator() throws Exception {
ConfigServicePropertySourceLocator configServicePropertySourceLocator = new ConfigServicePropertySourceLocator(clientProperties);
// Customize the restTemplate of spring cloud config to load the truststore information of the configuration center
SSLContext sslContext = SSLContextBuilder.create().loadTrustMaterial(ResourceUtils.getFile(trustStorePath), trustStorePassword.toCharArray()).build();
CloseableHttpClient build = HttpClients.custom().setSSLContext(sslContext).setSSLHostnameVerifier(NoopHostnameVerifier.INSTANCE).build();
HttpComponentsClientHttpRequestFactory factory = new HttpComponentsClientHttpRequestFactory(build);
RestTemplate customRestTemplate = new RestTemplate(factory);
configServicePropertySourceLocator.setRestTemplate(customRestTemplate);
return configServicePropertySourceLocator;
}
}
After that, you need to create a configuration file named spring.factories in the resources/META-INF directory, and add the following configuration to let spring load our customized configuration class
spring.factories
org.springframework.cloud.bootstrap.BootstrapConfiguration = com.yzh.client1.config.CustomConfigServiceBootstrapConfiguration
Start the client and find that it is running normally. You can also access the configuration file in the spring cloud config configuration center. Spring cloud config enables HTTPS. OK!
Reference and source code
Reference address:
- https://cloud.spring.io/spring-cloud-config/reference/html/#custom-rest-template
- https://piotrminkowski.com/2019/12/03/secure-spring-cloud-config/
Source address: https://github.com/yzh19961031/SpringCloudDemo