Welcome to OGeek Q&A Community for programmer and developer-Open, Learning and Share
Welcome To Ask or Share your Answers For Others

Categories

0 votes
403 views
in Technique[技术] by (71.8m points)

jhipster - Spring Boot with Embedded Undertow behind AWS ELB - HTTP to HTTPS redirect

I'm running a Spring boot (Jhipster/Undertow) application on port 8080 on an AWS EC2 instance.

I have an AWS ELB configured to redirect

 80 -> 8080
 443 (SSL termination happens here) -> 8080

The application uses Spring Security and if you user arrives to http://example.com I want it to redirect to https://example.com, to use SSL.

I have found various examples of configuring this in Tomcat but none using Undertow.

I have tried this, with a second port 8089, and it does redirect as required, but this causes port 8080 to also redirects which I don't want.

80 -> 8089
443 (SSL termination happens here) -> 8080
@Bean
public EmbeddedServletContainerFactory undertow() {

    UndertowEmbeddedServletContainerFactory undertow = new UndertowEmbeddedServletContainerFactory();
    undertow.addBuilderCustomizers(builder -> builder.addHttpListener(8089, "0.0.0.0"));
    undertow.addDeploymentInfoCustomizers(deploymentInfo -> {
        deploymentInfo.addSecurityConstraint(new SecurityConstraint()
                .addWebResourceCollection(new WebResourceCollection()
                        .addUrlPattern("/*"))
                .setTransportGuaranteeType(TransportGuaranteeType.CONFIDENTIAL)
                .setEmptyRoleSemantic(SecurityInfo.EmptyRoleSemantic.PERMIT))
                .setConfidentialPortManager(exchange -> 443);
    });
    return undertow;
}

How can I configure Undertow to achieve this?

See Question&Answers more detail:os

与恶龙缠斗过久,自身亦成为恶龙;凝视深渊过久,深渊将回以凝视…
Welcome To Ask or Share your Answers For Others

1 Reply

0 votes
by (71.8m points)

This worked for me when I had the same problem:

Expose the port 80 from jhipster (you can change it in the application-prod.yml).

Amazon ELB when redirecting from http to https adds some headers, which you should address in the same file:

server: use-forward-headers: true port: 80

Also, you need to enforce the https from jhipster: https://jhipster.github.io/tips/007_tips_enforce_https.html


与恶龙缠斗过久,自身亦成为恶龙;凝视深渊过久,深渊将回以凝视…
OGeek|极客中国-欢迎来到极客的世界,一个免费开放的程序员编程交流平台!开放,进步,分享!让技术改变生活,让极客改变未来! Welcome to OGeek Q&A Community for programmer and developer-Open, Learning and Share
Click Here to Ask a Question

...