Spring Cloud: enabling SSL for Zuul and Eureka

0
votes

I am trying to enable SSL for my Spring Cloud application. Right now it consists out of few services, Eureka and Zuul (No Ribbon or Feighn). I found few hints how to enable SSL for Eureka, but couldn't get it to work. On the Zuul side I couldn't find any info except for this one: Zuul SSL Support which effectively prohibits using the random port: (server.port=0). My application's application.yml:

server:
  port: 0
  ssl:
    key-store: classpath:keystore.jks
    key-store-password: password
    key-password: password       
endpoints:
  restart:
     enabled: true
  shutdown:
     enabled: true
  health:
    sensitive: false

eureka:
  instance:
    leaseRenewalIntervalInSeconds: 10
    metadataMap:
     instanceId:      ${vcap.application.instance_id:${spring.application.name}:${spring.application.instance_id:${server.port}}}
 client:
   registryFetchIntervalSeconds: 5
  logging:
    level:
     com.netflix.discovery: 'OFF'

The Eureka server application.yml:

    server: 
  port: 8761
  ssl:
    key-store: classpath:keystore.jks
    key-store-password: password
    key-password: password    

eureka: 
  instance:
     hostname: localhost
     securePort: ${server.port}
     securePortEnabled: true  
     nonSecurePortEnabled: false 
     secureVirtualHostName: ${spring.application.name}
     homePageUrl: https://${eureka.instance.hostname}:${server.port}/
     statusPageUrl: https://${eureka.instance.hostname}:${server.port}/admin/info

     metadataMap:
       hostname : ${eureka.instance.hostname}
       securePort: ${server.port}

  server:
    waitTimeInMsWhenSyncEmpty: 0

  client: 
    registerWithEureka: false
    fetchRegistry: false
    serviceUrl:
      defaultZone: http://${eureka.instance.hostname}:${server.port}/eureka/

I am not sure what I need to put into Zuul's application.yml to allow SSL so I am skipping it.

When I start Eureka and my application I am getting repeated exceptions: 

2015-07-19 12:46:42.527  INFO 7972 --- [pool-7-thread-1] o.a.http.impl.client.DefaultHttpClient   : I/O exception (org.apache.http.NoHttpResponseException) caught when processing request to {}->http://localhost:8761: The target server failed to respond
2015-07-19 12:46:42.527  INFO 7972 --- [pool-7-thread-1] o.a.http.impl.client.DefaultHttpClient   : Retrying request to {}->http://localhost:8761

I am aso getting 404 to the curl command:

curl -k -i -X GET https://localhost:8761/eureka

The Zuul wouldn't start because it cannot connect to Eureka.

I am pretty sure I am putting configuration etries into wrong application.yml files( and I still have no idea how to configure Zuul).

I am wondering if there is any documentation somewhere telling how to enable SSL across all Netflix components.

1
spring-cloudnetflix-eurekanetflix-zuul
did you get this problem resolved ? - yathirigan
i do not see an ssl.enabled: true property in your yaml files - yathirigan
I saw this same error (caught when processing request to {}->localhost:8761) pop up even without SSL concerns: stackoverflow.com/questions/31923057/…. I get a few thousands of these a week in a number of services. I have started looking at it today - EvilJinious1
Why to you have http://${eureka.instance.hostname}:${server.port}/eureka/. That should be the hostname of eureka server, not the instance running eureka client (which is what eureka.instance.* properties are). - spencergibb

1 Answers

0
votes

when you enable HTTPS for your zuul service(edge proxy) and eureka , we need to use this property at zuul service level

ribbon.IsSecure:true