Spring Boot & reactor-netty https multiple domains

0
votes

I'm trying to configure a spring cloud gateway, (on top of project Reactor) to serve HTTPS across two domains.

However it appears that it is unable to use SNI to choose the correct certificate to show to the client.

My configuration is as follows: I've generated two different private key/ certs and both of those are stored in keystore.jks both of them have different CommonNames and they also have Subject Alternative Names that match the expected domains. I've entered the common name into my hosts files. To fool browser/curl into thinking that its two seperate domains.

I've configured application.yml as follows

server:
  ssl:
    enabled: true
    # The entire purpose of this project is so that client authentication is needed
    client-auth: need

---

spring:
  profiles: development

server:
  ssl:
    key-store: config/keystore.jks
    trust-store: config/truststore.jks

The purpose of this is to enable 2 way ssl authentication with two different clients both of whom issue us with their own certificates.

I know netty which is the foundation for spring cloud gateway supports SNI. Is there any way to configure SNI for spring cloud gateway?

1
spring-bootsslnettyproject-reactor
This is a function of spring boot itself, nothing specific to gatewayspencergibb
@spencergibb Thank you are you suggesting I remove gateway from the questions?Wes
@spencergibb Also I think if your associated with the project it may be good to show that on your profile.Wes
No, just that the functionality is not provided by gateway itself, but by spring bootspencergibb

1 Answers

0
votes

It looks like there is an outstanding issue to Support SNI.

https://github.com/spring-cloud/spring-cloud-gateway/issues/1525 which though closed is closed by the issue creator. Not by the framework creators.

This issue links to another issue in reactor. https://github.com/reactor/reactor-netty/issues/573

Which at the time of writing is not closed.