spring-cloud.version > 2020.0.3 spring-boot.version > 2.5.3
When SSL not configured application is found in Naming Server from Gateway call. When configured over SSL the Naming Server returns 404 from Gateway call.
Eureka Server
server:
port: 8761
protocol: TLSv1.2
ssl:
enabled: true
key-store: /opt/apps/certs/cobar-dt.jks
key-store-password: ##########
key-store-type: JKS
spring:
application:
name: naming-server
main:
banner-mode: off
eureka:
instance:
securePort: ${server.port}
securePortEnabled: true
nonSecurePortEnabled: false
homePageUrl: https://${hostname}:${server.port}/
client:
register-with-eureka: false
fetch-registry: false
logging:
level:
org.springframework: ERROR
com.netflix.eureka: ERROR
#Actuator endpoints
management:
health:
defaults:
enabled: true
endpoint:
shutdown:
enabled: true
health:
show-details: always
endpoints:
web:
base-path: /naming-server
exposure:
include: "*"
health:
sensitive: true
Gateway:
server:
port: 8765
ssl:
enabled: true
key-store: /opt/apps/certs/cobar-dt.jks
key-store-password: ######
key-store-type: JKS
spring:
application:
name: api-gateway
main:
banner-mode: off
cloud:
gateway:
httpclient:
ssl:
useInsecureTrustManager: false
handshake-timeout-millis: 10000
close-notify-flush-timeout-millis: 3000
close-notify-read-timeout-millis: 0
eureka:
# https://cloud.spring.io/spring-cloud-netflix/multi/multi__service_discovery_eureka_clients.html
instance:
nonSecurePortEnabled: false
securePortEnabled: true
securePort: 8761
statusPageUrl: https://${hostname}:${server.port}${management.endpoints.web.base-path}/info
healthCheckUrl: https://${hostname}:${server.port}${management.endpoints.web.base-path}/health
client:
eureka-connection-idle-timeout-seconds: 30
eureka-service-url-poll-interval-seconds: 10
eureka-server-read-timeout-seconds: 5
eureka-server-connect-timeout-seconds: 5
serviceUrl:
defaultZone: https://${hostname}:${eureka.instance.securePort}/eureka
ROUTING:
@Bean
public RouteLocator gatewayRouter(RouteLocatorBuilder builder) {
return builder.routes()
.route(p -> p.path("/auth-service/**")
.filters(f -> f.filter(filter)) //pre-filter for authentication of token
.uri("lb://auth-service"))
.build();
}
Authorization Service
server:
port: 8200
ssl:
enabled: true
key-store: /opt/apps/certs/cobar-dt.jks
key-store-password: ######
key-store-type: JKS
spring:
application:
name: auth-service
main:
banner-mode: off
sleuth:
sampler:
probability: 1.0
eureka:
# https://cloud.spring.io/spring-cloud-netflix/multi/multi__service_discovery_eureka_clients.html
instance:
nonSecurePortEnabled: false
securePortEnabled: true
securePort: 8761
statusPageUrl: https://${hostname}:${server.port}${management.endpoints.web.base-path}/info
healthCheckUrl: https://${hostname}:${server.port}${management.endpoints.web.base-path}/health
client:
eureka-connection-idle-timeout-seconds: 30
eureka-service-url-poll-interval-seconds: 10
eureka-server-read-timeout-seconds: 5
eureka-server-connect-timeout-seconds: 5
#naming-server endpoint where I register
serviceUrl:
defaultZone: https://${hostname}:${eureka.instance.securePort}/eureka
PRE-TESTS:
<application>
<name>AUTH-SERVICE</name>
<instance>
<instanceId>cobar-dt:auth-service:8200</instanceId>
<hostName>cobar-dt</hostName>
<app>AUTH-SERVICE</app>
<status>UP</status>
<overriddenstatus>UNKNOWN</overriddenstatus>
<port enabled="false">8200</port>
<securePort enabled="true">8761</securePort>
<countryId>1</countryId>
<dataCenterInfo class="com.netflix.appinfo.InstanceInfo$DefaultDataCenterInfo">
<name>MyOwn</name>
</dataCenterInfo>
<leaseInfo>
<renewalIntervalInSecs>30</renewalIntervalInSecs>
<durationInSecs>90</durationInSecs>
<registrationTimestamp>1631905622206</registrationTimestamp>
<lastRenewalTimestamp>1631906522276</lastRenewalTimestamp>
<evictionTimestamp>0</evictionTimestamp>
<serviceUpTimestamp>1631905622206</serviceUpTimestamp>
</leaseInfo>
<metadata>
<management.port>8200</management.port>
</metadata>
<homePageUrl>http://cobar-dt:8200/</homePageUrl>
<statusPageUrl>https://cobar-dt:8200/auth-service/info</statusPageUrl>
<healthCheckUrl>https://cobar-dt:8200/auth-service/health</healthCheckUrl>
<secureHealthCheckUrl>https://cobar-dt:8200/actuator/health</secureHealthCheckUrl>
<vipAddress>auth-service</vipAddress>
<secureVipAddress>auth-service</secureVipAddress>
<isCoordinatingDiscoveryServer>false</isCoordinatingDiscoveryServer>
<lastUpdatedTimestamp>1631905622206</lastUpdatedTimestamp>
<lastDirtyTimestamp>1631905622077</lastDirtyTimestamp>
<actionType>ADDED</actionType>
</instance>
TEST:
curl -s --insecure -H 'client_id: jwtUser' -H 'client_secret: boo' https://cobar-dt:8765/auth-service/authenticate
{"timestamp":"2021-09-17T19:08:10.400+00:00","status":404,"error":"Not Found","path":"/auth-service/authenticate"}
curl -s --insecure -H 'client_id: jwtUser' -H 'client_secret: boo' https://cobar-dt:8765/AUTH-SERVICE/authenticate
{"timestamp":"2021-09-17T19:16:47.013+00:00","path":"/AUTH-SERVICE/authenticate","status":404,"error":"Not Found","message":null,"requestId":"0ccdc788-1, L:/10.2.4.87:8765 - R:/10.2.4.87:50906"}
Eureka Server Log:
2021-09-17 13:08:10,402 DEBUG [https-jsse-nio-8761-exec-7] org.springframework.web.servlet.mvc.method.annotation.HttpEntityMethodProcessor.traceDebug:: Writing [{timestamp=Fri Sep 17 13:08:10 MDT 2021, status=404, error=Not Found, path=/auth-service/authenticat (truncated)...]
Comment From: OlgaMaciaszek
Hello @cobar79 , please provide a minimal, complete, verifiable example that reproduces the issue (a full sample code, not just snippets).
Comment From: cobar79
misconfiguration of secure/non-secure in gateway, auth-service.