Fatal编程技术网
  • https/
  • Spring云网关在启用https时失去响应(有时)

Spring云网关在启用https时失去响应(有时)

https

Spring云网关在启用https时失去响应(有时),https,spring-cloud-gateway,reactor-netty,Https,Spring Cloud Gateway,Reactor Netty,编辑:已解决。正在使用spring boot 2.1.0运行网关,升级到2.1.3,解决了该问题 移植遗留grails应用程序以在spring云网关代理后运行。通过HTTP,事情似乎运行良好,但当我们启用SSL并使用HTTPS时,我们会看到间歇性错误 在端口上运行的网关8443 myApp在端口上运行9006 网关配置摘录: server: ssl: enabled: true key-alias: localhost key-store-password: c

编辑:已解决。正在使用spring boot 2.1.0运行网关,升级到2.1.3,解决了该问题

移植遗留grails应用程序以在spring云网关代理后运行。通过HTTP,事情似乎运行良好,但当我们启用SSL并使用HTTPS时,我们会看到间歇性错误

  • 在端口上运行的网关
    8443
  • myApp
    在端口上运行
    9006
网关配置摘录:

server:
  ssl:
    enabled: true
    key-alias: localhost
    key-store-password: changeit
    key-store: keystore.jks
    key-store-type: JKS
    key-password: blahblah
spring:
  cloud:
    gateway:    
      httpclient:
        ssl:
          trustedX509Certificates:
          - certs.pem         
          handshakeTimeoutMillis: 10000
          closeNotifyFlushTimeoutMillis: 3000
          closeNotifyReadTimeoutMillis: 0

      routes:
       - id: myApp
         uri: https://localhost:9006
         predicates:
         - Path=/myApp/**
         filters:
         - RewritePath=/(?<segment>.*), /$\{segment}
它在
写入对象MonoJust
后停止。这仅在第一次尝试通过网关访问应用程序时发生。按refresh,请求将通过以下方式完成:

[]: 2019-03-12 13:04:14.441 [reactor-http-nio-6] DEBUG r.n.t.SslProvider [id: 0x7423cb4d, L:/0:0:0:0:0:0:0:1:8443 - R:/0:0:0:0:0:0:0:1:63110] SSL enabled using engine SSLEngineImpl
[]: 2019-03-12 13:04:14.441 [reactor-http-nio-7] DEBUG r.n.t.SslProvider [id: 0xb46bbc27, L:/0:0:0:0:0:0:0:1:8443 - R:/0:0:0:0:0:0:0:1:63111] SSL enabled using engine SSLEngineImpl
[]: 2019-03-12 13:04:14.442 [reactor-http-nio-6] DEBUG r.n.h.s.HttpServerOperations [id: 0x7423cb4d, L:/0:0:0:0:0:0:0:1:8443 - R:/0:0:0:0:0:0:0:1:63110] New http connection, requesting read
[]: 2019-03-12 13:04:14.442 [reactor-http-nio-7] DEBUG r.n.h.s.HttpServerOperations [id: 0xb46bbc27, L:/0:0:0:0:0:0:0:1:8443 - R:/0:0:0:0:0:0:0:1:63111] New http connection, requesting read
[]: 2019-03-12 13:04:14.442 [reactor-http-nio-7] DEBUG r.n.c.BootstrapHandlers [id: 0xb46bbc27, L:/0:0:0:0:0:0:0:1:8443 - R:/0:0:0:0:0:0:0:1:63111] Initialized pipeline DefaultChannelPipeline{(reactor.left.sslHandler = io.netty.handler.ssl.SslHandler), (reactor.left.sslReader = reactor.netty.tcp.SslProvider$SslReadHandler), (BootstrapHandlers$BootstrapInitializerHandler#0 = reactor.netty.channel.BootstrapHandlers$BootstrapInitializerHandler), (reactor.left.httpCodec = io.netty.handler.codec.http.HttpServerCodec), (reactor.left.accessLogHandler = reactor.netty.http.server.AccessLogHandler), (reactor.left.httpTrafficHandler = reactor.netty.http.server.HttpTrafficHandler), (reactor.right.reactiveBridge = reactor.netty.channel.ChannelOperationsHandler)}
[]: 2019-03-12 13:04:14.442 [reactor-http-nio-6] DEBUG r.n.c.BootstrapHandlers [id: 0x7423cb4d, L:/0:0:0:0:0:0:0:1:8443 - R:/0:0:0:0:0:0:0:1:63110] Initialized pipeline DefaultChannelPipeline{(reactor.left.sslHandler = io.netty.handler.ssl.SslHandler), (reactor.left.sslReader = reactor.netty.tcp.SslProvider$SslReadHandler), (BootstrapHandlers$BootstrapInitializerHandler#0 = reactor.netty.channel.BootstrapHandlers$BootstrapInitializerHandler), (reactor.left.httpCodec = io.netty.handler.codec.http.HttpServerCodec), (reactor.left.accessLogHandler = reactor.netty.http.server.AccessLogHandler), (reactor.left.httpTrafficHandler = reactor.netty.http.server.HttpTrafficHandler), (reactor.right.reactiveBridge = reactor.netty.channel.ChannelOperationsHandler)}
[]: 2019-03-12 13:04:14.444 [reactor-http-nio-5] TRACE r.n.c.ChannelOperationsHandler [id: 0xedd15d59, L:/0:0:0:0:0:0:0:1:8443 ! R:/0:0:0:0:0:0:0:1:63099] End of the pipeline, User event SslCloseCompletionEvent(java.nio.channels.ClosedChannelException)
[]: 2019-03-12 13:04:14.454 [reactor-http-nio-7] TRACE r.n.c.ChannelOperationsHandler [id: 0xb46bbc27, L:/0:0:0:0:0:0:0:1:8443 - R:/0:0:0:0:0:0:0:1:63111] End of the pipeline, User event SslHandshakeCompletionEvent(SUCCESS)
[]: 2019-03-12 13:04:14.454 [reactor-http-nio-6] TRACE r.n.c.ChannelOperationsHandler [id: 0x7423cb4d, L:/0:0:0:0:0:0:0:1:8443 - R:/0:0:0:0:0:0:0:1:63110] End of the pipeline, User event SslHandshakeCompletionEvent(SUCCESS)
[]: 2019-03-12 13:04:14.455 [reactor-http-nio-7] DEBUG r.n.h.s.HttpServerOperations [id: 0xb46bbc27, L:/0:0:0:0:0:0:0:1:8443 - R:/0:0:0:0:0:0:0:1:63111] Increasing pending responses, now 1
[]: 2019-03-12 13:04:14.455 [reactor-http-nio-7] DEBUG r.n.h.s.HttpServer [id: 0xb46bbc27, L:/0:0:0:0:0:0:0:1:8443 - R:/0:0:0:0:0:0:0:1:63111] Handler is being applied: org.springframework.http.server.reactive.ReactorHttpHandlerAdapter@e5aca0f
[]: 2019-03-12 13:04:14.458 [reactor-http-nio-7] DEBUG r.n.r.PooledConnectionProvider [id: 0xf3aab589] Created new pooled channel, now 1 active connections and 1 inactive connections
[]: 2019-03-12 13:04:14.459 [reactor-http-nio-7] DEBUG r.n.t.SslProvider [id: 0xf3aab589] SSL enabled using engine SSLEngineImpl and SNI localhost:9006
[]: 2019-03-12 13:04:14.459 [reactor-http-nio-7] DEBUG r.n.c.BootstrapHandlers [id: 0xf3aab589] Initialized pipeline DefaultChannelPipeline{(reactor.left.sslHandler = io.netty.handler.ssl.SslHandler), (reactor.left.sslReader = reactor.netty.tcp.SslProvider$SslReadHandler), (BootstrapHandlers$BootstrapInitializerHandler#0 = reactor.netty.channel.BootstrapHandlers$BootstrapInitializerHandler), (SimpleChannelPool$1#0 = io.netty.channel.pool.SimpleChannelPool$1), (reactor.left.httpCodec = io.netty.handler.codec.http.HttpClientCodec), (reactor.right.reactiveBridge = reactor.netty.channel.ChannelOperationsHandler)}
[]: 2019-03-12 13:04:14.460 [reactor-http-nio-7] DEBUG r.n.r.PooledConnectionProvider [id: 0xf3aab589, L:/127.0.0.1:63113 - R:localhost/127.0.0.1:9006] Registering pool release on close event for channel
[]: 2019-03-12 13:04:14.461 [reactor-http-nio-7] DEBUG r.n.r.PooledConnectionProvider [id: 0xf3aab589, L:/127.0.0.1:63113 - R:localhost/127.0.0.1:9006] Channel connected, now 2 active connections and 0 inactive connections
[]: 2019-03-12 13:04:14.465 [reactor-http-nio-7] DEBUG r.n.r.PooledConnectionProvider [id: 0xf3aab589, L:/127.0.0.1:63113 - R:localhost/127.0.0.1:9006] onStateChange(PooledConnection{channel=[id: 0xf3aab589, L:/127.0.0.1:63113 - R:localhost/127.0.0.1:9006]}, [connected])
[]: 2019-03-12 13:04:14.465 [reactor-http-nio-7] DEBUG r.n.r.PooledConnectionProvider [id: 0xf3aab589, L:/127.0.0.1:63113 - R:localhost/127.0.0.1:9006] onStateChange(GET{uri=/, connection=PooledConnection{channel=[id: 0xf3aab589, L:/127.0.0.1:63113 - R:localhost/127.0.0.1:9006]}}, [configured])
[]: 2019-03-12 13:04:14.465 [reactor-http-nio-7] DEBUG r.n.h.c.HttpClientConnect [id: 0xf3aab589, L:/127.0.0.1:63113 - R:localhost/127.0.0.1:9006] Handler is being applied: {uri=https://localhost:9006/myApp, method=GET}
[]: 2019-03-12 13:04:14.465 [reactor-http-nio-7] TRACE r.n.c.ChannelOperationsHandler [id: 0xf3aab589, L:/127.0.0.1:63113 - R:localhost/127.0.0.1:9006] End of the pipeline, User event reactor.netty.NettyPipeline$SendOptionsChangeEvent@1c893d98
[]: 2019-03-12 13:04:14.465 [reactor-http-nio-7] DEBUG r.n.c.ChannelOperationsHandler [id: 0xf3aab589, L:/127.0.0.1:63113 - R:localhost/127.0.0.1:9006] New sending options
[]: 2019-03-12 13:04:14.465 [reactor-http-nio-7] DEBUG r.n.c.ChannelOperationsHandler [id: 0xf3aab589, L:/127.0.0.1:63113 - R:localhost/127.0.0.1:9006] Writing object DefaultHttpRequest(decodeResult: success, version: HTTP/1.1)
GET /myApp HTTP/1.1
Cookie: JSESSIONID=177C20DD24AAFCE474393F687A7CC676
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_2) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/72.0.3626.121 Safari/537.36
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8
Accept-Encoding: gzip, deflate, br
Accept-Language: en-US,en;q=0.9
Forwarded: proto=https;host="localhost:8443";for="0:0:0:0:0:0:0:1:63111"
X-Forwarded-For: 0:0:0:0:0:0:0:1
X-Forwarded-Proto: https
X-Forwarded-Port: 8443
X-Forwarded-Host: localhost:8443
host: localhost:9006
[]: 2019-03-12 13:04:14.466 [reactor-http-nio-7] DEBUG r.n.c.FluxReceive [id: 0xb46bbc27, L:/0:0:0:0:0:0:0:1:8443 - R:/0:0:0:0:0:0:0:1:63111] Subscribing inbound receiver [pending: 0, cancelled:false, inboundDone: true]
[]: 2019-03-12 13:04:14.466 [reactor-http-nio-7] DEBUG r.n.c.ChannelOperationsHandler [id: 0xf3aab589, L:/127.0.0.1:63113 - R:localhost/127.0.0.1:9006] Writing object MonoJust
[]: 2019-03-12 13:04:14.466 [reactor-http-nio-7] TRACE r.n.c.ChannelOperationsHandler [id: 0xf3aab589, L:/127.0.0.1:63113 - R:localhost/127.0.0.1:9006] End of the pipeline, User event SslHandshakeCompletionEvent(SUCCESS)
[]: 2019-03-12 13:04:14.468 [reactor-http-nio-7] DEBUG r.n.h.c.HttpClientOperations [id: 0xf3aab589, L:/127.0.0.1:63113 - R:localhost/127.0.0.1:9006] Received response (auto-read:false) : [Location=https://localhost:9006/myApp/, Transfer-Encoding=chunked, Date=Tue, 12 Mar 2019 17:04:14 GMT]
[]: 2019-03-12 13:04:14.468 [reactor-http-nio-7] DEBUG r.n.r.PooledConnectionProvider [id: 0xf3aab589, L:/127.0.0.1:63113 - R:localhost/127.0.0.1:9006] onStateChange(GET{uri=/myApp, connection=PooledConnection{channel=[id: 0xf3aab589, L:/127.0.0.1:63113 - R:localhost/127.0.0.1:9006]}}, [response_received])
[]: 2019-03-12 13:04:14.469 [reactor-http-nio-7] DEBUG r.n.c.FluxReceive [id: 0xf3aab589, L:/127.0.0.1:63113 - R:localhost/127.0.0.1:9006] Subscribing inbound receiver [pending: 0, cancelled:false, inboundDone: false]
[]: 2019-03-12 13:04:14.469 [reactor-http-nio-7] DEBUG r.n.h.c.HttpClientOperations [id: 0xf3aab589, L:/127.0.0.1:63113 - R:localhost/127.0.0.1:9006] Received last HTTP packet
[]: 2019-03-12 13:04:14.469 [reactor-http-nio-7] TRACE r.n.c.ChannelOperations [id: 0xf3aab589, L:/127.0.0.1:63113 - R:localhost/127.0.0.1:9006] Disposing ChannelOperation from a channel
java.lang.Exception: ChannelOperation terminal stack
    at reactor.netty.channel.ChannelOperations.terminate(ChannelOperations.java:363)
    ...stack trace too big for body of SO question...
    at java.lang.Thread.run(Thread.java:748)
[]: 2019-03-12 13:04:14.470 [reactor-http-nio-7] DEBUG r.n.r.PooledConnectionProvider [id: 0xf3aab589, L:/127.0.0.1:63113 - R:localhost/127.0.0.1:9006] onStateChange(GET{uri=/myApp, connection=PooledConnection{channel=[id: 0xf3aab589, L:/127.0.0.1:63113 - R:localhost/127.0.0.1:9006]}}, [disconnecting])
[]: 2019-03-12 13:04:14.470 [reactor-http-nio-7] DEBUG r.n.c.ChannelOperations [id: 0xf3aab589, L:/127.0.0.1:63113 - R:localhost/127.0.0.1:9006] An outbound error could not be processed
javax.net.ssl.SSLException: SSLEngine closed already
    at io.netty.handler.ssl.SslHandler.wrap(...)(Unknown Source)
[]: 2019-03-12 13:04:14.472 [reactor-http-nio-7] DEBUG r.n.r.PooledConnectionProvider [id: 0xf3aab589, L:/127.0.0.1:63113 ! R:localhost/127.0.0.1:9006] Channel cleaned, now 1 active connections and 1 inactive connections
[]: 2019-03-12 13:04:14.472 [reactor-http-nio-7] DEBUG r.n.c.ChannelOperationsHandler [id: 0xb46bbc27, L:/0:0:0:0:0:0:0:1:8443 - R:/0:0:0:0:0:0:0:1:63111] Writing object DefaultHttpResponse(decodeResult: success, version: HTTP/1.1)
HTTP/1.1 302 Found
transfer-encoding: chunked
Location: https://localhost:9006/myApp/
Date: Tue, 12 Mar 2019 17:04:14 GMT
[]: 2019-03-12 13:04:14.473 [reactor-http-nio-7] DEBUG r.n.c.ChannelOperationsHandler [id: 0xb46bbc27, L:/0:0:0:0:0:0:0:1:8443 - R:/0:0:0:0:0:0:0:1:63111] Writing object 
[]: 2019-03-12 13:04:14.473 [reactor-http-nio-7] DEBUG r.n.h.s.HttpServerOperations [id: 0xb46bbc27, L:/0:0:0:0:0:0:0:1:8443 - R:/0:0:0:0:0:0:0:1:63111] Last HTTP response frame
[]: 2019-03-12 13:04:14.473 [reactor-http-nio-7] DEBUG r.n.c.ChannelOperationsHandler [id: 0xb46bbc27, L:/0:0:0:0:0:0:0:1:8443 - R:/0:0:0:0:0:0:0:1:63111] Writing object EmptyLastHttpContent
[]: 2019-03-12 13:04:14.473 [reactor-http-nio-7] DEBUG r.n.h.s.HttpServerOperations [id: 0xb46bbc27, L:/0:0:0:0:0:0:0:1:8443 - R:/0:0:0:0:0:0:0:1:63111] Decreasing pending responses, now 0
[]: 2019-03-12 13:04:14.474 [reactor-http-nio-7] INFO  r.n.h.s.AccessLog 0:0:0:0:0:0:0:1 - - [12/Mar/2019:13:04:14 -0400] "GET /myApp HTTP/1.1" 302 0 8443 19 ms
[]: 2019-03-12 13:04:14.474 [reactor-http-nio-7] TRACE r.n.c.ChannelOperations [id: 0xb46bbc27, L:/0:0:0:0:0:0:0:1:8443 - R:/0:0:0:0:0:0:0:1:63111] Disposing ChannelOperation from a channel
java.lang.Exception: ChannelOperation terminal stack
    at reactor.netty.channel.ChannelOperations.terminate(ChannelOperations.java:363)
    ...unnecessarily large stack trace...
    at java.lang.Thread.run(Thread.java:748)
[]: 2019-03-12 13:04:14.475 [reactor-http-nio-7] TRACE r.n.c.ChannelOperationsHandler [id: 0xf3aab589, L:/127.0.0.1:63113 ! R:localhost/127.0.0.1:9006] End of the pipeline, User event SslCloseCompletionEvent(java.nio.channels.ClosedChannelException)
[]: 2019-03-12 13:04:14.475 [reactor-http-nio-7] DEBUG r.n.r.PooledConnectionProvider [id: 0xf3aab589, L:/127.0.0.1:63113 ! R:localhost/127.0.0.1:9006] onStateChange(PooledConnection{channel=[id: 0xf3aab589, L:/127.0.0.1:63113 ! R:localhost/127.0.0.1:9006]}, [disconnecting])
[]: 2019-03-12 13:04:15.419 [reactor-http-nio-2] TRACE r.n.c.ChannelOperationsHandler [id: 0xefc0c828, L:/127.0.0.1:8443 ! R:/127.0.0.1:63084] End of the pipeline, User event SslCloseCompletionEvent(java.nio.channels.ClosedChannelException)
你知道为什么第一个请求的响应会被卡住,但是后续的请求会起作用吗

也就是说,任何具有重定向的POST请求都会卡在重定向的同一位置:

POST /myApp/someController/postTest HTTP/1.1
日志

重定向到

GET /myApp/someController/list HTTP/1.1
Referer: https://localhost:8443/myApp/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_2) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/72.0.3626.121 Safari/537.36
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8
Accept-Encoding: gzip, deflate, br
Cookie: JSESSIONID=9001F540677D8A043812E88E9F375E58
Accept-Language: en-US,en;q=0.9
Cache-Control: max-age=0
Forwarded: proto=https;host="localhost:8443";for="0:0:0:0:0:0:0:1:63511"
X-Forwarded-For: 0:0:0:0:0:0:0:1
X-Forwarded-Proto: https
X-Forwarded-Port: 8443
X-Forwarded-Host: localhost:8443
host: localhost:9006
[]: 2019-03-12 13:28:28.127 [reactor-http-nio-2] DEBUG r.n.c.FluxReceive [id: 0x77f250af, L:/0:0:0:0:0:0:0:1:8443 - R:/0:0:0:0:0:0:0:1:63511] Subscribing inbound receiver [pending: 0, cancelled:false, inboundDone: false]
[]: 2019-03-12 13:28:28.127 [reactor-http-nio-2] DEBUG r.n.c.ChannelOperationsHandler [id: 0x1ec92a13, L:/127.0.0.1:63513 - R:localhost/127.0.0.1:9006] Writing object MonoJust
再一次,日志记录到此为止,调用方从未收到响应。

好吧,我应该先做的,我最终做了,并将spring boot版本从2.1.0升级到2.1.3(最新版本),解决了这个问题

HTTP/1.1 302 Found
Location: https://localhost:8443/myApp/someController/list

GET /myApp/someController/list HTTP/1.1
Referer: https://localhost:8443/myApp/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_2) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/72.0.3626.121 Safari/537.36
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8
Accept-Encoding: gzip, deflate, br
Cookie: JSESSIONID=9001F540677D8A043812E88E9F375E58
Accept-Language: en-US,en;q=0.9
Cache-Control: max-age=0
Forwarded: proto=https;host="localhost:8443";for="0:0:0:0:0:0:0:1:63511"
X-Forwarded-For: 0:0:0:0:0:0:0:1
X-Forwarded-Proto: https
X-Forwarded-Port: 8443
X-Forwarded-Host: localhost:8443
host: localhost:9006
[]: 2019-03-12 13:28:28.127 [reactor-http-nio-2] DEBUG r.n.c.FluxReceive [id: 0x77f250af, L:/0:0:0:0:0:0:0:1:8443 - R:/0:0:0:0:0:0:0:1:63511] Subscribing inbound receiver [pending: 0, cancelled:false, inboundDone: false]
[]: 2019-03-12 13:28:28.127 [reactor-http-nio-2] DEBUG r.n.c.ChannelOperationsHandler [id: 0x1ec92a13, L:/127.0.0.1:63513 - R:localhost/127.0.0.1:9006] Writing object MonoJust