问题
We are facing an issue we don't really know where it's coming from.
Our application uses Spring Cloud, Spring Oauth2 and Spring Boot 1.5.9. The entry point is an API-Gateway service using Zuul to redirect calls to the other microservices. There is an Authorization-server to handle the Oauth2 authorization, not accessible from the outside but through the API-Gateway.
It is configured to use Https for every call that comes from clients and then we use Http once inside our system to communicate between microservices. It sits behind an Apache proxy configured with the certificates for using Https with port 80 disabled.
The problem we have at the moment is that every redirect from the Spring Security filters ends up being downgraded from Https to Http in the browser, which then fails as the port 80 is disabled and it cannot find the app.
The app used to work but now it doesn't. We use docker so we tried to redeploy the previous images but they don't work either. The Apache conf hasn't changed either.
We don't exactly know which part is failing, if it's the Apache proxy or the Spring config, specially when everything we can think of has been reverted to a previous working problem.
With this setup, what are the things that can force the redirect to change and how can we verify it? Could the Spring Security config affect this or is it more probably coming from the Apache proxy?
This is the Apache config we have at the moment:
<VirtualHost *:443>
SSLEngine on
SSLCertificateFile /etc/apache2/vpp-api/ssl/server-cert.pem
SSLCertificateKeyFile /etc/apache2/vpp-api/ssl/server-key.pem
SSLVerifyDepth 10
SSLCACertificateFile /etc/apache2/vpp-api/ssl/cacert.pem
<location />
ProxyPreserveHost on
ProxyPass http://localhost:8080/
ProxyPassReverse http://localhost:8080/
</location>
</VirtualHost>
回答1:
I finally found the issue. Basically it was this line in the Apache conf:
ProxyPreserveHost on
It was changing the header Location as all requests redirected inside our system lose the Https protocol. All redirects sent back were using Http after this.
A solution to keep using this configuration is to manually override Http in the Apache conf with this:
Header edit Location ^http://(.*)$ https://$1
来源:https://stackoverflow.com/questions/49067362/redirects-been-downgraded-from-https-to-http