jhipster - JHipster v7.1.0：开发中的 TLS 支持不起作用 - 应用程序崩溃或抛出异常

Question

我创建了一个简单的微服务应用程序，一个网关和一个服务，使用 JDL 并在 dev 中启用“tls”并不能开箱即用，有人知道如何在 dev 中配置它吗？

这是我在 JHipster 中找到的关于 tls 的唯一文档，并且我遵循了这些文档：

• https://www.jhipster.tech/tls/
• https://www.jhipster.tech/production/#security

这些是重现我在开发中启用“tls”时遇到的异常的步骤；

1. 创建一个文件夹“myapp”并移至该文件夹。

2. 运行：git init

3. 生成应用：jhipster jdl model.jdl

4. npm 安装

5. mvn 干净安装

6. 移动到网关文件夹（onegateway）

7. 启动注册表：

   docker-compose -f src/main/docker/jhipster-registry.yml up -d

8. 启动数据库：

   docker-compose -f src/main/docker/postgresql.yml up -d

9. 使用两个 dev&tls 配置文件启动：

   ./mvnw -Pdev,tls

该应用程序崩溃；

2021-08-11 14:32:29.069  WARN 83643 --- [  restartedMain] onfigReactiveWebServerApplicationContext : Exception encountered during context initialization - cancelling refresh attempt: org.springframework.context.ApplicationContextException: Unable to start reactive web server; nested exception is reactor.core.Exceptions$ReactiveException: javax.net.ssl.SSLException: failed to set cipher suite: [TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256, TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384, TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA, TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA, TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256, TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384, TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256, TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384, TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA, TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA, TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256, TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384, TLS_DHE_RSA_WITH_AES_128_GCM_SHA256, TLS_DHE_RSA_WITH_AES_256_GCM_SHA384, TLS_DHE_RSA_WITH_AES_128_CBC_SHA, TLS_DHE_RSA_WITH_AES_256_CBC_SHA, TLS_DHE_RSA_WITH_AES_128_CBC_SHA256, TLS_DHE_RSA_WITH_AES_256_CBC_SHA256]
2021-08-11 14:32:29.115 ERROR 83643 --- [  restartedMain] o.s.boot.SpringApplication               : Application run failed

org.springframework.context.ApplicationContextException: Unable to start reactive web server; nested exception is reactor.core.Exceptions$ReactiveException: javax.net.ssl.SSLException: failed to set cipher suite: [TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256, TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384, TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA, TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA, TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256, TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384, TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256, TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384, TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA, TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA, TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256, TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384, TLS_DHE_RSA_WITH_AES_128_GCM_SHA256, TLS_DHE_RSA_WITH_AES_256_GCM_SHA384, TLS_DHE_RSA_WITH_AES_128_CBC_SHA, TLS_DHE_RSA_WITH_AES_256_CBC_SHA, TLS_DHE_RSA_WITH_AES_128_CBC_SHA256, TLS_DHE_RSA_WITH_AES_256_CBC_SHA256]
    at org.springframework.boot.web.reactive.context.ReactiveWebServerApplicationContext.onRefresh(ReactiveWebServerApplicationContext.java:81)
    at org.springframework.context.support.AbstractApplicationContext.refresh(AbstractApplicationContext.java:577)
    at org.springframework.boot.web.reactive.context.ReactiveWebServerApplicationContext.refresh(ReactiveWebServerApplicationContext.java:63)
    at org.springframework.boot.SpringApplication.refresh(SpringApplication.java:771)
    at org.springframework.boot.SpringApplication.refresh(SpringApplication.java:763)
    at org.springframework.boot.SpringApplication.refreshContext(SpringApplication.java:438)
    at org.springframework.boot.SpringApplication.run(SpringApplication.java:339)
    at com.carestra.jhipster.gateway.OnegatewayApp.main(OnegatewayApp.java:69)
    at java.base/jdk.internal.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
    at java.base/jdk.internal.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)
    at java.base/jdk.internal.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
    at java.base/java.lang.reflect.Method.invoke(Method.java:566)
    at org.springframework.boot.devtools.restart.RestartLauncher.run(RestartLauncher.java:49)
Caused by: reactor.core.Exceptions$ReactiveException: javax.net.ssl.SSLException: failed to set cipher suite: [TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256, TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384, TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA, TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA, TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256, TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384, TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256, TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384, TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA, TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA, TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256, TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384, TLS_DHE_RSA_WITH_AES_128_GCM_SHA256, TLS_DHE_RSA_WITH_AES_256_GCM_SHA384, TLS_DHE_RSA_WITH_AES_128_CBC_SHA, TLS_DHE_RSA_WITH_AES_256_CBC_SHA, TLS_DHE_RSA_WITH_AES_128_CBC_SHA256, TLS_DHE_RSA_WITH_AES_256_CBC_SHA256]
    at reactor.core.Exceptions.propagate(Exceptions.java:392)
    at reactor.netty.tcp.SslProvider.<init>(SslProvider.java:361)
    at reactor.netty.tcp.SslProvider$Build.build(SslProvider.java:734)
    at reactor.netty.http.server.HttpServer.secure(HttpServer.java:721)
    at reactor.netty.http.server.HttpServer.secure(HttpServer.java:689)
    at org.springframework.boot.web.embedded.netty.SslServerCustomizer.apply(SslServerCustomizer.java:81)
    at org.springframework.boot.web.embedded.netty.NettyReactiveWebServerFactory.customizeSslConfiguration(NettyReactiveWebServerFactory.java:182)
    at org.springframework.boot.web.embedded.netty.NettyReactiveWebServerFactory.createHttpServer(NettyReactiveWebServerFactory.java:169)
    at org.springframework.boot.web.embedded.netty.NettyReactiveWebServerFactory.getWebServer(NettyReactiveWebServerFactory.java:70)
    at org.springframework.boot.web.reactive.context.WebServerManager.<init>(WebServerManager.java:49)
    at org.springframework.boot.web.reactive.context.ReactiveWebServerApplicationContext.createWebServer(ReactiveWebServerApplicationContext.java:93)
    at org.springframework.boot.web.reactive.context.ReactiveWebServerApplicationContext.onRefresh(ReactiveWebServerApplicationContext.java:78)
    ... 12 common frames omitted
Caused by: javax.net.ssl.SSLException: failed to set cipher suite: [TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256, TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384, TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA, TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA, TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256, TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384, TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256, TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384, TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA, TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA, TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256, TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384, TLS_DHE_RSA_WITH_AES_128_GCM_SHA256, TLS_DHE_RSA_WITH_AES_256_GCM_SHA384, TLS_DHE_RSA_WITH_AES_128_CBC_SHA, TLS_DHE_RSA_WITH_AES_256_CBC_SHA, TLS_DHE_RSA_WITH_AES_128_CBC_SHA256, TLS_DHE_RSA_WITH_AES_256_CBC_SHA256]
    at io.netty.handler.ssl.ReferenceCountedOpenSslContext.<init>(ReferenceCountedOpenSslContext.java:295)
    at io.netty.handler.ssl.OpenSslContext.<init>(OpenSslContext.java:45)
    at io.netty.handler.ssl.OpenSslServerContext.<init>(OpenSslServerContext.java:349)
    at io.netty.handler.ssl.OpenSslServerContext.<init>(OpenSslServerContext.java:336)
    at io.netty.handler.ssl.SslContext.newServerContextInternal(SslContext.java:473)
    at io.netty.handler.ssl.SslContextBuilder.build(SslContextBuilder.java:606)
    at reactor.netty.tcp.AbstractProtocolSslContextSpec.sslContext(AbstractProtocolSslContextSpec.java:53)
    at reactor.netty.tcp.SslProvider.<init>(SslProvider.java:358)
    ... 22 common frames omitted
Caused by: java.lang.IllegalArgumentException: unsupported cipher suite: TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256(ECDHE-ECDSA-AES128-SHA256)
    at io.netty.handler.ssl.CipherSuiteConverter.convertToCipherStrings(CipherSuiteConverter.java:470)
    at io.netty.handler.ssl.ReferenceCountedOpenSslContext.<init>(ReferenceCountedOpenSslContext.java:282)
    ... 29 common frames omitted

########## 所有密码都是由 jhipster 生成的，也可以在https://www.jhipster.tech/production/#security中找到

如果我删除密码，onegateway/src/main/resources/config/application-tls.yml应用程序启动，但访问https://localhost:8080时得到以下信息

----------------------------------------------------------
    Application 'onegateway' is running! Access URLs:
    Local:      https://localhost:8080/
    External:   https://192.168.50.11:8080/
    Profile(s):     [dev, api-docs, tls]
----------------------------------------------------------
2021-08-11 14:18:36.554  WARN 83547 --- [ctor-http-nio-2] .s.ApplicationProtocolNegotiationHandler : [id: 0x3b06913a, L:/0:0:0:0:0:0:0:1:8080 - R:/0:0:0:0:0:0:0:1:61605] Failed to select the application-level protocol:

javax.net.ssl.SSLHandshakeException: error:10000416:SSL routines:OPENSSL_internal:SSLV3_ALERT_CERTIFICATE_UNKNOWN
    at io.netty.handler.ssl.ReferenceCountedOpenSslEngine.shutdownWithError(ReferenceCountedOpenSslEngine.java:1064)
    at io.netty.handler.ssl.ReferenceCountedOpenSslEngine.sslReadErrorResult(ReferenceCountedOpenSslEngine.java:1346)
    at io.netty.handler.ssl.ReferenceCountedOpenSslEngine.unwrap(ReferenceCountedOpenSslEngine.java:1295)
    at io.netty.handler.ssl.ReferenceCountedOpenSslEngine.unwrap(ReferenceCountedOpenSslEngine.java:1371)
    at io.netty.handler.ssl.ReferenceCountedOpenSslEngine.unwrap(ReferenceCountedOpenSslEngine.java:1414)
    at io.netty.handler.ssl.SslHandler$SslEngineType$1.unwrap(SslHandler.java:224)
    at io.netty.handler.ssl.SslHandler.unwrap(SslHandler.java:1338)
    at io.netty.handler.ssl.SslHandler.decodeNonJdkCompatible(SslHandler.java:1245)
    at io.netty.handler.ssl.SslHandler.decode(SslHandler.java:1282)
    at io.netty.handler.codec.ByteToMessageDecoder.decodeRemovalReentryProtection(ByteToMessageDecoder.java:507)
    at io.netty.handler.codec.ByteToMessageDecoder.callDecode(ByteToMessageDecoder.java:446)
    at io.netty.handler.codec.ByteToMessageDecoder.channelRead(ByteToMessageDecoder.java:276)
    at io.netty.channel.AbstractChannelHandlerContext.invokeChannelRead(AbstractChannelHandlerContext.java:379)
    at io.netty.channel.AbstractChannelHandlerContext.invokeChannelRead(AbstractChannelHandlerContext.java:365)
    at io.netty.channel.AbstractChannelHandlerContext.fireChannelRead(AbstractChannelHandlerContext.java:357)
    at io.netty.channel.DefaultChannelPipeline$HeadContext.channelRead(DefaultChannelPipeline.java:1410)
    at io.netty.channel.AbstractChannelHandlerContext.invokeChannelRead(AbstractChannelHandlerContext.java:379)
    at io.netty.channel.AbstractChannelHandlerContext.invokeChannelRead(AbstractChannelHandlerContext.java:365)
    at io.netty.channel.DefaultChannelPipeline.fireChannelRead(DefaultChannelPipeline.java:919)
    at io.netty.channel.nio.AbstractNioByteChannel$NioByteUnsafe.read(AbstractNioByteChannel.java:166)
    at io.netty.channel.nio.NioEventLoop.processSelectedKey(NioEventLoop.java:719)
    at io.netty.channel.nio.NioEventLoop.processSelectedKeysOptimized(NioEventLoop.java:655)
    at io.netty.channel.nio.NioEventLoop.processSelectedKeys(NioEventLoop.java:581)
    at io.netty.channel.nio.NioEventLoop.run(NioEventLoop.java:493)
    at io.netty.util.concurrent.SingleThreadEventExecutor$4.run(SingleThreadEventExecutor.java:989)
    at io.netty.util.internal.ThreadExecutorMap$2.run(ThreadExecutorMap.java:74)
    at io.netty.util.concurrent.FastThreadLocalRunnable.run(FastThreadLocalRunnable.java:30)
    at java.base/java.lang.Thread.run(Thread.java:829)

2021-08-11 14:18:36.558  WARN 83547 --- [ctor-http-nio-2] .s.ApplicationProtocolNegotiationHandler : [id: 0x3b06913a, L:/0:0:0:0:0:0:0:1:8080 ! R:/0:0:0:0:0:0:0:1:61605] TLS handshake failed:

javax.net.ssl.SSLHandshakeException: error:10000416:SSL routines:OPENSSL_internal:SSLV3_ALERT_CERTIFICATE_UNKNOWN
    at io.netty.handler.ssl.ReferenceCountedOpenSslEngine.shutdownWithError(ReferenceCountedOpenSslEngine.java:1064)
    at io.netty.handler.ssl.ReferenceCountedOpenSslEngine.sslReadErrorResult(ReferenceCountedOpenSslEngine.java:1346)
    at io.netty.handler.ssl.ReferenceCountedOpenSslEngine.unwrap(ReferenceCountedOpenSslEngine.java:1295)
    at io.netty.handler.ssl.ReferenceCountedOpenSslEngine.unwrap(ReferenceCountedOpenSslEngine.java:1371)
    at io.netty.handler.ssl.ReferenceCountedOpenSslEngine.unwrap(ReferenceCountedOpenSslEngine.java:1414)
    at io.netty.handler.ssl.SslHandler$SslEngineType$1.unwrap(SslHandler.java:224)
    at io.netty.handler.ssl.SslHandler.unwrap(SslHandler.java:1338)
    at io.netty.handler.ssl.SslHandler.decodeNonJdkCompatible(SslHandler.java:1245)
    at io.netty.handler.ssl.SslHandler.decode(SslHandler.java:1282)
    at io.netty.handler.codec.ByteToMessageDecoder.decodeRemovalReentryProtection(ByteToMessageDecoder.java:507)
    at io.netty.handler.codec.ByteToMessageDecoder.callDecode(ByteToMessageDecoder.java:446)
    at io.netty.handler.codec.ByteToMessageDecoder.channelRead(ByteToMessageDecoder.java:276)
    at io.netty.channel.AbstractChannelHandlerContext.invokeChannelRead(AbstractChannelHandlerContext.java:379)
    at io.netty.channel.AbstractChannelHandlerContext.invokeChannelRead(AbstractChannelHandlerContext.java:365)
    at io.netty.channel.AbstractChannelHandlerContext.fireChannelRead(AbstractChannelHandlerContext.java:357)
    at io.netty.channel.DefaultChannelPipeline$HeadContext.channelRead(DefaultChannelPipeline.java:1410)
    at io.netty.channel.AbstractChannelHandlerContext.invokeChannelRead(AbstractChannelHandlerContext.java:379)
    at io.netty.channel.AbstractChannelHandlerContext.invokeChannelRead(AbstractChannelHandlerContext.java:365)
    at io.netty.channel.DefaultChannelPipeline.fireChannelRead(DefaultChannelPipeline.java:919)
    at io.netty.channel.nio.AbstractNioByteChannel$NioByteUnsafe.read(AbstractNioByteChannel.java:166)
    at io.netty.channel.nio.NioEventLoop.processSelectedKey(NioEventLoop.java:719)
    at io.netty.channel.nio.NioEventLoop.processSelectedKeysOptimized(NioEventLoop.java:655)
    at io.netty.channel.nio.NioEventLoop.processSelectedKeys(NioEventLoop.java:581)
    at io.netty.channel.nio.NioEventLoop.run(NioEventLoop.java:493)
    at io.netty.util.concurrent.SingleThreadEventExecutor$4.run(SingleThreadEventExecutor.java:989)
    at io.netty.util.internal.ThreadExecutorMap$2.run(ThreadExecutorMap.java:74)
    at io.netty.util.concurrent.FastThreadLocalRunnable.run(FastThreadLocalRunnable.java:30)
    at java.base/java.lang.Thread.run(Thread.java:829)

###################

我还尝试通过取消注释属性：spring.profiles.group.dev.tls并启动应用程序来恢复对 application-tls.yml 的所有 prev 更改并激活src/main/resources/config/application.yml中开发配置文件的 tls和

./mvnw -Pdev

不支持的密码套件遇到了同样的问题。

#########################

这是我的模型.jdl

application {
  config {
    applicationType gateway,
    baseName onegateway,
    packageName com.carestra.jhipster.gateway,
    authenticationType jwt,
    serviceDiscoveryType eureka,
    buildTool maven,
    reactive true,
    skipClient false,
    skipServer false,
    skipUserManagement false,
    databaseType sql,
    prodDatabaseType postgresql,
    devDatabaseType postgresql
    clientFramework angularX,
    testFrameworks [cypress],
    enableTranslation true,
    nativeLanguage en,
    languages [en]
  }

  entities *
}

application {
  config {
    applicationType microservice,
    baseName onebackend,
    packageName com.carestra.jhipster.backend,
    authenticationType jwt,
    serviceDiscoveryType eureka,
    buildTool maven,
    reactive false,
    skipClient true,
    skipUserManagement true,
    databaseType sql,
    prodDatabaseType postgresql,
    devDatabaseType postgresql,
    testFrameworks [cypress]
  }

  entities *
}

entity Activity {
    id Long,
    title String minlength(4) maxlength(50) required,
    startDate Instant required,
    endDate Instant required,
}

entity Booking {
    id Long,
    activityId Long required,
    message String minlength(0) maxlength(500),
}

microservice * with onebackend

deployment {
  deploymentType docker-compose
  appsFolders [onegateway, onebackend]
  dockerRepositoryName "carestra"
  serviceDiscoveryType eureka
}

和.yo-rc.json

{
  "generator-jhipster": {
    "authenticationType": "jwt",
    "clientFramework": "angularX",
    "serverPort": "8080",
    "serviceDiscoveryType": "eureka",
    "skipUserManagement": false,
    "withAdminUi": true,
    "baseName": "onegateway",
    "buildTool": "maven",
    "databaseType": "sql",
    "devDatabaseType": "postgresql",
    "cacheProvider": "no",
    "enableHibernateCache": false,
    "enableSwaggerCodegen": false,
    "enableTranslation": true,
    "jhiPrefix": "jhi",
    "languages": ["en"],
    "messageBroker": false,
    "prodDatabaseType": "postgresql",
    "searchEngine": false,
    "skipClient": false,
    "testFrameworks": ["cypress"],
    "websocket": false,
    "applicationType": "gateway",
    "packageName": "com.carestra.jhipster.gateway",
    "packageFolder": "com/carestra/jhipster/gateway",
    "reactive": true,
    "skipServer": false,
    "nativeLanguage": "en",
    "jhipsterVersion": "7.1.0",
    "clientPackageManager": "npm",
    "dtoSuffix": "DTO",
    "entitySuffix": "",
    "clientTheme": "none",
    "clientThemeVariant": "",
    "applicationIndex": 0,
    "applications": {
      "onebackend": {
        "serverPort": "8081",
        "applicationIndex": 1
      }
    },
    "skipCheckLengthOfIdentifier": false,
    "skipFakeData": false,
    "blueprints": [],
    "otherModules": [],
    "pages": [],
    "creationTimestamp": 1628675597074,
    "jwtSecretKey": "NDE5ZTFkOTJiYzQ1ZGI5NmZlMmZjNWQ5NzVjZTkwODJhZWJjMTFlZjQ5NjcwOWU5MWI1NjdiNWI4MjBlNmY5ODFkNThhNzk4NjllNzA2MWM1N2YzOTdhMjdhNTcyY2ZhZDk5ODM1MjU4ODJhM2YxYTMzYTM2ZTNlNWM5N2UxOWU=",
    "devServerPort": 4200,
    "entities": ["Booking", "Activity"],
    "lastLiquibaseTimestamp": 1628675717000
  }
}

和

环境和工具

openjdk 版本 "11.0.11" 2021-04-20 OpenJDK 运行环境 AdoptOpenJDK-11.0.11+9 (build 11.0.11+9) OpenJDK 64-Bit Server VM AdoptOpenJDK-11.0.11+9 (build 11.0.11+9) ， 混合模式）

git 版本 2.23.0

节点：v14.17.3

npm：7.20.1

Docker 版本 20.10.7，构建 f0df350