我正在尝试在 openshift 上设置 Spring 云网关,并希望发现集群中可用的服务。我可以通过添加@DiscoveryClient 和依赖项来发现服务,如下所示。
引导依赖项如下:
spring-cloud.version : Greenwich.SR2
spring-boot-starter-parent:2.1.7.RELEASE
<dependency>
<groupId>org.springframework.cloud</groupId>
<artifactId>spring-cloud-starter-kubernetes</artifactId>
</dependency>
<dependency>
<groupId>org.springframework.cloud</groupId>
<artifactId>spring-cloud-starter-kubernetes-ribbon</artifactId>
</dependency>
<dependency>
<groupId>org.springframework.cloud</groupId>
<artifactId>spring-cloud-starter-netflix-ribbon</artifactId>
</dependency>
我可以看到正在发现和注册服务。并且路由也发生了,但是路由时发生 CN 名称验证错误。我也尝试设置 use-insecure-trust-manager:true 但仍然是同样的错误。
2021-12-31 12:30:33.867 TRACE 1 --- [or-http-epoll-8] o.s.c.g.h.p.RoutePredicateFactory : Pattern "[/customer-service/**]" does not match against value "/userprofile/addUser"
2021-12-31 12:30:33.868 TRACE 1 --- [or-http-epoll-8] o.s.c.g.h.p.RoutePredicateFactory : Pattern "/userprofile/**" matches against value "/userprofile/addUser"
2021-12-31 12:30:33.868 DEBUG 1 --- [or-http-epoll-8] o.s.c.g.h.RoutePredicateHandlerMapping : Route matched: CompositeDiscoveryClient_userprofile
2021-12-31 12:30:33.868 DEBUG 1 --- [or-http-epoll-8] o.s.c.g.h.RoutePredicateHandlerMapping : Mapping [Exchange: GET https://my-gatewat.net/userprofile/addUser ] to Route{id='CompositeDiscoveryClient_userprofile', uri=lb://userprofile, order=0, predicate=org.springframework.cloud.gateway.support.ServerWebExchangeUtils$$Lambda$712/0x000000010072a440@1046479, gatewayFilters=[OrderedGatewayFilter{delegate=org.springframework.cloud.gateway.filter.factory.RewritePathGatewayFilterFactory$$Lambda$713/0x000000010072a840@3c8d9cd1, order=1}]}
2021-12-31 12:30:33.888 TRACE 1 --- [or-http-epoll-8] o.s.c.g.filter.RouteToRequestUrlFilter : RouteToRequestUrlFilter start
2021-12-31 12:30:33.888 TRACE 1 --- [or-http-epoll-8] o.s.c.g.filter.LoadBalancerClientFilter : LoadBalancerClientFilter url before: lb://userprofile/addUser
2021-12-31 12:30:33.889 TRACE 1 --- [or-http-epoll-8] o.s.c.g.filter.LoadBalancerClientFilter : LoadBalancerClientFilter url chosen: https://10.130.83.26:8443/addUser
2021-12-31 12:30:33.891 DEBUG 1 --- [ctor-http-nio-7] r.n.resources.PooledConnectionProvider : [id: 0x326a2e7b] Created new pooled channel, now 0 active connections and 1 inactive connections
2021-12-31 12:30:33.891 DEBUG 1 --- [ctor-http-nio-7] reactor.netty.tcp.SslProvider : [id: 0x326a2e7b] SSL enabled using engine SSLEngineImpl and SNI /10.130.83.26:8443
2021-12-31 12:30:33.931 ERROR 1 --- [ctor-http-nio-7] a.w.r.e.AbstractErrorWebExceptionHandler : [8768bf6c] 500 Server Error for HTTP GET "/userprofile/addUser"
javax.net.ssl.SSLHandshakeException: No subject alternative names matching IP address 10.130.83.26 found
at java.base/sun.security.ssl.Alert.createSSLException(Unknown Source) ~[na:na]
at java.base/sun.security.ssl.TransportContext.fatal(Unknown Source) ~[na:na]
应用程序.yml:
spring:
application:
name: my-api-gateway
cloud:
gateway:
discovery:
locator:
enabled: true
httpclient:
ssl:
use-insecure-trust-manager: true
尝试在 SSL 上下文中添加 SNI 匹配器,以跳过主机名检查,但仍然无法正常工作:
SNIMatcher matcher = new SNIMatcher(0) {
@Override
public boolean matches(SNIServerName serverName) {
log.info("Server Name validation:{}", serverName);
return true;
}
};