我有一个Java8SpringBoot(1.5.13)Web服务器,在AWS应用程序负载均衡器后面。ALB执行TLS终止。
Web服务器会因为各种原因重定向用户(例如,到登录页面)。如docs中所述,我在application.properties中将server.use-forward-headers设置为true,以便使用X-Forwarded-Proto和Host头文件正确地重定向到外部(https)url。
这个设置可以在主机1上工作,但是(几乎)相同的设置在主机2上不起作用。在主机2上,我将其范围缩小到以下几个:如果我 curl localhost,事情就可以工作,但是如果我 curl 172.32.1.1(主机2的ip),事情就不能工作。
下面的两个命令都是在主机2上运行的。您知道是什么原因导致响应不同吗?(http与https)
[ec2-user@ip-172-32-1-1 ~]$ curl -v localhost:8080 -H "X-Forwarded-Proto: https" -H "X-Forwarded-Port: 443" -H "Host: example.com"
* Trying 127.0.0.1:8080...
* Connected to localhost (127.0.0.1) port 8080 (#0)
> GET / HTTP/1.1
> Host: example.com
> User-Agent: curl/7.79.1
> Accept: */*
> X-Forwarded-Proto: https
> X-Forwarded-Port: 443
>
* Mark bundle as not supporting multiuse
< HTTP/1.1 302
< Set-Cookie: SESSION=6a9d14f0-07f6-4f73-ae31-8232f2d9de5d; Path=/; Secure; HttpOnly
< Location: https://example.com/login
< Content-Length: 0
< Date: Wed, 21 Dec 2022 21:43:28 GMT
<
* Connection #0 to host localhost left intact[ec2-user@ip-172-32-1-1 ~]$ curl -v 172.32.1.1:8080 -H "X-Forwarded-Proto: https" -H "X-Forwarded-Port: 443" -H "Host: example.com"
* Trying 172.32.1.1:8080...
* Connected to 172.32.1.1 (172.32.1.1) port 8080 (#0)
> GET / HTTP/1.1
> Host: example.com
> User-Agent: curl/7.79.1
> Accept: */*
> X-Forwarded-Proto: https
> X-Forwarded-Port: 443
>
* Mark bundle as not supporting multiuse
< HTTP/1.1 302
< Set-Cookie: SESSION=cbf4800a-15a8-460a-a3db-d6e3c21c046e; Path=/; HttpOnly
< Location: http://example.com/login
< Content-Length: 0
< Date: Wed, 21 Dec 2022 21:42:50 GMT
<
* Connection #0 to host 172.32.1.1 left intact主机1和主机2正在使用相同的VM映像和WAR文件。在主机1上,上述2个命令均按预期使用https响应。
1条答案
按热度按时间lf3rwulv1#
它可能是如此多不同的事情。这里是我会从我的头顶看过去的地方。