从 spring-boot 2.4.4 升级到 2.5.9 导致 X-Forwarded 不被采用
Upgrade from spring-boot 2.4.4 to 2.5.9 cause X-Forwarded not to be taken
我们正在更新依赖项。我们最近将 spring-boot 从 2.4.4 更新到 2.5.9。
从那时起,我们就无法在本地测试部分功能。这涉及使用代理传递的自定义域。我们在本地有以下设置:
**Nginx proxy** (local.alavoie.mytestdomain.com which points to 127.0.0.1 listening on 443)
|
|
**NPM app** with proxy table (listening on 0.0.0.0 8080)
|
|
**Spring-boot app** (listening on 0.0.0.0 8081)
当我们使用 request.getServerName()
时,它现在 returns localhost
而不是 local.alavoie.mytestdomain.com
提供的 url
根据我的调查,我一更新到 spring-boot 2.5.x,问题就开始了。 2.4.x 的所有版本都在工作。
tomcat 更新的依赖项没有给出任何问题。据我所知,RemoteIpValve 没有添加到请求的 tomcat 引擎管道中。
这是我的 nginx 配置
# configuration file /usr/local/etc/nginx/nginx.conf:
#worker_processes 1;
events {
worker_connections 1024;
}
http {
server {
listen 80;
server_name *.alavoie.mytestdomain.com;
return 301 https://$host$request_uri;
}
server {
listen 443 ssl;
client_max_body_size 5G;
ssl_certificate /users/alavoie/ssl/certificate.pem;
ssl_certificate_key /users/alavoie/ssl/key.pem;
ssl_protocols TLSv1.2 TLSv1.3;
ssl_prefer_server_ciphers on;
ssl_ciphers ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384;
add_header Strict-Transport-Security "max-age=63072000" always;
location / {
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header X-Forwarded-Server $host;
proxy_set_header X-Forwarded-Host $host;
proxy_set_header X-Forwarded-For $remote_addr;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "Upgrade";
# Fix the “It appears that your reverse proxy set up is broken" error.
proxy_pass http://localhost:8081;
proxy_read_timeout 90;
}
}
# General settings
#
access_log off;
server_tokens off;
##
# Proxy settings
#
proxy_buffering off;
proxy_buffer_size 128k;
proxy_buffers 100 128k;
proxy_headers_hash_bucket_size 128;
##
# gzip settings
#
gzip on;
gzip_disable "msie6";
}
这是我们的 npm 代理 table。
'use strict'
// Template version: 1.2.5
// see http://vuejs-templates.github.io/webpack for documentation.
const path = require('path')
module.exports = {
dev: {
// Paths
assetsSubDirectory: 'static',
assetsPublicPath: '/',
proxyTable: {
'/rest/**': {
target: 'http://localhost:8080',
logLevel: 'debug'
},
'/api/**': 'http://localhost:8080',
'/assets/**': 'http://localhost:8080',
'/auth/*': {
target: 'http://localhost:8080',
changeOrigin: true,
logLevel: 'debug'
},
'/login/twofactor': {
target: 'http://localhost:8080',
changeOrigin: true,
logLevel: 'debug'
},
'/socket': {
target: 'ws://localhost:8080',
ws: true,
},
},
// Various Dev Server settings
host: '0.0.0.0', // can be overwritten by process.env.HOST
port: 8081, // can be overwritten by process.env.PORT, if port is in use, a free one will be determined
autoOpenBrowser: false,
errorOverlay: true,
notifyOnErrors: true,
poll: false, // https://webpack.js.org/configuration/dev-server/#devserver-watchoptions-
// Use Eslint Loader?
// If true, your code will be linted during bundling and
// linting errors and warnings will be shown in the console.
useEslint: true,
// If true, eslint errors and warnings will also be shown in the error overlay
// in the browser.
showEslintErrorsInOverlay: false,
/**
* Source Maps
*/
// https://webpack.js.org/configuration/devtool/#development
devtool: 'eval-source-map',
// If you have problems debugging vue-files in devtools,
// set this to false - it *may* help
// https://vue-loader.vuejs.org/en/options.html#cachebusting
cacheBusting: true,
// CSS Sourcemaps off by default because relative paths are "buggy"
// with this option, according to the CSS-Loader README
// (https://github.com/webpack/css-loader#sourcemaps)
// In our experience, they generally work as expected,
// just be aware of this issue when enabling this option.
cssSourceMap: false,
},
build: {
// Template for index.html
index: path.resolve(__dirname, '../dist/index.html'),
// Paths
assetsRoot: path.resolve(__dirname, '../dist'),
assetsSubDirectory: 'static',
assetsPublicPath: '/',
/**
* Source Maps
*/
productionSourceMap: true,
// https://webpack.js.org/configuration/devtool/#production
devtool: '#source-map',
// Gzip off by default as many popular static hosts such as
// Surge or Netlify already gzip all static assets for you.
// Before setting to `true`, make sure to:
// npm install --save-dev compression-webpack-plugin
productionGzip: false,
productionGzipExtensions: ['js', 'css'],
// Run the build command with an extra argument to
// View the bundle analyzer report after build finishes:
// `npm run build --report`
// Set to `true` or `false` to always turn it on or off
bundleAnalyzerReport: process.env.npm_config_report
}
}
我 运行 一切都在 Mac 上。谁能帮我弄清楚我们做错了什么
如果运行在前端服务器和代理后面使用转发Headers。提供有关初始请求的信息。
对于您的配置集:
server.forward-headers-strategy=NATIVE
OR
server.forward-headers-strategy=FRAMEWORK
ref: https://docs.spring.io/spring-boot/docs/current/reference/html/howto.html 上限 3.12.
我们正在更新依赖项。我们最近将 spring-boot 从 2.4.4 更新到 2.5.9。
从那时起,我们就无法在本地测试部分功能。这涉及使用代理传递的自定义域。我们在本地有以下设置:
**Nginx proxy** (local.alavoie.mytestdomain.com which points to 127.0.0.1 listening on 443)
|
|
**NPM app** with proxy table (listening on 0.0.0.0 8080)
|
|
**Spring-boot app** (listening on 0.0.0.0 8081)
当我们使用 request.getServerName()
时,它现在 returns localhost
而不是 local.alavoie.mytestdomain.com
根据我的调查,我一更新到 spring-boot 2.5.x,问题就开始了。 2.4.x 的所有版本都在工作。
tomcat 更新的依赖项没有给出任何问题。据我所知,RemoteIpValve 没有添加到请求的 tomcat 引擎管道中。
这是我的 nginx 配置
# configuration file /usr/local/etc/nginx/nginx.conf:
#worker_processes 1;
events {
worker_connections 1024;
}
http {
server {
listen 80;
server_name *.alavoie.mytestdomain.com;
return 301 https://$host$request_uri;
}
server {
listen 443 ssl;
client_max_body_size 5G;
ssl_certificate /users/alavoie/ssl/certificate.pem;
ssl_certificate_key /users/alavoie/ssl/key.pem;
ssl_protocols TLSv1.2 TLSv1.3;
ssl_prefer_server_ciphers on;
ssl_ciphers ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384;
add_header Strict-Transport-Security "max-age=63072000" always;
location / {
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header X-Forwarded-Server $host;
proxy_set_header X-Forwarded-Host $host;
proxy_set_header X-Forwarded-For $remote_addr;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "Upgrade";
# Fix the “It appears that your reverse proxy set up is broken" error.
proxy_pass http://localhost:8081;
proxy_read_timeout 90;
}
}
# General settings
#
access_log off;
server_tokens off;
##
# Proxy settings
#
proxy_buffering off;
proxy_buffer_size 128k;
proxy_buffers 100 128k;
proxy_headers_hash_bucket_size 128;
##
# gzip settings
#
gzip on;
gzip_disable "msie6";
}
这是我们的 npm 代理 table。
'use strict'
// Template version: 1.2.5
// see http://vuejs-templates.github.io/webpack for documentation.
const path = require('path')
module.exports = {
dev: {
// Paths
assetsSubDirectory: 'static',
assetsPublicPath: '/',
proxyTable: {
'/rest/**': {
target: 'http://localhost:8080',
logLevel: 'debug'
},
'/api/**': 'http://localhost:8080',
'/assets/**': 'http://localhost:8080',
'/auth/*': {
target: 'http://localhost:8080',
changeOrigin: true,
logLevel: 'debug'
},
'/login/twofactor': {
target: 'http://localhost:8080',
changeOrigin: true,
logLevel: 'debug'
},
'/socket': {
target: 'ws://localhost:8080',
ws: true,
},
},
// Various Dev Server settings
host: '0.0.0.0', // can be overwritten by process.env.HOST
port: 8081, // can be overwritten by process.env.PORT, if port is in use, a free one will be determined
autoOpenBrowser: false,
errorOverlay: true,
notifyOnErrors: true,
poll: false, // https://webpack.js.org/configuration/dev-server/#devserver-watchoptions-
// Use Eslint Loader?
// If true, your code will be linted during bundling and
// linting errors and warnings will be shown in the console.
useEslint: true,
// If true, eslint errors and warnings will also be shown in the error overlay
// in the browser.
showEslintErrorsInOverlay: false,
/**
* Source Maps
*/
// https://webpack.js.org/configuration/devtool/#development
devtool: 'eval-source-map',
// If you have problems debugging vue-files in devtools,
// set this to false - it *may* help
// https://vue-loader.vuejs.org/en/options.html#cachebusting
cacheBusting: true,
// CSS Sourcemaps off by default because relative paths are "buggy"
// with this option, according to the CSS-Loader README
// (https://github.com/webpack/css-loader#sourcemaps)
// In our experience, they generally work as expected,
// just be aware of this issue when enabling this option.
cssSourceMap: false,
},
build: {
// Template for index.html
index: path.resolve(__dirname, '../dist/index.html'),
// Paths
assetsRoot: path.resolve(__dirname, '../dist'),
assetsSubDirectory: 'static',
assetsPublicPath: '/',
/**
* Source Maps
*/
productionSourceMap: true,
// https://webpack.js.org/configuration/devtool/#production
devtool: '#source-map',
// Gzip off by default as many popular static hosts such as
// Surge or Netlify already gzip all static assets for you.
// Before setting to `true`, make sure to:
// npm install --save-dev compression-webpack-plugin
productionGzip: false,
productionGzipExtensions: ['js', 'css'],
// Run the build command with an extra argument to
// View the bundle analyzer report after build finishes:
// `npm run build --report`
// Set to `true` or `false` to always turn it on or off
bundleAnalyzerReport: process.env.npm_config_report
}
}
我 运行 一切都在 Mac 上。谁能帮我弄清楚我们做错了什么
如果运行在前端服务器和代理后面使用转发Headers。提供有关初始请求的信息。
对于您的配置集:
server.forward-headers-strategy=NATIVE
OR
server.forward-headers-strategy=FRAMEWORK
ref: https://docs.spring.io/spring-boot/docs/current/reference/html/howto.html 上限 3.12.