Setting up ZUUL gateway between micro services - netflix-zuul

Following services are running
Eureka server
ZUUL gateway (api-gateway)
User service (user-service)
Plan service (plan-service)
User service will communicate to Plan service via ZUUL using "OpenFeign" for invocation.
"User service" has the the following "PlanService" open feign client
#FeignClient(name = "api-gateway")
#RibbonClient(name = "plan-service")
public interface PlanServiceFeign {
#GetMapping("/plan-service/plandetails/{userId}")
PlanDetails getPlanDetails(#PathVariable("userId") String userId);
}
In the logs following URL is getting fired to API gateway, but zuul is not navigating to the "plan-service" micro setvice
GET http://api-gateway/plan-service/plandetails/12345
Am I missing any other configuration for setting up ZUUL between micro services communication

There is a configuration, you should configure in an application.properties file or application.yaml file.
If you used an application.yaml file please configure like this.
zuul:
routes:
plan:
path: /plandetails/**
serviceId: plan-service
If you used an application.properties file Please configure like this.
zuul.routes.plan-service.path = /plandetails/**

Fixed by adding routing settings to the application.properties
zuul.routes.<service-registry-name>.path=/<service-mapping>/*

Related

Feign Client + Consul + Ribbon - HTTPS

I have the following setup (everything as docker containers):
Two web services running on HTTPS mode (self-signed certificate).
The web services are registered in consul.
Web service 1 calls web service 2 using feign client.
web service 2 is named authentication-service.
The docker containers cacerts were updated to include the self-signed certificate, however, the certificate does not have the IP address because they are dynamically generated by docker.
#FeignClient(name = "authentication-service")
public interface AuthenticationClient extends AuthenticationApi {
}
When web service 1 calls web service 2 Ribbon internally is using docker's IP address. (the problem)
Moreover, It is not clear to me why feign is using HTTP protocol instead of HTTPS.
feign.RetryableException: No subject alternative names matching IP address 172.20.0.10 found executing POST http://authentication-service/api/auth/authenticate
What am I missing?
How should I overcome this situation?
Thank you in advance.

Jhipster registry "Status: (Unauthorized)" page after keycloak login

Jhipster registry:v3.3.0
Keycloak: 4.5.0.Final (https enabled)
There is a jhipster registry setup using docker-compose as shown in picture. Registry talks to Keycloak for authentication.
We have two keycloak instances.
When configured with one keycloak instance it successfully logins and opens the registry page.
When configured with other keycloak instance it show the following page:
After entering keycloak credentials, the url in the browser is http://localhost:8761/login?state=Swy20H&session_state=c6853b18-42f3-4ad9-9ad0-14615aa576bd&code=eyJhbGciOiJkaXIiLCJlbmMiOiJBMTI4Q0JDLUhTMjU2In0..xtptsARyYJPbqrhZD4ZF7A.yKur_w3c5H-ybHcpXeBSca1W7N3XxRzQXaUs383Kqh57wzaWt3FhBglGf-w154GRTM93F5oa2grE8HzVyrRpDadQs5FCjpNDZuD86KZy5JVI4RnlYOFvsTMcO-fFi_bWl2ByvNy7QARglrwGQOTeYndvrYluuC57OJGKm8819gIb9a5wvZ9oeiJLuDPwkcefs2J-xnUvEde3yAyVKGxe_oGdA8jJbbwRDQQvCI2e3FLyiKJ1F2P2iHFT5g_QaQxv.7k__JisYiWQrQpjgxJ8m5Q
Same keycloak client was imported in Keycloak realm for instances. Any idea what could be the reason?
I had faced similar issue.
In my case I was getting it because of two reasons.
The keycloak was SSL enabled and the keystore file used in this
process did not include Root certificate. Refer this SOS.
Our network firewall was blocking the requests to Auth Server. In your case it could be Jhipster registry's backend
you must change configuration in docker file inside your server if you use docker and when enable SSL you must mapping new URI in each docker file
i have the same problem and this is solution for that
- SPRING_SECURITY_OAUTH2_CLIENT_PROVIDER_OIDC_ISSUER_URI=http://127.0.0.1/auth/realms/jhipster
but after enable ssl your service cannot show above url you must be change it to
- SPRING_SECURITY_OAUTH2_CLIENT_PROVIDER_OIDC_ISSUER_URI=https://your-domain.eg/auth/realms/jhipster
after that you can authentication without any problem

Spring Cloud Netflix | Eureka not registering when deployed on ECS

I am trying to deploy Spring Netflix Eureka and related microservice application using ECS and Cloudformation.
Eureka is not able to register the related microservices because the docker images are not able to link on hostname.
Please suggest what should be the best solution to handle this.
You should use EC2 instance's host ip instead of docker container host's. In your microservices (if those are spring boot applications), put this code:
#Bean
#Profile("docker")
public EurekaInstanceConfigBean eurekaInstanceConfig() {
EurekaInstanceConfigBean config = new EurekaInstanceConfigBean();
AmazonInfo info = AmazonInfo.Builder.newBuilder().autoBuild("eureka");
config.setDataCenterInfo(info);
info.getMetadata().put(AmazonInfo.MetaDataKey.publicHostname.getName(), info.get(AmazonInfo.MetaDataKey.publicIpv4));
config.setHostname(info.get(AmazonInfo.MetaDataKey.publicHostname));
config.setIpAddress(info.get(AmazonInfo.MetaDataKey.publicIpv4));
config.setNonSecurePort(port);
return config;
}
Remember to enable 'docker' profile in spring boot configuration.

spring cloud zuul: Active-Active configuration

1.) How to configure Zuul to redirect the request to another Zuul instances in the other cloud region when there is a service cluster failover?.
2.) How to configure Zuul to accept https request & forward request as https to the service cluster.
3.) Is there a document that explains what are the different configuration options that can used to configure the Zuul server using yml.

Dropbox OAuth callback to Mule using https

Dropbox requires the callback URL to be over HTTPS (when not using localhost).
Using Mule 3.6.0 with the latest dropbox connector, the callback defaults to http - thus only working with localhost. For production I need to use https for the OAuth dance.
What is the correct way to specify a https callback URL?
I've tried:
<https:connector name="connector.http.mule.default">
<https:tls-key-store path="${ssl.certfile}" keyPassword="${ssl.keyPass}" storePassword="${ssl.storePass}"/>
</https:connector>
<dropbox:config name="Dropbox" appKey="${dropbox.appKey}" appSecret="${dropbox.appSecret}" doc:name="Dropbox">
<dropbox:oauth-callback-config domain="production.mydomain.com" path="callback" />
</dropbox:config>
But it errors:
Endpoint scheme must be compatible with the connector scheme. Connector is: "https", endpoint is "http://production.mydomain.com:8052/callback"
Here's what I ended up with that solved the problem:
<https:connector name="connector.http.mule.default" doc:name="HTTP-HTTPS">
<https:tls-key-store path="${ssl.certfile}" keyPassword="${ssl.keyPass}" storePassword="${ssl.storePass}"/>
</https:connector>
<dropbox:config name="Dropbox" appKey="${dropbox.appKey}" appSecret="${dropbox.appSecret}" doc:name="Dropbox">
<dropbox:oauth-callback-config domain="myserver.domain.com" path="callback" connector-ref="connector.http.mule.default" localPort="8052" remotePort="8052"/>
</dropbox:config>
This works great for localhost, but not if you need the callback to go to something other than localhost (e.g. myserver.domain.com)
Reviewing mule.log you can see that the connector binds to localhost (127.0.0.0) despite the config pointing to:
domain="myserver.domain.com"
Log Entry:
INFO ... Attempting to register service with name: Mule.Ops:type=Endpoint,service="DynamicFlow-https://localhost:8052/callback",connector=connector.http.mule.default,name="endpoint.https.localhost.8052.callback"
INFO ... Registered Endpoint Service with name: Mule.Ops:type=Endpoint,service="DynamicFlow-https://localhost:8052/callback",connector=connector.http.mule.default,name="endpoint.https.localhost.8052.callback"
INFO ... Registered Connector Service with name Mule.Ops:type=Connector,name="connector.http.mule.default.1"
The workaround is to force Mule to listen to 0.0.0.0 for connectors which define localhost as the endpoint.
In wrapper.conf set
wrapper.java.additional.x=-Dmule.tcp.bindlocalhosttoalllocalinterfaces=TRUE

Resources