These are chat archives for spring-cloud/spring-cloud

19th
May 2015
Leon Radley
@leon
May 19 2015 09:29
What is the correct configuration for a eureka client in production?
Dave Syer
@dsyer
May 19 2015 09:39
It depends
What do you mean?
The minimal configuration is the serviceUrl
You don't necessarily need any more than that. But it depends on your use case.
Leon Radley
@leon
May 19 2015 09:40
I’m having troubles with https
Dave Syer
@dsyer
May 19 2015 09:40
Self-signed cert? Proxy?
Leon Radley
@leon
May 19 2015 09:41
It’s a wildcard cert, and all the apps are running behind a nginx
Dave Syer
@dsyer
May 19 2015 09:42
Are the clients having trouble registering with Eureka, or problems connecting to each other?
Leon Radley
@leon
May 19 2015 09:42
If one app wants to communicate with another, they get registered in eureka with a host.
these hosts seems to be with the port number appended
Dave Syer
@dsyer
May 19 2015 09:42
Yep. So you want that to be the nginx host. And the port to be 443?
Leon Radley
@leon
May 19 2015 09:43
but maybe it’s not a problem if zuul is proxying to the apps via the ports directly
Dave Syer
@dsyer
May 19 2015 09:43
Yes, it depends on the topology for sure
Look at the config options in EurekaInstanceConfigBean as well
Leon Radley
@leon
May 19 2015 09:44
How do I configure what zuul uses to communicate?
If i specify the instance.hostname is that what zuul uses?
Dave Syer
@dsyer
May 19 2015 09:44
(You can see them in IntelliJ in a properties file if you have the Spring Boot support)
Zuul is going to use the eureka service info, so yes.
Leon Radley
@leon
May 19 2015 09:46
there are quite a few options, which are not documented
private int nonSecurePort = 80;
private int securePort = 443;

private boolean nonSecurePortEnabled = true;

private boolean securePortEnabled;
private String secureVirtualHostName;
Dave Syer
@dsyer
May 19 2015 09:46
The names are pretty obvious. Plus they are documented in Netflix wiki. But thanks for the reminder.
If all your services are using point-to-point communication (via Zuul) they don't need to go through the nginx layer (depending on your requirements of course).
Leon Radley
@leon
May 19 2015 09:48
exactly, that seems the way to go
Dave Syer
@dsyer
May 19 2015 09:48
But if they do go through that layer then you need to register a hostname and set the *securePortEnabled flags
Leon Radley
@leon
May 19 2015 09:48
and if I specify the hostname of localhost:8001
Dave Syer
@dsyer
May 19 2015 09:48
If all the services live on localhost (or any single host) then you have to make sure they have unique instance ids
Look at the S-C docs for an example
Leon Radley
@leon
May 19 2015 09:49
will do
Leon Radley
@leon
May 19 2015 09:50
thanks
It’s a bit overwhelming trying to grasp everything at once :)
Dave Syer
@dsyer
May 19 2015 09:58
Yep. It's a lot of moving parts. We just have to try and make it as smooth as possible.
Leon Radley
@leon
May 19 2015 10:01
When it comes to eureka, do I need to configure both secure and unsecure variables, or if I specify “securePortEnabled” does it only use the secure pieces then?
Dave Syer
@dsyer
May 19 2015 10:09
Not sure.
It probably depends on the client
Leon Radley
@leon
May 19 2015 10:27
was able to get zuul working with
instance:
hostname: accounts.cadcraft.se
ipAddress: 127.0.0.1
preferIpAddress: true
metadataMap.instanceId: accounts-1
Dave Syer
@dsyer
May 19 2015 11:17
Is the hostname even needed in that case?
Leon Radley
@leon
May 19 2015 11:56
No it’s not, but it looks better in the eureka console :)
Dave Syer
@dsyer
May 19 2015 11:58
So it's not using the secure port?
Leon Radley
@leon
May 19 2015 11:59
no
now all the services are talking via azures local 10.0.0.* network unsecured
because zuul doesn’t need https while talking internally
and I wasn’t able to get zuul working with https
Leon Radley
@leon
May 19 2015 13:20
@dsyer do you know of a way to override where the sso gets redirected after login?
I’m tackling signup during a webshop checkout and would like it to redirect to the same place when it’s done logging in.
Dave Syer
@dsyer
May 19 2015 16:37
Spring Security remembers where you started and sends you back there
If you want to control it on the client look at PART VII of my blogs
(Assuming you can use Angular or translate that to your own framework)