These are chat archives for spring-cloud/spring-cloud

26th
Feb 2018
Kent Johnson
@kentoj
Feb 26 2018 18:56 UTC
I am converting my production API Gateway from Zuul to Spring Cloud Gateway. Can someone point me to any good guides, examples, or pointers on doing so?
Spencer Gibb
@spencergibb
Feb 26 2018 18:59 UTC
@kentoj nothing written yet
Kent Johnson
@kentoj
Feb 26 2018 18:59 UTC
Ok, @spencergibb, I'll make do with what I can find. Thanks!
Spencer Gibb
@spencergibb
Feb 26 2018 19:00 UTC
let me know if you have questions
Kent Johnson
@kentoj
Feb 26 2018 20:13 UTC
I successfully upgraded my stack from Spring Boot 1.5.10 to 2.0.0R2 and Edgeware.R2 to Finchley.BUILD-SNAPSHOT, respectively. It was easier than I thought it would be.
I am still on Zuul though. I am setting up Spring Cloud Gateway now.
I am also using Spring OAuth2 with JWT which I thought significantly changed from Spring Boot 1.5 and Spring Security 4 to Spring Boot 2 and Spring Security 5. Props to the Spring team for making upgrades so painless!
Anyone have a good article on how to make a call to a ReplayProcessor.onNext(...) asynchronous using Project Reactor?
Kent Johnson
@kentoj
Feb 26 2018 20:44 UTC
I found it, way simple: Wrapping a blocking call docs
Just use Mono.fromCallable { } .subscribeOn(Schedulers.elastic()).subscribe() (Kotlin)
Kent Johnson
@kentoj
Feb 26 2018 20:58 UTC

@spencergibb Do I use the AddRequestHeader GatewayFilter Factory if I want to pass an Authorization JWT header to downstream services like so

spring:
  cloud:
    gateway:
      routes:
      - id: add_request_header_route
        uri: http://example.org
        filters:
        - AddRequestHeader=Authorization

or would that just put a blank Authorization header in the request?

Spencer Gibb
@spencergibb
Feb 26 2018 20:58 UTC
the latter
Kent Johnson
@kentoj
Feb 26 2018 20:59 UTC
Ok, If I am sending an Authorization header from my client will SCG pass that through or strip it like Zuul would?
Spencer Gibb
@spencergibb
Feb 26 2018 20:59 UTC
should pass thru
Kent Johnson
@kentoj
Feb 26 2018 21:27 UTC
I haven't yet found a good example on how to proxy services with SCG like Zuul can. Do you have an example? Also, Is there a /mappings route available with SCG where I can see what things are mapped as?
Kent Johnson
@kentoj
Feb 26 2018 21:32 UTC
Ok, I think the problem may be I am on 2.0.0 rather than M6
Thanks though, I'll try that.
Kent Johnson
@kentoj
Feb 26 2018 22:01 UTC
I'm getting an odd problem with my TLS setup similar to this issue: spring-cloud/spring-cloud-gateway#160
Though I have my TLS config set up like the post shows I always get a NotSslRecordException to every route that is not to /actuator/health or other actuator endpoints, basically the gateway itself.
What should I try at this point? I am trying HTTP to see if that works.
Kent Johnson
@kentoj
Feb 26 2018 22:08 UTC

Also, how would I get the route prefix stripped or does that happen by default? For example:

return builder.routes()
                .route {
                    it.path("/uaa/**")
                            .uri("lb://uaa-service")
                }
                .route {
                    it.path("/districts/**")

                            .uri("lb://districts")
                }.build()

In this code are the /uaa and /districts prefixes stripped before the request is sent to the proxied service?

Spencer Gibb
@spencergibb
Feb 26 2018 22:10 UTC
there's no notion of prefix since routes can match on more than just path. Need to modify the path somehow. There is a strip prefix filter
Kent Johnson
@kentoj
Feb 26 2018 22:17 UTC
Great, thanks, I think I have seen that spread across a few examples.
Kent Johnson
@kentoj
Feb 26 2018 22:23 UTC
Hmm, still getting io.netty.handler.ssl.NotSslRecordException
Wait one sec.
Yep, TLS still broken. Works in HTTP though. Maybe I have a Netty issue?
Kent Johnson
@kentoj
Feb 26 2018 22:32 UTC
Wow, I love the logging in Spring Cloud Gateway. I hope I can get this TLS working!
@spencergibb Do you have a working HTTPS example or know of one?
That's the last thing I need working before I deploy this to production. Everything else works now.
Kent Johnson
@kentoj
Feb 26 2018 22:42 UTC
It looks like it must be a Netty problem since I don't get any debug output on the target service.
Kent Johnson
@kentoj
Feb 26 2018 23:04 UTC
There is some weird behavior happening. When I trigger one request there are four calls to SslHandler::decode, which I imagine one for the OPTIONS and one for the GET, though I don't know what the other two would be. Nevertheless, on the first request the keyManager of the SslEngine has the keystore loaded but all subsequent requests do not.
Is there a way to do some custom config for the Netty client?
Is there no TLS for Netty at all? this seems to say so: spring-projects/spring-boot#9431
I'm wrong there.
Kent Johnson
@kentoj
Feb 26 2018 23:34 UTC
I'll try just proxying with NGINX for TLS