I am converting my production API Gateway from Zuul to Spring Cloud Gateway. Can someone point me to any good guides, examples, or pointers on doing so?
@kentoj nothing written yet
Ok, @spencergibb, I'll make do with what I can find. Thanks!
let me know if you have questions
I successfully upgraded my stack from Spring Boot 1.5.10 to 2.0.0R2 and
Edgeware.R2 to Finchley.BUILD-SNAPSHOT, respectively. It was easier than I thought it would be.
I am still on Zuul though. I am setting up Spring Cloud Gateway now.
I am also using Spring OAuth2 with JWT which I thought significantly changed from Spring Boot 1.5 and Spring Security 4 to Spring Boot 2 and Spring Security 5. Props to the Spring team for making upgrades so painless!
Anyone have a good article on how to make a call to a
ReplayProcessor.onNext(...) asynchronous using Project Reactor?
I found it, way simple: Wrapping a blocking call docs
Just use
Mono.fromCallable { } .subscribeOn(Schedulers.elastic()).subscribe() (Kotlin)
@spencergibb Do I use the AddRequestHeader GatewayFilter Factory if I want to pass an Authorization JWT header to downstream services like so
spring:
cloud:
gateway:
routes:
- id: add_request_header_route
uri: http://example.org
filters:
- AddRequestHeader=Authorizationor would that just put a blank Authorization header in the request?
the latter
Ok, If I am sending an Authorization header from my client will SCG pass that through or strip it like Zuul would?
should pass thru
I haven't yet found a good example on how to proxy services with SCG like Zuul can. Do you have an example? Also, Is there a /mappings route available with SCG where I can see what things are mapped as?
Ok, I think the problem may be I am on 2.0.0 rather than M6
Thanks though, I'll try that.
I'm getting an odd problem with my TLS setup similar to this issue: spring-cloud/spring-cloud-gateway#160
Though I have my TLS config set up like the post shows I always get a NotSslRecordException to every route that is not to /actuator/health or other actuator endpoints, basically the gateway itself.
What should I try at this point? I am trying HTTP to see if that works.
Also, how would I get the route prefix stripped or does that happen by default? For example:
return builder.routes()
.route {
it.path("/uaa/**")
.uri("lb://uaa-service")
}
.route {
it.path("/districts/**")
.uri("lb://districts")
}.build()In this code are the /uaa and /districts prefixes stripped before the request is sent to the proxied service?
there's no notion of prefix since routes can match on more than just path. Need to modify the path somehow. There is a strip prefix filter
Great, thanks, I think I have seen that spread across a few examples.
Hmm, still getting
io.netty.handler.ssl.NotSslRecordException
Wait one sec.
Yep, TLS still broken. Works in HTTP though. Maybe I have a Netty issue?
Wow, I love the logging in Spring Cloud Gateway. I hope I can get this TLS working!
@spencergibb Do you have a working HTTPS example or know of one?
That's the last thing I need working before I deploy this to production. Everything else works now.
It looks like it must be a Netty problem since I don't get any debug output on the target service.
There is some weird behavior happening. When I trigger one request there are four calls to SslHandler::decode, which I imagine one for the OPTIONS and one for the GET, though I don't know what the other two would be. Nevertheless, on the first request the keyManager of the SslEngine has the keystore loaded but all subsequent requests do not.
Is there a way to do some custom config for the Netty client?
Is there no TLS for Netty at all? this seems to say so: spring-projects/spring-boot#9431
I'm wrong there.
I'll try just proxying with NGINX for TLS