Currently, I have an ec2 instance I use as a sort of dev/test server, running multiple microservices.
In front of these services, I have a Spring cloud gateway routing the traffic to the different services.
In front of the ec2 instance, I have an Application Load balancer (ELB) configured with AWS and with a certificate attached that was provided by AWS Certificate Manager (domain hosted in go daddy).
This is all good and well and works perfectly if HTTPS is not set on lb, but once I switch over to HTTPS on lb I only get
502 Bad Gateway
In the gateway logs I get the following exception:
decoding failed: DefaultFullHttpRequest(decodeResult: failure(java.lang.IllegalArgumentException: text is empty (possibly HTTP/0.9)), version: HTTP/1.0, content: UnpooledByteBufAllocator$InstrumentedUnpooledUnsafeHeapByteBuf(ridx: 0, widx: 0, cap: 0))
GET /bad-request HTTP/1.0 :
After some searching I found that you have to explicitly enable SSL using:
server:
ssl:
enabled: true
but once I do that seems like it required the rest of the details since I get the following.
org.springframework.boot.web.server.WebServerException: Could not load key store 'null'
As far as I understand you have to upload the certificate into the jvm cert store, but the problem is as far as I am aware you can't export the certificate provided by AWS Cert Manager.
I previously did the exact same thing for a dot-net-core environment and had no issue (maybe because it's had like a web server running it within the same docker image) I am not sure How to proceed in Java. Maybe my approach is wrong, and this architecture cant work.
Please assist to point out my problem, or suggest a solution as I have exhausted all my options
CodePudding user response:
If you are using ALB, then you deploy your SSL cert from ACM on the ALB itself. Your spring application has nothing to do with that. The process of setting up the SSL cert on ALB is explained in: