HTTP没有重定向到HTTPS(SpringBoot)

huangapple go评论73阅读模式
英文:

HTTP not redirecting to HTTPS (SpringBoot)

问题

这是我的代码:

@Bean
public ServletWebServerFactory servletContainer() {
    TomcatServletWebServerFactory tomcat = new TomcatServletWebServerFactory() {
        @Override
        protected void postProcessContext(Context context) {
            SecurityConstraint securityConstraint = new SecurityConstraint();
            securityConstraint.setUserConstraint("CONFIDENTIAL");
            SecurityCollection collection = new SecurityCollection();
            collection.addPattern("/*");
            securityConstraint.addCollection(collection);
            context.addConstraint(securityConstraint);
        }
    };
    tomcat.addAdditionalTomcatConnectors(redirectConnector());
    return tomcat;
}

public static void main(String[] args) {
    SpringApplication.run(Application.class, args);
}

@Bean
public CommandLineRunner commandLineRunner(ApplicationContext ctx) {
    return args -> {
    };
}

private Connector redirectConnector() {
    Connector connector = new Connector(TomcatServletWebServerFactory.DEFAULT_PROTOCOL);
    connector.setScheme("http");
    connector.setPort(80);
    connector.setSecure(false);
    connector.setRedirectPort(443);
    return connector;
}

Application.properties:

server.port = 443

build.gradle:

compile group: 'org.springframework.boot', name: 'spring-boot-starter-web', version: '2.2.6.RELEASE'
compile group: 'org.springframework.boot', name: 'spring-boot-starter-thymeleaf', version: '2.2.6.RELEASE'
compile group: 'org.springframework.boot', name: 'spring-boot-devtools', version: '2.2.6.RELEASE'
compile group: 'org.springframework.boot', name: 'spring-boot-starter-data-jpa', version: '2.2.6.RELEASE'
compile group: 'org.springframework.boot', name: 'spring-boot-starter-security', version: '2.2.6.RELEASE'
英文:

I have deployed a project using Spring boot. I want to redirect all traffic from HTTP to HTTPS. For some reason, the redirect is not working. If I try to access the HTTP website using Chrome, I get 'connection timed out'.

Now, if I try to access the website over HTTPS, chrome is able to load the website. After the initial loading of the HTTPS website, the redirects start working. i.e. HTTP traffic gets redirected to HTTPS successfully.

You can try the above scenario using chrome in incognito mode.

Scenario 1

  1. Open chrome in incognito. Visit: http://timelines.co . Chrome will time out.

Scenario 2

  1. Visit https://timelines.co. Chrome will load the website.
  2. Again visit http://timelines.co. Chrome will redirect to https://www.timelines.co

I would like to know why the redirect is not working in scenario 1.

This is what my code looks like:

@Bean
    public ServletWebServerFactory servletContainer() {
        TomcatServletWebServerFactory tomcat = new TomcatServletWebServerFactory() {
            @Override
            protected void postProcessContext(Context context) {
                SecurityConstraint securityConstraint = new SecurityConstraint();
                securityConstraint.setUserConstraint("CONFIDENTIAL");
                SecurityCollection collection = new SecurityCollection();
                collection.addPattern("/*");
                securityConstraint.addCollection(collection);
                context.addConstraint(securityConstraint);
            }
        };
        tomcat.addAdditionalTomcatConnectors(redirectConnector());
        return tomcat;
    }

    public static void main(String[] args) {
		SpringApplication.run(Application.class, args);
	}

	@Bean
	public CommandLineRunner commandLineRunner(ApplicationContext ctx) {
		return args -> {
		};
	}
	
	private Connector redirectConnector() {
        Connector connector = new Connector(TomcatServletWebServerFactory.DEFAULT_PROTOCOL);
        connector.setScheme("http");
        connector.setPort(80);
        connector.setSecure(false);
        connector.setRedirectPort(443);
        return connector;
    }




Application.properties

    server.port = 443


build.gradle
    compile group: 'org.springframework.boot', name: 'spring-boot-starter-web', version: '2.2.6.RELEASE'
        compile group: 'org.springframework.boot', name: 'spring-boot-starter-thymeleaf', version: '2.2.6.RELEASE'
        compile group: 'org.springframework.boot', name: 'spring-boot-devtools', version: '2.2.6.RELEASE'
        compile group: 'org.springframework.boot', name: 'spring-boot-starter-data-jpa', version: '2.2.6.RELEASE'
        compile group: 'org.springframework.boot', name: 'spring-boot-starter-security', version: '2.2.6.RELEASE'

答案1

得分: 1

Port 80 (HTTP) 不可访问,或者至少没有响应。我使用命令行执行了以下操作:

$ telnet timelines.co 80

该命令一直无法执行。在客户端和服务器之间存在防火墙时,这是常见情况。你提问关于服务器是否在 AWS 上,只需执行以下操作:

$ host timelines.co
timelines.co 的 IP 地址为 54.203.56.245

然后执行:

$ host 54.203.56.245
245.56.203.54.in-addr.arpa 域名指针指向 ec2-54-203-56-245.us-west-2.compute.amazonaws.com

所以你在 us-west-2 AWS 地区的 EC2 实例上。

在设置安全组时很容易忽略端口,特别是在更改设置时。

我不完全知道浏览器在底层是如何工作的。我觉得它们有时候是“有帮助的”,但在此过程中会隐藏底层原因。例如,Chrome 和 Firefox 开始时会默认假设是 https。因此,如果你只输入主机名,它会默认使用你已打开的 443 端口。这就是为什么我使用更底层的工具(telnet)来进行故障排除。它不会尝试猜测我真正想要做什么。

英文:

Port 80 (HTTP) is not accessible or at least not responding. I did this using a command line:

$ telnet timelines.co 80

That command just hung. This is common when there is a firewall of some sort between the client and the server. You ask about knowing that the server is on AWS. Just do a:

$ host timelines.co
timelines.co has address 54.203.56.245

then

$ host 54.203.56.245
245.56.203.54.in-addr.arpa domain name pointer ec2-54-203-56-245.us-west-2.compute.amazonaws.com.

So you're on an EC2 in the us-west-2 AWS region.

It's easy to miss ports when you're setting up a security group, especially when you change things.

I don't fully know what the browsers are doing under the covers. I feel like they are "helpful" sometimes and, in the process, obscure the underlying causes. For example, Chrome and Firefox start by assuming https. So if you just enter the hostname it would have worked for you by defaulting to port 443 that you had opened. That is why I used a lower level tool (telnet) to help debug it. It doesn't try to guess what I really want to do.

huangapple
  • 本文由 发表于 2020年9月24日 01:10:15
  • 转载请务必保留本文链接:https://go.coder-hub.com/64033017.html
匿名

发表评论

匿名网友

:?: :razz: :sad: :evil: :!: :smile: :oops: :grin: :eek: :shock: :???: :cool: :lol: :mad: :twisted: :roll: :wink: :idea: :arrow: :neutral: :cry: :mrgreen:

确定