netflix-zuulconsulspring-cloud-consul

API Gateway using Spring Cloud + Zuul + Consul : dynamic routing not working when using HTTPS


I'm currently working on an API Gateway to centralize calls to REST APIs. We are using Spring Cloud (Edgware.SR3 version), with Zuul (1.3.0) to handle service discovery and Consul as service registry.

In a first version, routes to each service was registered in the gateway configuration using zuul.routes.myApiName.url and it was working fine.

Then, we wanted to use dynamic routing to allow having multiple instances of each API.

I've removed the zuul.routes.myApiName.url for that purpose. Problem is that my calls to the API through the gateway are returning and error :

Bad Request This combination of host and port requires TLS.

Here is the configuration of the API registering in Consul :

spring.cloud.discovery.enabled=true
spring.cloud.consul.host=@consul_host_ip@
spring.cloud.consul.port=@consul_host_port@
spring.cloud.consul.discovery.scheme=https

And here is the configuration of Zuul route in the gateway :

zuul.host.socket-timeout-millis=60000
zuul.add-proxy-headers=false
zuul.ignored-services=*
zuul.routes.myApiName.path=/myApiName/**
zuul.routes.myApiName.serviceId=myApiName

API is correctly registered in Consul and health check is using HTTPS successfully :

HTTP GET https://hostname:port/health: 200  Output: {"description":"Composite Discovery Client","status":"UP"}

Certificates are also well configured since I am able to call my API directly using HTTPS. But it seems that Zuul redirection is using HTTP instead of HTTPS (I have the same error if I call my API in direct mode (no gateway) using HTTP).

I've been struggling with this for a while, so I'd like to know if there is a configuration missing to force Zuul to use HTTPS in the routed call to API ?

Thanks in advance !


Solution

  • I've finally found the solution : I had to add this property : ribbon.IsSecure=true