0

I have set up a Gateway-Microservice configuration in JHipster, and I cannot seem to get the microservice to communicate to the gateway using FeignClient

Everything worked fine until I started following these instructions https://www.jhipster.tech/production/#https-support to use a https server for the gateway.

The microservice looks like this:

@RestController
@RequestMapping("/api")
public class MicroserviceResource {
    private final GatewayFeignClientProxy feignClient;

    public MicroserviceResource(GatewayFeignClientProxy feignClient) {
        this.feignClient = feignClient;
    }
    @GetMapping("/test-microservice")
    public ResponseEntity<String> testMicroservice() {
        String response = feignClient.testGateway().getBody();
        return ResponseEntity.ok(" Gateway returned " + response);
    }
}

With the feign client proxy:

@FeignClient(name="g", path="/api")
public interface GatewayFeignClientProxy {
    @GetMapping("/test-gateway")
    public ResponseEntity<String> testGateway();
}

And the gateway looks like this:

@RestController
@RequestMapping("/api")
public class MyResource {
    @GetMapping("/test-gateway")
    public ResponseEntity<String> testGateway() {
        return ResponseEntity.ok("OK");
    }
}

In my before-last commit, I got " Gateway returned OK". But when I switched the gateway to https using letsencrypt, I get this exception:

com.netflix.hystrix.exception.HystrixRuntimeException: GatewayFeignClientProxy#testGateway() failed and no fallback available.
        at com.netflix.hystrix.AbstractCommand$22.call(AbstractCommand.java:822)
        at com.netflix.hystrix.AbstractCommand$22.call(AbstractCommand.java:807)
        at rx.internal.operators.OperatorOnErrorResumeNextViaFunction$4.onError(OperatorOnErrorResumeNextViaFunction.java:140)
        at rx.internal.operators.OnSubscribeDoOnEach$DoOnEachSubscriber.onError(OnSubscribeDoOnEach.java:87)
        at rx.internal.operators.OnSubscribeDoOnEach$DoOnEachSubscriber.onError(OnSubscribeDoOnEach.java:87)
        at com.netflix.hystrix.AbstractCommand$DeprecatedOnFallbackHookApplication$1.onError(AbstractCommand.java:1472)
        at com.netflix.hystrix.AbstractCommand$FallbackHookApplication$1.onError(AbstractCommand.java:1397)
...
Caused by: feign.RetryableException: No subject alternative names matching IP address 172.18.0.10 found executing GET http://g/api/test-gateway
        at feign.FeignException.errorExecuting(FeignException.java:84)
        at feign.SynchronousMethodHandler.executeAndDecode(SynchronousMethodHandler.java:113)
        at feign.SynchronousMethodHandler.invoke(SynchronousMethodHandler.java:78)
        at feign.hystrix.HystrixInvocationHandler$1.run(HystrixInvocationHandler.java:106)
        at com.netflix.hystrix.HystrixCommand$2.call(HystrixCommand.java:302)
        at com.netflix.hystrix.HystrixCommand$2.call(HystrixCommand.java:298)
        at rx.internal.operators.OnSubscribeDefer.call(OnSubscribeDefer.java:46)
        ... 167 common frames omitted
Caused by: javax.net.ssl.SSLHandshakeException: No subject alternative names matching IP address 172.18.0.10 found
        at java.base/sun.security.ssl.Alert.createSSLException(Unknown Source)
        at java.base/sun.security.ssl.TransportContext.fatal(Unknown Source)
        at java.base/sun.security.ssl.TransportContext.fatal(Unknown Source)
        at java.base/sun.security.ssl.TransportContext.fatal(Unknown Source)
        at java.base/sun.security.ssl.CertificateMessage$T12CertificateConsumer.checkServerCerts(Unknown Source)
        at java.base/sun.security.ssl.CertificateMessage$T12CertificateConsumer.onCertificate(Unknown Source)
        at java.base/sun.security.ssl.CertificateMessage$T12CertificateConsumer.consume(Unknown Source)
        at java.base/sun.security.ssl.SSLHandshake.consume(Unknown Source)

Further information, which may be useful: I am running this using docker, the gateway and the microservice are both in their own containers.

Chris
  • 45
  • 2
  • 6
  • I recommend only configuring HTTPS for the gateway, as the microservices are usually only requested through the gateway. The feign client looks up the app from the registry and sends the request to that IP, and you can't use an IP+HTTPS. Maybe you can pass a host header, not sure – Jon Ruddell Jul 19 '19 at 17:44
  • Thank you. This is exactly what I am doing. My gateway is https, but my microservices aren't. I have edited my question to highlight this. – Chris Jul 22 '19 at 15:06

1 Answers1

0

There is message:

Caused by: feign.RetryableException: No subject alternative names matching IP address 172.18.0.10 found executing GET http://g/api/test-gateway
        at feign.FeignException.errorExecuting(FeignException.java:84)

You sure, your host is correct:

http://g/api/test-gateway

Actually, according to this:

In my before-last commit, I got " Gateway returned OK".
But when I switched the gateway to https using letsencrypt, I get this exception:

and this:

http://g/api/test-gateway

you did not switch your configuration to use https (or something similar - you use https on port 80, you did not expose port 80, you expose only 443 and so on).

degr
  • 1,559
  • 1
  • 19
  • 37
  • Thank you for your response. How do I switch my configuration tu use https? Should this be done in the gateway, the microservice or the jhipster registry? – Chris Jul 24 '19 at 11:47