As you can see, the configuration of SSL for a microservice application is not a very hard task. However, it is time to increase the difficulty level. We have already launched a single microservice that serves a RESTful API over HTTPS. Now we want that microservice to integrate with the discovery server. There are two problems that arise from this. The first of these is the need to publish information about the secure microservice's instance in Eureka. The second of these concerns exposing Eureka over HTTPS and forcing the discovery client to authenticate against a discovery server using a private key. Let's discuss these issues in detail.
If your application is exposed over a secure SSL port, you should change two flags from the EurekaInstanceConfig
—nonSecurePortEnabled
to false
and securePortEnabled
to true
. This forces Eureka to publish instance information that shows an explicit preference for secure communication. The Spring Cloud DiscoveryClient...