CODEWITHSUNDEEP
spring-bootembedded-jetty
Gennadiy Kartashevskyy
Gennadiy Kartashevskyy

Reputation: 315

Spring Boot 3.1 with Jetty: Invalid SNI

I'm in process of migration to Spring Boot 3 from Spring Boot 2.7, but my services are killed by the orchestrator on failing healthchecks:

/health org.eclipse.jetty.http.BadMessageException: 400: Invalid SNI

Considering nothing changed on how orchestrator calls health endpoint, I can't find anything related in upgrade notes

Upvotes: 1

Views: 1654

Answers (1)

Gennadiy Kartashevskyy
Gennadiy Kartashevskyy

Reputation: 315

Solved with customization of WebServerFactory

@ManagementContextConfiguration(proxyBeanMethods = false)
class DisableSniHostCheckConfiguration {

    @Bean
    WebServerFactoryCustomizer<JettyServletWebServerFactory> disableSniHostCheck() {
        return (factory) -> {
            factory.addServerCustomizers((server) -> {
                for (Connector connector : server.getConnectors()) {
                    if (connector instanceof ServerConnector serverConnector) {
                        HttpConnectionFactory connectionFactory = serverConnector
                            .getConnectionFactory(HttpConnectionFactory.class);
                        if (connectionFactory != null) {
                            SecureRequestCustomizer secureRequestCustomizer = connectionFactory.getHttpConfiguration()
                                .getCustomizer(SecureRequestCustomizer.class);
                            if (secureRequestCustomizer != null) {
                                secureRequestCustomizer.setSniHostCheck(false);
                            }
                        }
                    }
                }
            });
        };
    }

}

and META-INF/spring/org.springframework.boot.actuate.autoconfigure.web.ManagementContextConfiguration.imports file with:

com.mypackage.DisableSniHostCheckConfiguration

Make sure the package is scanned

Upvotes: 3

Related Questions