Spring-cloud-gateway: io.netty.handler.ssl.NotSslRecordException: not an SSL/TLS record:

Created on 21 Jun 2018  ·  17Comments  ·  Source: spring-cloud/spring-cloud-gateway

I encountered this problem when my ssl request passed the path route predicate, but when I request no path route predicate, everything is okay.
this is my error report:
io.netty.handler.ssl.NotSslRecordException: not an SSL/TLS record: 485454502f312e3120343030200d0a5472616e736665722d456e636f64696e673a206368756e6b65640d0a446174653a205468752c203231204a756e20323031382030323a31303a333420474d540d0a436f6e6e656374696f6e3a20636c6f73650d0a0d0a300d0a0d0a
at io.netty.handler.ssl.SslHandler.decodeJdkCompatible(SslHandler.java:1156)
at io.netty.handler.ssl.SslHandler.decode(SslHandler.java:1221)
at io.netty.handler.codec.ByteToMessageDecoder.decodeRemovalReentryProtection(ByteToMessageDecoder.java:489)
at io.netty.handler.codec.ByteToMessageDecoder.callDecode(ByteToMessageDecoder.java:428)
at io.netty.handler.codec.ByteToMessageDecoder.channelRead(ByteToMessageDecoder.java:265)
at io.netty.channel.AbstractChannelHandlerContext.invokeChannelRead(AbstractChannelHandlerContext.java:362)
at io.netty.channel.AbstractChannelHandlerContext.invokeChannelRead(AbstractChannelHandlerContext.java:348)
at io.netty.channel.AbstractChannelHandlerContext.fireChannelRead(AbstractChannelHandlerContext.java:340)
at io.netty.channel.DefaultChannelPipeline$HeadContext.channelRead(DefaultChannelPipeline.java:1434)
at io.netty.channel.AbstractChannelHandlerContext.invokeChannelRead(AbstractChannelHandlerContext.java:362)
at io.netty.channel.AbstractChannelHandlerContext.invokeChannelRead(AbstractChannelHandlerContext.java:348)
at io.netty.channel.DefaultChannelPipeline.fireChannelRead(DefaultChannelPipeline.java:965)
at io.netty.channel.nio.AbstractNioByteChannel$NioByteUnsafe.read(AbstractNioByteChannel.java:163)
at io.netty.channel.nio.NioEventLoop.processSelectedKey(NioEventLoop.java:645)
at io.netty.channel.nio.NioEventLoop.processSelectedKeysOptimized(NioEventLoop.java:580)
at io.netty.channel.nio.NioEventLoop.processSelectedKeys(NioEventLoop.java:497)
at io.netty.channel.nio.NioEventLoop.run(NioEventLoop.java:459)
at io.netty.util.concurrent.SingleThreadEventExecutor$5.run(SingleThreadEventExecutor.java:884)
at java.lang.Thread.run(Thread.java:745)

picture caoofeifie1993

Most helpful comment

@chetz3
If you are calling via eureka server

spring:
  cloud:
    gateway:
      x-forwarded:
        enabled: true
        for-enabled: true
        proto-enabled: true
        host-append: false
        port-append: false
        proto-append: false
      routes: 
      - id: router1
        predicates:
        - Host=sample.com
        - Path=/**
        uri: lb:http://sample-web

lb:[overwite scheme]://sample-web
Implemented within LoadBalancerClientFilter.class

picture sugizon on 14 Jul 2018
👍7 🎉3 🚀2

All 17 comments

You usually see this when you have a http vs https mismatch

tony-clarke-amdocs picture tony-clarke-amdocs on 21 Jun 2018
👍83 👎1

@tony-clarke-amdocs
Yes, I know, but I don't know why the spring cloud gateway ssl request will report an error through the route when i use path route predicate

caoofeifie1993 picture caoofeifie1993 on 21 Jun 2018

Can you please describe how to recreate the issue, even better provide a project that does.

spencergibb picture spencergibb on 21 Jun 2018

@spencergibb
I know why this is happening,My other service is an http request. I need to turn https into http.

caoofeifie1993 picture caoofeifie1993 on 22 Jun 2018

@spencergibb

hey i am having same issue, my gateway application is https i am trying to route to http service via eureka service id using lb:// it is giving me the above issue, but the same issue will not come when i do uri: http://localhost: can some one help me here

chetz3 picture chetz3 on 3 Jul 2018

You have to rewrite the scheme, otherwise it will use https

spencergibb picture spencergibb on 3 Jul 2018

can you please help out with it ? not sure how to rewrite the scheme, is it there in the spring gateway docs ?

chetz3 picture chetz3 on 3 Jul 2018

@chetz3 like this
package com.sbr.isomp.filter;

import org.springframework.cloud.gateway.filter.GatewayFilterChain;
import org.springframework.cloud.gateway.filter.GlobalFilter;
import org.springframework.core.Ordered;
import org.springframework.http.server.reactive.ServerHttpRequest;
import org.springframework.stereotype.Component;
import org.springframework.web.server.ServerWebExchange;
import reactor.core.publisher.Mono;

import java.net.URI;
import java.util.List;

@Component
public class HttpsToHttpFilter implements GlobalFilter, Ordered {

private static final int HTTPS_TO_HTTP_FILTER_ORDER = 10099;

@Override
public Mono<Void> filter(ServerWebExchange exchange, GatewayFilterChain chain) {
    URI originalUri = exchange.getRequest().getURI();
    ServerHttpRequest request = exchange.getRequest();
    ServerHttpRequest.Builder mutate = request.mutate();
    String forwardedUri = request.getURI().toString();
    if (forwardedUri != null && forwardedUri.startsWith("https")) {
        try {
            URI mutatedUri = new URI("http",
                    originalUri.getUserInfo(),
                    originalUri.getHost(),
                    originalUri.getPort(),
                    originalUri.getPath(),
                    originalUri.getQuery(),
                    originalUri.getFragment());
            mutate.uri(mutatedUri);
        } catch (Exception e) {
            throw new IllegalStateException(e.getMessage(), e);
        }
    }
    ServerHttpRequest build = mutate.build();
    return chain.filter(exchange.mutate().request(build).build());
}

@Override
public int getOrder() {
    return HTTPS_TO_HTTP_FILTER_ORDER;
}

}

caoofeifie1993 picture caoofeifie1993 on 3 Jul 2018
👍5

thanks @caoofeifie1993, i try that out.. and i tried making the other 2 services https and then i receive this error SSL connection closed :( not sure why this happened

chetz3 picture chetz3 on 3 Jul 2018

@chetz3 This filter is placed in the gateway,it will rewrite https to http,and other service is http.

caoofeifie1993 picture caoofeifie1993 on 4 Jul 2018

@chetz3
If you are calling via eureka server

spring:
  cloud:
    gateway:
      x-forwarded:
        enabled: true
        for-enabled: true
        proto-enabled: true
        host-append: false
        port-append: false
        proto-append: false
      routes: 
      - id: router1
        predicates:
        - Host=sample.com
        - Path=/**
        uri: lb:http://sample-web

lb:[overwite scheme]://sample-web
Implemented within LoadBalancerClientFilter.class

sugizon picture sugizon on 14 Jul 2018
👍7 🎉3 🚀2

@caoofeifie1993 Excuse me, if it is such a proxy, can the gateway implement user access to http and then redirect to https?

xinwu-yang picture xinwu-yang on 23 Jul 2018

@xinwu-yang i think is ok, but i do not try,

caoofeifie1993 picture caoofeifie1993 on 25 Jul 2018

Thank you @sugizon, i've been struggling with this error for hours. Your yaml section solved the problem for me.

odedia picture odedia on 10 May 2020
👍1

Is there a way to capture this exception and relaunch it with a custom Exception?

dcalap picture dcalap on 12 Jun 2020

Might be related to #1842

rougou picture rougou on 18 Aug 2020

Hi @caoofeifie1993 , this seems to work for me, but I have a question. Why did you set the order to 10099? It seems to be quite random for me, but when I changed it to e.g. 100000 it was not working as expected anymore. Are there other gateway filters that are run afterwards? Do you know if there is a way to show all filters that have been registered in the gateway?

Maxeh picture Maxeh on 13 Oct 2020
Was this page helpful?
0 / 5 - 0 ratings

Related issues

ryanjbaxter picture ryanjbaxter  ·  31Comments
tony-clarke-amdocs picture tony-clarke-amdocs  ·  32Comments
tianmingxing picture tianmingxing  ·  32Comments
adrianbrad picture adrianbrad  ·  30Comments
re6exp picture re6exp  ·  36Comments