consul+gRPC+TLS安全设置 Golang

Cool.Cat 2020-03-10 1292

1、设置ports.httpsverify_incoming_httpsverify_incomingverify_outgoingca_filecert_filekey_file

{
	"node_name":"sz165",
	"bind_addr":"172.18.9.243",
	"client_addr":"0.0.0.0",
	"datacenter":"WTF",
	"server": true,
	"ui":true,
	"bootstrap_expect":3,
	"data_dir": "./data",
	"ports": {
        "http": -1,
        "https": 443
  	},
	"http_config": {
        "response_headers": {
            "Access-Control-Allow-Origin": "*"
        }
	},
	"encrypt":"pf8QYvnNIS4+TPps5Ne8ERjrpCjDvuu293PVK+zGvVw=",
	"verify_incoming_https":true,
	"verify_incoming":true,
    "verify_outgoing": true,
    "ca_file": "./cert/DigiCert_Global_Root_CA.pem",     
    "cert_file": "./cert/server.pem",
    "key_file": "./cert/server.key"
}


2、cli使用-http-addr-client-cert-client-key

./consul members -http-addr=https://wtf.qq.com -client-cert=./cert/server.pem -client-key=./cert/server.key


或者使用curl

curl https://wtf.qq.com/v1/agent/members --cert ./cert/server.pem --key ./cert/server.key


最新回复 (0)
返回
发新帖
X