consul+gRPC+TLS安全设置-后端-有趣

consul+gRPC+TLS安全设置 Golang

Cool.Cat 2020-03-10 2648

1、设置ports.https、verify_incoming_https、verify_incoming、verify_outgoing、ca_file、cert_file、key_file

{
	"node_name":"sz165",
	"bind_addr":"172.18.9.243",
	"client_addr":"0.0.0.0",
	"datacenter":"WTF",
	"server": true,
	"ui":true,
	"bootstrap_expect":3,
	"data_dir": "./data",
	"ports": {
        "http": -1,
        "https": 443
  	},
	"http_config": {
        "response_headers": {
            "Access-Control-Allow-Origin": "*"
        }
	},
	"encrypt":"pf8QYvnNIS4+TPps5Ne8ERjrpCjDvuu293PVK+zGvVw=",
	"verify_incoming_https":true,
	"verify_incoming":true,
    "verify_outgoing": true,
    "ca_file": "./cert/DigiCert_Global_Root_CA.pem",     
    "cert_file": "./cert/server.pem",
    "key_file": "./cert/server.key"
}

2、cli使用-http-addr、-client-cert、-client-key

./consul members -http-addr=https://wtf.qq.com -client-cert=./cert/server.pem -client-key=./cert/server.key

或者使用curl

curl https://wtf.qq.com/v1/agent/members --cert ./cert/server.pem --key ./cert/server.key

最新回复 (0)

发新帖

Cool.Cat

主题数
103

帖子数
80

精华数
1

注册排名
2