-
Notifications
You must be signed in to change notification settings - Fork 68
RollSite: Configuring Secure Communications
Max edited this page Nov 16, 2021
·
4 revisions
Users please copy CA certificate, private key and public key to a certain dir. We recommend users put their certificates into a folder.
The following items are required to be added or modified in eggroll.properties:
# suppose your certs in /path/to/certs
# certificates in pem format
eggroll.rollsite.secure.port=9371
eggroll.core.security.client.ca.crt.path=/path/to/certs/ca.crt
eggroll.core.security.client.crt.path=/path/to/certs/public.crt
eggroll.core.security.client.key.path=/path/to/certs/private.keyUsers need to modify their route table when they need to use secure connection. Default setting is not using secure connection.
e.g.:
# suppose your default gateway is at `exchange.com:9371`, secure connection
# 10001 at `10001.com:9371`, secure connection,
# 10002 at `10002.com:9370, non-secure connection
"default":
{
"default":[
{
"is_secure": true, # this is the new setting
"ip": "exchange.com",
"port": 9371
}
]
},
"10001":
{
"default":[
{
"is_secure": true, # this is the new setting
"ip": "10001.com",
"port": 9371
}
]
},
"10002":
{
"default":[
{
"ip": "10002.com", # no need to set `"is_secure": true` here. you may explicit sets `"is_secure": false` or omit it.
"port": 9370
}
]
}Once all setups are ready, please restart RollSite to activate the new secure port. You should be able to see the following log in rollsite.jvm.log if secure port (say 9371) are set:
secure server started at 9371
- Overview
-
Eggroll FAQ
-
Configurations
- 3.1. eggroll.properties: Eggroll's Main configuration File
- 3.2. Environment Variables
- 3.3. RollSite: Configuring Route Table
- 3.4. RollSite: Configuring Secure Communications
- 3.5. RollSite: Configuring Polling Mode
- 3.6. RollSite: Passing Through a HTTP/1 Network
- Deployment