Open jjtyro opened 6 years ago
我可能没说清楚,是如何让frontend能访问https模式的service center,而且service center设置了认证客户端。 Thanks!
Hello @jjtyro Currently Service-Center Frontend was developed for the purpose of ease of access of service-centre api's which was purely meant for developer env, in future we do have plans to make the frontend production ready and supporting https is one part of them, we will be adding this support in 1.0.00-m2 release. Feel free to contribute to this feature..
Service Center's api server use the same flag 'ssl_verify_client' for client of etcd backend, Because my etcd cluster uses tls authentication, so configure ssl_verify_client = 1, but this also makes the api server open https and then ..... Whether this flag can be divided into two, one for api server and one for etcd client.
@jjtyro Currently we think that keeping seperate TLS config for SC and etcd will not be safe enough, so as per the suggestion by @little-cui we can make frontend client use go-server to proxy all the request with TLS to SC backend. We have created a JIRA for this in apache SCB-348 , you can track the progress here.. Thanks for bringing up this topic, this helps us a lot to make our products User friendly and helps to understand the UseCase for different Users.
thanks for your answer!
Temporarily using Nginx as a proxy, it works except the microservice schema testing. Nginx's config is: `events { worker_connections 10; }
http { upstream center { server 10.210.33.53:30100; server 10.210.33.54:30100; server 10.210.33.55:30100; }
server {
listen 30103;
server_name 10.210.33.53;
root /usr/share/nginx/html;
index index.html index.htm;
#charset utf-8;
location / {
try_files $uri $uri/ /index.html;
}
location ~ /v[0-9][.0-9]*/.*/(registry|govern) {
proxy_pass https://center;
proxy_ssl_certificate /etc/ssl/front/server.cer;
proxy_ssl_certificate_key /etc/ssl/front/server_key.pem;
proxy_ssl_trusted_certificate /etc/ssl/front/trust.cer;
}
}
}`
Run nginx using docker, command line like this:
docker run --rm --name center-front -v /home/svccomb/center-front/conf/nginx.conf:/etc/nginx/nginx.conf -v /home/svccomb/center-front/app:/usr/share/nginx/html -v /home/svccomb/center/etc/ssl:/etc/ssl/front -p 30103:30103 nginx:1.13 -d
service center配置了使用证书的https访问后,frontend如何配置使用https证书模式?