wurui 9dfb8fb142 refactor: yomo run zipper from a config file (#496) | 1 年之前 | |
---|---|---|
.. | ||
README.md | 1 年之前 | |
generate_ca.sh | 2 年之前 | |
generate_client.sh | 2 年之前 | |
generate_server.sh | 2 年之前 |
TLS is supported by YoMo. In order to run YoMo services with TLS encryption, it's not necessary to change any code or recompile the program; instead, the only thing you need to do is to add 4 environment variables when starting the service:
YOMO_TLS_VERIFY_PEER
YOMO_TLS_CACERT_FILE
YOMO_TLS_CERT_FILE
YOMO_TLS_KEY_FILE
This example will show you how to build up a YoMo service with self-signed certificates for production environments.
To Run this SHELL script you'll need OpenSSL>=1.1.1 .
./generate_ca.sh
./generate_server.sh
./generate_client.sh source
./generate_client.sh sfn
By default the YoMo server name is yomo-app.dev
. It's possible to create the server certificate for your own DNS name, e.g. abc.test
:
./generate_server.sh abc.test
If successful, 8 files should be generated in the tls
folder.
ca.crt
ca.key
client_sfn.crt
client_sfn.key
client_source.crt
client_source.key
server.crt
server.key
sudo echo '127.0.0.1 yomo-app.dev' | sudo tee -a /etc/hosts
YOMO_TLS_VERIFY_PEER=true \
YOMO_TLS_CACERT_FILE=tls/ca.crt \
YOMO_TLS_CERT_FILE=tls/server.crt \
YOMO_TLS_KEY_FILE=tls/server.key \
yomo serve -c ../example/0-basic/config.yaml
YOMO_TLS_VERIFY_PEER=true \
YOMO_TLS_CACERT_FILE=tls/ca.crt \
YOMO_TLS_CERT_FILE=tls/client_sfn.crt \
YOMO_TLS_KEY_FILE=tls/client_sfn.key \
YOMO_ADDR=yomo-app.dev:9000 \
go run ../example/0-basic/sfn/main.go
YOMO_TLS_VERIFY_PEER=true \
YOMO_TLS_CACERT_FILE=tls/ca.crt \
YOMO_TLS_CERT_FILE=tls/client_source.crt \
YOMO_TLS_KEY_FILE=tls/client_source.key \
YOMO_ADDR=yomo-app.dev:9000 \
go run ../example/0-basic/source/main.go