casbin-mesh icon indicating copy to clipboard operation
casbin-mesh copied to clipboard

Published 20 hours ago verified publisher icon casbin

Separate TLS config

Open nodece opened this issue 2 years ago • 2 comments

Motivaction

Currently, we just have one TLS config, which is used for Raft and HTTP/GRPC servers, it is unsafe. When a client uses this TLS config, it can access the Raft and HTTP/GRPC servers, we cannot allow the client to access the Raft server, it is dangerous, so we need to split two TLS configs for HTTP/GPRC servers and Raft servers.

Improvement Way

Support setting the TLS for HTTP/GPRC and Raft servers respectively.

  • HTTP/GRPC server TLS config, it is used to client-to-server communication, so like:
--endpoint-ca-file <path>
--endpoint-cert-file <path>
--endpoint-key-file <path>
  • Raft server TLS config, it is used to server-to-server communication, so like:
--peer-ca-file <path>
--peer-cert-file <path>
--peer-key-file <path>

nodece avatar Nov 04 '21 15:11 nodece