fabric-docs-i18n icon indicating copy to clipboard operation
fabric-docs-i18n copied to clipboard
verified publisher icon hyperledger

[ja_JP] Commands Reference / Service Discovery CLI

Open shimos opened this issue 2 years ago • 0 comments

Original HTML: https://hyperledger-fabric.readthedocs.io/en/release-2.5/discovery-cli.html Original Source: https://github.com/hyperledger/fabric/blob/e1e8e2e52aa4fc543360d245fe6554a0eaf81183/docs/source/discovery-cli.md

diff --git a/docs/source/discovery-cli.md b/docs/source/discovery-cli.md
index d06da58eb..2e2cd14eb 100644
--- a/docs/source/discovery-cli.md
+++ b/docs/source/discovery-cli.md
@@ -48,12 +48,11 @@ Commands:
 Configuring external endpoints
 ------------------------------
 
-Currently, to see peers in service discovery they need to have `EXTERNAL_ENDPOINT`
-to be configured for them. Otherwise, Fabric assumes the peer should not be
+For a peer to be exposed to service discovery, they need to have `peer.gossip.externalEndpoint`
+configured in `core.yaml`. Otherwise, Fabric assumes the peer should not be
 disclosed.
 
-To define these endpoints, you need to specify them in the `core.yaml` of the
-peer, replacing the sample endpoint below with the ones of your peer.
+The `core.yaml` value can also be overridden using an environment variable.
 
 ```
 CORE_PEER_GOSSIP_EXTERNALENDPOINT=peer1.org1.example.com:8051
@@ -86,15 +85,14 @@ signerconfig:
 ```
 
 When the peer runs with TLS enabled, the discovery service on the peer
-requires the client to connect to it with mutual TLS, which means it
-expects the client to authenticate using a TLS certificate. 
-
-However, the peer is configured by default to
-request (and verify if given, but not require) client TLS certificates. 
-Therefore, unless the peer's `tls.clientAuthRequired` is
-set to `true` (in which case it mandates client-side TLS authentication),
-TLS connections can be established to the peer but will be rejected in the 
-discovery application layer. To that end, the discovery CLI provides a 
+requires the client to connect to it with mutual TLS, even if the
+peer has not set `tls.clientAuthRequired` to `true`.
+
+When `tls.clientAuthRequired` is set to `false`, the peer will still
+request (and verify if given, but not require) client TLS certificates.
+Therefore if the client does not pass a TLS certificate,
+TLS connections can be established to the peer but will be rejected in the
+peer's discovery layer. To that end, the discovery CLI provides a
 TLS certificate on its own if the user doesn't explicitly set one.
 
 More concretely, when the discovery CLI's config file has a certificate path for

shimos avatar Sep 28 '23 01:09 shimos