SSL的Arangod.conf [英] Arangod.conf for SSL
问题描述
在具有/server.pem
处的自签名证书的端口8529上运行TLS 1.2时,arangod.conf
看起来像什么?当前文档仅列出用于启动服务器的参数,而没有列出等效的arangod.conf
.
What does arangod.conf
look like for running TLS 1.2 on port 8529 with a self-signed certificate at /server.pem
? The current documentation lists only the parameters for starting the server, but not the equivalent arangod.conf
.
[database]
directory = /var/lib/arangodb3
[server]
endpoint = ssl://0.0.0.0:8529
authentication = true
threads = 0
statistics = true
uid = arangodb
enter code here
[scheduler]
threads = 0
[javascript]
startup-directory = /usr/share/arangodb3/js
app-path = /var/lib/arangodb3-apps
[log]
level = info
file = /var/log/arangodb3/arangod.log
[cluster]
data-path = /var/lib/arangodb3/cluster
log-path = /var/log/arangodb3/cluster
arangod-path = @SBINDIR@/arangod@PROGRAM_SUFFIX@
dbserver-config = @SYSCONFDIR@/arangod.conf
[ssl]
keyfile = /server.pem
protocol = 5
当我开始时,什么都没有.
And when I start, nothing works.
我也尝试过尝试镜像文档,
I also tried, attempting to mirror the documentation,
[ssl]
keyfile = /server.pem /tmp/vocbase
protocol = 5
但仍然没有运气.
推荐答案
我要在Ubuntu 16.04的端口8530上运行SSL的步骤如下:
The steps I follow to get SSL running on port 8530 on Ubuntu 16.04 are:
- 修改/etc/arangodb3/arangod.conf:
endpoint = ssl://0.0.0.0:8530
- 生成您的自签名SSL证书,我使用openssl
- 您应该最终得到一个
server.pem
文件,其中同时包含server.crt
和server.key
- 修改/etc/init.d/arangodb3文件:
找到大约50行的样子:
$DAEMON --uid arangodb --gid arangodb --pid-file "$PIDFILE" --temp.path "/var/tmp/arangod" --log.foreground-tty false --supervisor $@
将其更新为以下内容:
$DAEMON --uid arangodb --gid arangodb --pid-file "$PIDFILE" --temp.path "/var/tmp/arangod" --log.foreground-tty false –-ssl.keyfile /etc/arangodb3/server.pem --supervisor $@
- 重新启动arangodb3服务以使用新的ssl证书,您现在应该可以通过端口8530连接
- Modify /etc/arangodb3/arangod.conf:
endpoint = ssl://0.0.0.0:8530
- Generate your self signed SSL cert, I use openssl
- You should end up with a
server.pem
file which contains both yourserver.crt
andserver.key
- Modify your /etc/init.d/arangodb3 file:
Find the line that looks like this, about line 50:
$DAEMON --uid arangodb --gid arangodb --pid-file "$PIDFILE" --temp.path "/var/tmp/arangod" --log.foreground-tty false --supervisor $@
Update it to something like this:
$DAEMON --uid arangodb --gid arangodb --pid-file "$PIDFILE" --temp.path "/var/tmp/arangod" --log.foreground-tty false –-ssl.keyfile /etc/arangodb3/server.pem --supervisor $@
- Restart the arangodb3 service to use the new ssl cert, you should be able to connect via port 8530 now
您可以在端口8529上执行SSL,但是我更喜欢使用端口8530,因为这样我就可以阻止8529访问,以确保仅存在到服务器的SSL流量.
You could do SSL on port 8529, but I prefer to use port 8530 because then I can block 8529 access to ensure there is only SSL traffic to the server.
如果要在8530上访问服务器时停止Web浏览器抱怨不可信的SSL证书,则只需在浏览到站点后在客户端上手动安装证书即可.
If you want to stop your web browser complaining about the untrusted SSL certs when you hit the server on 8530, just manually install the certificate on your client once you browse to the site.
这篇关于SSL的Arangod.conf的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!