test/repchain
1
0
Fork 0
mirror of https://gitee.com/BTAJL/repchain.git synced 2024-11-30 10:48:26 +08:00
Code Issues Actions Packages Projects Releases Wiki Activity

修改配置文件,配置传输的classic模式的TLS1.3。

Browse Source
This commit is contained in:
wuwei1972 2020-01-03 15:33:49 +08:00
parent 98b7bb4f33
commit c3fa8827ae
2 changed files with 72 additions and 76 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

22
conf/system.conf
View File

@ -18,16 +18,16 @@
remote {
classic{
netty.ssl {
netty.tcp {
//在单机单节点的情况下配置机器ip
#hostname=192.168.10.155
hostname=192.168.31.155
//在单机单节点的情况下需要配置具体的端口在单机多节点的情况下直接配置为0
port = 0
// port=8082//0automatic assign
//internal (bind) hostname
// bind-hostname=192.168.1.129
// bind-port=8082
#hostname=192.168.10.155
hostname=192.168.31.155
//在单机单节点的情况下需要配置具体的端口在单机多节点的情况下直接配置为0
//port = 0
//port=8082//0automatic assign
//internal (bind) hostname
//bind-hostname=192.168.1.129
//bind-port=8082
}
netty.ssl.security {
@ -56,9 +56,9 @@
#种子节点的配置在单机单节点的情况下需要配置种子节点的信息akka://
#seed-nodes = ["akka.ssl.tcp://Repchain@192.168.10.155:22522"]
#seed-nodes = ["akka.tcp://Repchain@192.168.10.155:22522","akka.tcp://Repchain@192.168.10.155:22523","akka.tcp://Repchain@192.168.10.155:22524"]
#seed-nodes = ["akka.tcp://Repchain@192.168.31.155:22522","akka.tcp://Repchain@192.168.31.155:22523","akka.tcp://Repchain@192.168.31.155:22524"]
seed-nodes = ["akka.ssl.tcp://Repchain@192.168.31.155:22522","akka.ssl.tcp://Repchain@192.168.31.155:22523","akka.ssl.tcp://Repchain@192.168.31.155:22524"]
#seed-nodes = ["akka://Repchain@192.168.10.155:22522","akka://Repchain@192.168.10.155:22523","akka://Repchain@192.168.10.155:22524"]
seed-nodes = ["akka://Repchain@192.168.31.155:22522","akka://Repchain@192.168.31.155:22523","akka://Repchain@192.168.31.155:22526"]
#seed-nodes = ["akka://Repchain@192.168.31.155:22522","akka://Repchain@192.168.31.155:22523","akka://Repchain@192.168.31.155:22526"]
}
}

126
src/main/resources/application.conf
View File

@ -10,12 +10,6 @@ akka {
#jmx.enabled = on
#jmx.multi-mbeans-in-same-jvm = on
#min-nr-of-members = 4
#configuration-compatibility-check {
# enforce-on-join = off
# checkers {
# akka-cluster = "akka.cluster.JoinConfigCompatCheckCluster"
# }
#}
}
actor {
serialize-messages = off
@ -23,7 +17,7 @@ akka {
enable-additional-serialization-bindings = on
allow-java-serialization = off
#provider = "akka.cluster.ClusterActorRefProvider"
provider = "cluster"
provider = "cluster"
serializers {
kryo = "com.twitter.chill.akka.AkkaSerializer"
java = "akka.serialization.JavaSerializer"
@ -42,57 +36,59 @@ akka {
remote {
classic{
#mesage传输块大小配置
send-buffer-size = 2048000b
receive-buffer-size = 2048000b
maximum-frame-size = 1024000b
enable-ssl = true
#enabled-transports = ${akka.remote.classic.netty.tcp}
netty.ssl.security {
netty.tcp{
transport-class = "akka.remote.transport.netty.NettyTransport"
#mesage传输块大小配置
send-buffer-size = 2048000b
receive-buffer-size = 2048000b
maximum-frame-size = 1024000b
enable-ssl = true
ssl-engine-provider = akka.remote.transport.netty.ConfigSSLEngineProvider
security {
key-store = "jks/121000005l35120456.node1.jks"
trust-store = "jks/mytruststore.jks" // 加载信任列表证书用的_tls1.3
// trust-store = "jks/mytrust" // ssl用的_ca
#trust-store = "jks/mytrust" // ssl用的_ca
trust-store-mm = "jks/mytruststore.jks" // 加载信任列表证书用的_origin
key-store-password = "123"
key-password = "123"
trust-store-password = "changeme" // 加载信任列表证书用的_tls1.3
// trust-store-password = "changeit" // ssl用的_ca
#trust-store-password = "changeit" // ssl用的_ca
trust-store-password-mm = "changeme" // 加载信任列表证书用的_origin
protocol = "TLSv1.3"
enabled-algorithms = [TLS_AES_128_GCM_SHA256]
// require-mutual-authentication = on
require-mutual-authentication = on
random-number-generator = "SecureRandom"
}
}
netty.ssl.security {
key-store = "jks/121000005l35120456.node1.jks"
trust-store = "jks/mytruststore.jks" // 加载信任列表证书用的_tls1.3
#trust-store = "jks/mytrust" // ssl用的_ca
trust-store-mm = "jks/mytruststore.jks" // 加载信任列表证书用的_origin
key-store-password = "123"
key-password = "123"
trust-store-password = "changeme" // 加载信任列表证书用的_tls1.3
#trust-store-password = "changeit" // ssl用的_ca
trust-store-password-mm = "changeme" // 加载信任列表证书用的_origin
protocol = "TLSv1.3"
enabled-algorithms = [TLS_AES_128_GCM_SHA256]
require-mutual-authentication = on
random-number-generator = "SecureRandom"
}
}
# Select the underlying transport implementation.
#
# Possible values: aeron-udp, tcp, tls-tcp
### Default dispatcher for the remoting subsystem
#default-remote-dispatcher {
# type = Dispatcher
# executor = "fork-join-executor"
# fork-join-executor {
# parallelism-min = 2
# parallelism-factor = 0.5
# parallelism-max = 16
# }
# throughput = 10
#}
#log-remote-lifecycle-events = on
### Configuration for Artery, the new implementation of remoting
artery {
# Disable artery with this flag
enabled = on
enabled = off
# See https://doc.akka.io/docs/akka/current/remoting-artery.html#selecting-a-transport for the tradeoffs
# for each transport
transport = tls-tcp
# Select the underlying transport implementation.
# Possible values: aeron-udp, tcp, tls-tcp
transport = tcp
#log-received-messages = on
#log-sent-messages = on
advanced {
@ -139,40 +135,40 @@ akka {
# constructor with an ActorSystem parameter.
# The default ConfigSSLEngineProvider is configured by properties in section
# akka.remote.artery.ssl.config-ssl-engine
ssl-engine-provider = akka.remote.artery.tcp.ConfigSSLEngineProvider
ssl-engine-provider = akka.remote.artery.tcp.ConfigSSLEngineProvider
# Config of akka.remote.artery.tcp.ConfigSSLEngineProvider
config-ssl-engine {
base-path = "jks/"
key-store = "jks/121000005l35120456.node1.jks"
trust-store = "jks/mytruststore.jks" // 加载信任列表证书用的_tls1.3
#trust-store = "jks/mytrust" // ssl用的_ca
trust-store-mm = "jks/mytruststore.jks" // 加载信任列表证书用的_origin
base-path = "jks/"
key-store = "jks/121000005l35120456.node1.jks"
trust-store = "jks/mytruststore.jks" // 加载信任列表证书用的_tls1.3
#trust-store = "jks/mytrust" // ssl用的_ca
trust-store-mm = "jks/mytruststore.jks" // 加载信任列表证书用的_origin
key-store-password = "123"
key-password = "123"
trust-store-password = "changeme" // 加载信任列表证书用的_tls1.3
#trust-store-password = "changeit" // ssl用的_ca
trust-store-password-mm = "changeme" // 加载信任列表证书用的_origin
key-store-password = "123"
key-password = "123"
trust-store-password = "changeme" // 加载信任列表证书用的_tls1.3
#trust-store-password = "changeit" // ssl用的_ca
trust-store-password-mm = "changeme" // 加载信任列表证书用的_origin
protocol = "TLSv1.3"
enabled-algorithms = [TLS_AES_128_GCM_SHA256]
#require-mutual-authentication = on
random-number-generator = "SecureRandom"
protocol = "TLSv1.3"
enabled-algorithms = [TLS_AES_128_GCM_SHA256]
#require-mutual-authentication = on
random-number-generator = "SecureRandom"
# Require mutual authentication between TLS peers
#
# Without mutual authentication only the peer that actively establishes a connection (TLS client side)
# checks if the passive side (TLS server side) sends over a trusted certificate. With the flag turned on,
# the passive side will also request and verify a certificate from the connecting peer.
#
# To prevent man-in-the-middle attacks this setting is enabled by default.
require-mutual-authentication = on
# Require mutual authentication between TLS peers
#
# Without mutual authentication only the peer that actively establishes a connection (TLS client side)
# checks if the passive side (TLS server side) sends over a trusted certificate. With the flag turned on,
# the passive side will also request and verify a certificate from the connecting peer.
#
# To prevent man-in-the-middle attacks this setting is enabled by default.
require-mutual-authentication = on
# Set this to `on` to verify hostnames with sun.security.util.HostnameChecker
hostname-verification = off
# Set this to `on` to verify hostnames with sun.security.util.HostnameChecker
hostname-verification = off
}
}
}
}