You are viewing a plain text version of this content. The canonical link for it is here.
Posted to notifications@skywalking.apache.org by GitBox <gi...@apache.org> on 2021/08/31 15:29:08 UTC
[GitHub] [skywalking] wu-sheng commented on a change in pull request #7565: Support mTLS for gRPC channel
wu-sheng commented on a change in pull request #7565:
URL: https://github.com/apache/skywalking/pull/7565#discussion_r699437159
##########
File path: docs/en/setup/backend/grpc-security.md
##########
@@ -44,3 +44,28 @@ gRPCSslCertChainPath: /path/to/server.crt
Since `sharding-server` only receives data from an external source, it doesn't need a CA at all.
If you port to Java agent, refer to [the Java agent repo](http://github.com/apache/skywalking-java) to config java agent and enable TLS.
+
+## mutual TLS mode
+
+To enable `mTLS` mode for gRPC channel requires [Sharing gRPC Server](./backend-receivers.md/#grpchttp-server-for-receiver) enabled, as following configuration.
+
+```properties
+receiver-sharing-server:
+ selector: ${SW_RECEIVER_SHARING_SERVER:default}
+ default:
+ # For gRPC server
+ gRPCHost: ${SW_RECEIVER_GRPC_HOST:0.0.0.0}
+ gRPCPort: ${SW_RECEIVER_GRPC_PORT:11801}
+ maxConcurrentCallsPerConnection: ${SW_RECEIVER_GRPC_MAX_CONCURRENT_CALL:0}
+ maxMessageSize: ${SW_RECEIVER_GRPC_MAX_MESSAGE_SIZE:0}
+ gRPCThreadPoolQueueSize: ${SW_RECEIVER_GRPC_POOL_QUEUE_SIZE:0}
+ gRPCThreadPoolSize: ${SW_RECEIVER_GRPC_THREAD_POOL_SIZE:0}
+ gRPCSslEnabled: ${SW_RECEIVER_GRPC_SSL_ENABLED:true}
+ gRPCSslKeyPath: ${SW_RECEIVER_GRPC_SSL_KEY_PATH:"/path/to/server.pem"}
+ gRPCSslCertChainPath: ${SW_RECEIVER_GRPC_SSL_CERT_CHAIN_PATH:"/path/to/server.crt"}
+ gRPCSslTrustedCAsPath: ${SW_RECEIVER_GRPC_SSL_TRUSTED_CAS_PATH:"/path/to/ca.crt"}
+ authentication: ${SW_AUTHENTICATION:""}
+```
Review comment:
A question, could you share what are the major differences of settings between mTLS and `Config OAP server` part?
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: notifications-unsubscribe@skywalking.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org