milvus-io
/
milvus
mirror of https://github.com/milvus-io/milvus.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

enhance: Update tls user doc (#32353) 

Signed-off-by: jaime <yun.zhang@zilliz.com>
pull/32389/head
jaime 2024-04-18 21:07:23 +08:00 committed by GitHub
parent 109cd0402f
commit 18c3cbe46d
No known key found for this signature in database
GPG Key ID: B5690EEEBB952194
1 changed files with 8 additions and 15 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

23
docs/user_guides/tls_proxy.md
View File

@ -255,13 +255,6 @@ authorityKeyIdentifier=keyid,issuer
basicConstraints = CA:FALSE
keyUsage = nonRepudiation, digitalSignature, keyEncipherment
subjectAltName = @alt_names
[ alt_names ]
DNS.1 = localhost
DNS.2 = *.ronething.cn
DNS.3 = *.ronething.com
[ v3_ca ]
@ -426,7 +419,7 @@ openssl x509 -req -days 3650 -in client.csr -out client.pem -CA ca.pem -CAkey ca
The ```openssl.cnf``` file is a default OpenSSL configuration file. See [manual page](https://www.openssl.org/docs/manmaster/man5/config.html) for more information. The ```gen.sh``` file generates relevant certificate files. You can modify the gen.sh file for different purposes such as changing the validity period of the certificate file, the length of the certificate key or the certificate file names.
These variables in the ```gen.sh``` file are crucial to the process of creating a certificate signing request file. The first five variables are the basic signing information, including country, state, location, organization, organization unit. Caution is needed when configuring CommonName as it will be verified during client-server communication.
These variables in the ```gen.sh``` file are crucial to the process of creating a certificate signing request file. The first five variables are the basic signing information, including country, state, location, organization, organization unit. It is necessary to configure the `CommonName` in the ```gen.sh``` file. The `CommonName` refers to the server name that the client should specify while connecting.
### 3. Run gen.sh to generate certificate.
@ -477,9 +470,7 @@ openssl x509 -req -days 3650 -in server.csr -out server.pem -CA ca.pem -CAkey ca
## Modify Milvus Server config
Modify tlsEnabled to true and the file path in config/milvus.yaml.
The ```server.pem```, ```server.key```, and ```ca.pem``` files for the server need to be configured.
Configure the file paths of `server.pem`, `server.key`, and `ca.pem` for the server in `config/milvus.yaml`.
```yaml
tls:
@ -489,13 +480,15 @@ tls:
common:
security:
tlsMode: 2
# tlsMode 0 indicates no authentication
# tlsMode 1 indicates one-way authentication
# tlsMode 2 indicates two-way authentication
tlsMode: 2
```
### One-way authentication
Server need server.pem and server.key. Client-side need server.pem.
Server-side needs server.pem and server.key files, client-side needs server.pem file.
### Two-way authentication
Server-side need server.pem, server.key and ca.pem. Client-side need client.pem, client.key, ca.pem.
Server-side needs server.pem, server.key and ca.pem files, client-side needs client.pem, client.key and ca.pem files.