SeaweedFS安全配置(Security Configuration)
详细配置参考:
Security - Security Configuration - 《SeaweedFS Wiki》 - 书栈网 · BookStack
生产配置文件:security.toml
weed scaffold -config=security > security.toml
1、获取certstrap
1.1 方式一:
go get github.com/square/certstrap
go 安装命令
yum install golang -y
1.2 方式二:
git clone https://github.com/square/certstrap
git 安装命令
yum install git -y
构建操作
cd certstrap/
go build
设置代理,可以访问到国内资源。
go env -w GOPROXY=https://goproxy.cn,direct
密码配置为:#eY79Db
2、生成秘钥
/certstrap/certstrap init --common-name "SeaweedFS CA"
/certstrap/certstrap request-cert --common-name master
/certstrap/certstrap request-cert --common-name volume
/certstrap/certstrap sign --CA "SeaweedFS CA" master
/certstrap/certstrap sign --CA "SeaweedFS CA" volume
修改配置文件:security.toml
# Put this file to one of the location, with descending priority
# ./security.toml
# $HOME/.seaweedfs/security.toml
# /etc/seaweedfs/security.toml
# this file is read by master, volume server, and filer# this jwt signing key is read by master and volume server, and it is used for write operations:
# - the Master server generates the JWT, which can be used to write a certain file on a volume server
# - the Volume server validates the JWT on writing
# the jwt defaults to expire after 10 seconds.
[jwt.signing]
key = "m#09Yn"
expires_after_seconds = 300 # seconds# by default, if the signing key above is set, the Volume UI over HTTP is disabled.
# by setting ui.access to true, you can re-enable the Volume UI. Despite
# some information leakage (as the UI is not authenticated), this should not
# pose a security risk.
[access]
ui = false# this jwt signing key is read by master and volume server, and it is used for read operations:
# - the Master server generates the JWT, which can be used to read a certain file on a volume server
# - the Volume server validates the JWT on reading
# NOTE: jwt for read is only supported with master+volume setup. Filer does not support this mode.
[jwt.signing.read]
key = "m#09Yn"
expires_after_seconds = 300 # seconds# If this JWT key is configured, Filer only accepts writes over HTTP if they are signed with this JWT:
# - f.e. the S3 API Shim generates the JWT
# - the Filer server validates the JWT on writing
# the jwt defaults to expire after 10 seconds.
[jwt.filer_signing]
key = ""
expires_after_seconds = 10 # seconds# If this JWT key is configured, Filer only accepts reads over HTTP if they are signed with this JWT:
# - f.e. the S3 API Shim generates the JWT
# - the Filer server validates the JWT on writing
# the jwt defaults to expire after 10 seconds.
[jwt.filer_signing.read]
key = ""
expires_after_seconds = 10 # seconds# all grpc tls authentications are mutual
# the values for the following ca, cert, and key are paths to the PERM files.
# the host name is not checked, so the PERM files can be shared.
[grpc]
ca = "/opt/seaweedfs/out/SeaweedFS_CA.crt"
# Set wildcard domain for enable TLS authentication by common names
allowed_wildcard_domain = "" # .mycompany.com[grpc.volume]
cert = "/opt/seaweedfs/out/volume.crt"
key = "/opt/seaweedfs/out/volume.key"
allowed_commonNames = "" # comma-separated SSL certificate common names[grpc.master]
cert = "/opt/seaweedfs/out/master.crt"
key = "/opt/seaweedfs/out/master.key"
allowed_commonNames = "" # comma-separated SSL certificate common names[grpc.filer]
cert = "/opt/seaweedfs/out/filer.crt"
key = "/opt/seaweedfs/out/filer.key"
allowed_commonNames = "" # comma-separated SSL certificate common names[grpc.msg_broker]
cert = ""
key = ""
allowed_commonNames = "" # comma-separated SSL certificate common names# use this for any place needs a grpc client
# i.e., "weed backup|benchmark|filer.copy|filer.replicate|mount|s3|upload"
[grpc.client]
cert = "/opt/seaweedfs/out/client.crt"
key = "/opt/seaweedfs/out/client.key"# volume server https options
# Note: work in progress!
# this does not work with other clients, e.g., "weed filer|mount" etc, yet.
[https.client]
enabled = true[https.volume]
cert = ""
key = ""
ca = ""[https.master]
cert = ""
key = ""
ca = ""
SeaweedFS安全配置(Security Configuration)相关推荐
- 【文献翻译】思科路由器安全配置合规性的SCAP基准-SCAP Benchmark for Cisco Router Security Configuration Compliance
目录 思科路由器安全配置合规性的SCAP基准 SCAP Benchmark for Cisco Router Security Configuration Compliance 摘要 I. 引言 II ...
- springbboot加密打包_Spring Boot 配置 Security 密码加密
依赖 org.springframework.boot spring-boot-starter-security 注入bean @SpringBootApplication public class ...
- 老唐手把手教你配置security,并增加JWT校验(copy就用)。
老唐手把手教你配置security,并增加JWT校验(copy就用). 1.首先配置security 1.1导入security的jar包 1.2配置security配置文件(直接上代码) 2.JWT ...
- 4、mybatis通过配置类Configuration 实现初始化
对于初学者,如果进行mybatis的学习呢?我总结了几点,会慢慢的更新出来.首先大家需要了解mybatis是什么.用mybatis来做什么.为什么要用mybatis.有什么优缺点:当知道了为什么的时候 ...
- Spring零配置之@Configuration注解详解
转载自 Spring零配置之@Configuration注解详解 @Configuration介绍 Spring3.0之前要使用Spring必须要有一个xml配置文件,这也是Spring的核心文件,而 ...
- 翻译 - ASP.NET Core 基本知识 - 配置(Configuration)
翻译自 https://docs.microsoft.com/en-us/aspnet/core/fundamentals/configuration/?view=aspnetcore-5.0 ASP ...
- 配置类Configuration
配置类@Configuration 01.概述 配置类:在springboot中被@Configuration或者@SpringBootConfiguration标注的类称之为配置类. 02.作用&a ...
- 云客Drupal源码分析之配置系统Configuration(一)
各位<云客drupal源码分析>系列的读者: 本系列一直以每周一篇的速度进行博客原创更新,希望帮助大家理解drupal8底层原理,并缩短学习时间,但自<插件系统(上)>主题开始 ...
- LTE(4G) - NR(5G) 测量配置 Measurement configuration
目录 LTE(4G) - NR(5G) 测量配置 Measurement configuration 描述 流程图 Log Log中的关键子描述 LTE(4G) - NR(5G) 测量配置 Measu ...
- SAP UI5 应用的全局配置(Global Configuration) 的设计和使用试读版
一套适合 SAP UI5 初学者循序渐进的学习教程 作者简介 Jerry Wang,2007 年从电子科技大学计算机专业硕士毕业后加入 SAP 成都研究院工作至今.Jerry 是 SAP 社区导师,S ...
最新文章
- 陈启峰:人工智能生成图像技术,未来或能取代电影特效
- 【Flutter】Icons 组件 ( FlutterIcon 下载图标 | 自定义 svg 图标生成 ttf 字体文件 | 使用下载的 ttf 图标文件 )
- 如何在 Linux 下乾坤大挪移?
- crontab linux
- 强化学习4——无模型预测(蒙特卡洛法和TD法)
- 【More Effective C#】LINQ表达式与方法调用的映射
- 等式成立JAVA_java – 找到两个线性等式成立的整数集
- ruby 变量类中范围_Ruby中的类
- Spring Boot前后端分离项目Session问题解决
- windows server 2012 动态访问控制
- 细说业务逻辑(前篇)
- c++函数如何返回一个vector_如何将Python的一个函数进行超时限制
- 人脸识别测试点整理思维导图方式
- 雷达原理之 多普勒效应原理及应用(一)
- laravel数据迁移
- 2020年980计算机综合,2022年华北水利水电大学980计算机学科专业综合考研复习资料...
- 基于光流传感器定位和导航的自主飞行无人机
- Android Snackbar基本使用
- IDEA跳至行首行末快捷键
- 翻译:PlaneRCNN: 3D Plane Detection and Reconstruction from a Single Image
热门文章
- win10系统解决Svn图标不显示的问题
- 启动马达接线实物图_常见电机控制实物接线图,简单原理分析,学习入门,值得收藏...
- 抖音无水印解析API
- 欢迎使用抖音无水印解析
- PPT 无法播放媒体/视频媒体不可用怎么解决
- 深度学习入门学习路线及好课推荐
- Windows下安装JanusGraph(踩坑记录)
- 本页设置mac地址过滤来控制计算机对本无线网络的访问,D-Link无线路由器MAC地址过滤怎么设置...
- 手把手学习Vue3.0:开发工具WebStorm和Vue模板文件介绍
- QOpenGLWight与QPainter混合渲染