adding grpc mutual tls

author: Chris Lu <chris.lu@gmail.com> 2019-02-18 12:11:52 -0800
committer: Chris Lu <chris.lu@gmail.com> 2019-02-18 12:11:52 -0800
commit: 77b9af531d18e10b04b49b069b5f26a329ed4902 (patch)
tree: cae2524dfc445b352e5d6bab7a82f7af46b7a4c8 /weed/command/scaffold.go
parent: 55761ae806bc7cc8ab34424508aee5481131b941 (diff)
download: seaweedfs-77b9af531d18e10b04b49b069b5f26a329ed4902.tar.xz
seaweedfs-77b9af531d18e10b04b49b069b5f26a329ed4902.zip
1 files changed, 26 insertions, 0 deletions
diff --git a/weed/command/scaffold.go b/weed/command/scaffold.go
index 22300d3ba..e8608e9dd 100644
--- a/weed/command/scaffold.go
+++ b/weed/command/scaffold.go
@@ -250,8 +250,34 @@ directory = "/"                # destination directory
 #    /etc/seaweedfs/security.toml
 # this file is read by master, volume server, and filer
 
+# the jwt signing key is read by master and volume server
+# a jwt expires in 10 seconds
 [jwt.signing]
 key = ""
 
+# volume server also uses grpc that should be secured.
+
+# all grpc tls authentications are mutual 
+[grpc]
+ca = ""
+
+[grpc.volume]
+cert = ""
+key = ""
+
+[grpc.master]
+cert = ""
+key = ""
+
+[grpc.filer]
+cert = ""
+key = ""
+
+# use this for any place needs a grpc client
+# i.e., "weed backup|benchmark|filer.copy|filer.replicate|mount|s3|upload"
+[grpc.client]
+cert = ""
+key = ""
+
 `
 )
author	Chris Lu <chris.lu@gmail.com>	2019-02-18 12:11:52 -0800
committer	Chris Lu <chris.lu@gmail.com>	2019-02-18 12:11:52 -0800
commit	77b9af531d18e10b04b49b069b5f26a329ed4902 (patch)
tree	cae2524dfc445b352e5d6bab7a82f7af46b7a4c8 /weed/command/scaffold.go
parent	55761ae806bc7cc8ab34424508aee5481131b941 (diff)
download	seaweedfs-77b9af531d18e10b04b49b069b5f26a329ed4902.tar.xz seaweedfs-77b9af531d18e10b04b49b069b5f26a329ed4902.zip