mirror of
https://github.com/absmach/magistrala.git
synced 2026-06-23 04:10:28 +00:00
NOISSUE - Update mTLS support (#134)
Make sure MTLS support works after the new auth changes
This commit is contained in:
b1ackd0t
GitHub
@@ -171,7 +171,7 @@ rundev:
|
||||
cd scripts && ./run.sh
|
||||
|
||||
grpc_mtls_certs:
|
||||
$(MAKE) -C docker/ssl users_grpc_certs things_grpc_certs
|
||||
$(MAKE) -C docker/ssl auth_grpc_certs things_grpc_certs
|
||||
|
||||
check_tls:
|
||||
ifeq ($(GRPC_TLS),true)
|
||||
@@ -197,7 +197,7 @@ check_certs: check_mtls check_tls
|
||||
ifeq ($(GRPC_MTLS_CERT_FILES_EXISTS),0)
|
||||
ifeq ($(filter true,$(GRPC_MTLS) $(GRPC_TLS)),true)
|
||||
ifeq ($(filter $(DEFAULT_DOCKER_COMPOSE_COMMAND),$(DOCKER_COMPOSE_COMMAND)),$(DEFAULT_DOCKER_COMPOSE_COMMAND))
|
||||
$(MAKE) -C docker/ssl users_grpc_certs things_grpc_certs
|
||||
$(MAKE) -C docker/ssl auth_grpc_certs things_grpc_certs
|
||||
endif
|
||||
endif
|
||||
endif
|
||||
|
||||
@@ -34,9 +34,9 @@ default values.
|
||||
| MG_SMPP_DST_ADDR_TON | SMPP destination address TON | |
|
||||
| MG_SMPP_SRC_ADDR_NPI | SMPP source address NPI | |
|
||||
| MG_SMPP_DST_ADDR_NPI | SMPP destination address NPI | |
|
||||
| MG_AUTH_GRPC_URL | Users service gRPC URL | localhost:7001 |
|
||||
| MG_AUTH_GRPC_TIMEOUT | Users service gRPC request timeout in seconds | 1s |
|
||||
| MG_AUTH_GRPC_CLIENT_TLS | Users client TLS flag | false |
|
||||
| MG_AUTH_GRPC_URL | Auth service gRPC URL | localhost:7001 |
|
||||
| MG_AUTH_GRPC_TIMEOUT | Auth service gRPC request timeout in seconds | 1s |
|
||||
| MG_AUTH_GRPC_CLIENT_TLS | Auth client TLS flag | false |
|
||||
| MG_AUTH_GRPC_CA_CERT | Path to Auth client CA certs in pem format | "" |
|
||||
| MG_MESSAGE_BROKER_URL | Message broker URL | nats://127.0.0.1:4222 |
|
||||
| MG_JAEGER_URL | Jaeger server URL | http://jaeger:14268/api/traces |
|
||||
|
||||
@@ -35,10 +35,10 @@ default values.
|
||||
| MG_EMAIL_FROM_ADDRESS | Email "from" address | |
|
||||
| MG_EMAIL_FROM_NAME | Email "from" name | |
|
||||
| MG_EMAIL_TEMPLATE | Email template for sending notification emails | email.tmpl |
|
||||
| MG_AUTH_GRPC_URL | Users service gRPC URL | localhost:7001 |
|
||||
| MG_AUTH_GRPC_TIMEOUT | Users service gRPC request timeout in seconds | 1s |
|
||||
| MG_AUTH_GRPC_CLIENT_TLS | Users service gRPC TLS flag | false |
|
||||
| MG_AUTH_GRPC_CA_CERT | Path to Users service CA cert in pem format | "" |
|
||||
| MG_AUTH_GRPC_URL | Auth service gRPC URL | localhost:7001 |
|
||||
| MG_AUTH_GRPC_TIMEOUT | Auth service gRPC request timeout in seconds | 1s |
|
||||
| MG_AUTH_GRPC_CLIENT_TLS | Auth service gRPC TLS flag | false |
|
||||
| MG_AUTH_GRPC_CA_CERT | Path to Auth service CA cert in pem format | "" |
|
||||
| MG_AUTH_CLIENT_TLS | Auth client TLS flag | false |
|
||||
| MG_AUTH_CA_CERTS | Path to Auth client CA certs in pem format | "" |
|
||||
| MG_SEND_TELEMETRY | Send telemetry to magistrala call home server | true |
|
||||
|
||||
-13
@@ -83,7 +83,6 @@ MG_AUTH_GRPC_PORT=8181
|
||||
MG_AUTH_GRPC_SERVER_CERT=${GRPC_MTLS:+./ssl/certs/auth-grpc-server.crt}${GRPC_TLS:+./ssl/certs/auth-grpc-server.crt}
|
||||
MG_AUTH_GRPC_SERVER_KEY=${GRPC_MTLS:+./ssl/certs/auth-grpc-server.key}${GRPC_TLS:+./ssl/certs/auth-grpc-server.key}
|
||||
MG_AUTH_GRPC_SERVER_CA_CERTS=${GRPC_MTLS:+./ssl/certs/ca.crt}${GRPC_TLS:+./ssl/certs/ca.crt}
|
||||
MG_AUTH_GRPC_CLIENT_CA_CERTS=${GRPC_MTLS:+./ssl/certs/ca.crt}${GRPC_TLS:+./ssl/certs/ca.crt}
|
||||
MG_AUTH_DB_HOST=auth-db
|
||||
MG_AUTH_DB_PORT=5432
|
||||
MG_AUTH_DB_USER=magistrala
|
||||
@@ -132,11 +131,6 @@ MG_USERS_HTTP_HOST=users
|
||||
MG_USERS_HTTP_PORT=9002
|
||||
MG_USERS_HTTP_SERVER_CERT=
|
||||
MG_USERS_HTTP_SERVER_KEY=
|
||||
MG_USERS_GRPC_HOST=users
|
||||
MG_USERS_GRPC_PORT=7001
|
||||
MG_USERS_GRPC_SERVER_CERT=${GRPC_MTLS:+./ssl/certs/users-grpc-server.crt}${GRPC_TLS:+./ssl/certs/users-grpc-server.crt}
|
||||
MG_USERS_GRPC_SERVER_KEY=${GRPC_MTLS:+./ssl/certs/users-grpc-server.key}${GRPC_TLS:+./ssl/certs/users-grpc-server.key}
|
||||
MG_USERS_GRPC_SERVER_CA_CERTS=${GRPC_MTLS:+./ssl/certs/ca.crt}${GRPC_TLS:+./ssl/certs/ca.crt}
|
||||
MG_USERS_DB_HOST=users-db
|
||||
MG_USERS_DB_PORT=5432
|
||||
MG_USERS_DB_USER=magistrala
|
||||
@@ -150,13 +144,6 @@ MG_USERS_RESET_PWD_TEMPLATE=users.tmpl
|
||||
MG_USERS_INSTANCE_ID=
|
||||
MG_USERS_ALLOW_SELF_REGISTER=true
|
||||
|
||||
#### Users Client Config
|
||||
MG_USERS_GRPC_URL=users:7001
|
||||
MG_USERS_GRPC_TIMEOUT=1s
|
||||
MG_USERS_GRPC_CLIENT_CERT=${GRPC_MTLS:+./ssl/certs/users-grpc-client.crt}
|
||||
MG_USERS_GRPC_CLIENT_KEY=${GRPC_MTLS:+./ssl/certs/users-grpc-client.key}
|
||||
MG_USERS_GRPC_CLIENT_CA_CERTS=${GRPC_MTLS:+./ssl/certs/ca.crt}
|
||||
|
||||
### Email utility
|
||||
MG_EMAIL_HOST=smtp.mailtrap.io
|
||||
MG_EMAIL_PORT=2525
|
||||
|
||||
@@ -57,9 +57,9 @@ services:
|
||||
MG_BOOTSTRAP_DB_SSL_ROOT_CERT: ${MG_BOOTSTRAP_DB_SSL_ROOT_CERT}
|
||||
MG_AUTH_GRPC_URL: ${MG_AUTH_GRPC_URL}
|
||||
MG_AUTH_GRPC_TIMEOUT: ${MG_AUTH_GRPC_TIMEOUT}
|
||||
MG_AUTH_GRPC_CLIENT_CERT: ${MG_AUTH_GRPC_CLIENT_CERT:+/users-grpc-client.crt}
|
||||
MG_AUTH_GRPC_CLIENT_KEY: ${MG_AUTH_GRPC_CLIENT_KEY:+/users-grpc-client.key}
|
||||
MG_AUTH_GRPC_SERVER_CA_CERTS: ${MG_AUTH_GRPC_SERVER_CA_CERTS:+/users-grpc-server-ca.crt}
|
||||
MG_AUTH_GRPC_CLIENT_CERT: ${MG_AUTH_GRPC_CLIENT_CERT:+/auth-grpc-client.crt}
|
||||
MG_AUTH_GRPC_CLIENT_KEY: ${MG_AUTH_GRPC_CLIENT_KEY:+/auth-grpc-client.key}
|
||||
MG_AUTH_GRPC_SERVER_CA_CERTS: ${MG_AUTH_GRPC_SERVER_CA_CERTS:+/auth-grpc-server-ca.crt}
|
||||
MG_THINGS_URL: ${MG_THINGS_URL}
|
||||
MG_JAEGER_URL: ${MG_JAEGER_URL}
|
||||
MG_JAEGER_TRACE_RATIO: ${MG_JAEGER_TRACE_RATIO}
|
||||
@@ -69,17 +69,17 @@ services:
|
||||
- magistrala-base-net
|
||||
volumes:
|
||||
- type: bind
|
||||
source: ${MG_ADDONS_CERTS_PATH_PREFIX}${MG_USERS_GRPC_CLIENT_CERT:-./ssl/certs/dummy/client_cert}
|
||||
target: /users-grpc-client${MG_USERS_GRPC_CLIENT_CERT:+.crt}
|
||||
source: ${MG_ADDONS_CERTS_PATH_PREFIX}${MG_AUTH_GRPC_CLIENT_CERT:-./ssl/certs/dummy/client_cert}
|
||||
target: /auth-grpc-client${MG_AUTH_GRPC_CLIENT_CERT:+.crt}
|
||||
bind:
|
||||
create_host_path: true
|
||||
- type: bind
|
||||
source: ${MG_ADDONS_CERTS_PATH_PREFIX}${MG_USERS_GRPC_CLIENT_KEY:-./ssl/certs/dummy/client_key}
|
||||
target: /users-grpc-client${MG_USERS_GRPC_CLIENT_KEY:+.key}
|
||||
source: ${MG_ADDONS_CERTS_PATH_PREFIX}${MG_AUTH_GRPC_CLIENT_KEY:-./ssl/certs/dummy/client_key}
|
||||
target: /auth-grpc-client${MG_AUTH_GRPC_CLIENT_KEY:+.key}
|
||||
bind:
|
||||
create_host_path: true
|
||||
- type: bind
|
||||
source: ${MG_ADDONS_CERTS_PATH_PREFIX}${MG_USERS_GRPC_SERVER_CA_CERTS:-./ssl/certs/dummy/server_ca}
|
||||
target: /users-grpc-server-ca${MG_USERS_GRPC_SERVER_CA_CERTS:+.crt}
|
||||
source: ${MG_ADDONS_CERTS_PATH_PREFIX}${MG_AUTH_GRPC_SERVER_CA_CERTS:-./ssl/certs/dummy/server_ca}
|
||||
target: /auth-grpc-server-ca${MG_AUTH_GRPC_SERVER_CA_CERTS:+.crt}
|
||||
bind:
|
||||
create_host_path: true
|
||||
|
||||
@@ -34,9 +34,9 @@ services:
|
||||
MG_THINGS_AUTH_GRPC_SERVER_CA_CERTS: ${MG_THINGS_AUTH_GRPC_SERVER_CA_CERTS:+/things-grpc-server-ca.crt}
|
||||
MG_AUTH_GRPC_URL: ${MG_AUTH_GRPC_URL}
|
||||
MG_AUTH_GRPC_TIMEOUT: ${MG_AUTH_GRPC_TIMEOUT}
|
||||
MG_AUTH_GRPC_CLIENT_CERT: ${MG_AUTH_GRPC_CLIENT_CERT:+/users-grpc-client.crt}
|
||||
MG_AUTH_GRPC_CLIENT_KEY: ${MG_AUTH_GRPC_CLIENT_KEY:+/users-grpc-client.key}
|
||||
MG_AUTH_GRPC_SERVER_CA_CERTS: ${MG_AUTH_GRPC_SERVER_CA_CERTS:+/users-grpc-server-ca.crt}
|
||||
MG_AUTH_GRPC_CLIENT_CERT: ${MG_AUTH_GRPC_CLIENT_CERT:+/auth-grpc-client.crt}
|
||||
MG_AUTH_GRPC_CLIENT_KEY: ${MG_AUTH_GRPC_CLIENT_KEY:+/auth-grpc-client.key}
|
||||
MG_AUTH_GRPC_SERVER_CA_CERTS: ${MG_AUTH_GRPC_SERVER_CA_CERTS:+/auth-grpc-server-ca.crt}
|
||||
MG_SEND_TELEMETRY: ${MG_SEND_TELEMETRY}
|
||||
MG_CASSANDRA_READER_INSTANCE_ID: ${MG_CASSANDRA_READER_INSTANCE_ID}
|
||||
ports:
|
||||
@@ -45,34 +45,35 @@ services:
|
||||
- magistrala-base-net
|
||||
volumes:
|
||||
- ../../ssl/certs:/etc/ssl/certs
|
||||
# Users gRPC client certificates
|
||||
# Auth gRPC client certificates
|
||||
- type: bind
|
||||
source: ${MG_ADDONS_CERTS_PATH_PREFIX}${MG_USERS_GRPC_CLIENT_CERT:-./ssl/certs/dummy/client_cert}
|
||||
target: /users-grpc-client${MG_USERS_GRPC_CLIENT_CERT:+.crt}
|
||||
source: ${MG_ADDONS_CERTS_PATH_PREFIX}${MG_AUTH_GRPC_CLIENT_CERT:-./ssl/certs/dummy/client_cert}
|
||||
target: /auth-grpc-client${MG_AUTH_GRPC_CLIENT_CERT:+.crt}
|
||||
bind:
|
||||
create_host_path: true
|
||||
- type: bind
|
||||
source: ${MG_ADDONS_CERTS_PATH_PREFIX}${MG_USERS_GRPC_CLIENT_KEY:-./ssl/certs/dummy/client_key}
|
||||
target: /users-grpc-client${MG_USERS_GRPC_CLIENT_KEY:+.key}
|
||||
source: ${MG_ADDONS_CERTS_PATH_PREFIX}${MG_AUTH_GRPC_CLIENT_KEY:-./ssl/certs/dummy/client_key}
|
||||
target: /auth-grpc-client${MG_AUTH_GRPC_CLIENT_KEY:+.key}
|
||||
bind:
|
||||
create_host_path: true
|
||||
- type: bind
|
||||
source: ${MG_ADDONS_CERTS_PATH_PREFIX}${MG_USERS_GRPC_SERVER_CA_CERTS:-./ssl/certs/dummy/server_ca}
|
||||
target: /users-grpc-server-ca${MG_USERS_GRPC_SERVER_CA_CERTS:+.crt}
|
||||
source: ${MG_ADDONS_CERTS_PATH_PREFIX}${MG_AUTH_GRPC_SERVER_CA_CERTS:-./ssl/certs/dummy/server_ca}
|
||||
target: /auth-grpc-server-ca${MG_AUTH_GRPC_SERVER_CA_CERTS:+.crt}
|
||||
bind:
|
||||
create_host_path: true
|
||||
# Things gRPC mTLS client certificates
|
||||
- type: bind
|
||||
source: ${MG_ADDONS_CERTS_PATH_PREFIX}${MG_THINGS_AUTH_GRPC_CLIENT_CERT:-./ssl/certs/dummy/client_cert}
|
||||
source: ${MG_ADDONS_CERTS_PATH_PREFIX}${MG_THINGS_AUTH_GRPC_CLIENT_CERT:-ssl/certs/dummy/client_cert}
|
||||
target: /things-grpc-client${MG_THINGS_AUTH_GRPC_CLIENT_CERT:+.crt}
|
||||
bind:
|
||||
create_host_path: true
|
||||
- type: bind
|
||||
source: ${MG_ADDONS_CERTS_PATH_PREFIX}${MG_THINGS_AUTH_GRPC_CLIENT_KEY:-./ssl/certs/dummy/client_key}
|
||||
source: ${MG_ADDONS_CERTS_PATH_PREFIX}${MG_THINGS_AUTH_GRPC_CLIENT_KEY:-ssl/certs/dummy/client_key}
|
||||
target: /things-grpc-client${MG_THINGS_AUTH_GRPC_CLIENT_KEY:+.key}
|
||||
bind:
|
||||
create_host_path: true
|
||||
- type: bind
|
||||
source: ${MG_ADDONS_CERTS_PATH_PREFIX}${MG_THINGS_AUTH_GRPC_SERVER_CA_CERTS:-./ssl/certs/dummy/server_ca}
|
||||
source: ${MG_ADDONS_CERTS_PATH_PREFIX}${MG_THINGS_AUTH_GRPC_SERVER_CA_CERTS:-ssl/certs/dummy/server_ca}
|
||||
target: /things-grpc-server-ca${MG_THINGS_AUTH_GRPC_SERVER_CA_CERTS:+.crt}
|
||||
bind:
|
||||
create_host_path: true
|
||||
|
||||
@@ -63,9 +63,9 @@ services:
|
||||
MG_CERTS_DB_SSL_ROOT_CERT: ${MG_CERTS_DB_SSL_ROOT_CERT}
|
||||
MG_AUTH_GRPC_URL: ${MG_AUTH_GRPC_URL}
|
||||
MG_AUTH_GRPC_TIMEOUT: ${MG_AUTH_GRPC_TIMEOUT}
|
||||
MG_AUTH_GRPC_CLIENT_CERT: ${MG_AUTH_GRPC_CLIENT_CERT:+/users-grpc-client.crt}
|
||||
MG_AUTH_GRPC_CLIENT_KEY: ${MG_AUTH_GRPC_CLIENT_KEY:+/users-grpc-client.key}
|
||||
MG_AUTH_GRPC_SERVER_CA_CERTS: ${MG_AUTH_GRPC_SERVER_CA_CERTS:+/users-grpc-server-ca.crt}
|
||||
MG_AUTH_GRPC_CLIENT_CERT: ${MG_AUTH_GRPC_CLIENT_CERT:+/auth-grpc-client.crt}
|
||||
MG_AUTH_GRPC_CLIENT_KEY: ${MG_AUTH_GRPC_CLIENT_KEY:+/auth-grpc-client.key}
|
||||
MG_AUTH_GRPC_SERVER_CA_CERTS: ${MG_AUTH_GRPC_SERVER_CA_CERTS:+/auth-grpc-server-ca.crt}
|
||||
MG_THINGS_URL: ${MG_THINGS_URL}
|
||||
MG_JAEGER_URL: ${MG_JAEGER_URL}
|
||||
MG_JAEGER_TRACE_RATIO: ${MG_JAEGER_TRACE_RATIO}
|
||||
@@ -75,17 +75,17 @@ services:
|
||||
- ../../ssl/certs/ca.key:/etc/ssl/certs/ca.key
|
||||
- ../../ssl/certs/ca.crt:/etc/ssl/certs/ca.crt
|
||||
- type: bind
|
||||
source: ${MG_ADDONS_CERTS_PATH_PREFIX}${MG_USERS_GRPC_CLIENT_CERT:-./ssl/certs/dummy/client_cert}
|
||||
target: /users-grpc-client${MG_USERS_GRPC_CLIENT_CERT:+.crt}
|
||||
source: ${MG_ADDONS_CERTS_PATH_PREFIX}${MG_AUTH_GRPC_CLIENT_CERT:-./ssl/certs/dummy/client_cert}
|
||||
target: /auth-grpc-client${MG_AUTH_GRPC_CLIENT_CERT:+.crt}
|
||||
bind:
|
||||
create_host_path: true
|
||||
- type: bind
|
||||
source: ${MG_ADDONS_CERTS_PATH_PREFIX}${MG_USERS_GRPC_CLIENT_KEY:-./ssl/certs/dummy/client_key}
|
||||
target: /users-grpc-client${MG_USERS_GRPC_CLIENT_KEY:+.key}
|
||||
source: ${MG_ADDONS_CERTS_PATH_PREFIX}${MG_AUTH_GRPC_CLIENT_KEY:-./ssl/certs/dummy/client_key}
|
||||
target: /auth-grpc-client${MG_AUTH_GRPC_CLIENT_KEY:+.key}
|
||||
bind:
|
||||
create_host_path: true
|
||||
- type: bind
|
||||
source: ${MG_ADDONS_CERTS_PATH_PREFIX}${MG_USERS_GRPC_SERVER_CA_CERTS:-./ssl/certs/dummy/server_ca}
|
||||
target: /users-grpc-server-ca${MG_USERS_GRPC_SERVER_CA_CERTS:+.crt}
|
||||
source: ${MG_ADDONS_CERTS_PATH_PREFIX}${MG_AUTH_GRPC_SERVER_CA_CERTS:-./ssl/certs/dummy/server_ca}
|
||||
target: /auth-grpc-server-ca${MG_AUTH_GRPC_SERVER_CA_CERTS:+.crt}
|
||||
bind:
|
||||
create_host_path: true
|
||||
|
||||
@@ -44,9 +44,9 @@ services:
|
||||
MG_THINGS_AUTH_GRPC_SERVER_CA_CERTS: ${MG_THINGS_AUTH_GRPC_SERVER_CA_CERTS:+/things-grpc-server-ca.crt}
|
||||
MG_AUTH_GRPC_URL: ${MG_AUTH_GRPC_URL}
|
||||
MG_AUTH_GRPC_TIMEOUT: ${MG_AUTH_GRPC_TIMEOUT}
|
||||
MG_AUTH_GRPC_CLIENT_CERT: ${MG_AUTH_GRPC_CLIENT_CERT:+/users-grpc-client.crt}
|
||||
MG_AUTH_GRPC_CLIENT_KEY: ${MG_AUTH_GRPC_CLIENT_KEY:+/users-grpc-client.key}
|
||||
MG_AUTH_GRPC_SERVER_CA_CERTS: ${MG_AUTH_GRPC_SERVER_CA_CERTS:+/users-grpc-server-ca.crt}
|
||||
MG_AUTH_GRPC_CLIENT_CERT: ${MG_AUTH_GRPC_CLIENT_CERT:+/auth-grpc-client.crt}
|
||||
MG_AUTH_GRPC_CLIENT_KEY: ${MG_AUTH_GRPC_CLIENT_KEY:+/auth-grpc-client.key}
|
||||
MG_AUTH_GRPC_SERVER_CA_CERTS: ${MG_AUTH_GRPC_SERVER_CA_CERTS:+/auth-grpc-server-ca.crt}
|
||||
MG_SEND_TELEMETRY: ${MG_SEND_TELEMETRY}
|
||||
MG_INFLUX_READER_INSTANCE_ID: ${MG_INFLUX_READER_INSTANCE_ID}
|
||||
ports:
|
||||
@@ -55,34 +55,35 @@ services:
|
||||
- magistrala-base-net
|
||||
volumes:
|
||||
- ../../ssl/certs:/etc/ssl/certs
|
||||
# Users gRPC client certificates
|
||||
# Auth gRPC client certificates
|
||||
- type: bind
|
||||
source: ${MG_ADDONS_CERTS_PATH_PREFIX}${MG_USERS_GRPC_CLIENT_CERT:-./ssl/certs/dummy/client_cert}
|
||||
target: /users-grpc-client${MG_USERS_GRPC_CLIENT_CERT:+.crt}
|
||||
source: ${MG_ADDONS_CERTS_PATH_PREFIX}${MG_AUTH_GRPC_CLIENT_CERT:-./ssl/certs/dummy/client_cert}
|
||||
target: /auth-grpc-client${MG_AUTH_GRPC_CLIENT_CERT:+.crt}
|
||||
bind:
|
||||
create_host_path: true
|
||||
- type: bind
|
||||
source: ${MG_ADDONS_CERTS_PATH_PREFIX}${MG_USERS_GRPC_CLIENT_KEY:-./ssl/certs/dummy/client_key}
|
||||
target: /users-grpc-client${MG_USERS_GRPC_CLIENT_KEY:+.key}
|
||||
source: ${MG_ADDONS_CERTS_PATH_PREFIX}${MG_AUTH_GRPC_CLIENT_KEY:-./ssl/certs/dummy/client_key}
|
||||
target: /auth-grpc-client${MG_AUTH_GRPC_CLIENT_KEY:+.key}
|
||||
bind:
|
||||
create_host_path: true
|
||||
- type: bind
|
||||
source: ${MG_ADDONS_CERTS_PATH_PREFIX}${MG_USERS_GRPC_SERVER_CA_CERTS:-./ssl/certs/dummy/server_ca}
|
||||
target: /users-grpc-server-ca${MG_USERS_GRPC_SERVER_CA_CERTS:+.crt}
|
||||
source: ${MG_ADDONS_CERTS_PATH_PREFIX}${MG_AUTH_GRPC_SERVER_CA_CERTS:-./ssl/certs/dummy/server_ca}
|
||||
target: /auth-grpc-server-ca${MG_AUTH_GRPC_SERVER_CA_CERTS:+.crt}
|
||||
bind:
|
||||
create_host_path: true
|
||||
# Things gRPC mTLS client certificates
|
||||
- type: bind
|
||||
source: ${MG_ADDONS_CERTS_PATH_PREFIX}${MG_THINGS_AUTH_GRPC_CLIENT_CERT:-./ssl/certs/dummy/client_cert}
|
||||
source: ${MG_ADDONS_CERTS_PATH_PREFIX}${MG_THINGS_AUTH_GRPC_CLIENT_CERT:-ssl/certs/dummy/client_cert}
|
||||
target: /things-grpc-client${MG_THINGS_AUTH_GRPC_CLIENT_CERT:+.crt}
|
||||
bind:
|
||||
create_host_path: true
|
||||
- type: bind
|
||||
source: ${MG_ADDONS_CERTS_PATH_PREFIX}${MG_THINGS_AUTH_GRPC_CLIENT_KEY:-./ssl/certs/dummy/client_key}
|
||||
source: ${MG_ADDONS_CERTS_PATH_PREFIX}${MG_THINGS_AUTH_GRPC_CLIENT_KEY:-ssl/certs/dummy/client_key}
|
||||
target: /things-grpc-client${MG_THINGS_AUTH_GRPC_CLIENT_KEY:+.key}
|
||||
bind:
|
||||
create_host_path: true
|
||||
- type: bind
|
||||
source: ${MG_ADDONS_CERTS_PATH_PREFIX}${MG_THINGS_AUTH_GRPC_SERVER_CA_CERTS:-./ssl/certs/dummy/server_ca}
|
||||
source: ${MG_ADDONS_CERTS_PATH_PREFIX}${MG_THINGS_AUTH_GRPC_SERVER_CA_CERTS:-ssl/certs/dummy/server_ca}
|
||||
target: /things-grpc-server-ca${MG_THINGS_AUTH_GRPC_SERVER_CA_CERTS:+.crt}
|
||||
bind:
|
||||
create_host_path: true
|
||||
|
||||
@@ -33,9 +33,9 @@ services:
|
||||
MG_THINGS_AUTH_GRPC_SERVER_CA_CERTS: ${MG_THINGS_AUTH_GRPC_SERVER_CA_CERTS:+/things-grpc-server-ca.crt}
|
||||
MG_AUTH_GRPC_URL: ${MG_AUTH_GRPC_URL}
|
||||
MG_AUTH_GRPC_TIMEOUT: ${MG_AUTH_GRPC_TIMEOUT}
|
||||
MG_AUTH_GRPC_CLIENT_CERT: ${MG_AUTH_GRPC_CLIENT_CERT:+/users-grpc-client.crt}
|
||||
MG_AUTH_GRPC_CLIENT_KEY: ${MG_AUTH_GRPC_CLIENT_KEY:+/users-grpc-client.key}
|
||||
MG_AUTH_GRPC_SERVER_CA_CERTS: ${MG_AUTH_GRPC_SERVER_CA_CERTS:+/users-grpc-server-ca.crt}
|
||||
MG_AUTH_GRPC_CLIENT_CERT: ${MG_AUTH_GRPC_CLIENT_CERT:+/auth-grpc-client.crt}
|
||||
MG_AUTH_GRPC_CLIENT_KEY: ${MG_AUTH_GRPC_CLIENT_KEY:+/auth-grpc-client.key}
|
||||
MG_AUTH_GRPC_SERVER_CA_CERTS: ${MG_AUTH_GRPC_SERVER_CA_CERTS:+/auth-grpc-server-ca.crt}
|
||||
MG_SEND_TELEMETRY: ${MG_SEND_TELEMETRY}
|
||||
MG_MONGO_READER_INSTANCE_ID: ${MG_MONGO_READER_INSTANCE_ID}
|
||||
ports:
|
||||
@@ -44,34 +44,35 @@ services:
|
||||
- magistrala-base-net
|
||||
volumes:
|
||||
- ../../ssl/certs:/etc/ssl/certs
|
||||
# Users gRPC client certificates
|
||||
# Auth gRPC client certificates
|
||||
- type: bind
|
||||
source: ${MG_ADDONS_CERTS_PATH_PREFIX}${MG_USERS_GRPC_CLIENT_CERT:-./ssl/certs/dummy/client_cert}
|
||||
target: /users-grpc-client${MG_USERS_GRPC_CLIENT_CERT:+.crt}
|
||||
source: ${MG_ADDONS_CERTS_PATH_PREFIX}${MG_AUTH_GRPC_CLIENT_CERT:-./ssl/certs/dummy/client_cert}
|
||||
target: /auth-grpc-client${MG_AUTH_GRPC_CLIENT_CERT:+.crt}
|
||||
bind:
|
||||
create_host_path: true
|
||||
- type: bind
|
||||
source: ${MG_ADDONS_CERTS_PATH_PREFIX}${MG_USERS_GRPC_CLIENT_KEY:-./ssl/certs/dummy/client_key}
|
||||
target: /users-grpc-client${MG_USERS_GRPC_CLIENT_KEY:+.key}
|
||||
source: ${MG_ADDONS_CERTS_PATH_PREFIX}${MG_AUTH_GRPC_CLIENT_KEY:-./ssl/certs/dummy/client_key}
|
||||
target: /auth-grpc-client${MG_AUTH_GRPC_CLIENT_KEY:+.key}
|
||||
bind:
|
||||
create_host_path: true
|
||||
- type: bind
|
||||
source: ${MG_ADDONS_CERTS_PATH_PREFIX}${MG_USERS_GRPC_SERVER_CA_CERTS:-./ssl/certs/dummy/server_ca}
|
||||
target: /users-grpc-server-ca${MG_USERS_GRPC_SERVER_CA_CERTS:+.crt}
|
||||
source: ${MG_ADDONS_CERTS_PATH_PREFIX}${MG_AUTH_GRPC_SERVER_CA_CERTS:-./ssl/certs/dummy/server_ca}
|
||||
target: /auth-grpc-server-ca${MG_AUTH_GRPC_SERVER_CA_CERTS:+.crt}
|
||||
bind:
|
||||
create_host_path: true
|
||||
# Things gRPC mTLS client certificates
|
||||
- type: bind
|
||||
source: ${MG_ADDONS_CERTS_PATH_PREFIX}${MG_THINGS_AUTH_GRPC_CLIENT_CERT:-./ssl/certs/dummy/client_cert}
|
||||
source: ${MG_ADDONS_CERTS_PATH_PREFIX}${MG_THINGS_AUTH_GRPC_CLIENT_CERT:-ssl/certs/dummy/client_cert}
|
||||
target: /things-grpc-client${MG_THINGS_AUTH_GRPC_CLIENT_CERT:+.crt}
|
||||
bind:
|
||||
create_host_path: true
|
||||
- type: bind
|
||||
source: ${MG_ADDONS_CERTS_PATH_PREFIX}${MG_THINGS_AUTH_GRPC_CLIENT_KEY:-./ssl/certs/dummy/client_key}
|
||||
source: ${MG_ADDONS_CERTS_PATH_PREFIX}${MG_THINGS_AUTH_GRPC_CLIENT_KEY:-ssl/certs/dummy/client_key}
|
||||
target: /things-grpc-client${MG_THINGS_AUTH_GRPC_CLIENT_KEY:+.key}
|
||||
bind:
|
||||
create_host_path: true
|
||||
- type: bind
|
||||
source: ${MG_ADDONS_CERTS_PATH_PREFIX}${MG_THINGS_AUTH_GRPC_SERVER_CA_CERTS:-./ssl/certs/dummy/server_ca}
|
||||
source: ${MG_ADDONS_CERTS_PATH_PREFIX}${MG_THINGS_AUTH_GRPC_SERVER_CA_CERTS:-ssl/certs/dummy/server_ca}
|
||||
target: /things-grpc-server-ca${MG_THINGS_AUTH_GRPC_SERVER_CA_CERTS:+.crt}
|
||||
bind:
|
||||
create_host_path: true
|
||||
|
||||
@@ -39,9 +39,9 @@ services:
|
||||
MG_THINGS_AUTH_GRPC_SERVER_CA_CERTS: ${MG_THINGS_AUTH_GRPC_SERVER_CA_CERTS:+/things-grpc-server-ca.crt}
|
||||
MG_AUTH_GRPC_URL: ${MG_AUTH_GRPC_URL}
|
||||
MG_AUTH_GRPC_TIMEOUT: ${MG_AUTH_GRPC_TIMEOUT}
|
||||
MG_AUTH_GRPC_CLIENT_CERT: ${MG_AUTH_GRPC_CLIENT_CERT:+/users-grpc-client.crt}
|
||||
MG_AUTH_GRPC_CLIENT_KEY: ${MG_AUTH_GRPC_CLIENT_KEY:+/users-grpc-client.key}
|
||||
MG_AUTH_GRPC_SERVER_CA_CERTS: ${MG_AUTH_GRPC_SERVER_CA_CERTS:+/users-grpc-server-ca.crt}
|
||||
MG_AUTH_GRPC_CLIENT_CERT: ${MG_AUTH_GRPC_CLIENT_CERT:+/auth-grpc-client.crt}
|
||||
MG_AUTH_GRPC_CLIENT_KEY: ${MG_AUTH_GRPC_CLIENT_KEY:+/auth-grpc-client.key}
|
||||
MG_AUTH_GRPC_SERVER_CA_CERTS: ${MG_AUTH_GRPC_SERVER_CA_CERTS:+/auth-grpc-server-ca.crt}
|
||||
MG_SEND_TELEMETRY: ${MG_SEND_TELEMETRY}
|
||||
MG_POSTGRES_READER_INSTANCE_ID: ${MG_POSTGRES_READER_INSTANCE_ID}
|
||||
ports:
|
||||
@@ -50,32 +50,33 @@ services:
|
||||
- magistrala-base-net
|
||||
volumes:
|
||||
- type: bind
|
||||
source: ${MG_ADDONS_CERTS_PATH_PREFIX}${MG_USERS_GRPC_CLIENT_CERT:-./ssl/certs/dummy/client_cert}
|
||||
target: /users-grpc-client${MG_USERS_GRPC_CLIENT_CERT:+.crt}
|
||||
source: ${MG_ADDONS_CERTS_PATH_PREFIX}${MG_AUTH_GRPC_CLIENT_CERT:-./ssl/certs/dummy/client_cert}
|
||||
target: /auth-grpc-client${MG_AUTH_GRPC_CLIENT_CERT:+.crt}
|
||||
bind:
|
||||
create_host_path: true
|
||||
- type: bind
|
||||
source: ${MG_ADDONS_CERTS_PATH_PREFIX}${MG_USERS_GRPC_CLIENT_KEY:-./ssl/certs/dummy/client_key}
|
||||
target: /users-grpc-client${MG_USERS_GRPC_CLIENT_KEY:+.key}
|
||||
source: ${MG_ADDONS_CERTS_PATH_PREFIX}${MG_AUTH_GRPC_CLIENT_KEY:-./ssl/certs/dummy/client_key}
|
||||
target: /auth-grpc-client${MG_AUTH_GRPC_CLIENT_KEY:+.key}
|
||||
bind:
|
||||
create_host_path: true
|
||||
- type: bind
|
||||
source: ${MG_ADDONS_CERTS_PATH_PREFIX}${MG_USERS_GRPC_SERVER_CA_CERTS:-./ssl/certs/dummy/server_ca}
|
||||
target: /users-grpc-server-ca${MG_USERS_GRPC_SERVER_CA_CERTS:+.crt}
|
||||
source: ${MG_ADDONS_CERTS_PATH_PREFIX}${MG_AUTH_GRPC_SERVER_CA_CERTS:-./ssl/certs/dummy/server_ca}
|
||||
target: /auth-grpc-server-ca${MG_AUTH_GRPC_SERVER_CA_CERTS:+.crt}
|
||||
bind:
|
||||
create_host_path: true
|
||||
# Things gRPC mTLS client certificates
|
||||
- type: bind
|
||||
source: ${MG_ADDONS_CERTS_PATH_PREFIX}${MG_THINGS_AUTH_GRPC_CLIENT_CERT:-./ssl/certs/dummy/client_cert}
|
||||
source: ${MG_ADDONS_CERTS_PATH_PREFIX}${MG_THINGS_AUTH_GRPC_CLIENT_CERT:-ssl/certs/dummy/client_cert}
|
||||
target: /things-grpc-client${MG_THINGS_AUTH_GRPC_CLIENT_CERT:+.crt}
|
||||
bind:
|
||||
create_host_path: true
|
||||
- type: bind
|
||||
source: ${MG_ADDONS_CERTS_PATH_PREFIX}${MG_THINGS_AUTH_GRPC_CLIENT_KEY:-./ssl/certs/dummy/client_key}
|
||||
source: ${MG_ADDONS_CERTS_PATH_PREFIX}${MG_THINGS_AUTH_GRPC_CLIENT_KEY:-ssl/certs/dummy/client_key}
|
||||
target: /things-grpc-client${MG_THINGS_AUTH_GRPC_CLIENT_KEY:+.key}
|
||||
bind:
|
||||
create_host_path: true
|
||||
- type: bind
|
||||
source: ${MG_ADDONS_CERTS_PATH_PREFIX}${MG_THINGS_AUTH_GRPC_SERVER_CA_CERTS:-./ssl/certs/dummy/server_ca}
|
||||
source: ${MG_ADDONS_CERTS_PATH_PREFIX}${MG_THINGS_AUTH_GRPC_SERVER_CA_CERTS:-ssl/certs/dummy/server_ca}
|
||||
target: /things-grpc-server-ca${MG_THINGS_AUTH_GRPC_SERVER_CA_CERTS:+.crt}
|
||||
bind:
|
||||
create_host_path: true
|
||||
|
||||
@@ -61,9 +61,9 @@ services:
|
||||
MG_SMPP_DST_ADDR_NPI: ${MG_SMPP_DST_ADDR_NPI}
|
||||
MG_AUTH_GRPC_URL: ${MG_AUTH_GRPC_URL}
|
||||
MG_AUTH_GRPC_TIMEOUT: ${MG_AUTH_GRPC_TIMEOUT}
|
||||
MG_AUTH_GRPC_CLIENT_CERT: ${MG_AUTH_GRPC_CLIENT_CERT:+/users-grpc-client.crt}
|
||||
MG_AUTH_GRPC_CLIENT_KEY: ${MG_AUTH_GRPC_CLIENT_KEY:+/users-grpc-client.key}
|
||||
MG_AUTH_GRPC_SERVER_CA_CERTS: ${MG_AUTH_GRPC_SERVER_CA_CERTS:+/users-grpc-server-ca.crt}
|
||||
MG_AUTH_GRPC_CLIENT_CERT: ${MG_AUTH_GRPC_CLIENT_CERT:+/auth-grpc-client.crt}
|
||||
MG_AUTH_GRPC_CLIENT_KEY: ${MG_AUTH_GRPC_CLIENT_KEY:+/auth-grpc-client.key}
|
||||
MG_AUTH_GRPC_SERVER_CA_CERTS: ${MG_AUTH_GRPC_SERVER_CA_CERTS:+/auth-grpc-server-ca.crt}
|
||||
MG_MESSAGE_BROKER_URL: ${MG_MESSAGE_BROKER_URL}
|
||||
MG_JAEGER_URL: ${MG_JAEGER_URL}
|
||||
MG_JAEGER_TRACE_RATIO: ${MG_JAEGER_TRACE_RATIO}
|
||||
@@ -75,19 +75,19 @@ services:
|
||||
- magistrala-base-net
|
||||
volumes:
|
||||
- ./config.toml:/config.toml
|
||||
# Users gRPC client certificates
|
||||
# Auth gRPC client certificates
|
||||
- type: bind
|
||||
source: ${MG_ADDONS_CERTS_PATH_PREFIX}${MG_USERS_GRPC_CLIENT_CERT:-./ssl/certs/dummy/client_cert}
|
||||
target: /users-grpc-client${MG_USERS_GRPC_CLIENT_CERT:+.crt}
|
||||
source: ${MG_ADDONS_CERTS_PATH_PREFIX}${MG_AUTH_GRPC_CLIENT_CERT:-./ssl/certs/dummy/client_cert}
|
||||
target: /auth-grpc-client${MG_AUTH_GRPC_CLIENT_CERT:+.crt}
|
||||
bind:
|
||||
create_host_path: true
|
||||
- type: bind
|
||||
source: ${MG_ADDONS_CERTS_PATH_PREFIX}${MG_USERS_GRPC_CLIENT_KEY:-./ssl/certs/dummy/client_key}
|
||||
target: /users-grpc-client${MG_USERS_GRPC_CLIENT_KEY:+.key}
|
||||
source: ${MG_ADDONS_CERTS_PATH_PREFIX}${MG_AUTH_GRPC_CLIENT_KEY:-./ssl/certs/dummy/client_key}
|
||||
target: /auth-grpc-client${MG_AUTH_GRPC_CLIENT_KEY:+.key}
|
||||
bind:
|
||||
create_host_path: true
|
||||
- type: bind
|
||||
source: ${MG_ADDONS_CERTS_PATH_PREFIX}${MG_USERS_GRPC_SERVER_CA_CERTS:-./ssl/certs/dummy/server_ca}
|
||||
target: /users-grpc-server-ca${MG_USERS_GRPC_SERVER_CA_CERTS:+.crt}
|
||||
source: ${MG_ADDONS_CERTS_PATH_PREFIX}${MG_AUTH_GRPC_SERVER_CA_CERTS:-./ssl/certs/dummy/server_ca}
|
||||
target: /auth-grpc-server-ca${MG_AUTH_GRPC_SERVER_CA_CERTS:+.crt}
|
||||
bind:
|
||||
create_host_path: true
|
||||
|
||||
@@ -53,9 +53,9 @@ services:
|
||||
MG_SMTP_NOTIFIER_DB_SSL_ROOT_CERT: ${MG_SMTP_NOTIFIER_DB_SSL_ROOT_CERT}
|
||||
MG_AUTH_GRPC_URL: ${MG_AUTH_GRPC_URL}
|
||||
MG_AUTH_GRPC_TIMEOUT: ${MG_AUTH_GRPC_TIMEOUT}
|
||||
MG_AUTH_GRPC_CLIENT_CERT: ${MG_AUTH_GRPC_CLIENT_CERT:+/users-grpc-client.crt}
|
||||
MG_AUTH_GRPC_CLIENT_KEY: ${MG_AUTH_GRPC_CLIENT_KEY:+/users-grpc-client.key}
|
||||
MG_AUTH_GRPC_SERVER_CA_CERTS: ${MG_AUTH_GRPC_SERVER_CA_CERTS:+/users-grpc-server-ca.crt}
|
||||
MG_AUTH_GRPC_CLIENT_CERT: ${MG_AUTH_GRPC_CLIENT_CERT:+/auth-grpc-client.crt}
|
||||
MG_AUTH_GRPC_CLIENT_KEY: ${MG_AUTH_GRPC_CLIENT_KEY:+/auth-grpc-client.key}
|
||||
MG_AUTH_GRPC_SERVER_CA_CERTS: ${MG_AUTH_GRPC_SERVER_CA_CERTS:+/auth-grpc-server-ca.crt}
|
||||
MG_EMAIL_USERNAME: ${MG_EMAIL_USERNAME}
|
||||
MG_EMAIL_PASSWORD: ${MG_EMAIL_PASSWORD}
|
||||
MG_EMAIL_HOST: ${MG_EMAIL_HOST}
|
||||
@@ -76,17 +76,17 @@ services:
|
||||
- ./config.toml:/config.toml
|
||||
- ../../templates/${MG_SMTP_NOTIFIER_EMAIL_TEMPLATE}:/${MG_SMTP_NOTIFIER_EMAIL_TEMPLATE}
|
||||
- type: bind
|
||||
source: ${MG_ADDONS_CERTS_PATH_PREFIX}${MG_USERS_GRPC_CLIENT_CERT:-./ssl/certs/dummy/client_cert}
|
||||
target: /users-grpc-client${MG_USERS_GRPC_CLIENT_CERT:+.crt}
|
||||
source: ${MG_ADDONS_CERTS_PATH_PREFIX}${MG_AUTH_GRPC_CLIENT_CERT:-./ssl/certs/dummy/client_cert}
|
||||
target: /auth-grpc-client${MG_AUTH_GRPC_CLIENT_CERT:+.crt}
|
||||
bind:
|
||||
create_host_path: true
|
||||
- type: bind
|
||||
source: ${MG_ADDONS_CERTS_PATH_PREFIX}${MG_USERS_GRPC_CLIENT_KEY:-./ssl/certs/dummy/client_key}
|
||||
target: /users-grpc-client${MG_USERS_GRPC_CLIENT_KEY:+.key}
|
||||
source: ${MG_ADDONS_CERTS_PATH_PREFIX}${MG_AUTH_GRPC_CLIENT_KEY:-./ssl/certs/dummy/client_key}
|
||||
target: /auth-grpc-client${MG_AUTH_GRPC_CLIENT_KEY:+.key}
|
||||
bind:
|
||||
create_host_path: true
|
||||
- type: bind
|
||||
source: ${MG_ADDONS_CERTS_PATH_PREFIX}${MG_USERS_GRPC_SERVER_CA_CERTS:-./ssl/certs/dummy/server_ca}
|
||||
target: /users-grpc-server-ca${MG_USERS_GRPC_SERVER_CA_CERTS:+.crt}
|
||||
source: ${MG_ADDONS_CERTS_PATH_PREFIX}${MG_AUTH_GRPC_SERVER_CA_CERTS:-./ssl/certs/dummy/server_ca}
|
||||
target: /auth-grpc-server-ca${MG_AUTH_GRPC_SERVER_CA_CERTS:+.crt}
|
||||
bind:
|
||||
create_host_path: true
|
||||
|
||||
@@ -39,9 +39,9 @@ services:
|
||||
MG_THINGS_AUTH_GRPC_SERVER_CA_CERTS: ${MG_THINGS_AUTH_GRPC_SERVER_CA_CERTS:+/things-grpc-server-ca.crt}
|
||||
MG_AUTH_GRPC_URL: ${MG_AUTH_GRPC_URL}
|
||||
MG_AUTH_GRPC_TIMEOUT: ${MG_AUTH_GRPC_TIMEOUT}
|
||||
MG_AUTH_GRPC_CLIENT_CERT: ${MG_AUTH_GRPC_CLIENT_CERT:+/users-grpc-client.crt}
|
||||
MG_AUTH_GRPC_CLIENT_KEY: ${MG_AUTH_GRPC_CLIENT_KEY:+/users-grpc-client.key}
|
||||
MG_AUTH_GRPC_SERVER_CA_CERTS: ${MG_AUTH_GRPC_SERVER_CA_CERTS:+/users-grpc-server-ca.crt}
|
||||
MG_AUTH_GRPC_CLIENT_CERT: ${MG_AUTH_GRPC_CLIENT_CERT:+/auth-grpc-client.crt}
|
||||
MG_AUTH_GRPC_CLIENT_KEY: ${MG_AUTH_GRPC_CLIENT_KEY:+/auth-grpc-client.key}
|
||||
MG_AUTH_GRPC_SERVER_CA_CERTS: ${MG_AUTH_GRPC_SERVER_CA_CERTS:+/auth-grpc-server-ca.crt}
|
||||
MG_SEND_TELEMETRY: ${MG_SEND_TELEMETRY}
|
||||
MG_TIMESCALE_READER_INSTANCE_ID: ${MG_TIMESCALE_READER_INSTANCE_ID}
|
||||
ports:
|
||||
@@ -50,32 +50,33 @@ services:
|
||||
- magistrala-base-net
|
||||
volumes:
|
||||
- type: bind
|
||||
source: ${MG_ADDONS_CERTS_PATH_PREFIX}${MG_USERS_GRPC_CLIENT_CERT:-./ssl/certs/dummy/client_cert}
|
||||
target: /users-grpc-client${MG_USERS_GRPC_CLIENT_CERT:+.crt}
|
||||
source: ${MG_ADDONS_CERTS_PATH_PREFIX}${MG_AUTH_GRPC_CLIENT_CERT:-./ssl/certs/dummy/client_cert}
|
||||
target: /auth-grpc-client${MG_AUTH_GRPC_CLIENT_CERT:+.crt}
|
||||
bind:
|
||||
create_host_path: true
|
||||
- type: bind
|
||||
source: ${MG_ADDONS_CERTS_PATH_PREFIX}${MG_USERS_GRPC_CLIENT_KEY:-./ssl/certs/dummy/client_key}
|
||||
target: /users-grpc-client${MG_USERS_GRPC_CLIENT_KEY:+.key}
|
||||
source: ${MG_ADDONS_CERTS_PATH_PREFIX}${MG_AUTH_GRPC_CLIENT_KEY:-./ssl/certs/dummy/client_key}
|
||||
target: /auth-grpc-client${MG_AUTH_GRPC_CLIENT_KEY:+.key}
|
||||
bind:
|
||||
create_host_path: true
|
||||
- type: bind
|
||||
source: ${MG_ADDONS_CERTS_PATH_PREFIX}${MG_USERS_GRPC_SERVER_CA_CERTS:-./ssl/certs/dummy/server_ca}
|
||||
target: /users-grpc-server-ca${MG_USERS_GRPC_SERVER_CA_CERTS:+.crt}
|
||||
source: ${MG_ADDONS_CERTS_PATH_PREFIX}${MG_AUTH_GRPC_SERVER_CA_CERTS:-./ssl/certs/dummy/server_ca}
|
||||
target: /auth-grpc-server-ca${MG_AUTH_GRPC_SERVER_CA_CERTS:+.crt}
|
||||
bind:
|
||||
create_host_path: true
|
||||
# Things gRPC mTLS client certificates
|
||||
- type: bind
|
||||
source: ${MG_ADDONS_CERTS_PATH_PREFIX}${MG_THINGS_AUTH_GRPC_CLIENT_CERT:-./ssl/certs/dummy/client_cert}
|
||||
source: ${MG_ADDONS_CERTS_PATH_PREFIX}${MG_THINGS_AUTH_GRPC_CLIENT_CERT:-ssl/certs/dummy/client_cert}
|
||||
target: /things-grpc-client${MG_THINGS_AUTH_GRPC_CLIENT_CERT:+.crt}
|
||||
bind:
|
||||
create_host_path: true
|
||||
- type: bind
|
||||
source: ${MG_ADDONS_CERTS_PATH_PREFIX}${MG_THINGS_AUTH_GRPC_CLIENT_KEY:-./ssl/certs/dummy/client_key}
|
||||
source: ${MG_ADDONS_CERTS_PATH_PREFIX}${MG_THINGS_AUTH_GRPC_CLIENT_KEY:-ssl/certs/dummy/client_key}
|
||||
target: /things-grpc-client${MG_THINGS_AUTH_GRPC_CLIENT_KEY:+.key}
|
||||
bind:
|
||||
create_host_path: true
|
||||
- type: bind
|
||||
source: ${MG_ADDONS_CERTS_PATH_PREFIX}${MG_THINGS_AUTH_GRPC_SERVER_CA_CERTS:-./ssl/certs/dummy/server_ca}
|
||||
source: ${MG_ADDONS_CERTS_PATH_PREFIX}${MG_THINGS_AUTH_GRPC_SERVER_CA_CERTS:-ssl/certs/dummy/server_ca}
|
||||
target: /things-grpc-server-ca${MG_THINGS_AUTH_GRPC_SERVER_CA_CERTS:+.crt}
|
||||
bind:
|
||||
create_host_path: true
|
||||
|
||||
@@ -60,9 +60,9 @@ services:
|
||||
MG_TWINS_DB_NAME: ${MG_TWINS_DB_NAME}
|
||||
MG_AUTH_GRPC_URL: ${MG_AUTH_GRPC_URL}
|
||||
MG_AUTH_GRPC_TIMEOUT: ${MG_AUTH_GRPC_TIMEOUT}
|
||||
MG_AUTH_GRPC_CLIENT_CERT: ${MG_AUTH_GRPC_CLIENT_CERT:+/users-grpc-client.crt}
|
||||
MG_AUTH_GRPC_CLIENT_KEY: ${MG_AUTH_GRPC_CLIENT_KEY:+/users-grpc-client.key}
|
||||
MG_AUTH_GRPC_SERVER_CA_CERTS: ${MG_AUTH_GRPC_SERVER_CA_CERTS:+/users-grpc-server-ca.crt}
|
||||
MG_AUTH_GRPC_CLIENT_CERT: ${MG_AUTH_GRPC_CLIENT_CERT:+/auth-grpc-client.crt}
|
||||
MG_AUTH_GRPC_CLIENT_KEY: ${MG_AUTH_GRPC_CLIENT_KEY:+/auth-grpc-client.key}
|
||||
MG_AUTH_GRPC_SERVER_CA_CERTS: ${MG_AUTH_GRPC_SERVER_CA_CERTS:+/auth-grpc-server-ca.crt}
|
||||
MG_MESSAGE_BROKER_URL: ${MG_MESSAGE_BROKER_URL}
|
||||
MG_JAEGER_URL: ${MG_JAEGER_URL}
|
||||
MG_JAEGER_TRACE_RATIO: ${MG_JAEGER_TRACE_RATIO}
|
||||
@@ -77,17 +77,17 @@ services:
|
||||
- twins-redis
|
||||
volumes:
|
||||
- type: bind
|
||||
source: ${MG_ADDONS_CERTS_PATH_PREFIX}${MG_USERS_GRPC_CLIENT_CERT:-./ssl/certs/dummy/client_cert}
|
||||
target: /users-grpc-client${MG_USERS_GRPC_CLIENT_CERT:+.crt}
|
||||
source: ${MG_ADDONS_CERTS_PATH_PREFIX}${MG_AUTH_GRPC_CLIENT_CERT:-./ssl/certs/dummy/client_cert}
|
||||
target: /auth-grpc-client${MG_AUTH_GRPC_CLIENT_CERT:+.crt}
|
||||
bind:
|
||||
create_host_path: true
|
||||
- type: bind
|
||||
source: ${MG_ADDONS_CERTS_PATH_PREFIX}${MG_USERS_GRPC_CLIENT_KEY:-./ssl/certs/dummy/client_key}
|
||||
target: /users-grpc-client${MG_USERS_GRPC_CLIENT_KEY:+.key}
|
||||
source: ${MG_ADDONS_CERTS_PATH_PREFIX}${MG_AUTH_GRPC_CLIENT_KEY:-./ssl/certs/dummy/client_key}
|
||||
target: /auth-grpc-client${MG_AUTH_GRPC_CLIENT_KEY:+.key}
|
||||
bind:
|
||||
create_host_path: true
|
||||
- type: bind
|
||||
source: ${MG_ADDONS_CERTS_PATH_PREFIX}${MG_USERS_GRPC_SERVER_CA_CERTS:-./ssl/certs/dummy/server_ca}
|
||||
target: /users-grpc-server-ca${MG_USERS_GRPC_SERVER_CA_CERTS:+.crt}
|
||||
source: ${MG_ADDONS_CERTS_PATH_PREFIX}${MG_AUTH_GRPC_SERVER_CA_CERTS:-./ssl/certs/dummy/server_ca}
|
||||
target: /auth-grpc-server-ca${MG_AUTH_GRPC_SERVER_CA_CERTS:+.crt}
|
||||
bind:
|
||||
create_host_path: true
|
||||
|
||||
+54
-43
@@ -137,7 +137,27 @@ services:
|
||||
- magistrala-base-net
|
||||
volumes:
|
||||
- ./spicedb/schema.zed:${MG_SPICEDB_SCHEMA_FILE}
|
||||
|
||||
# Auth gRPC mTLS server certificates
|
||||
- type: bind
|
||||
source: ${MG_AUTH_GRPC_SERVER_CERT:-ssl/certs/dummy/server_cert}
|
||||
target: /auth-grpc-server${MG_AUTH_GRPC_SERVER_CERT:+.crt}
|
||||
bind:
|
||||
create_host_path: true
|
||||
- type: bind
|
||||
source: ${MG_AUTH_GRPC_SERVER_KEY:-ssl/certs/dummy/server_key}
|
||||
target: /auth-grpc-server${MG_AUTH_GRPC_SERVER_KEY:+.key}
|
||||
bind:
|
||||
create_host_path: true
|
||||
- type: bind
|
||||
source: ${MG_AUTH_GRPC_SERVER_CA_CERTS:-ssl/certs/dummy/server_ca_certs}
|
||||
target: /auth-grpc-server-ca${MG_AUTH_GRPC_SERVER_CA_CERTS:+.crt}
|
||||
bind:
|
||||
create_host_path: true
|
||||
- type: bind
|
||||
source: ${MG_AUTH_GRPC_CLIENT_CA_CERTS:-ssl/certs/dummy/client_ca_certs}
|
||||
target: /auth-grpc-client-ca${MG_AUTH_GRPC_CLIENT_CA_CERTS:+.crt}
|
||||
bind:
|
||||
create_host_path: true
|
||||
nginx:
|
||||
image: nginx:1.23.3-alpine
|
||||
container_name: magistrala-nginx
|
||||
@@ -229,9 +249,9 @@ services:
|
||||
MG_THINGS_DB_SSL_ROOT_CERT: ${MG_THINGS_DB_SSL_ROOT_CERT}
|
||||
MG_AUTH_GRPC_URL: ${MG_AUTH_GRPC_URL}
|
||||
MG_AUTH_GRPC_TIMEOUT: ${MG_AUTH_GRPC_TIMEOUT}
|
||||
MG_AUTH_GRPC_CLIENT_CERT: ${MG_AUTH_GRPC_CLIENT_CERT:+/users-grpc-client.crt}
|
||||
MG_AUTH_GRPC_CLIENT_KEY: ${MG_AUTH_GRPC_CLIENT_KEY:+/users-grpc-client.key}
|
||||
MG_AUTH_GRPC_SERVER_CA_CERTS: ${MG_AUTH_GRPC_SERVER_CA_CERTS:+/users-grpc-server-ca.crt}
|
||||
MG_AUTH_GRPC_CLIENT_CERT: ${MG_AUTH_GRPC_CLIENT_CERT:+/auth-grpc-client.crt}
|
||||
MG_AUTH_GRPC_CLIENT_KEY: ${MG_AUTH_GRPC_CLIENT_KEY:+/auth-grpc-client.key}
|
||||
MG_AUTH_GRPC_SERVER_CA_CERTS: ${MG_AUTH_GRPC_SERVER_CA_CERTS:+/auth-grpc-server-ca.crt}
|
||||
MG_JAEGER_URL: ${MG_JAEGER_URL}
|
||||
MG_JAEGER_TRACE_RATIO: ${MG_JAEGER_TRACE_RATIO}
|
||||
MG_SEND_TELEMETRY: ${MG_SEND_TELEMETRY}
|
||||
@@ -262,20 +282,20 @@ services:
|
||||
target: /things-grpc-client-ca${MG_THINGS_AUTH_GRPC_CLIENT_CA_CERTS:+.crt}
|
||||
bind:
|
||||
create_host_path: true
|
||||
# Users gRPC client certificates
|
||||
# Auth gRPC client certificates
|
||||
- type: bind
|
||||
source: ${MG_USERS_GRPC_CLIENT_CERT:-ssl/certs/dummy/client_cert}
|
||||
target: /users-grpc-client${MG_USERS_GRPC_CLIENT_CERT:+.crt}
|
||||
source: ${MG_AUTH_GRPC_CLIENT_CERT:-ssl/certs/dummy/client_cert}
|
||||
target: /auth-grpc-client${MG_AUTH_GRPC_CLIENT_CERT:+.crt}
|
||||
bind:
|
||||
create_host_path: true
|
||||
- type: bind
|
||||
source: ${MG_USERS_GRPC_CLIENT_KEY:-ssl/certs/dummy/client_key}
|
||||
target: /users-grpc-client${MG_USERS_GRPC_CLIENT_KEY:+.key}
|
||||
source: ${MG_AUTH_GRPC_CLIENT_KEY:-ssl/certs/dummy/client_key}
|
||||
target: /auth-grpc-client${MG_AUTH_GRPC_CLIENT_KEY:+.key}
|
||||
bind:
|
||||
create_host_path: true
|
||||
- type: bind
|
||||
source: ${MG_USERS_GRPC_SERVER_CA_CERTS:-ssl/certs/dummy/server_ca}
|
||||
target: /users-grpc-server-ca${MG_USERS_GRPC_SERVER_CA_CERTS:+.crt}
|
||||
source: ${MG_AUTH_GRPC_SERVER_CA_CERTS:-ssl/certs/dummy/server_ca}
|
||||
target: /auth-grpc-server-ca${MG_AUTH_GRPC_SERVER_CA_CERTS:+.crt}
|
||||
bind:
|
||||
create_host_path: true
|
||||
|
||||
@@ -315,12 +335,6 @@ services:
|
||||
MG_USERS_HTTP_PORT: ${MG_USERS_HTTP_PORT}
|
||||
MG_USERS_HTTP_SERVER_CERT: ${MG_USERS_HTTP_SERVER_CERT}
|
||||
MG_USERS_HTTP_SERVER_KEY: ${MG_USERS_HTTP_SERVER_KEY}
|
||||
MG_USERS_GRPC_HOST: ${MG_USERS_GRPC_HOST}
|
||||
MG_USERS_GRPC_PORT: ${MG_USERS_GRPC_PORT}
|
||||
MG_USERS_GRPC_SERVER_CERT: ${MG_USERS_GRPC_SERVER_CERT:+/users-grpc-server.crt}
|
||||
MG_USERS_GRPC_SERVER_KEY: ${MG_USERS_GRPC_SERVER_KEY:+/users-grpc-server.key}
|
||||
MG_USERS_GRPC_SERVER_CA_CERTS: ${MG_USERS_GRPC_SERVER_CA_CERTS:+/users-grpc-server-ca.crt}
|
||||
MG_USERS_GRPC_CLIENT_CA_CERTS: ${MG_USERS_GRPC_CLIENT_CA_CERTS:+/users-grpc-client-ca.crt}
|
||||
MG_USERS_DB_HOST: ${MG_USERS_DB_HOST}
|
||||
MG_USERS_DB_PORT: ${MG_USERS_DB_PORT}
|
||||
MG_USERS_DB_USER: ${MG_USERS_DB_USER}
|
||||
@@ -344,32 +358,29 @@ services:
|
||||
MG_SEND_TELEMETRY: ${MG_SEND_TELEMETRY}
|
||||
MG_AUTH_GRPC_URL: ${MG_AUTH_GRPC_URL}
|
||||
MG_AUTH_GRPC_TIMEOUT: ${MG_AUTH_GRPC_TIMEOUT}
|
||||
MG_AUTH_GRPC_CLIENT_CERT: ${MG_AUTH_GRPC_CLIENT_CERT:+/auth-grpc-client.crt}
|
||||
MG_AUTH_GRPC_CLIENT_KEY: ${MG_AUTH_GRPC_CLIENT_KEY:+/auth-grpc-client.key}
|
||||
MG_AUTH_GRPC_SERVER_CA_CERTS: ${MG_AUTH_GRPC_SERVER_CA_CERTS:+/auth-grpc-server-ca.crt}
|
||||
ports:
|
||||
- ${MG_USERS_HTTP_PORT}:${MG_USERS_HTTP_PORT}
|
||||
- ${MG_USERS_GRPC_PORT}:${MG_USERS_GRPC_PORT}
|
||||
networks:
|
||||
- magistrala-base-net
|
||||
volumes:
|
||||
- ./templates/${MG_USERS_RESET_PWD_TEMPLATE}:/email.tmpl
|
||||
# Users gRPC mTLS server certificates
|
||||
# Auth gRPC client certificates
|
||||
- type: bind
|
||||
source: ${MG_USERS_GRPC_SERVER_CERT:-ssl/certs/dummy/server_cert}
|
||||
target: /users-grpc-server${MG_USERS_GRPC_SERVER_CERT:+.crt}
|
||||
source: ${MG_AUTH_GRPC_CLIENT_CERT:-ssl/certs/dummy/client_cert}
|
||||
target: /auth-grpc-client${MG_AUTH_GRPC_CLIENT_CERT:+.crt}
|
||||
bind:
|
||||
create_host_path: true
|
||||
- type: bind
|
||||
source: ${MG_USERS_GRPC_SERVER_KEY:-ssl/certs/dummy/server_key}
|
||||
target: /users-grpc-server${MG_USERS_GRPC_SERVER_KEY:+.key}
|
||||
source: ${MG_AUTH_GRPC_CLIENT_KEY:-ssl/certs/dummy/client_key}
|
||||
target: /auth-grpc-client${MG_AUTH_GRPC_CLIENT_KEY:+.key}
|
||||
bind:
|
||||
create_host_path: true
|
||||
- type: bind
|
||||
source: ${MG_USERS_GRPC_SERVER_CA_CERTS:-ssl/certs/dummy/server_ca_certs}
|
||||
target: /users-grpc-server-ca${MG_USERS_GRPC_SERVER_CA_CERTS:+.crt}
|
||||
bind:
|
||||
create_host_path: true
|
||||
- type: bind
|
||||
source: ${MG_USERS_GRPC_CLIENT_CA_CERTS:-ssl/certs/dummy/client_ca_certs}
|
||||
target: /users-grpc-client-ca${MG_USERS_GRPC_CLIENT_CA_CERTS:+.crt}
|
||||
source: ${MG_AUTH_GRPC_SERVER_CA_CERTS:-ssl/certs/dummy/server_ca}
|
||||
target: /auth-grpc-server-ca${MG_AUTH_GRPC_SERVER_CA_CERTS:+.crt}
|
||||
bind:
|
||||
create_host_path: true
|
||||
|
||||
@@ -421,17 +432,17 @@ services:
|
||||
# Things gRPC mTLS client certificates
|
||||
- type: bind
|
||||
source: ${MG_THINGS_AUTH_GRPC_CLIENT_CERT:-ssl/certs/dummy/client_cert}
|
||||
target: /client${MG_THINGS_AUTH_GRPC_CLIENT_CERT:+.crt}
|
||||
target: /things-grpc-client${MG_THINGS_AUTH_GRPC_CLIENT_CERT:+.crt}
|
||||
bind:
|
||||
create_host_path: true
|
||||
- type: bind
|
||||
source: ${MG_THINGS_AUTH_GRPC_CLIENT_KEY:-ssl/certs/dummy/client_key}
|
||||
target: /client${MG_THINGS_AUTH_GRPC_CLIENT_KEY:+.key}
|
||||
target: /things-grpc-client${MG_THINGS_AUTH_GRPC_CLIENT_KEY:+.key}
|
||||
bind:
|
||||
create_host_path: true
|
||||
- type: bind
|
||||
source: ${MG_THINGS_AUTH_GRPC_SERVER_CA_CERTS:-ssl/certs/dummy/server_ca}
|
||||
target: /server_ca${MG_THINGS_AUTH_GRPC_SERVER_CA_CERTS:+.crt}
|
||||
target: /things-grpc-server-ca${MG_THINGS_AUTH_GRPC_SERVER_CA_CERTS:+.crt}
|
||||
bind:
|
||||
create_host_path: true
|
||||
|
||||
@@ -466,17 +477,17 @@ services:
|
||||
# Things gRPC mTLS client certificates
|
||||
- type: bind
|
||||
source: ${MG_THINGS_AUTH_GRPC_CLIENT_CERT:-ssl/certs/dummy/client_cert}
|
||||
target: /client${MG_THINGS_AUTH_GRPC_CLIENT_CERT:+.crt}
|
||||
target: /things-grpc-client${MG_THINGS_AUTH_GRPC_CLIENT_CERT:+.crt}
|
||||
bind:
|
||||
create_host_path: true
|
||||
- type: bind
|
||||
source: ${MG_THINGS_AUTH_GRPC_CLIENT_KEY:-ssl/certs/dummy/client_key}
|
||||
target: /client${MG_THINGS_AUTH_GRPC_CLIENT_KEY:+.key}
|
||||
target: /things-grpc-client${MG_THINGS_AUTH_GRPC_CLIENT_KEY:+.key}
|
||||
bind:
|
||||
create_host_path: true
|
||||
- type: bind
|
||||
source: ${MG_THINGS_AUTH_GRPC_SERVER_CA_CERTS:-ssl/certs/dummy/server_ca}
|
||||
target: /server_ca${MG_THINGS_AUTH_GRPC_SERVER_CA_CERTS:+.crt}
|
||||
target: /things-grpc-server-ca${MG_THINGS_AUTH_GRPC_SERVER_CA_CERTS:+.crt}
|
||||
bind:
|
||||
create_host_path: true
|
||||
|
||||
@@ -513,20 +524,20 @@ services:
|
||||
networks:
|
||||
- magistrala-base-net
|
||||
volumes:
|
||||
## Things gRPC mTLS client certificates
|
||||
# Things gRPC mTLS client certificates
|
||||
- type: bind
|
||||
source: ${MG_THINGS_AUTH_GRPC_CLIENT_CERT:-ssl/certs/dummy/client_cert}
|
||||
target: /client${MG_THINGS_AUTH_GRPC_CLIENT_CERT:+.crt}
|
||||
target: /things-grpc-client${MG_THINGS_AUTH_GRPC_CLIENT_CERT:+.crt}
|
||||
bind:
|
||||
create_host_path: true
|
||||
- type: bind
|
||||
source: ${MG_THINGS_AUTH_GRPC_CLIENT_KEY:-ssl/certs/dummy/client_key}
|
||||
target: /client${MG_THINGS_AUTH_GRPC_CLIENT_KEY:+.key}
|
||||
target: /things-grpc-client${MG_THINGS_AUTH_GRPC_CLIENT_KEY:+.key}
|
||||
bind:
|
||||
create_host_path: true
|
||||
- type: bind
|
||||
source: ${MG_THINGS_AUTH_GRPC_SERVER_CA_CERTS:-ssl/certs/dummy/server_ca}
|
||||
target: /server_ca${MG_THINGS_AUTH_GRPC_SERVER_CA_CERTS:+.crt}
|
||||
target: /things-grpc-server-ca${MG_THINGS_AUTH_GRPC_SERVER_CA_CERTS:+.crt}
|
||||
bind:
|
||||
create_host_path: true
|
||||
|
||||
@@ -561,16 +572,16 @@ services:
|
||||
# Things gRPC mTLS client certificates
|
||||
- type: bind
|
||||
source: ${MG_THINGS_AUTH_GRPC_CLIENT_CERT:-ssl/certs/dummy/client_cert}
|
||||
target: /client${MG_THINGS_AUTH_GRPC_CLIENT_CERT:+.crt}
|
||||
target: /things-grpc-client${MG_THINGS_AUTH_GRPC_CLIENT_CERT:+.crt}
|
||||
bind:
|
||||
create_host_path: true
|
||||
- type: bind
|
||||
source: ${MG_THINGS_AUTH_GRPC_CLIENT_KEY:-ssl/certs/dummy/client_key}
|
||||
target: /client${MG_THINGS_AUTH_GRPC_CLIENT_KEY:+.key}
|
||||
target: /things-grpc-client${MG_THINGS_AUTH_GRPC_CLIENT_KEY:+.key}
|
||||
bind:
|
||||
create_host_path: true
|
||||
- type: bind
|
||||
source: ${MG_THINGS_AUTH_GRPC_SERVER_CA_CERTS:-ssl/certs/dummy/server_ca}
|
||||
target: /server_ca${MG_THINGS_AUTH_GRPC_SERVER_CA_CERTS:+.crt}
|
||||
target: /things-grpc-server-ca${MG_THINGS_AUTH_GRPC_SERVER_CA_CERTS:+.crt}
|
||||
bind:
|
||||
create_host_path: true
|
||||
|
||||
+26
-26
@@ -16,12 +16,12 @@ THINGS_GRPC_SERVER_CN=things
|
||||
THINGS_GRPC_CLIENT_CN=things-client
|
||||
THINGS_GRPC_SERVER_CRT_FILE_NAME=things-grpc-server
|
||||
THINGS_GRPC_CLIENT_CRT_FILE_NAME=things-grpc-client
|
||||
USERS_GRPC_SERVER_CONF_FILE_NAME=users-grpc-server.conf
|
||||
USERS_GRPC_CLIENT_CONF_FILE_NAME=users-grpc-client.conf
|
||||
USERS_GRPC_SERVER_CN=users
|
||||
USERS_GRPC_CLIENT_CN=users-client
|
||||
USERS_GRPC_SERVER_CRT_FILE_NAME=users-grpc-server
|
||||
USERS_GRPC_CLIENT_CRT_FILE_NAME=users-grpc-client
|
||||
AUTH_GRPC_SERVER_CONF_FILE_NAME=auth-grpc-server.conf
|
||||
AUTH_GRPC_CLIENT_CONF_FILE_NAME=auth-grpc-client.conf
|
||||
AUTH_GRPC_SERVER_CN=auth
|
||||
AUTH_GRPC_CLIENT_CN=auth-client
|
||||
AUTH_GRPC_SERVER_CRT_FILE_NAME=auth-grpc-server
|
||||
AUTH_GRPC_CLIENT_CRT_FILE_NAME=auth-grpc-client
|
||||
|
||||
define GRPC_CERT_CONFIG
|
||||
[req]
|
||||
@@ -51,7 +51,7 @@ It can be downloaded from $(DOWNLOAD_URL).
|
||||
|
||||
etc, etc.
|
||||
endef
|
||||
all: clean_certs ca server_cert test things_grpc_certs users_grpc_certs
|
||||
all: clean_certs ca server_cert things_grpc_certs auth_grpc_certs
|
||||
|
||||
# CA name and key is "ca".
|
||||
ca:
|
||||
@@ -123,47 +123,47 @@ things_grpc_certs:
|
||||
|
||||
rm -rf $(CRT_LOCATION)/$(THINGS_GRPC_CLIENT_CRT_FILE_NAME).csr $(CRT_LOCATION)/$(THINGS_GRPC_CLIENT_CRT_FILE_NAME).conf
|
||||
|
||||
users_grpc_certs:
|
||||
# Users gRPC server certificate
|
||||
$(file > $(CRT_LOCATION)/$(USERS_GRPC_SERVER_CRT_FILE_NAME).conf,$(subst <<SERVICE_NAME>>,$(USERS_GRPC_SERVER_CN),$(GRPC_CERT_CONFIG)) )
|
||||
auth_grpc_certs:
|
||||
# Auth gRPC server certificate
|
||||
$(file > $(CRT_LOCATION)/$(AUTH_GRPC_SERVER_CRT_FILE_NAME).conf,$(subst <<SERVICE_NAME>>,$(AUTH_GRPC_SERVER_CN),$(GRPC_CERT_CONFIG)) )
|
||||
|
||||
openssl req -new -sha256 -newkey rsa:4096 -nodes \
|
||||
-keyout $(CRT_LOCATION)/$(USERS_GRPC_SERVER_CRT_FILE_NAME).key \
|
||||
-out $(CRT_LOCATION)/$(USERS_GRPC_SERVER_CRT_FILE_NAME).csr \
|
||||
-config $(CRT_LOCATION)/$(USERS_GRPC_SERVER_CRT_FILE_NAME).conf \
|
||||
-keyout $(CRT_LOCATION)/$(AUTH_GRPC_SERVER_CRT_FILE_NAME).key \
|
||||
-out $(CRT_LOCATION)/$(AUTH_GRPC_SERVER_CRT_FILE_NAME).csr \
|
||||
-config $(CRT_LOCATION)/$(AUTH_GRPC_SERVER_CRT_FILE_NAME).conf \
|
||||
-extensions v3_req
|
||||
|
||||
openssl x509 -req -sha256 \
|
||||
-in $(CRT_LOCATION)/$(USERS_GRPC_SERVER_CRT_FILE_NAME).csr \
|
||||
-in $(CRT_LOCATION)/$(AUTH_GRPC_SERVER_CRT_FILE_NAME).csr \
|
||||
-CA $(CRT_LOCATION)/ca.crt \
|
||||
-CAkey $(CRT_LOCATION)/ca.key \
|
||||
-CAcreateserial \
|
||||
-out $(CRT_LOCATION)/$(USERS_GRPC_SERVER_CRT_FILE_NAME).crt \
|
||||
-out $(CRT_LOCATION)/$(AUTH_GRPC_SERVER_CRT_FILE_NAME).crt \
|
||||
-days 365 \
|
||||
-extfile $(CRT_LOCATION)/$(USERS_GRPC_SERVER_CRT_FILE_NAME).conf \
|
||||
-extfile $(CRT_LOCATION)/$(AUTH_GRPC_SERVER_CRT_FILE_NAME).conf \
|
||||
-extensions v3_req
|
||||
|
||||
rm -rf $(CRT_LOCATION)/$(USERS_GRPC_SERVER_CRT_FILE_NAME).csr $(CRT_LOCATION)/$(USERS_GRPC_SERVER_CRT_FILE_NAME).conf
|
||||
# Users gRPC client certificate
|
||||
$(file > $(CRT_LOCATION)/$(USERS_GRPC_CLIENT_CRT_FILE_NAME).conf,$(subst <<SERVICE_NAME>>,$(USERS_GRPC_CLIENT_CN),$(GRPC_CERT_CONFIG)) )
|
||||
rm -rf $(CRT_LOCATION)/$(AUTH_GRPC_SERVER_CRT_FILE_NAME).csr $(CRT_LOCATION)/$(AUTH_GRPC_SERVER_CRT_FILE_NAME).conf
|
||||
# Auth gRPC client certificate
|
||||
$(file > $(CRT_LOCATION)/$(AUTH_GRPC_CLIENT_CRT_FILE_NAME).conf,$(subst <<SERVICE_NAME>>,$(AUTH_GRPC_CLIENT_CN),$(GRPC_CERT_CONFIG)) )
|
||||
|
||||
openssl req -new -sha256 -newkey rsa:4096 -nodes \
|
||||
-keyout $(CRT_LOCATION)/$(USERS_GRPC_CLIENT_CRT_FILE_NAME).key \
|
||||
-out $(CRT_LOCATION)/$(USERS_GRPC_CLIENT_CRT_FILE_NAME).csr \
|
||||
-config $(CRT_LOCATION)/$(USERS_GRPC_CLIENT_CRT_FILE_NAME).conf \
|
||||
-keyout $(CRT_LOCATION)/$(AUTH_GRPC_CLIENT_CRT_FILE_NAME).key \
|
||||
-out $(CRT_LOCATION)/$(AUTH_GRPC_CLIENT_CRT_FILE_NAME).csr \
|
||||
-config $(CRT_LOCATION)/$(AUTH_GRPC_CLIENT_CRT_FILE_NAME).conf \
|
||||
-extensions v3_req
|
||||
|
||||
openssl x509 -req -sha256 \
|
||||
-in $(CRT_LOCATION)/$(USERS_GRPC_CLIENT_CRT_FILE_NAME).csr \
|
||||
-in $(CRT_LOCATION)/$(AUTH_GRPC_CLIENT_CRT_FILE_NAME).csr \
|
||||
-CA $(CRT_LOCATION)/ca.crt \
|
||||
-CAkey $(CRT_LOCATION)/ca.key \
|
||||
-CAcreateserial \
|
||||
-out $(CRT_LOCATION)/$(USERS_GRPC_CLIENT_CRT_FILE_NAME).crt \
|
||||
-out $(CRT_LOCATION)/$(AUTH_GRPC_CLIENT_CRT_FILE_NAME).crt \
|
||||
-days 365 \
|
||||
-extfile $(CRT_LOCATION)/$(USERS_GRPC_CLIENT_CRT_FILE_NAME).conf \
|
||||
-extfile $(CRT_LOCATION)/$(AUTH_GRPC_CLIENT_CRT_FILE_NAME).conf \
|
||||
-extensions v3_req
|
||||
|
||||
rm -rf $(CRT_LOCATION)/$(USERS_GRPC_CLIENT_CRT_FILE_NAME).csr $(CRT_LOCATION)/$(USERS_GRPC_CLIENT_CRT_FILE_NAME).conf
|
||||
rm -rf $(CRT_LOCATION)/$(AUTH_GRPC_CLIENT_CRT_FILE_NAME).csr $(CRT_LOCATION)/$(AUTH_GRPC_CLIENT_CRT_FILE_NAME).conf
|
||||
|
||||
clean_certs:
|
||||
rm -r $(CRT_LOCATION)/*.crt
|
||||
|
||||
@@ -24,10 +24,10 @@ default values.
|
||||
| MG_THINGS_AUTH_GRPC_TIMEOUT | Things service Auth gRPC request timeout in seconds | 1 |
|
||||
| MG_THINGS_AUTH_GRPC_CLIENT_TLS | Things service Auth gRPC TLS enabled | false |
|
||||
| MG_THINGS_AUTH_GRPC_CA_CERTS | Things service Auth gRPC CA certificates | "" |
|
||||
| MG_AUTH_GRPC_URL | Users service gRPC URL | localhost:7001 |
|
||||
| MG_AUTH_GRPC_TIMEOUT | Users service gRPC request timeout in seconds | 1s |
|
||||
| MG_AUTH_GRPC_CLIENT_TLS | Users service gRPC TLS enabled | false |
|
||||
| MG_AUTH_GRPC_CA_CERT | Users service gRPC CA certificates | "" |
|
||||
| MG_AUTH_GRPC_URL | Auth service gRPC URL | localhost:7001 |
|
||||
| MG_AUTH_GRPC_TIMEOUT | Auth service gRPC request timeout in seconds | 1s |
|
||||
| MG_AUTH_GRPC_CLIENT_TLS | Auth service gRPC TLS enabled | false |
|
||||
| MG_AUTH_GRPC_CA_CERT | Auth service gRPC CA certificates | "" |
|
||||
| MG_JAEGER_URL | Jaeger server URL | http://jaeger:14268/api/traces |
|
||||
| MG_SEND_TELEMETRY | Send telemetry to magistrala call home server | true |
|
||||
| MG_CASSANDRA_READER_INSTANCE_ID | Cassandra Reader instance ID | "" |
|
||||
@@ -66,10 +66,10 @@ MG_THINGS_AUTH_GRPC_URL=[Things service Auth gRPC URL] \
|
||||
MG_THINGS_AUTH_GRPC_TIMEOUT=[Things service Auth gRPC request timeout in seconds] \
|
||||
MG_THINGS_AUTH_GRPC_CLIENT_TLS=[Things service Auth gRPC TLS enabled] \
|
||||
MG_THINGS_AUTH_GRPC_CA_CERTS=[Things service Auth gRPC CA certificates] \
|
||||
MG_AUTH_GRPC_URL=[Users service gRPC URL] \
|
||||
MG_AUTH_GRPC_TIMEOUT=[Users service gRPC request timeout in seconds] \
|
||||
MG_AUTH_GRPC_CLIENT_TLS=[Users service gRPC TLS enabled] \
|
||||
MG_AUTH_GRPC_CA_CERT=[Users service gRPC CA certificates] \
|
||||
MG_AUTH_GRPC_URL=[Auth service gRPC URL] \
|
||||
MG_AUTH_GRPC_TIMEOUT=[Auth service gRPC request timeout in seconds] \
|
||||
MG_AUTH_GRPC_CLIENT_TLS=[Auth service gRPC TLS enabled] \
|
||||
MG_AUTH_GRPC_CA_CERT=[Auth service gRPC CA certificates] \
|
||||
MG_JAEGER_URL=[Jaeger server URL] \
|
||||
MG_SEND_TELEMETRY=[Send telemetry to magistrala call home server] \
|
||||
MG_CASSANDRA_READER_INSTANCE_ID=[Cassandra Reader instance ID] \
|
||||
|
||||
@@ -32,8 +32,8 @@ default values.
|
||||
| MG_THINGS_AUTH_GRPC_TIMEOUT | Things service Auth gRPC request timeout in seconds | 1s |
|
||||
| MG_THINGS_AUTH_GRPC_CLIENT_TLS | Flag that indicates if TLS should be turned on | false |
|
||||
| MG_THINGS_AUTH_GRPC_CA_CERTS | Path to trusted CAs in PEM format | "" |
|
||||
| MG_AUTH_GRPC_URL | Users service gRPC URL | localhost:7001 |
|
||||
| MG_AUTH_GRPC_TIMEOUT | Users service gRPC request timeout in seconds | 1s |
|
||||
| MG_AUTH_GRPC_URL | Auth service gRPC URL | localhost:7001 |
|
||||
| MG_AUTH_GRPC_TIMEOUT | Auth service gRPC request timeout in seconds | 1s |
|
||||
| MG_AUTH_GRPC_CLIENT_TLS | Flag that indicates if TLS should be turned on | false |
|
||||
| MG_AUTH_GRPC_CA_CERTS | Path to trusted CAs in PEM format | "" |
|
||||
| MG_JAEGER_URL | Jaeger server URL | http://jaeger:14268/api/traces |
|
||||
@@ -81,8 +81,8 @@ MG_THINGS_AUTH_GRPC_URL=[Things service Auth gRPC URL] \
|
||||
MG_THINGS_AURH_GRPC_TIMEOUT=[Things service Auth gRPC request timeout in seconds] \
|
||||
MG_THINGS_AUTH_GRPC_CLIENT_TLS=[Flag that indicates if TLS should be turned on] \
|
||||
MG_THINGS_AUTH_GRPC_CA_CERTS=[Path to trusted CAs in PEM format] \
|
||||
MG_AUTH_GRPC_URL=[Users service gRPC URL] \
|
||||
MG_AUTH_GRPC_TIMEOUT=[Users service gRPC request timeout in seconds] \
|
||||
MG_AUTH_GRPC_URL=[Auth service gRPC URL] \
|
||||
MG_AUTH_GRPC_TIMEOUT=[Auth service gRPC request timeout in seconds] \
|
||||
MG_AUTH_GRPC_CLIENT_TLS=[Flag that indicates if TLS should be turned on] \
|
||||
MG_AUTH_GRPC_CA_CERTS=[Path to trusted CAs in PEM format] \
|
||||
MG_JAEGER_URL=[Jaeger server URL] \
|
||||
|
||||
@@ -22,8 +22,8 @@ default values.
|
||||
| MG_THINGS_AUTH_GRPC_TIMEOUT | Things service Auth gRPC request timeout in seconds | 1s |
|
||||
| MG_THINGS_AUTH_GRPC_CLIENT_TLS | Flag that indicates if TLS should be turned on | false |
|
||||
| MG_THINGS_AUTH_GRPC_CA_CERTS | Path to trusted CAs in PEM format | "" |
|
||||
| MG_AUTH_GRPC_URL | Users service gRPC URL | localhost:7001 |
|
||||
| MG_AUTH_GRPC_TIMEOUT | Users service gRPC request timeout in seconds | 1s |
|
||||
| MG_AUTH_GRPC_URL | Auth service gRPC URL | localhost:7001 |
|
||||
| MG_AUTH_GRPC_TIMEOUT | Auth service gRPC request timeout in seconds | 1s |
|
||||
| MG_AUTH_GRPC_CLIENT_TLS | Flag that indicates if TLS should be turned on | false |
|
||||
| MG_AUTH_GRPC_CA_CERT | Path to trusted CAs in PEM format | "" |
|
||||
| MG_JAEGER_URL | Jaeger server URL | http://jaeger:14268/api/traces |
|
||||
@@ -62,8 +62,8 @@ MG_THINGS_AUTH_GRPC_URL=[Things service Auth gRPC URL] \
|
||||
MG_THINGS_AUTH_GRPC_TIMEOUT=[Things service Auth gRPC request timeout in seconds] \
|
||||
MG_THINGS_AUTH_GRPC_CLIENT_TLS=[Flag that indicates if TLS should be turned on] \
|
||||
MG_THINGS_AUTH_GRPC_CA_CERTS=[Path to trusted CAs in PEM format] \
|
||||
MG_AUTH_GRPC_URL=[Users service gRPC URL] \
|
||||
MG_AUTH_GRPC_TIMEOUT=[Users service gRPC request timeout in seconds] \
|
||||
MG_AUTH_GRPC_URL=[Auth service gRPC URL] \
|
||||
MG_AUTH_GRPC_TIMEOUT=[Auth service gRPC request timeout in seconds] \
|
||||
MG_AUTH_GRPC_CLIENT_TLS=[Flag that indicates if TLS should be turned on] \
|
||||
MG_AUTH_GRPC_CA_CERT=[Path to trusted CAs in PEM format] \
|
||||
MG_JAEGER_URL=[Jaeger server URL] \
|
||||
|
||||
@@ -28,10 +28,10 @@ default values.
|
||||
| MG_THINGS_AUTH_GRPC_TIMEOUT | Things service Auth gRPC timeout in seconds | 1s |
|
||||
| MG_THINGS_AUTH_GRPC_CLIENT_TLS | Things service Auth gRPC TLS mode flag | false |
|
||||
| MG_THINGS_AUTH_GRPC_CA_CERTS | Things service Auth gRPC CA certificates | "" |
|
||||
| MG_AUTH_GRPC_URL | Users service gRPC URL | localhost:7001 |
|
||||
| MG_AUTH_GRPC_TIMEOUT | Users service gRPC request timeout in seconds | 1s |
|
||||
| MG_AUTH_GRPC_CLIENT_TLS | Users service gRPC TLS mode flag | false |
|
||||
| MG_AUTH_GRPC_CA_CERTS | Users service gRPC CA certificates | "" |
|
||||
| MG_AUTH_GRPC_URL | Auth service gRPC URL | localhost:7001 |
|
||||
| MG_AUTH_GRPC_TIMEOUT | Auth service gRPC request timeout in seconds | 1s |
|
||||
| MG_AUTH_GRPC_CLIENT_TLS | Auth service gRPC TLS mode flag | false |
|
||||
| MG_AUTH_GRPC_CA_CERTS | Auth service gRPC CA certificates | "" |
|
||||
| MG_JAEGER_URL | Jaeger server URL | http://jaeger:14268/api/traces |
|
||||
| MG_SEND_TELEMETRY | Send telemetry to magistrala call home server | true |
|
||||
| MG_POSTGRES_READER_INSTANCE_ID | Postgres reader instance ID | |
|
||||
@@ -74,10 +74,10 @@ MG_THINGS_AUTH_GRPC_URL=[Things service Auth GRPC URL] \
|
||||
MG_THINGS_AUTH_GRPC_TIMEOUT=[Things service Auth gRPC request timeout in seconds] \
|
||||
MG_THINGS_AUTH_GRPC_CLIENT_TLS=[Things service Auth gRPC TLS mode flag] \
|
||||
MG_THINGS_AUTH_GRPC_CA_CERTS=[Things service Auth gRPC CA certificates] \
|
||||
MG_AUTH_GRPC_URL=[Users service gRPC URL] \
|
||||
MG_AUTH_GRPC_TIMEOUT=[Users service gRPC request timeout in seconds] \
|
||||
MG_AUTH_GRPC_CLIENT_TLS=[Users service gRPC TLS mode flag] \
|
||||
MG_AUTH_GRPC_CA_CERTS=[Users service gRPC CA certificates] \
|
||||
MG_AUTH_GRPC_URL=[Auth service gRPC URL] \
|
||||
MG_AUTH_GRPC_TIMEOUT=[Auth service gRPC request timeout in seconds] \
|
||||
MG_AUTH_GRPC_CLIENT_TLS=[Auth service gRPC TLS mode flag] \
|
||||
MG_AUTH_GRPC_CA_CERTS=[Auth service gRPC CA certificates] \
|
||||
MG_JAEGER_URL=[Jaeger server URL] \
|
||||
MG_SEND_TELEMETRY=[Send telemetry to magistrala call home server] \
|
||||
MG_POSTGRES_READER_INSTANCE_ID=[Postgres reader instance ID] \
|
||||
|
||||
@@ -28,10 +28,10 @@ default values.
|
||||
| MG_THINGS_AUTH_GRPC_TIMEOUT | Things service Auth gRPC timeout in seconds | 1s |
|
||||
| MG_THINGS_AUTH_GRPC_CLIENT_TLS | Things service Auth gRPC TLS enabled flag | false |
|
||||
| MG_THINGS_AUTH_GRPC_CA_CERTS | Things service Auth gRPC CA certificates | "" |
|
||||
| MG_AUTH_GRPC_URL | Users service gRPC URL | localhost:7001 |
|
||||
| MG_AUTH_GRPC_TIMEOUT | Users service gRPC timeout in seconds | 1s |
|
||||
| MG_AUTH_GRPC_CLIENT_TLS | Users service gRPC TLS enabled flag | false |
|
||||
| MG_AUTH_GRPC_CA_CERT | Users service gRPC CA certificate | "" |
|
||||
| MG_AUTH_GRPC_URL | Auth service gRPC URL | localhost:7001 |
|
||||
| MG_AUTH_GRPC_TIMEOUT | Auth service gRPC timeout in seconds | 1s |
|
||||
| MG_AUTH_GRPC_CLIENT_TLS | Auth service gRPC TLS enabled flag | false |
|
||||
| MG_AUTH_GRPC_CA_CERT | Auth service gRPC CA certificate | "" |
|
||||
| MG_JAEGER_URL | Jaeger server URL | http://jaeger:14268/api/traces |
|
||||
| MG_SEND_TELEMETRY | Send telemetry to magistrala call home server | true |
|
||||
| MG_TIMESCALE_READER_INSTANCE_ID | Timescale reader instance ID | "" |
|
||||
@@ -73,10 +73,10 @@ MG_THINGS_AUTH_GRPC_URL=[Things service Auth GRPC URL] \
|
||||
MG_THINGS_AUTH_GRPC_TIMEOUT=[Things service Auth gRPC request timeout in seconds] \
|
||||
MG_THINGS_AUTH_GRPC_CLIENT_TLS=[Things service Auth gRPC TLS enabled flag] \
|
||||
MG_THINGS_AUTH_GRPC_CA_CERTS=[Things service Auth gRPC CA certificates] \
|
||||
MG_AUTH_GRPC_URL=[Users service Auth gRPC URL] \
|
||||
MG_AUTH_GRPC_TIMEOUT=[Users service Auth gRPC request timeout in seconds] \
|
||||
MG_AUTH_GRPC_CLIENT_TLS=[Users service Auth gRPC TLS enabled flag] \
|
||||
MG_AUTH_GRPC_CA_CERT=[Users service Auth gRPC CA certificates] \
|
||||
MG_AUTH_GRPC_URL=[Auth service Auth gRPC URL] \
|
||||
MG_AUTH_GRPC_TIMEOUT=[Auth service Auth gRPC request timeout in seconds] \
|
||||
MG_AUTH_GRPC_CLIENT_TLS=[Auth service Auth gRPC TLS enabled flag] \
|
||||
MG_AUTH_GRPC_CA_CERT=[Auth service Auth gRPC CA certificates] \
|
||||
MG_JAEGER_URL=[Jaeger server URL] \
|
||||
MG_SEND_TELEMETRY=[Send telemetry to magistrala call home server] \
|
||||
MG_TIMESCALE_READER_INSTANCE_ID=[Timescale reader instance ID] \
|
||||
|
||||
+6
-6
@@ -41,11 +41,11 @@ default values.
|
||||
| MG_THINGS_ES_URL | Event store URL | <localhost:6379> |
|
||||
| MG_THINGS_ES_PASS | Event store password | "" |
|
||||
| MG_THINGS_ES_DB | Event store instance name | 0 |
|
||||
| MG_THINGS_STANDALONE_ID | User ID for standalone mode (no gRPC communication with users) | "" |
|
||||
| MG_THINGS_STANDALONE_ID | User ID for standalone mode (no gRPC communication with Auth) | "" |
|
||||
| MG_THINGS_STANDALONE_TOKEN | User token for standalone mode that should be passed in auth header | "" |
|
||||
| MG_JAEGER_URL | Jaeger server URL | <http://jaeger:14268/api/traces> |
|
||||
| MG_AUTH_GRPC_URL | Users service gRPC URL | localhost:7001 |
|
||||
| MG_AUTH_GRPC_TIMEOUT | Users service gRPC request timeout in seconds | 1s |
|
||||
| MG_AUTH_GRPC_URL | Auth service gRPC URL | localhost:7001 |
|
||||
| MG_AUTH_GRPC_TIMEOUT | Auth service gRPC request timeout in seconds | 1s |
|
||||
| MG_AUTH_GRPC_CLIENT_TLS | Enable TLS for gRPC client | false |
|
||||
| MG_AUTH_GRPC_CA_CERT | Path to the CA certificate file | "" |
|
||||
| MG_SEND_TELEMETRY | Send telemetry to magistrala call home server. | true |
|
||||
@@ -98,8 +98,8 @@ MG_THINGS_CACHE_URL=[Cache database URL] \
|
||||
MG_THINGS_ES_URL=[Event store URL] \
|
||||
MG_THINGS_ES_PASS=[Event store password] \
|
||||
MG_THINGS_ES_DB=[Event store instance name] \
|
||||
MG_AUTH_GRPC_URL=[Users service gRPC URL] \
|
||||
MG_AUTH_GRPC_TIMEOUT=[Users service gRPC request timeout in seconds] \
|
||||
MG_AUTH_GRPC_URL=[Auth service gRPC URL] \
|
||||
MG_AUTH_GRPC_TIMEOUT=[Auth service gRPC request timeout in seconds] \
|
||||
MG_AUTH_GRPC_CLIENT_TLS=[Enable TLS for gRPC client] \
|
||||
MG_AUTH_GRPC_CA_CERT=[Path to trusted CA certificate file] \
|
||||
MG_JAEGER_URL=[Jaeger server URL] \
|
||||
@@ -108,7 +108,7 @@ MG_THINGS_INSTANCE_ID=[Things instance ID] \
|
||||
$GOBIN/magistrala-things
|
||||
```
|
||||
|
||||
Setting `MG_THINGS_CA_CERTS` expects a file in PEM format of trusted CAs. This will enable TLS against the Users gRPC endpoint trusting only those CAs that are provided.
|
||||
Setting `MG_THINGS_CA_CERTS` expects a file in PEM format of trusted CAs. This will enable TLS against the Auth gRPC endpoint trusting only those CAs that are provided.
|
||||
|
||||
In constrained environments, sometimes it makes sense to run Things service as a standalone to reduce network traffic and simplify deployment. This means that Things service
|
||||
operates only using a single user and is able to authorize it without gRPC communication with Auth service.
|
||||
|
||||
+4
-4
@@ -28,8 +28,8 @@ default values.
|
||||
| MG_TWINS_CA_CERTS | Path to trusted CAs in PEM format | |
|
||||
| MG_TWINS_CHANNEL_ID | Message broker notifications channel ID | |
|
||||
| MG_MESSAGE_BROKER_URL | Magistrala Message broker URL | <nats://localhost:4222> |
|
||||
| MG_AUTH_GRPC_URL | Users service gRPC URL | <localhost:7001> |
|
||||
| MG_AUTH_GRPC_TIMEOUT | Users service gRPC request timeout in seconds | 1s |
|
||||
| MG_AUTH_GRPC_URL | Auth service gRPC URL | <localhost:7001> |
|
||||
| MG_AUTH_GRPC_TIMEOUT | Auth service gRPC request timeout in seconds | 1s |
|
||||
| MG_TWINS_CACHE_URL | Cache database URL | <redis://localhost:6379/0> |
|
||||
| MG_SEND_TELEMETRY | Send telemetry to magistrala call home server | true |
|
||||
|
||||
@@ -68,8 +68,8 @@ MG_TWINS_CLIENT_TLS=[Flag that indicates if TLS should be turned on] \
|
||||
MG_TWINS_CA_CERTS=[Path to trusted CAs in PEM format] \
|
||||
MG_TWINS_CHANNEL_ID=[Message broker notifications channel ID] \
|
||||
MG_MESSAGE_BROKER_URL=[Magistrala Message broker URL] \
|
||||
MG_AUTH_GRPC_URL=[Users service gRPC URL] \
|
||||
MG_AUTH_GRPC_TIMEOUT=[Users service gRPC request timeout in seconds] \
|
||||
MG_AUTH_GRPC_URL=[Auth service gRPC URL] \
|
||||
MG_AUTH_GRPC_TIMEOUT=[Auth service gRPC request timeout in seconds] \
|
||||
MG_TWINS_CACHE_URL=[Cache database URL] \
|
||||
$GOBIN/magistrala-twins
|
||||
```
|
||||
|
||||
Reference in New Issue
Block a user