You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Is your feature request related to a problem? Please describe.
Centrifugo has several places where it allows configuring TLS - in HTTP server, Redis connection, Kafka consumer, GRPC server and client. In the source code though we now use slightly different approach to configure TLS in various parts. I'd like to refactor the configuration a bit to use a single approach to naming and also tweak some TLS related option names. Because currently they are a bit confusing. For example, tls_cert option name should become tls_cert_pem_file. Another idea is to make TLS objects nested to detach TLS configuration objects from config key prefixes, like this:
Revisited TLS configuration struct may look like this:
// TLSConfig is a common configuration for TLS.typeTLSConfigstruct {
// Enabled tells Centrifugo to enable TLS configuration.Enabledbool`mapstructure:"enabled" json:"enabled"`// Configure certificates to present to the other side of the connection.CertPemstring`mapstructure:"cert_pem" json:"cert_pem"`CertPemFilestring`mapstructure:"cert_pem_file" json:"cert_pem_file"`KeyPemstring`mapstructure:"key_pem" json:"key_pem"`KeyPemFilestring`mapstructure:"key_pem_file" json:"key_pem_file"`// Configure the set of root certificate authorities that clients use when verifying// server certificates.RootCAPemstring`mapstructure:"root_ca_pem" json:"root_ca_pem"`RootCAPemFilestring`mapstructure:"root_ca_pem_file" json:"root_ca_pem_file"`// Configure the set of root certificate authorities that servers use to verify// a client certificate.ClientCAPemstring`mapstructure:"client_ca_pem" json:"client_ca_pem"`ClientCAPemFilestring`mapstructure:"client_ca_pem_file" json:"client_ca_pem_file"`InsecureSkipVerifybool`mapstructure:"insecure_skip_verify" json:"insecure_skip_verify"`ServerNamestring`mapstructure:"server_name" json:"server_name"`
}
Also, it seems tls options may be removed from command line flags of Centrifugo.
Finally, maybe we should natively support Base64 encoded PEM too. Like:
Is your feature request related to a problem? Please describe.
Centrifugo has several places where it allows configuring TLS - in HTTP server, Redis connection, Kafka consumer, GRPC server and client. In the source code though we now use slightly different approach to configure TLS in various parts. I'd like to refactor the configuration a bit to use a single approach to naming and also tweak some TLS related option names. Because currently they are a bit confusing. For example,
tls_cert
option name should becometls_cert_pem_file
. Another idea is to make TLS objects nested to detach TLS configuration objects from config key prefixes, like this:Revisited TLS configuration struct may look like this:
Also, it seems tls options may be removed from command line flags of Centrifugo.
Finally, maybe we should natively support Base64 encoded PEM too. Like:
Describe the solution you'd like.
Look at all places where TLS may be configured and use revisited common configuration strategy. This should make configuration cleaner overall.
The text was updated successfully, but these errors were encountered: