fix(api): fix bad gateway when tls is enabled
replace new format of pem file and set tls enabled by default
This commit is contained in:
Alexader
parent
f993df67d5
commit
cd48404394
|
|
@ -4,6 +4,7 @@ import (
|
|||
"context"
|
||||
"fmt"
|
||||
"net/http"
|
||||
"path/filepath"
|
||||
|
||||
"github.com/grpc-ecosystem/grpc-gateway/runtime"
|
||||
"github.com/meshplus/bitxhub-model/pb"
|
||||
|
|
@ -11,6 +12,7 @@ import (
|
|||
"github.com/rs/cors"
|
||||
"github.com/tmc/grpc-websocket-proxy/wsproxy"
|
||||
"google.golang.org/grpc"
|
||||
"google.golang.org/grpc/credentials"
|
||||
)
|
||||
|
||||
func Start(config *repo.Config) error {
|
||||
|
|
@ -28,13 +30,30 @@ func Start(config *repo.Config) error {
|
|||
AllowedOrigins: config.AllowedOrigins,
|
||||
}).Handler(mux)
|
||||
|
||||
opts := []grpc.DialOption{grpc.WithInsecure()}
|
||||
|
||||
endpoint := fmt.Sprintf("localhost:%d", config.Port.Grpc)
|
||||
err := pb.RegisterChainBrokerHandlerFromEndpoint(ctx, mux, endpoint, opts)
|
||||
if err != nil {
|
||||
return err
|
||||
}
|
||||
if config.Security.EnableTLS {
|
||||
pemFilePath := filepath.Join(config.RepoRoot, config.Security.PemFilePath)
|
||||
serverKeyPath := filepath.Join(config.RepoRoot, config.Security.ServerKeyPath)
|
||||
cred, err := credentials.NewServerTLSFromFile(pemFilePath, serverKeyPath)
|
||||
if err != nil {
|
||||
return err
|
||||
}
|
||||
|
||||
return http.ListenAndServe(fmt.Sprintf(":%d", config.Port.Gateway), wsproxy.WebsocketProxy(handler))
|
||||
conn, err := grpc.DialContext(ctx, endpoint, grpc.WithTransportCredentials(cred))
|
||||
if err != nil {
|
||||
return err
|
||||
}
|
||||
err = pb.RegisterChainBrokerHandler(ctx, mux, conn)
|
||||
if err != nil {
|
||||
return err
|
||||
}
|
||||
return http.ListenAndServeTLS(fmt.Sprintf(":%d", config.Port.Gateway), pemFilePath, serverKeyPath, wsproxy.WebsocketProxy(handler))
|
||||
} else {
|
||||
opts := []grpc.DialOption{grpc.WithInsecure()}
|
||||
err := pb.RegisterChainBrokerHandlerFromEndpoint(ctx, mux, endpoint, opts)
|
||||
if err != nil {
|
||||
return err
|
||||
}
|
||||
return http.ListenAndServe(fmt.Sprintf(":%d", config.Port.Gateway), wsproxy.WebsocketProxy(handler))
|
||||
}
|
||||
}
|
||||
|
|
|
|||
|
|
@ -1,27 +1,27 @@
|
|||
-----BEGIN RSA PRIVATE KEY-----
|
||||
MIIEowIBAAKCAQEAxb8QN5/lN53Z1Xz/3B1g3zQobpzuIxX2wqyQXPJ0v5O/DfgW
|
||||
BmYnT7bTwW2Ue9ezFrA2OxIvWYaiyApA66AmYQHZBFtq/FQAtsJbEv/M3PUs9zrp
|
||||
7GncH8u2Z580uibid+xonubdBWMt/3EaGby1KmRrtF/7yPQCW7sGSijFHFG5OthJ
|
||||
KJgpcSZnxl+DUGcLzvFZFtvj4H2w5/GyQ+0zhBy7TejTiR65ShrGnrenXc4y2DtM
|
||||
vjXca4BG/ZZXeDq+ia5XeW+8mv5KyQoSeLhjeIhx5X9b6bfyxSIMgG57rT5ml9/V
|
||||
cO6CoZUbyIweZG6wUoxeevnyBdJT4fq9lwPHxQIDAQABAoIBACDe58U3URTzqlgw
|
||||
lR9zyryPoQDyGSu/5OrrYHvy2bFWz/V0fcTGilZX389RddM4Qc7Nr9YV6cUJ+lki
|
||||
SzRfxMFvWzG8OIaFODEpEZaQ6u732memZWglGLA4XrPO5Sbke9TPeXygh7DzkZva
|
||||
oyoQElVfp/+tzN7UoOe6qQr+x/Uy3aLWXDgaTA6+ClSR8YDyHTO/GrMZFecX0uQw
|
||||
rqp/MkgK7dJD7qr5lhSvu8u5HbbHtHJG2A4E7FFLNZkb8AUuZf/gkobIJbylMdNs
|
||||
74wHSD53TYYIKrU6rLelXghkaGyE4Fmkmr0PNSK/U2cicCxKf3EDrmTlMWALupqq
|
||||
WHh6HcECgYEA6+ae8ttewamZoBzwd6PUfRURXS+/a2gN7qMOveZll7pyh3S59kEY
|
||||
ElEbuiv6iO4ELXmqdddQvNaO/6mKEiWqhx53C9bUnR9zKx7hsT0x2hmWVskWY1Yx
|
||||
aJO+VaUr3mbBPi5tWSJBqdUg6mGlUQ/ZeX8BeBhfSTxmCExRUcvOb00CgYEA1pg7
|
||||
DR1GF1dEwNUuzBB//V0LxqYeF45ADk/k6IqCp8pLXPGgxDW81wuos4pDdBHydS3M
|
||||
VOJcNZJqa15Z+sHAaLaukVlR1yItfe3FPMlAyN8e8UxPArHyryxPy2aBhqW5V6IO
|
||||
ywmWwMiW08U7IiUxWVWnlTSaOuAk772WjEwcblkCgYAS8MtmWHK9Pe7Vyj0Mfhz7
|
||||
hguE3eaSqyIjPPhcCvmxOwkjEx4zRXq3TcfaJNnS0LmJJTGokIctAlUs9eHeHyQY
|
||||
ATwxuSgNDY9jsPESGAW+qztE8JRZmXwSF3q6ya5CByIQ6g1hkLyQ9EnWR8zMO2eM
|
||||
t8PYbqyH5s+Sbv5AgQqsKQKBgQChU56JNGm+IGBSq7HbvcfKvMmelMHoqYtkdxG6
|
||||
9G5XIBDaFdjryQ5niJ9SIm6lctyY1U5YvjfeGm2gvDTe/AvfbP79zG1nU41pr3fp
|
||||
Q89Nc9e6RcjcWNT+dkyiuDRF+o7E39NJNrM7yVECcbML73QTGf67f+k2u81o4lms
|
||||
rYduOQKBgBVfQkOE0cjLVzZSgSQP1UWSAC6cdBvKRUzRQ1ACjkpR0nJpndIKiVwN
|
||||
RGYwIKbfmB6rjwjERSI93Yz0+z+u5/X2Di7SKHn/BeZQgtcWTm9i0O4146fM/PRS
|
||||
ND1TSzKmN84vbNhqYxLqgiW6dStgJ+c7U55VMmI11Qg9TXvPrnw6
|
||||
-----END RSA PRIVATE KEY-----
|
||||
MIIEpAIBAAKCAQEAvUURnJYTyByepyuLU2wdqsTfNtdty5LFjwhuW2JJquQt+qeV
|
||||
Oq9y65nKnr/8x1dIE4Z5zmWh2bpTzddT6KItlhL1zJY/zF3pbVjUsSiPLfSFRvHQ
|
||||
iltUZspKgGij/Tb9I/4hy7vvv95ff6v7C3kgqFmUzxoRUGil2PoJ88vyDit/coSB
|
||||
IgqTR9QonutL1RIgurraTcGHLPpRqFuPouvU8aMN8dW2kjqW+YwsnxcpVXegDGDp
|
||||
9k8i2iDcwpMF6C8n7il47O8LWmAMpcT7nsPbKBiseXMzhNspt8r+otE7T0wAfTKN
|
||||
IVVuEkq/1HQZBUPtnhpTJREHI1kX3Znt4eIkgwIDAQABAoIBAQCI12IXW25r9T1D
|
||||
0jjGlNmSOQrFpNYOJEzP0CGx0os+kgEoQ3eiWW12J9gWFOrW2SUUcNqqPlLZj1y9
|
||||
61wQSwk4gvbR9yOjR5bYZyxH9fInIK4nj/fdwJByTPm2g3FlRxeYqUmX+oYpq8ZS
|
||||
EW7NacMR1MrBPbCc+TxHdugxKxgT42FWcQaUAqTX4SfdHblSh3ae/3xyDgRyB7UC
|
||||
34JCAWaHZq2d9fVZ6LSCir70VUrq1QvbYNXd2hO5K8c/8+HRy6GanzXn29yff9+j
|
||||
+I+WkULOmxqQ/N/nhRwuAaRU0Fdgi6wa+8TdXSxIgVsAYdsDcMxwheAL50Cv6kgn
|
||||
Cn3Wo+JRAoGBAPJv4Hk49SJJdN01OCL/vCc6iLA4dV5HIDp77nMCaaKWOlL4iJFD
|
||||
eNIfuP5Pi+DvjRouQB52kKXbd61z1eyVJ7gW73iZS92zaO7CNwj7iFmNb8mSjShx
|
||||
TgdxGxNYoTXb4WPrHbBh3GTrrfBvLEuAYoFIXesHdK60VE33+tadx7J5AoGBAMfb
|
||||
voEh63kucjoxWHzW/uLoxCaKnGpWCjO6wRjsXZAeNe7tznhuHqgeF9TUVRHnrMa1
|
||||
pvHVW1w95G9Q1vJymbhuXtGBffjgOgjr6Vf4tIxUUkX+bkUDf+NM+LmkI+g/2h8a
|
||||
i65b43YuQmnYqyAauOntHWOSuETsXmo/8RFkem/bAoGAfribzMFI4LMksruurByg
|
||||
bKDb8cCRGMZ0wh0ldlg8fw+nTNc8CzIJZUvPlp5dryWHy7eBLGstEIS2+aMinpcY
|
||||
O9FBOvhl/2xX3PUHb1qK2sRjOimwPwN6lck5LdOV8GEOXvv2eMuuN9I5CQQTUyO4
|
||||
WXtKHB+5jdgUeOy14Jh4WYECgYBpPW9NdF0YjLqdpgpggp3pQoS3ftnqrK/mmXrA
|
||||
8wY5s47W5+aHSAVgpagK7Fx3dzVl1ZW5Vo4rPnQhocHuHSaRFZ1cWQHKodgthnxz
|
||||
VIVON8CzFs1eDf+z43490w8NZ0ImisXu5HgcbTOPpQZHe4rPs4p8OnBJ6uW0sULx
|
||||
06UdbQKBgQCMQ3iu/1e83zTnbFa6wecIMZHjitM4G1S+MeT6T/lMGvtf5jQClx2C
|
||||
JGiqFvwmbfUpxe/8PaSj9nmPUhWk/RrpkjlGry9wedAoLtdzjKOBvOcSjNPNibyD
|
||||
QGp5IKS37dPJRKl2gxiTSKyb7ba+O2twFm1sgC3zvmfB1qr3T9qPfw==
|
||||
-----END RSA PRIVATE KEY-----
|
||||
|
|
@ -1,21 +1,62 @@
|
|||
CONNECTED(00000005)
|
||||
---
|
||||
Certificate chain
|
||||
0 s:/C=CN/ST=ZJ/L=HZ/O=Hyperchain/OU=DM/CN=localhost/emailAddress=datamesh@hyperchain.cn
|
||||
i:/C=CN/ST=ZJ/L=HZ/O=Hyperchain/OU=DM/CN=localhost/emailAddress=datamesh@hyperchain.cn
|
||||
-----BEGIN CERTIFICATE-----
|
||||
MIIDejCCAmICCQDPTdgQXh+rkzANBgkqhkiG9w0BAQsFADB/MQswCQYDVQQGEwJD
|
||||
TjELMAkGA1UECAwCWkoxCzAJBgNVBAcMAkhaMQ8wDQYDVQQKDAZRdUxpYW4xETAP
|
||||
BgNVBAsMCERhdGFNZXNoMQswCQYDVQQDDAJETTElMCMGCSqGSIb3DQEJARYWZGF0
|
||||
YW1lc2hAaHlwZXJjaGFpbi5jbjAeFw0yMDEwMTIxMTMyNTNaFw0zMDEwMTAxMTMy
|
||||
NTNaMH8xCzAJBgNVBAYTAkNOMQswCQYDVQQIDAJaSjELMAkGA1UEBwwCSFoxDzAN
|
||||
BgNVBAoMBlF1TGlhbjERMA8GA1UECwwIRGF0YU1lc2gxCzAJBgNVBAMMAkRNMSUw
|
||||
IwYJKoZIhvcNAQkBFhZkYXRhbWVzaEBoeXBlcmNoYWluLmNuMIIBIjANBgkqhkiG
|
||||
9w0BAQEFAAOCAQ8AMIIBCgKCAQEAxb8QN5/lN53Z1Xz/3B1g3zQobpzuIxX2wqyQ
|
||||
XPJ0v5O/DfgWBmYnT7bTwW2Ue9ezFrA2OxIvWYaiyApA66AmYQHZBFtq/FQAtsJb
|
||||
Ev/M3PUs9zrp7GncH8u2Z580uibid+xonubdBWMt/3EaGby1KmRrtF/7yPQCW7sG
|
||||
SijFHFG5OthJKJgpcSZnxl+DUGcLzvFZFtvj4H2w5/GyQ+0zhBy7TejTiR65ShrG
|
||||
nrenXc4y2DtMvjXca4BG/ZZXeDq+ia5XeW+8mv5KyQoSeLhjeIhx5X9b6bfyxSIM
|
||||
gG57rT5ml9/VcO6CoZUbyIweZG6wUoxeevnyBdJT4fq9lwPHxQIDAQABMA0GCSqG
|
||||
SIb3DQEBCwUAA4IBAQA83n3UaIn78SMu9wCZc9hxS8wyRQmqJL/jpFMuY9xjU15L
|
||||
qdq9RUOC4EBHUE5sMm5wpptGzd0iQl9WTzbH/yN9amkrA8gefrHSkkXYEJ1EwFbU
|
||||
ls9H5jRE4XoYuO3YK6IDLJRqyj9Bzo9nJHMjUtdee2/3eMl+aGtR3IVquJ7RWLjl
|
||||
ZtUeK1AWsT2JDM8SLqCVJOOBxXYKXhR1uWyb6Dh3ywfy3sQoDDE1Z+HmpA0nV76+
|
||||
LNIxoVpDl6qtuyfrKUc14kRZpZIWm7UumDg3tf5YbkKl9szaUgzG3/W6Sr9CmLGI
|
||||
H4yll10DMmdO3xwsYwNxM3XAI1d5H6P6nWHfarM0
|
||||
MIIDhjCCAm4CCQD0t1EOr68uHTANBgkqhkiG9w0BAQUFADCBhDELMAkGA1UEBhMC
|
||||
Q04xCzAJBgNVBAgMAlpKMQswCQYDVQQHDAJIWjETMBEGA1UECgwKSHlwZXJjaGFp
|
||||
bjELMAkGA1UECwwCRE0xEjAQBgNVBAMMCWxvY2FsaG9zdDElMCMGCSqGSIb3DQEJ
|
||||
ARYWZGF0YW1lc2hAaHlwZXJjaGFpbi5jbjAeFw0yMDExMTYwMzAwMDJaFw0yMTEx
|
||||
MTYwMzAwMDJaMIGEMQswCQYDVQQGEwJDTjELMAkGA1UECAwCWkoxCzAJBgNVBAcM
|
||||
AkhaMRMwEQYDVQQKDApIeXBlcmNoYWluMQswCQYDVQQLDAJETTESMBAGA1UEAwwJ
|
||||
bG9jYWxob3N0MSUwIwYJKoZIhvcNAQkBFhZkYXRhbWVzaEBoeXBlcmNoYWluLmNu
|
||||
MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvUURnJYTyByepyuLU2wd
|
||||
qsTfNtdty5LFjwhuW2JJquQt+qeVOq9y65nKnr/8x1dIE4Z5zmWh2bpTzddT6KIt
|
||||
lhL1zJY/zF3pbVjUsSiPLfSFRvHQiltUZspKgGij/Tb9I/4hy7vvv95ff6v7C3kg
|
||||
qFmUzxoRUGil2PoJ88vyDit/coSBIgqTR9QonutL1RIgurraTcGHLPpRqFuPouvU
|
||||
8aMN8dW2kjqW+YwsnxcpVXegDGDp9k8i2iDcwpMF6C8n7il47O8LWmAMpcT7nsPb
|
||||
KBiseXMzhNspt8r+otE7T0wAfTKNIVVuEkq/1HQZBUPtnhpTJREHI1kX3Znt4eIk
|
||||
gwIDAQABMA0GCSqGSIb3DQEBBQUAA4IBAQBL0RiqRWBTgeGa0WuncESbg6wy37u3
|
||||
yWKAbMXGQqiAgDa60cl8H7VOjSgEgFF7ueM4qI7Gg63tqEvYQMfJC7iLnZ0uxlzK
|
||||
aKwhFVTCBUOdwR1WJrYjO9NpvgR5IzJS4gBI2SixHfKnDAt9kW5ultak+CtN5DLZ
|
||||
c0xMqay/cZ4Pt3o0yLxYEJrHvhZIeGpYhsBQWngmJKxTVadHSGMbqKX7O+iza4pD
|
||||
b6r3Uz8HLl2oFmn/T1b5RhuuMS7diQ5y8HzNRYTBdzNmIGovGWg0GQBTZQrUZh6J
|
||||
75fuj5+DANruj0/MTZqGI71LpqD7QmrKl5Ii+CBknYZPXLnXgw/rGhXE
|
||||
-----END CERTIFICATE-----
|
||||
---
|
||||
Server certificate
|
||||
subject=/C=CN/ST=ZJ/L=HZ/O=Hyperchain/OU=DM/CN=localhost/emailAddress=datamesh@hyperchain.cn
|
||||
issuer=/C=CN/ST=ZJ/L=HZ/O=Hyperchain/OU=DM/CN=localhost/emailAddress=datamesh@hyperchain.cn
|
||||
---
|
||||
No client certificate CA names sent
|
||||
Server Temp Key: ECDH, X25519, 253 bits
|
||||
---
|
||||
SSL handshake has read 1485 bytes and written 307 bytes
|
||||
---
|
||||
New, TLSv1/SSLv3, Cipher is ECDHE-RSA-AES128-GCM-SHA256
|
||||
Server public key is 2048 bit
|
||||
Secure Renegotiation IS supported
|
||||
Compression: NONE
|
||||
Expansion: NONE
|
||||
No ALPN negotiated
|
||||
SSL-Session:
|
||||
Protocol : TLSv1.2
|
||||
Cipher : ECDHE-RSA-AES128-GCM-SHA256
|
||||
Session-ID: EF7931988E269C85760BEBBC0379299C1148C3AE8140EA1FD14745C3F0AA4527
|
||||
Session-ID-ctx:
|
||||
Master-Key: 08E910F7086C2848818F800ACDBE6D00FE55A896188CDDE281158B1C02D7A458269861E584A3FAECB610BC59C487F322
|
||||
TLS session ticket:
|
||||
0000 - 60 f7 27 df 8c 98 71 e3-48 70 29 6f 56 3b 6f 85 `.'...q.Hp)oV;o.
|
||||
0010 - 16 1f 90 8b 5b 94 c3 c0-94 1c 9d dd e1 83 3f 3c ....[.........?<
|
||||
0020 - ff cb 93 11 44 ff 57 9d-37 97 8d 8e 04 e2 19 bc ....D.W.7.......
|
||||
0030 - 6f 75 df b5 fd 00 bb ee-ba 56 c6 fd b2 21 8d ae ou.......V...!..
|
||||
0040 - f5 39 94 82 69 fa 7f 97-c5 3f 4f 50 20 0f dc d8 .9..i....?OP ...
|
||||
0050 - 60 00 a0 37 f8 59 19 4d-5c 87 08 e6 37 82 b9 34 `..7.Y.M\...7..4
|
||||
0060 - 3c 56 38 f1 db cf 4f e1-99 7a dd 50 b0 a8 7a 83 <V8...O..z.P..z.
|
||||
0070 - 26 82 80 8d 2e ec 0b 67- &......g
|
||||
|
||||
Start Time: 1605496292
|
||||
Timeout : 7200 (sec)
|
||||
Verify return code: 18 (self signed certificate)
|
||||
---
|
||||
Loading…
Reference in New Issue