The TLS encrypted transmission of dubbo-go is realized by dubbo-getty(https://github.com/apache/dubbo-getty). Before using TLS, you need to be prepared as follows.
You can use the sample files in certs folder.
├── certs │ ├── ca.key │ ├── ca.pem │ ├── client.key │ ├── client.pem │ ├── server.key │ └── server.pem
Can be run inconfig.Load
to import configuration before .
func init(){ //Certificate serverPemPath, _ := filepath.Abs ("../certs/ server.pem ") //Private key serverKeyPath, _ := filepath.Abs ("../certs/ server.key ") //CA certificate caPemPath, _ := filepath.Abs ("../certs/ ca.pem ") //Turn on TLS config.SetSslEnabled (true) //Import TLS configuration config.SetServerTlsConfigBuilder (& getty.ServerTlsConfigBuilder { ServerKeyCertChainPath: serverPemPath, ServerPrivateKeyPath: serverKeyPath, ServerTrustCertCollectionPath: caPemPath, }) }
The setting of the client side is similar to that of the server side, and there is no need to set the certificate
func init(){ //Private key clientKeyPath, _ := filepath.Abs ("../certs/ ca.key ") //CA certificate caPemPath, _ := filepath.Abs ("../certs/ ca.pem ") //Turn on TLS config.SetSslEnabled (true) //Import TLS configuration config.SetClientTlsConfigBuilder (& getty.ClientTlsConfigBuilder { ClientPrivateKeyPath: clientKeyPath, ClientTrustCertCollectionPath: caPemPath, }) }
Other settings are consistent with HelloWorld(https://github.com/apache/dubbo-go-samples/tree/master/helloworld).