Skip to content

TLS

Overview#

rk-boot will load element of CertEntry into memory and start server with TLS/SSL.

DOMAIN#

CertEntry use environment variable of DOMAIN to distinguish different environments.

Generate Self-Signed Certificate#

We suggest use cfssl to generate certificates

1.Download cfssl & cfssljson#

$ go get github.com/rookie-ninja/rk/cmd/rk
$ rk install cfssl
$ rk install cfssljson

2.Generate CA#

$ cfssl print-defaults config > ca-config.json
$ cfssl print-defaults csr > ca-csr.json

Modify ca-config.json and ca-csr.json as needed

$ cfssl gencert -initca ca-csr.json | cfssljson -bare ca -

3.Generate server side certs#

$ cfssl gencert -config ca-config.json -ca ca.pem -ca-key ca-key.pem -profile www csr.json | cfssljson -bare server

Quick start#

1.Install#

$ go get github.com/rookie-ninja/rk-boot/v2
$ go get github.com/rookie-ninja/rk-zero

2.Create boot.yaml#

---
cert:
  - name: my-cert
    certPemPath: "server.pem"
    keyPemPath: "server-key.pem"
zero:
  - name: greeter
    port: 8080
    enabled: true
    certEntry: "my-cert"
$ curl --insecure  "https://localhost:8080/v1/greeter?name=rk-dev"
{"Message":"Hello rk-dev!"}
.
├── boot.yaml
├── go.mod
├── go.sum
├── main.go
├── server-key.pem
└── server.pem

Cheers#

YAML options#

cert:
  - name: my-cert                                         # Required
    description: "Description of entry"                   # Optional, default: ""
    domain: "*"                                           # Optional, default: "*"
    caPath: "certs/ca.pem"                                # Optional, default: ""
    certPemPath: "certs/server-cert.pem"                  # Optional, default: ""
    keyPemPath: "certs/server-key.pem"                    # Optional, default: ""