如何使用SSL支持配置akkacluster

时间:2015-06-25 14:00:40

标签: typesafe-activator akka-cluster

我正在寻找使用 akka 进行播放框架项目的群集设置。我想知道如何支持可插拔的SSL传输支持。我在看 http://doc.akka.io/docs/akka/snapshot/scala/remoting.html并且厌倦了一些配置。

以下是我的示例配置:

  akka {

  loglevel = ERROR

  actor.provider = "akka.cluster.ClusterActorRefProvider"

  remote {
    enabled-transports = ["akka.remote.netty.tcp"]
    enabled-transports = [akka.remote.netty.ssl]
    netty.ssl.tcp {
      hostname = "127.0.0.1"
      enable-ssl = true
    }
        netty.ssl.security {
      key-store = "mykeystore"
      trust-store = "mytruststore"
      key-store-password = "changeme"
      key-password = "changeme"
      trust-store-password = "changeme"
      protocol = "TLSv1"
      random-number-generator = "AES128CounterSecureRNG"
      enabled-algorithms = [TLS_RSA_WITH_AES_128_CBC_SHA]
    }
  }

  cluster {    
    auto-down = on
    akka.cluster.auto-down-unreachable-after = 5s

  }

}

我像这样启动服务器:

  

activator -Dnode.id = 1 -Dhttp.port = 9000 -Dakka.remote.netty.tcp.port = 2551 -Dakka.cluster.seed-nodes.0 =“akka.ssl.tcp:// application @ 127.0.0.1:2551“运行

我不确定我还缺少什么。当我的成员出现时我无法看到我的活动

我参考了以下的实现: https://github.com/zarinfam/play-akka-cluster-pub-sub

请建议。

1 个答案:

答案 0 :(得分:3)

我使用了以下配置。还生成了适当的证书:http://docs.oracle.com/cd/E19528-01/819-4733/6n6s6u1gl/index.html 另请注意:您需要设置密钥库和信任库,定义要使用的SSL / TLS版本并设置启用的算法。这些设置直接对应于JSSE配置,这些配置在此处记录:http://docs.oracle.com/javase/7/docs/technotes/guides/security/jsse/JSSERefGuide.html

这是我的配置:

 akka {
  log-dead-letters = on
  loglevel = INFO
  actor.provider = "akka.cluster.ClusterActorRefProvider"
  remote {
    #enabled-transports = ["akka.remote.netty.tcp"]
    enabled-transports = [akka.remote.netty.ssl]    
    log-remote-lifecycle-events =on
    netty.tcp { 
      hostname = "core06"
      enable-ssl = true 
    }
    netty.ssl = ${akka.remote.netty.tcp}
     netty.ssl = {
  # Enable SSL/TLS encryption.
  # This must be enabled on both the client and server to work.
  enable-ssl = true
  security {
  # This is the Java Key Store used by the server connection
   key-store = "keystore.jks"

   # This password is used for decrypting the key store
   key-store-password = "changeit"

   # This password is used for decrypting the key
   key-password = "changeit"

   # This is the Java Key Store used by the client connection
   trust-store = "cacerts.jks"

   # This password is used for decrypting the trust store
   trust-store-password = "changeit"

   # Protocol to use for SSL encryption, choose from:
        # Java 6 & 7:
        #   'SSLv3', 'TLSv1'
        # Java 7:
        #   'TLSv1.1', 'TLSv1.2'        
   protocol = "TLSv1"

           # Example: ["TLS_RSA_WITH_AES_128_CBC_SHA", "TLS_RSA_WITH_AES_256_CBC_SHA"]
        # You need to install the JCE Unlimited Strength Jurisdiction Policy
        # Files to use AES 256.
        # More info here:
        # http://docs.oracle.com/javase/7/docs/technotes/guides/security/SunProviders.html#SunJCEProvider       
   enabled-algorithms = ["TLS_RSA_WITH_AES_128_CBC_SHA"]

   random-number-generator = "AES128CounterSecureRNG"
        }
    }
 }

  cluster {      
  seed-nodes = [
  "akka.ssl.tcp://application@core06:2551",
  "akka.ssl.tcp://application@core06:2552"
  ]
    #auto-down = on
    auto-down-unreachable-after = 5s
  }

}

希望这有助于将来的任何人。

干杯!

相关问题
最新问题