github.com/qiuhoude/go-web@v0.0.0-20220223060959-ab545e78f20d/prepare/23_proto_actor/remotessl/README.md

github.com/qiuhoude/go-web@v0.0.0-20220223060959-ab545e78f20d/prepare/23_proto_actor/remotessl/README.md (about)

     1  # Remote SSL Example
     2  
     3  In this example we'll use SSL/TLS to authenticate and encrypt exchanges between remote clients and servers using Protoactor-Go.
     4  
     5  # Requirements
     6  
     7  * OpenSSL 1.1.0g+
     8  * GNU Make 4.1+
     9  
    10  # Setup
    11  
    12  The `remote` package in Protoactor-Go utilizes [gRPC][0] under the hood to enable remote connections between nodes, and when creating a server with `remote.Start()` it is possible to pass in several [ServerOption][1] arguments which can be used to pass [TransportCredentials][2] to the [gRPC Server][3].
    13  
    14  For this example we'll create an SSL certificate using [OpenSSL][4]. You can either use the local [Makefile](https://www.gnu.org/software/make/manual/html_node/Introduction.html) provided:
    15  
    16  ```shell
    17  make ssl
    18  ```
    19  
    20  Or you can do it manually:
    21  
    22  ```shell
    23  	@openssl req \
    24  		-config cert/localhost.conf \
    25  		-new \
    26  		-newkey rsa:4096 \
    27  		-days 365 \
    28  		-nodes \
    29  		-x509 \
    30  		-subj "/C=US/ST=California/L=SanFrancisco/O=Dis/CN=localhost" \
    31  		-keyout cert/localhost.key \
    32  		-out cert/localhost.crt
    33  ```
    34  
    35  This will place the files `cert/localhost.key` and `cert/localhost.crt` which both nodes will use to communicate with one another via TLS.
    36  
    37  Now you can use the Makefile to compile the nodes:
    38  
    39  ```
    40  make nodes
    41  ```
    42  
    43  Or run `go build` manually:
    44  
    45  ```
    46  go build -o node1 nodes/node1/main.go
    47  go build -o node2 nodes/node2/main.go
    48  ```
    49  
    50  # Running
    51  
    52  For this demo, `node2` will send a message to `node1`, which `node1` will respond to, all over TLS.
    53  
    54  You'll want to make sure `node1` is up first:
    55  
    56  ```shell
    57  ./node1
    58  ```
    59  
    60  And then run `node2` in another terminal:
    61  
    62  ```shell
    63  ./node2
    64  ```
    65  
    66  If everything is working properly you should see output like the following from `node1`:
    67  
    68  ```shell
    69  127.0.0.1:8090/node1 received SYN from 127.0.0.1:8091/node2
    70  ```
    71  
    72  And similarly for `node2`:
    73  
    74  ```shell
    75  127.0.0.1:8091/node2 received ACK from 127.0.0.1:8090/node1
    76  ```
    77  
    78  [0]:https://google.golang.org/grpc
    79  [1]:https://godoc.org/google.golang.org/grpc#ServerOption
    80  [2]:https://godoc.org/google.golang.org/grpc/credentials#TransportCredentials
    81  [3]:https://godoc.org/google.golang.org/grpc#Server
    82  [4]:https://www.openssl.org/