- nebula 版本:3.4.1
- 部署方式:云端
- 安装方式:源码
- 是否上生产环境: N
一开始有nebula.crt和nebula.key两个文件,nebula.key是没有加密的,通过配置以下内容是可以正常启动使用的,进程观察了也是变成https
--cert_path=xxxxxx
--key_path=xxxxx
--enable_ssl=true
后面使用命令
openssl rsa -aes256 -in nebula.key -out nebulapass.key
去加密了私钥,并且密码明文存在了password.txt中
自己也用下面的命令验证了,可以解密key
openssl rsa -in nebulapass.key -check -passin file:password.txt
但是,在nebula中加上配置–password_path,并且–key_path修改成加密后的私钥nebulapass.key后,就没法启动
--cert_path=xxxxxx
--key_path=xxxxx
--password_path=xxxxxx
--enable_ssl=true
报错如下:
E20230819 16:51:05.086705 9953 ThriftServer.cpp:547] Got an exception while setting up the server: Failed to read private key from file: /usr/local/ssl/nebula.key, password file: /usr/local/ssl/nebula_ssl_password.txtFailed to load cert or key at key path /usr/local/ssl/nebulapass.key, cert path /usr/local/ssl/nebula.crt
E20230819 16:51:05.087126 9953 RaftexService.cpp:49] Start raft service failed: Failed to read private key from file: /usr/local/ssl/nebula.key, password file: /usr/local/ssl/nebula_ssl_password.txtFailed to load cert or key at key path /usr/local/ssl/nebulapass.key, cert path /usr/local/ssl/nebula.crt
E20230819 16:51:05.087146 9953 NebulaStore.cpp:60] Start the raft service failed
E20230819 16:51:05.087157 9953 MetaDaemonInit.cpp:95] Nebula store init failed
