Java Code Examples for com.linecorp.armeria.server.ServerBuilder#tls()
The following examples show how to use
com.linecorp.armeria.server.ServerBuilder#tls() .
You can vote up the ones you like or vote down the ones you don't like,
and go to the original project or source file by following the links above each example. You may check out the related API usage on the sidebar.
Example 1
| Source File: ArmeriaGrpcServerInteropTest.java From armeria with Apache License 2.0 | 6 votes |
|
@Override
protected void configure(ServerBuilder sb) throws Exception {
sb.https(new InetSocketAddress("127.0.0.1", 0));
sb.tls(ssc.certificateFile(), ssc.privateKeyFile());
sb.tlsCustomizer(ssl -> {
try {
ssl.trustManager(TestUtils.loadCert("ca.pem"));
} catch (IOException e) {
Exceptions.throwUnsafely(e);
}
});
sb.maxRequestLength(16 * 1024 * 1024);
sb.serviceUnder("/", grpcService.decorate((delegate, ctx, req) -> {
ctxCapture.set(ctx);
return delegate.serve(ctx, req);
}));
}
Example 2
| Source File: ClientAuthIntegrationTest.java From armeria with Apache License 2.0 | 5 votes |
|
@Override
protected void configure(ServerBuilder sb) throws Exception {
sb.tls(serverCert.certificateFile(), serverCert.privateKeyFile());
sb.tlsCustomizer(sslCtxBuilder -> {
sslCtxBuilder.trustManager(InsecureTrustManagerFactory.INSTANCE)
.clientAuth(ClientAuth.REQUIRE);
});
sb.service("/", (ctx, req) -> HttpResponse.of("success"));
sb.decorator(LoggingService.builder().newDecorator());
}
Example 3
| Source File: CentralDogma.java From centraldogma with Apache License 2.0 | 4 votes |
|
private Server startServer(ProjectManager pm, CommandExecutor executor,
PrometheusMeterRegistry meterRegistry, @Nullable SessionManager sessionManager) {
final ServerBuilder sb = Server.builder();
sb.verboseResponses(true);
cfg.ports().forEach(sb::port);
if (cfg.ports().stream().anyMatch(ServerPort::hasTls)) {
try {
final TlsConfig tlsConfig = cfg.tls();
if (tlsConfig != null) {
sb.tls(tlsConfig.keyCertChainFile(), tlsConfig.keyFile(), tlsConfig.keyPassword());
} else {
logger.warn(
"Missing TLS configuration. Generating a self-signed certificate for TLS support.");
sb.tlsSelfSigned();
}
} catch (Exception e) {
Exceptions.throwUnsafely(e);
}
}
sb.clientAddressSources(cfg.clientAddressSourceList());
sb.clientAddressTrustedProxyFilter(cfg.trustedProxyAddressPredicate());
cfg.numWorkers().ifPresent(
numWorkers -> sb.workerGroup(EventLoopGroups.newEventLoopGroup(numWorkers), true));
cfg.maxNumConnections().ifPresent(sb::maxNumConnections);
cfg.idleTimeoutMillis().ifPresent(sb::idleTimeoutMillis);
cfg.requestTimeoutMillis().ifPresent(sb::requestTimeoutMillis);
cfg.maxFrameLength().ifPresent(sb::maxRequestLength);
cfg.gracefulShutdownTimeout().ifPresent(
t -> sb.gracefulShutdownTimeoutMillis(t.quietPeriodMillis(), t.timeoutMillis()));
final MetadataService mds = new MetadataService(pm, executor);
final WatchService watchService = new WatchService(meterRegistry);
final AuthProvider authProvider = createAuthProvider(executor, sessionManager, mds);
configureThriftService(sb, pm, executor, watchService, mds);
sb.service("/title", webAppTitleFile(cfg.webAppTitle(), SystemInfo.hostname()).asService());
sb.service(HEALTH_CHECK_PATH, HealthCheckService.of());
// TODO(hyangtack): This service is temporarily added to support redirection from '/docs' to '/docs/'.
// It would be removed if this kind of redirection is handled by Armeria.
sb.service("/docs", new AbstractHttpService() {
@Override
protected HttpResponse doGet(ServiceRequestContext ctx, HttpRequest req)
throws Exception {
return HttpResponse.of(
ResponseHeaders.of(HttpStatus.TEMPORARY_REDIRECT, HttpHeaderNames.LOCATION, "/docs/"));
}
});
sb.serviceUnder("/docs/",
DocService.builder()
.exampleHttpHeaders(CentralDogmaService.class,
HttpHeaders.of(HttpHeaderNames.AUTHORIZATION,
"Bearer " + CsrfToken.ANONYMOUS))
.build());
configureHttpApi(sb, pm, executor, watchService, mds, authProvider, sessionManager);
configureMetrics(sb, meterRegistry);
// Configure access log format.
final String accessLogFormat = cfg.accessLogFormat();
if (isNullOrEmpty(accessLogFormat)) {
sb.accessLogWriter(AccessLogWriter.disabled(), true);
} else if ("common".equals(accessLogFormat)) {
sb.accessLogWriter(AccessLogWriter.common(), true);
} else if ("combined".equals(accessLogFormat)) {
sb.accessLogWriter(AccessLogWriter.combined(), true);
} else {
sb.accessLogFormat(accessLogFormat);
}
final Server s = sb.build();
s.start().join();
return s;
}
Example 4
| Source File: ArmeriaConfigurationUtil.java From armeria with Apache License 2.0 | 4 votes |
|
/**
* Adds SSL/TLS context to the specified {@link ServerBuilder}.
*/
private static void configureTls(ServerBuilder sb, ArmeriaSettings.Ssl ssl,
@Nullable Supplier<KeyStore> keyStoreSupplier,
@Nullable Supplier<KeyStore> trustStoreSupplier) {
if (!ssl.isEnabled()) {
return;
}
try {
if (keyStoreSupplier == null && trustStoreSupplier == null &&
ssl.getKeyStore() == null && ssl.getTrustStore() == null) {
logger.warn("Configuring TLS with a self-signed certificate " +
"because no key or trust store was specified");
sb.tlsSelfSigned();
return;
}
final KeyManagerFactory keyManagerFactory = getKeyManagerFactory(ssl, keyStoreSupplier);
final TrustManagerFactory trustManagerFactory = getTrustManagerFactory(ssl, trustStoreSupplier);
sb.tls(keyManagerFactory);
sb.tlsCustomizer(sslContextBuilder -> {
sslContextBuilder.trustManager(trustManagerFactory);
final SslProvider sslProvider = ssl.getProvider();
if (sslProvider != null) {
sslContextBuilder.sslProvider(sslProvider);
}
final List<String> enabledProtocols = ssl.getEnabledProtocols();
if (enabledProtocols != null) {
sslContextBuilder.protocols(enabledProtocols.toArray(EMPTY_PROTOCOL_NAMES));
}
final List<String> ciphers = ssl.getCiphers();
if (ciphers != null) {
sslContextBuilder.ciphers(ImmutableList.copyOf(ciphers),
SupportedCipherSuiteFilter.INSTANCE);
}
final ClientAuth clientAuth = ssl.getClientAuth();
if (clientAuth != null) {
sslContextBuilder.clientAuth(clientAuth);
}
});
} catch (Exception e) {
throw new IllegalStateException("Failed to configure TLS: " + e, e);
}
}
Example 5
| Source File: ArmeriaConfigurationUtil.java From armeria with Apache License 2.0 | 4 votes |
|
/**
* Adds SSL/TLS context to the specified {@link ServerBuilder}.
*/
public static void configureTls(ServerBuilder sb, Ssl ssl,
@Nullable Supplier<KeyStore> keyStoreSupplier,
@Nullable Supplier<KeyStore> trustStoreSupplier) {
if (!ssl.isEnabled()) {
return;
}
try {
if (keyStoreSupplier == null && trustStoreSupplier == null &&
ssl.getKeyStore() == null && ssl.getTrustStore() == null) {
logger.warn("Configuring TLS with a self-signed certificate " +
"because no key or trust store was specified");
sb.tlsSelfSigned();
return;
}
final KeyManagerFactory keyManagerFactory = getKeyManagerFactory(ssl, keyStoreSupplier);
final TrustManagerFactory trustManagerFactory = getTrustManagerFactory(ssl, trustStoreSupplier);
sb.tls(keyManagerFactory);
sb.tlsCustomizer(sslContextBuilder -> {
sslContextBuilder.trustManager(trustManagerFactory);
final SslProvider sslProvider = ssl.getProvider();
if (sslProvider != null) {
sslContextBuilder.sslProvider(sslProvider);
}
final List<String> enabledProtocols = ssl.getEnabledProtocols();
if (enabledProtocols != null) {
sslContextBuilder.protocols(enabledProtocols.toArray(EMPTY_PROTOCOL_NAMES));
}
final List<String> ciphers = ssl.getCiphers();
if (ciphers != null) {
sslContextBuilder.ciphers(ImmutableList.copyOf(ciphers),
SupportedCipherSuiteFilter.INSTANCE);
}
final ClientAuth clientAuth = ssl.getClientAuth();
if (clientAuth != null) {
sslContextBuilder.clientAuth(clientAuth);
}
});
} catch (Exception e) {
throw new IllegalStateException("Failed to configure TLS: " + e, e);
}
}
