fabric-node-sdk中开启TLS的代码,以及peer和orderer的YAML网络配置。
更多区块链技术与应用分类:
fabric-node-sdk中开启TLS的代码如下
let order1ServerCert = fs.readFileSync(path.join(__dirname, './crypto-config/ordererOrganizations/trace.com/users/Admin@trace.com/msp/tlscacerts/tlsca.trace.com-cert.pem'));
let order1Peer0ClientKey = fs.readFileSync(path.join(__dirname, './crypto-config/ordererOrganizations/trace.com/users/Admin@trace.com/tls/client.key'));
let order1Peer0ClientCert = fs.readFileSync(path.join(__dirname, './crypto-config/ordererOrganizations/trace.com/users/Admin@trace.com/tls/client.crt'));
let org1Peer0ServerCert = fs.readFileSync(path.join(__dirname, './crypto-config/peerOrganizations/org1.trace.com/tlsca/tlsca.org1.trace.com-cert.pem'));
let org1Peer0ClientKey = fs.readFileSync(path.join(__dirname, './crypto-config/peerOrganizations/org1.trace.com/users/Admin@org1.trace.com/tls/client.key'));
let org1Peer0ClientCert = fs.readFileSync(path.join(__dirname, './crypto-config/peerOrganizations/org1.trace.com/users/Admin@org1.trace.com/tls/client.crt'));
var order1Options = {
'pem': Buffer.from(order1ServerCert).toString(),
'clientKey': Buffer.from(order1Peer0ClientKey).toString(),
'clientCert': Buffer.from(order1Peer0ClientCert).toString(),
'ssl-target-name-override':"orderer1.trace.com"
};
var org1Peer0Options = {
'pem': Buffer.from(org1Peer0ServerCert).toString(),
'clientKey': Buffer.from(org1Peer0ClientKey).toString(),
'clientCert': Buffer.from(org1Peer0ClientCert).toString(),
'ssl-target-name-override':"peer0.org1.trace.com"
};
var order1 = client.newOrderer('grpcs://172.27.83.137:7050',order1Options);
var org1Peer0 = client.newPeer('grpcs://172.27.83.137:7051',org1Peer0Options);
在newPeer或newOrderer的后面参数中,要加ssl-target-name-override参数(容器名称),否则不能识别到相应节点无法与相应容器通信,产生错误:error: [Remote.js]: Error: Failed to connect before the deadline URL:grpcs://172.27.83.137:7051。
fabric网络配置(peer和orderer):
orderer:
- ORDERER_GENERAL_TLS_ENABLED=true
- ORDERER_GENERAL_TLS_PRIVATEKEY=/var/hyperledger/orderer/tls/server.key
- ORDERER_GENERAL_TLS_CERTIFICATE=/var/hyperledger/orderer/tls/server.crt
- ORDERER_GENERAL_TLS_ROOTCAS=[/var/hyperledger/orderer/tls/ca.crt]
- ORDERER_GENERAL_TLS_CLIENTAUTHREQUIRED=true
- ORDERER_GENERAL_TLS_CLIENTROOTCAS=/var/hyperledger/ordererclient/tls/ca.crt
peer:
- CORE_PEER_TLS_ENABLED=true
- CORE_PEER_TLS_CERT_FILE=/etc/hyperledger/fabric/tls/server.crt
- CORE_PEER_TLS_KEY_FILE=/etc/hyperledger/fabric/tls/server.key
- CORE_PEER_TLS_ROOTCERT_FILE=/etc/hyperledger/fabric/tls/ca.crt
- CORE_PEER_TLS_CLIENTAUTHREQUIRED=true
- CORE_PEER_TLS_CLIENTROOTCAS_FILES=/etc/hyperledger/client/tls/ca.crt
- CORE_PEER_TLS_CLIENTCERT_FILE=/etc/hyperledger/client/tls/client.crt
- CORE_PEER_TLS_CLIENTKEY_FILE=/etc/hyperledger/client/tls/client.key