问题描述

我正在努力在需要相互SSL/TLS(服务器和客户端证书)的GCP上部署API解决方案.因此对于流量的进入(入口点)，我发现kubernetes入口控制器具有这种可能性(基于NGINX).我对具有ESP(可扩展服务代理，也是kubernetes下的nginx部署)的云端点感兴趣.

I am working on deploying an API solution on GCP where mutual SSL/TLS is required (server and client side certificates). So for the ingress of the traffic (entry point) I found that kubernetes ingress controller has this possibility (NGINX based). I am interested by cloud endpoints which has ESP (extensible service proxy which is also nginx deployment under kubernetes).

我在文档的任何地方都找不到ESP(云端点)是否可以使用相互SSL/TLS，有人知道这个答案吗?

I couldn't find anywhere in the documentation whether mutual SSL/TLS is available for ESP (cloud endpoint), does anyone know the answer for this ?

推荐答案

ESP支持mTLS.您可以在此处指定证书文件

ESP supports mTLS. You can specify the certificates files here

      proxy_ssl_certificate /etc/nginx/ssl/backend.crt;
      proxy_ssl_certificate_key /etc/nginx/ssl/backend.key;

以下是其nginx 配置

Here is its nginx config

这篇关于Google云平台Cloud Endpoint SSL/TLS相互握手ESP的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持！