From 7e18e4e5b0bd612b8aa4006de60b4c9950e9de13 Mon Sep 17 00:00:00 2001 From: Linary Date: Thu, 19 Nov 2020 18:02:50 +0800 Subject: [PATCH] Add doc about https config and generated (#60) * Add doc about https config and generated * remove server generate keystore file * support default server.keystore and client.truststore file --- SUMMARY.md | 3 +- config/config-https.md | 112 +++++++++++++++++++++++++++++++++ quickstart/hugegraph-client.md | 93 ++++++++++++++++----------- 3 files changed, 170 insertions(+), 38 deletions(-) create mode 100644 config/config-https.md diff --git a/SUMMARY.md b/SUMMARY.md index 057d50cc7..2c905f5cd 100644 --- a/SUMMARY.md +++ b/SUMMARY.md @@ -21,6 +21,7 @@ * [Config Guide](config/config-guide.md) * [Config Options](config/config-option.md) * [Config Authentication](config/config-authentication.md) +* [Config HTTPS](config/config-https.md) ## Query Language * [Gremlin Query Language](language/hugegraph-gremlin.md) @@ -64,4 +65,4 @@ * [Release-0.4.4](changelog/hugegraph-0.4.4-release-notes.md) * [Release-0.3.3](changelog/hugegraph-0.3.3-release-notes.md) * [Release-0.2.4](changelog/hugegraph-0.2.4-release-notes.md) -* [Release-0.2](changelog/hugegraph-0.2-release-notes.md) \ No newline at end of file +* [Release-0.2](changelog/hugegraph-0.2-release-notes.md) diff --git a/config/config-https.md b/config/config-https.md new file mode 100644 index 000000000..1bf664f1f --- /dev/null +++ b/config/config-https.md @@ -0,0 +1,112 @@ +## 配置 HugeGraphServer 使用 https 协议 + +### 概述 + +HugeGraphServer 默认使用的是 http 协议,如果用户对请求的安全性有要求,可以配置成 https。 + +### 服务端配置 + +修改 conf/rest-server.properties 配置文件,将 restserver.url 的 schema 部分改为 https。 + +```ini +# 将协议设置为 https +restserver.url=https://127.0.0.1:8080 +# 服务端 keystore 文件路径,当协议为 https 时该默认值自动生效,可按需修改此项 +ssl.keystore_file=conf/hugegraph-server.keystore +# 服务端 keystore 文件密码,当协议为 https 时该默认值自动生效,可按需修改此项 +ssl.keystore_password=hugegraph +``` + +服务端的 conf 目录下已经给出了一个 keystore 文件`hugegraph-server.keystore`,该文件的密码为`hugegraph`, +这两项都是在开启了 https 协议时的默认值,用户可以生成自己的 keystore 文件及密码,然后修改`ssl.keystore_file`和`ssl.keystore_password`的值。 + +### 客户端配置 + +#### 在 HugeGraph-Client 中使用 https + +在构造 HugeClient 时传入 https 相关的配置,代码示例: + +```java +String url = "https://localhost:8080"; +String graphName = "hugegraph"; +HugeClientBuilder builder = HugeClient.builder(url, graphName); +// 客户端 keystore 文件路径 +String trustStoreFilePath = "hugegraph.truststore"; +// 客户端 keystore 密码 +String trustStorePassword = "hugegraph"; +builder.configSSL(trustStoreFilePath, trustStorePassword); +HugeClient hugeClient = builder.build(); +``` + +> 注意:HugeGraph-Client 在 1.9.0 版本以前是直接以 new 的方式创建,并且不支持 https 协议,在 1.9.0 版本以后改成以 builder 的方式创建,并支持配置 https 协议。 + +#### 在 HugeGraph-Loader 中使用 https + +启动导入任务时,在命令行中添加如下选项: + +```bash +# https +--protocol https +# 客户端证书文件路径,当指定 --protocol 为 https 时,默认值 conf/hugegraph.truststore 自动生效,可按需修改 +--trust-store-file {file} +# 客户端证书文件密码,当指定 --protocol 为 https 时,默认值 hugegraph 自动生效,可按需修改 +--trust-store-password {password} +``` + +hugegraph-loader 的 conf 目录下已经放了一个默认的客户端证书文件 hugegraph.truststore,其密码是 hugegraph。 + +#### 在 HugeGraph-Tools 中使用 https + +执行命令时,在命令行中添加如下选项: + +```bash +# 客户端证书文件路径,当 url 中使用 https 协议时,默认值 conf/hugegraph.truststore 自动生效,可按需修改 +--trust-store-file {file} +# 客户端证书文件密码,当 url 中使用 https 协议时,默认值 hugegraph 自动生效,可按需修改 +--trust-store-password {password} +# 执行迁移命令时,当 --target-url 中使用 https 协议时,默认值 conf/hugegraph.truststore 自动生效,可按需修改 +--target-trust-store-file {target-file} +# 执行迁移命令时,当 --target-url 中使用 https 协议时,默认值 hugegraph 自动生效,可按需修改 +--target-trust-store-password {target-password} +``` + +hugegraph-tools 的 conf 目录下已经放了一个默认的客户端证书文件 hugegraph.truststore,其密码是 hugegraph。 + +### 如何生成证书文件 + +本部分给出生成证书的示例,如果默认的证书已经够用,或者已经知晓如何生成,可跳过。 + +#### 服务端 + +1. ⽣成服务端私钥,并且导⼊到服务端 keystore ⽂件中,server.keystore 是给服务端⽤的,其中保存着⾃⼰的私钥 + +```bash +keytool -genkey -alias serverkey -keyalg RSA -keystore server.keystore +``` + +过程中根据需求填写描述信息,默认证书的描述信息如下: + +``` +名字和姓⽒:hugegraph +组织单位名称:hugegraph +组织名称:hugegraph +城市或区域名称:BJ +州或省份名称:BJ +国家代码:CN +``` + +2. 根据服务端私钥,导出服务端证书 + +```bash +keytool -export -alias serverkey -keystore server.keystore -file server.crt +``` + +server.crt 就是服务端的证书 + +#### 客户端 + +```bash +keytool -import -alias serverkey -file server.crt -keystore client.truststore +``` + +client.truststore 是给客户端⽤的,其中保存着受信任的证书 diff --git a/quickstart/hugegraph-client.md b/quickstart/hugegraph-client.md index 6769852c3..58770900a 100644 --- a/quickstart/hugegraph-client.md +++ b/quickstart/hugegraph-client.md @@ -66,7 +66,9 @@ public class SingleExample { public static void main(String[] args) throws IOException { // If connect failed will throw a exception. - HugeClient hugeClient = new HugeClient("http://localhost:8080", "hugegraph"); + HugeClient hugeClient = HugeClient.builder("http://localhost:8080", + "hugegraph") + .build(); SchemaManager schema = hugeClient.schema(); @@ -75,7 +77,7 @@ public class SingleExample { schema.propertyKey("city").asText().ifNotExist().create(); schema.propertyKey("weight").asDouble().ifNotExist().create(); schema.propertyKey("lang").asText().ifNotExist().create(); - schema.propertyKey("date").asText().ifNotExist().create(); + schema.propertyKey("date").asDate().ifNotExist().create(); schema.propertyKey("price").asInt().ifNotExist().create(); schema.vertexLabel("person") @@ -145,29 +147,29 @@ public class SingleExample { .ifNotExist() .create(); - GraphManager graph = hugeClient.graph(); Vertex marko = graph.addVertex(T.label, "person", "name", "marko", "age", 29, "city", "Beijing"); Vertex vadas = graph.addVertex(T.label, "person", "name", "vadas", "age", 27, "city", "Hongkong"); Vertex lop = graph.addVertex(T.label, "software", "name", "lop", - "lang", "java", "price", 328); + "lang", "java", "price", 328); Vertex josh = graph.addVertex(T.label, "person", "name", "josh", - "age", 32, "city", "Beijing"); + "age", 32, "city", "Beijing"); Vertex ripple = graph.addVertex(T.label, "software", "name", "ripple", - "lang", "java", "price", 199); + "lang", "java", "price", 199); Vertex peter = graph.addVertex(T.label, "person", "name", "peter", "age", 35, "city", "Shanghai"); - marko.addEdge("knows", vadas, "date", "20160110", "weight", 0.5); - marko.addEdge("knows", josh, "date", "20130220", "weight", 1.0); - marko.addEdge("created", lop, "date", "20171210", "weight", 0.4); - josh.addEdge("created", lop, "date", "20091111", "weight", 0.4); - josh.addEdge("created", ripple, "date", "20171210", "weight", 1.0); - peter.addEdge("created", lop, "date", "20170324", "weight", 0.2); + marko.addEdge("knows", vadas, "date", "2016-01-10", "weight", 0.5); + marko.addEdge("knows", josh, "date", "2013-02-20", "weight", 1.0); + marko.addEdge("created", lop, "date", "2017-12-10", "weight", 0.4); + josh.addEdge("created", lop, "date", "2009-11-11", "weight", 0.4); + josh.addEdge("created", ripple, "date", "2017-12-10", "weight", 1.0); + peter.addEdge("created", lop, "date", "2017-03-24", "weight", 0.2); GremlinManager gremlin = hugeClient.gremlin(); + System.out.println("==== Path ===="); ResultSet resultSet = gremlin.gremlin("g.V().outE().path()").execute(); Iterator results = resultSet.iterator(); results.forEachRemaining(result -> { @@ -187,6 +189,8 @@ public class SingleExample { System.out.println(object); } }); + + hugeClient.close(); } } ``` @@ -194,7 +198,7 @@ public class SingleExample { ##### 4.3.2 BatchExample ```java -import java.util.LinkedList; +import java.util.ArrayList; import java.util.List; import com.baidu.hugegraph.driver.GraphManager; @@ -207,14 +211,16 @@ public class BatchExample { public static void main(String[] args) { // If connect failed will throw a exception. - HugeClient hugeClient = new HugeClient("http://localhost:8080", "hugegraph"); + HugeClient hugeClient = HugeClient.builder("http://localhost:8080", + "hugegraph") + .build(); SchemaManager schema = hugeClient.schema(); schema.propertyKey("name").asText().ifNotExist().create(); schema.propertyKey("age").asInt().ifNotExist().create(); schema.propertyKey("lang").asText().ifNotExist().create(); - schema.propertyKey("date").asText().ifNotExist().create(); + schema.propertyKey("date").asDate().ifNotExist().create(); schema.propertyKey("price").asInt().ifNotExist().create(); schema.vertexLabel("person") @@ -258,6 +264,18 @@ public class BatchExample { .ifNotExist() .create(); + // get schema object by name + System.out.println(schema.getPropertyKey("name")); + System.out.println(schema.getVertexLabel("person")); + System.out.println(schema.getEdgeLabel("knows")); + System.out.println(schema.getIndexLabel("createdByDate")); + + // list all schema objects + System.out.println(schema.getPropertyKeys()); + System.out.println(schema.getVertexLabels()); + System.out.println(schema.getEdgeLabels()); + System.out.println(schema.getIndexLabels()); + GraphManager graph = hugeClient.graph(); Vertex marko = new Vertex("person").property("name", "marko") @@ -275,34 +293,31 @@ public class BatchExample { Vertex peter = new Vertex("person").property("name", "peter") .property("age", 35); - // Create a list to put vertex(Default max size is 500) - List vertices = new LinkedList<>(); - vertices.add(marko); - vertices.add(vadas); - vertices.add(lop); - vertices.add(josh); - vertices.add(ripple); - vertices.add(peter); - - // Post a vertex list to server - vertices = graph.addVertices(vertices); - vertices.forEach(vertex -> System.out.println(vertex)); - Edge markoKnowsVadas = new Edge("knows").source(marko).target(vadas) - .property("date", "20160110"); + .property("date", "2016-01-10"); Edge markoKnowsJosh = new Edge("knows").source(marko).target(josh) - .property("date", "20130220"); + .property("date", "2013-02-20"); Edge markoCreateLop = new Edge("created").source(marko).target(lop) - .property("date", "20171210"); + .property("date", + "2017-12-10"); Edge joshCreateRipple = new Edge("created").source(josh).target(ripple) - .property("date", "20171210"); + .property("date", + "2017-12-10"); Edge joshCreateLop = new Edge("created").source(josh).target(lop) - .property("date", "20091111"); + .property("date", "2009-11-11"); Edge peterCreateLop = new Edge("created").source(peter).target(lop) - .property("date", "20170324"); + .property("date", + "2017-03-24"); + + List vertices = new ArrayList<>(); + vertices.add(marko); + vertices.add(vadas); + vertices.add(lop); + vertices.add(josh); + vertices.add(ripple); + vertices.add(peter); - // Create a list to put edge(Default max size is 500) - List edges = new LinkedList<>(); + List edges = new ArrayList<>(); edges.add(markoKnowsVadas); edges.add(markoKnowsJosh); edges.add(markoCreateLop); @@ -310,9 +325,13 @@ public class BatchExample { edges.add(joshCreateLop); edges.add(peterCreateLop); - // Post a edge list to server + vertices = graph.addVertices(vertices); + vertices.forEach(vertex -> System.out.println(vertex)); + edges = graph.addEdges(edges, false); edges.forEach(edge -> System.out.println(edge)); + + hugeClient.close(); } } ```