You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Copy file name to clipboardExpand all lines: docs/en/Configuration_TLS.md
+40-1Lines changed: 40 additions & 1 deletion
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -118,6 +118,45 @@ public class ExampleProducer {
118
118
119
119
// Send messages as usual.
120
120
producer.shutdown();
121
-
}
121
+
}
122
122
}
123
123
```
124
+
125
+
## 5 Proxy TLS Configuration
126
+
127
+
RocketMQ Proxy uses `rmq-proxy.json` (not `tls.properties`) for TLS configuration. The proxy supports TLS for both its gRPC and Remoting protocol endpoints.
128
+
129
+
### 5.1 Configure rmq-proxy.json
130
+
131
+
Add TLS-related fields to `distribution/conf/rmq-proxy.json`:
132
+
133
+
```json
134
+
{
135
+
"rocketMQClusterName": "DefaultCluster",
136
+
"tlsTestModeEnable": false,
137
+
"tlsKeyPath": "/opt/certFiles/server.key",
138
+
"tlsKeyPassword": "123456",
139
+
"tlsCertPath": "/opt/certFiles/server.pem"
140
+
}
141
+
```
142
+
143
+
| Field | Type | Default | Description |
144
+
|-------|------|---------|-------------|
145
+
|`tlsTestModeEnable`| boolean |`true`| Use self-signed certificates for testing. Set to `false` for production. |
146
+
|`tlsKeyPath`| string |`${PROXY_HOME}/conf/tls/rocketmq.key`| Path to the server private key file (PKCS#8 PEM format). |
147
+
|`tlsKeyPassword`| string |`""`| Password for the encrypted private key. Leave empty if the key is not encrypted. |
148
+
|`tlsCertPath`| string |`${PROXY_HOME}/conf/tls/rocketmq.crt`| Path to the server certificate chain file (X.509 PEM format). |
149
+
|`tlsCertWatchIntervalMs`| int |`3600000`| Interval in milliseconds to check for certificate file changes. |
150
+
151
+
### 5.2 Update Proxy JVM parameters
152
+
153
+
Edit `runproxy.sh` (or the script that launches the proxy) to enable TLS enforcing mode:
0 commit comments