Introduction / FirstSpirit Server configuration / Additional security measures / Parameterizing encryption / Configuring for cluster nodes

Configuring encryption for cluster nodes

via the fs-server.conf file

(for cluster nodes only)
In the case of cluster nodes, the encryption parameters can either be configured centrally using the fs-server.conf file (of the master) or the fs-wrapper.slave.conf file (see below).

Specific cluster nodes can be individually configured by adding the prefix

cluster.<NODE>.<PROPERTY>

e.g.

cluster.slave1.firstspirit.password=uNuegFThpxtvD23C
cluster.slave2.firstspirit.password=KhPXSNBuoJzhWZ1M

Allcluster nodes can be universally configured by adding the prefix

cluster.<PROPERTY>

e.g.

cluster.firstspirit.password=uNuegFThpxtvD23C

Example of how to configure the encryption parameters in fs-server.conf:

fs.ssl.protocols=TLSv1.2
fs.ssl.cipherSuites=DEFAULT
fs.ssl.needClientAuth=true
fs.ssl.keyStore=/home/server_cert.jks
fs.ssl.keyStorePassword=q1w2e3r4t
 
#cluster configuration for all cluster nodes
cluster.firstspirit.password=<globalPW>
cluster.firstspirit.encryption=1
cluster.fs.ssl.cipherSuites=DEFAULT
cluster.fs.ssl.keyStore=/home/user/selfsigned.jks
cluster.fs.ssl.keyStorePassword=OBF:changeit123
 
#cluster configuration for individual nodes e.g.:
cluster.slave1.firstspirit.password=1234
cluster.slave2.firstspirit.password=5678

via the fs-wrapper.slave.conf file

(for cluster nodes only)
In the case of cluster nodes, the encryption parameters can also be configured using Java properties in the fs‑wrapper.slave.conf file, e.g.

wrapper.java.additional.5=-Dfirstspirit.encryption=1.

Evaluation order

The following evaluation order applies here (from highest priority to lowest priority):

  1. Configuration of the parameter using the cluster.<NODE> prefix (individual configuration for a cluster node) and the fs-server.conf file
  2. Configuration of the parameter using the cluster prefix (universal configuration for all cluster nodes) and the fs-server.conf file
  3. Configuration of the parameter using -D properties in the fs-wrapper.slave.conf file

© 2005 - 2024 Crownpeak Technology GmbH | All rights reserved. | FirstSpirit 2024.4 | Data privacy