Introduction / FirstSpirit Server configuration / Additional security measures / Parameterizing encryption / Configuring for cluster nodes
Configuring encryption for cluster nodes
via the fs-server.conf file
(for cluster nodes only)
In the case of cluster nodes, the encryption parameters can either be configured centrally using the fs-server.conf file (of the master) or the fs-wrapper.slave.conf file (see below).
Specific cluster nodes can be individually configured by adding the prefix
cluster.<NODE>.<PROPERTY>
e.g.
cluster.slave1.firstspirit.password=uNuegFThpxtvD23C
cluster.slave2.firstspirit.password=KhPXSNBuoJzhWZ1M
Allcluster nodes can be universally configured by adding the prefix
cluster.<PROPERTY>
e.g.
cluster.firstspirit.password=uNuegFThpxtvD23C
Example of how to configure the encryption parameters in fs-server.conf:
fs.ssl.protocols=TLSv1.2
fs.ssl.cipherSuites=DEFAULT
fs.ssl.needClientAuth=true
fs.ssl.keyStore=/home/server_cert.jks
fs.ssl.keyStorePassword=q1w2e3r4t
#cluster configuration for all cluster nodes
cluster.firstspirit.password=<globalPW>
cluster.firstspirit.encryption=1
cluster.fs.ssl.cipherSuites=DEFAULT
cluster.fs.ssl.keyStore=/home/user/selfsigned.jks
cluster.fs.ssl.keyStorePassword=OBF:changeit123
#cluster configuration for individual nodes e.g.:
cluster.slave1.firstspirit.password=1234
cluster.slave2.firstspirit.password=5678
via the fs-wrapper.slave.conf file
(for cluster nodes only)
In the case of cluster nodes, the encryption parameters can also be configured using Java properties in the fs‑wrapper.slave.conf file, e.g.
wrapper.java.additional.5=-Dfirstspirit.encryption=1.
Evaluation order
The following evaluation order applies here (from highest priority to lowest priority):
- Configuration of the parameter using the cluster.<NODE> prefix (individual configuration for a cluster node) and the fs-server.conf file
- Configuration of the parameter using the cluster prefix (universal configuration for all cluster nodes) and the fs-server.conf file
- Configuration of the parameter using -D properties in the fs-wrapper.slave.conf file