diff --git a/apisix/core/config_etcd.lua b/apisix/core/config_etcd.lua index 7fb12411963af..1690393fcef22 100644 --- a/apisix/core/config_etcd.lua +++ b/apisix/core/config_etcd.lua @@ -472,6 +472,10 @@ function _M.new(key, opts) etcd_conf.protocol = "v3" etcd_conf.api_prefix = "/v3" + if etcd_conf.tls then + etcd_conf.ssl_verify = etcd_conf.tls.verify and true or false + end + local automatic = opts and opts.automatic local item_schema = opts and opts.item_schema local filter_fun = opts and opts.filter diff --git a/bin/apisix b/bin/apisix index f98c63603749c..6c607ee536e4f 100755 --- a/bin/apisix +++ b/bin/apisix @@ -1048,6 +1048,22 @@ local function init_etcd(show_output) end local host_count = #(yaml_conf.etcd.host) + local scheme + for i = 1, host_count do + local host = yaml_conf.etcd.host[i] + local fields = split(host, "://") + if not fields then + io.stderr:write("malformed etcd endpoint: ", host, "\n") + os.exit(1) + end + + if not scheme then + scheme = fields[1] + elseif scheme ~= fields[1] then + print([[WARNING: mixed protocols among etcd endpoints]]) + end + end + local dkjson = require("dkjson") -- check the etcd cluster version diff --git a/conf/config-default.yaml b/conf/config-default.yaml index 5c15aaf9740d4..1db9c589ec563 100644 --- a/conf/config-default.yaml +++ b/conf/config-default.yaml @@ -147,8 +147,11 @@ etcd: - "http://127.0.0.1:2379" # multiple etcd address prefix: "/apisix" # apisix configurations prefix timeout: 30 # 30 seconds - # user: root # root username for etcd - # password: 5tHkHhYkjr6cQY # root password for etcd + # user: root # root username for etcd + # password: 5tHkHhYkjr6cQY # root password for etcd + tls: + verify: true # whether to verify the etcd endpoint certificate when setup a TLS connection to etcd, + # the default value is true, e.g. the certificate will be verified strictly. #eureka: # host: # it's possible to define multiple eureka hosts addresses of the same eureka cluster. # - "http://127.0.0.1:8761"