Moved from GitHub dgraph/5349
Posted by darkn3rd:
The documentation for TLS self signed certificates is confusing and misleading.
Explicitly:
# Create node certificate (needed for Dgraph Live Loader using TLS)
$ dgraph cert -n live
This leads the user to believe that the string live is needed for a dgraph live command. This confused me as a new user and also confused a user in discuss.
It looks like this topic died in the Github migration, unfortunately. Do you need a node certificate for the live loader, or should a client certificate work?
Answering my own question:
Looks like it’s regular client certificates. But one key thing that’s not obvious, and not in the live loader docs: you have to specify internal-port=true when running dgraph live .... If you don’t, you’ll get confusing errors that look like timeouts (Unable to connect to zero, Is it running at dgraph-zero-0.dgraph-zero-headless.dgraph.svc.cluster.local:5080?) despite having TCP access, and despite the fact that port 5080 is zero’s default internal and external port.