TLS Self Signed Certificate Docs for Dgraph Live

Moved from GitHub dgraph/5349

Posted by darkn3rd:


The documentation for TLS self signed certificates is confusing and misleading.


# Create node certificate (needed for Dgraph Live Loader using TLS)
$ dgraph cert -n live

This leads the user to believe that the string live is needed for a dgraph live command. This confused me as a new user and also confused a user in discuss.

It looks like this topic died in the Github migration, unfortunately. Do you need a node certificate for the live loader, or should a client certificate work?

Answering my own question:

Looks like it’s regular client certificates. But one key thing that’s not obvious, and not in the live loader docs: you have to specify internal-port=true when running dgraph live .... If you don’t, you’ll get confusing errors that look like timeouts (Unable to connect to zero, Is it running at dgraph-zero-0.dgraph-zero-headless.dgraph.svc.cluster.local:5080?) despite having TCP access, and despite the fact that port 5080 is zero’s default internal and external port.