For light-4j services, there are four options to get the configuration values for each handler or cross-cutting concerns.
externalized configuration files with all the final values.
externalized configuration files with values.yml to inject into the config file templates.
externalized configuration files with system properties to inject into the config file templates.
config files/values served by light-config-server instance.
When option four is chosen, we need to ensure that the service can connect to the light-config-server instance(s) with a secure channel. It requires that the light-config-server is HTTPS and HTTP/2 enabled, and a bootstrap certificate or bootstrap.truststore is installed on the service side.
This tutorial shows you how to create a server.keystore for the light-config-server and bootstrap.truststore for services to connect to the light-config-server.
We need to first create a server.keystore for the one-way TLS of the light-config-server. The file will be located in the main/resources/config folder by default. In a production deployment for the light-config-server, you need to create a new self-signed certificate or commercial certificate and externalize it to replace the default certificate. You can follow the exact steps in this tutorial to do so.
We use the Java keytool to create the server.keystore with the following command line.
By default, we just copied the bootstrap.truststore into the server module in light-4j. In production, you need to replace it with an externalized file created from your certificate of the light-config-server.