add http header (#290)

* add http header * update certs
vesoft-inc · Sep 15, 2023 · 7834c29 · 7834c29
1 parent c36464d
commit 7834c29
Show file tree

Hide file tree

Showing 12 changed files with 124 additions and 87 deletions.
diff --git a/client_test.go b/client_test.go
@@ -65,7 +65,7 @@ func logoutAndClose(conn *connection, sessionID int64) {
 func TestConnection(t *testing.T) {
 	hostAddress := HostAddress{Host: address, Port: port}
 	conn := newConnection(hostAddress)
-	err := conn.open(hostAddress, testPoolConfig.TimeOut, nil, false)
+	err := conn.open(hostAddress, testPoolConfig.TimeOut, nil, false, nil)
 	if err != nil {
 		t.Fatalf("fail to open connection, address: %s, port: %d, %s", address, port, err.Error())
 	}
@@ -122,7 +122,7 @@ func TestConnection(t *testing.T) {
 func TestConnectionIPv6(t *testing.T) {
 	hostAddress := HostAddress{Host: addressIPv6, Port: port}
 	conn := newConnection(hostAddress)
-	err := conn.open(hostAddress, testPoolConfig.TimeOut, nil, false)
+	err := conn.open(hostAddress, testPoolConfig.TimeOut, nil, false, nil)
 	if err != nil {
 		t.Fatalf("fail to open connection, address: %s, port: %d, %s", address, port, err.Error())
 	}
@@ -254,7 +254,7 @@ func TestAuthentication(t *testing.T) {
 	hostAddress := HostAddress{Host: address, Port: port}
 
 	conn := newConnection(hostAddress)
-	err := conn.open(hostAddress, testPoolConfig.TimeOut, nil, false)
+	err := conn.open(hostAddress, testPoolConfig.TimeOut, nil, false, nil)
 	if err != nil {
 		t.Fatalf("fail to open connection, address: %s, port: %d, %s", address, port, err.Error())
 	}
@@ -1421,7 +1421,7 @@ func prepareSpace(spaceName string) error {
 	conn := newConnection(hostAddress)
 	testPoolConfig := GetDefaultConf()
 
-	err := conn.open(hostAddress, testPoolConfig.TimeOut, nil, false)
+	err := conn.open(hostAddress, testPoolConfig.TimeOut, nil, false, nil)
 	if err != nil {
 		return fmt.Errorf("fail to open connection, address: %s, port: %d, %s", address, port, err.Error())
 	}
@@ -1458,7 +1458,7 @@ func dropSpace(spaceName string) error {
 	conn := newConnection(hostAddress)
 	testPoolConfig := GetDefaultConf()
 
-	err := conn.open(hostAddress, testPoolConfig.TimeOut, nil, false)
+	err := conn.open(hostAddress, testPoolConfig.TimeOut, nil, false, nil)
 	if err != nil {
 		return fmt.Errorf("fail to open connection, address: %s, port: %d, %s", address, port, err.Error())
 	}

diff --git a/configs.go b/configs.go
@@ -13,6 +13,7 @@ import (
 	"crypto/x509"
 	"fmt"
 	"io/ioutil"
+	"net/http"
 	"os"
 	"time"
 )
@@ -31,6 +32,8 @@ type PoolConfig struct {
 	MinConnPoolSize int
 	// UseHTTP2 indicates whether to use HTTP2
 	UseHTTP2 bool
+	// HttpHeader is the http headers for the connection when using HTTP2
+	HttpHeader http.Header
 }
 
 // validateConf validates config
@@ -133,6 +136,8 @@ type SessionPoolConf struct {
 	minSize int
 	// useHTTP2 indicates whether to use HTTP2
 	useHTTP2 bool
+	// httpHeader is the http headers for the connection
+	httpHeader http.Header
 }
 
 type SessionPoolConfOption func(*SessionPoolConf)
@@ -203,6 +208,12 @@ func WithHTTP2(useHTTP2 bool) SessionPoolConfOption {
 	}
 }
 
+func WithHttpHeader(header http.Header) SessionPoolConfOption {
+	return func(conf *SessionPoolConf) {
+		conf.httpHeader = header
+	}
+}
+
 func (conf *SessionPoolConf) checkMandatoryFields() error {
 	// Check mandatory fields
 	if conf.username == "" {

diff --git a/connection.go b/connection.go
@@ -29,6 +29,7 @@ type connection struct {
 	returnedAt   time.Time // the connection was created or returned.
 	sslConfig    *tls.Config
 	useHTTP2     bool
+	httpHeader   http.Header
 	graph        *graph.GraphServiceClient
 }
 
@@ -44,7 +45,8 @@ func newConnection(severAddress HostAddress) *connection {
 
 // open opens a transport for the connection
 // if sslConfig is not nil, an SSL transport will be created
-func (cn *connection) open(hostAddress HostAddress, timeout time.Duration, sslConfig *tls.Config, useHTTP2 bool) error {
+func (cn *connection) open(hostAddress HostAddress, timeout time.Duration, sslConfig *tls.Config,
+	useHTTP2 bool, httpHeader http.Header) error {
 	ip := hostAddress.Host
 	port := hostAddress.Port
 	newAdd := net.JoinHostPort(ip, strconv.Itoa(port))
@@ -85,6 +87,22 @@ func (cn *connection) open(hostAddress HostAddress, timeout time.Duration, sslCo
 			return fmt.Errorf("failed to create a net.Conn-backed Transport,: %s", err.Error())
 		}
 		pf = thrift.NewBinaryProtocolFactoryDefault()
+		if httpHeader != nil {
+			client, ok := transport.(*thrift.HTTPClient)
+			if !ok {
+				return fmt.Errorf("failed to get thrift http client")
+			}
+			for k, vv := range httpHeader {
+				if k == "Content-Type" {
+					// fbthrift will add "Content-Type" header, so we need to skip it
+					continue
+				}
+				for _, v := range vv {
+					// fbthrift set header with http.Header.Add, so we need to set header one by one
+					client.SetHeader(k, v)
+				}
+			}
+		}
 	} else {
 		bufferSize := 128 << 10
 
@@ -132,7 +150,7 @@ func (cn *connection) verifyClientVersion() error {
 // When the timeout occurs, the connection will be reopened to avoid the impact of the message.
 func (cn *connection) reopen() error {
 	cn.close()
-	return cn.open(cn.severAddress, cn.timeout, cn.sslConfig, cn.useHTTP2)
+	return cn.open(cn.severAddress, cn.timeout, cn.sslConfig, cn.useHTTP2, cn.httpHeader)
 }
 
 // Authenticate

diff --git a/connection_pool.go b/connection_pool.go
@@ -12,6 +12,7 @@ import (
 	"container/list"
 	"crypto/tls"
 	"fmt"
+	"net/http"
 	"sync"
 	"time"
 
@@ -64,7 +65,8 @@ func NewSslConnectionPool(addresses []HostAddress, conf PoolConfig, sslConfig *t
 
 // initPool initializes the connection pool
 func (pool *ConnectionPool) initPool() error {
-	if err := checkAddresses(pool.conf.TimeOut, pool.addresses, pool.sslConfig, pool.conf.UseHTTP2); err != nil {
+	if err := checkAddresses(pool.conf.TimeOut, pool.addresses, pool.sslConfig,
+		pool.conf.UseHTTP2, pool.conf.HttpHeader); err != nil {
 		return fmt.Errorf("failed to open connection, error: %s ", err.Error())
 	}
 
@@ -73,7 +75,8 @@ func (pool *ConnectionPool) initPool() error {
 		newConn := newConnection(pool.addresses[i%len(pool.addresses)])
 
 		// Open connection to host
-		if err := newConn.open(newConn.severAddress, pool.conf.TimeOut, pool.sslConfig, pool.conf.UseHTTP2); err != nil {
+		if err := newConn.open(newConn.severAddress, pool.conf.TimeOut, pool.sslConfig,
+			pool.conf.UseHTTP2, pool.conf.HttpHeader); err != nil {
 			// If initialization failed, clean idle queue
 			idleLen := pool.idleConnectionQueue.Len()
 			for i := 0; i < idleLen; i++ {
@@ -191,7 +194,7 @@ func (pool *ConnectionPool) releaseAndBack(conn *connection, pushBack bool) {
 
 // Ping checks availability of host
 func (pool *ConnectionPool) Ping(host HostAddress, timeout time.Duration) error {
-	return pingAddress(host, timeout, pool.sslConfig, pool.conf.UseHTTP2)
+	return pingAddress(host, timeout, pool.sslConfig, pool.conf.UseHTTP2, pool.conf.HttpHeader)
 }
 
 // Close closes all connection
@@ -242,7 +245,8 @@ func (pool *ConnectionPool) newConnToHost() (*connection, error) {
 	host := pool.getHost()
 	newConn := newConnection(host)
 	// Open connection to host
-	if err := newConn.open(newConn.severAddress, pool.conf.TimeOut, pool.sslConfig, pool.conf.UseHTTP2); err != nil {
+	if err := newConn.open(newConn.severAddress, pool.conf.TimeOut, pool.sslConfig,
+		pool.conf.UseHTTP2, pool.conf.HttpHeader); err != nil {
 		return nil, err
 	}
 	// Add connection to active queue
@@ -349,23 +353,25 @@ func (pool *ConnectionPool) timeoutConnectionList() (closing []*connection) {
 // checkAddresses checks addresses availability
 // It opens a temporary connection to each address and closes it immediately.
 // If no error is returned, the addresses are available.
-func checkAddresses(confTimeout time.Duration, addresses []HostAddress, sslConfig *tls.Config, useHTTP2 bool) error {
+func checkAddresses(confTimeout time.Duration, addresses []HostAddress, sslConfig *tls.Config,
+	useHTTP2 bool, httpHeader http.Header) error {
 	var timeout = 3 * time.Second
 	if confTimeout != 0 && confTimeout < timeout {
 		timeout = confTimeout
 	}
 	for _, address := range addresses {
-		if err := pingAddress(address, timeout, sslConfig, useHTTP2); err != nil {
+		if err := pingAddress(address, timeout, sslConfig, useHTTP2, httpHeader); err != nil {
 			return err
 		}
 	}
 	return nil
 }
 
-func pingAddress(address HostAddress, timeout time.Duration, sslConfig *tls.Config, useHTTP2 bool) error {
+func pingAddress(address HostAddress, timeout time.Duration, sslConfig *tls.Config,
+	useHTTP2 bool, httpHeader http.Header) error {
 	newConn := newConnection(address)
 	// Open connection to host
-	if err := newConn.open(newConn.severAddress, timeout, sslConfig, useHTTP2); err != nil {
+	if err := newConn.open(newConn.severAddress, timeout, sslConfig, useHTTP2, httpHeader); err != nil {
 		return err
 	}
 	defer newConn.close()

diff --git a/nebula-docker-compose/secrets/client.crt b/nebula-docker-compose/secrets/client.crt
@@ -1,13 +1,13 @@
 -----BEGIN CERTIFICATE-----
-MIIB+jCCAWOgAwIBAgIUGPV76GVV7ASOQ4OTmIrYLMUPS5IwDQYJKoZIhvcNAQEL
+MIIB+jCCAWOgAwIBAgIUGPV76GVV7ASOQ4OTmIrYLMUPS5YwDQYJKoZIhvcNAQEL
 BQAwLjELMAkGA1UEBhMCQ0gxEDAOBgNVBAoMB3Rlc3QtY2ExDTALBgNVBAMMBHJv
-b3QwHhcNMjMwODIzMDM0MTI5WhcNMjMwOTAyMDM0MTI5WjAwMQswCQYDVQQGEwJD
+b3QwHhcNMjMwOTE1MTAwNjQ0WhcNMzMwOTEyMTAwNjQ0WjAwMQswCQYDVQQGEwJD
 SDEQMA4GA1UECgwHdGVzdC1jYTEPMA0GA1UEAwwGY2xpZW50MIGfMA0GCSqGSIb3
-DQEBAQUAA4GNADCBiQKBgQCbKsaKHccqg6N3yl8C9fDk1xdlxdRax6fjvFll/QB/
-1INoKTqvDZZvok7gyJPC3i5vo24m9QMfv48TfTcSWzTeEifaqSdsKUCnJJk962Ur
-Wdn2ta7Myk6fv4jHQJVil5etXvsASb9EPVRZ+4cQOINzkukk/+bMqm6p5DIbGC8F
-1QIDAQABoxMwETAPBgNVHREECDAGhwR/AAABMA0GCSqGSIb3DQEBCwUAA4GBAErf
-z7zH4Uir8wQH1/wgcDvqyZzRAgaHNP7X8U/E6Ainy6yX1vCe0Ee7M0Blmq6cgn8u
-sGC74TC9hsQ4LL8JlvRA2ioJgnxL9wNe1E55hJvSj1SMWAjo8sHe63QJt354/enp
-tmVysYqsZbC4Xu/hrko2FRJEvVD2m/VZ75ahqOLS
+DQEBAQUAA4GNADCBiQKBgQDdmoS5JoZ+c61tsgl84hrddRZvVlsx9wL0dao6R+PK
+3w3hEmSDJNPievEEY3eOKgU9PzXvcRPOuV/mXgJ47dqDwc459hss1UxrYzUCtSsK
+2zPWIHksIb6b18LVSXV0hLjlH2rkz5AUT49EBpFSkSa87tNO9w0+GGzCtnavzwY9
+RwIDAQABoxMwETAPBgNVHREECDAGhwR/AAABMA0GCSqGSIb3DQEBCwUAA4GBAJGY
+AUOjNBXtMXG8HNFk8aqABFsQuwL0oE5/q7Y6HJreHmecHSZXDdOXqPiZUaKizbtJ
+cUFfaErn4PPSFxLIQP4CEGduuNdDxrfDJ3MRQCfY1M7ZGFWaFxkSW0EnN8ItVEcr
+8umeK8H7bPq0kaskWbUl/ZjwkIsdVruYjHo7zF+X
 -----END CERTIFICATE-----
diff --git a/nebula-docker-compose/secrets/client.key b/nebula-docker-compose/secrets/client.key
@@ -1,15 +1,15 @@
 -----BEGIN RSA PRIVATE KEY-----
-MIICXQIBAAKBgQCbKsaKHccqg6N3yl8C9fDk1xdlxdRax6fjvFll/QB/1INoKTqv
-DZZvok7gyJPC3i5vo24m9QMfv48TfTcSWzTeEifaqSdsKUCnJJk962UrWdn2ta7M
-yk6fv4jHQJVil5etXvsASb9EPVRZ+4cQOINzkukk/+bMqm6p5DIbGC8F1QIDAQAB
-AoGAEzTIPnBRJsIEid9Sw1sN5kV5b+98yX/NGDNIHYejeC8l1M7FpMVZyZedi9VH
-9ObreIYSLGBHcraTTyZAmtUPRfxB8b9g+2c37wuFt+bRyDbHpznusM68ekollMED
-h/wJTrV1lizKZ3J8275BqPUO43YLifjoVK48MqBHyyvJQEECQQDI2kfQxdT2qc7k
-trOwEcTYVrJeY7oY0rlC4EDb012Swv5SX1eeB4FnqeXuqQvQT7xyP6nHSkosQ9of
-MCsjm0XzAkEAxcVOIgPWj2QnaiYXuL98c+JBxCvu7KWGV0woRK+O4PCe7i03fcA2
-DpZP2XI9QJHeW0P9Wl56ti/Vb1hsj3OPFwJACXhRPoS1X9Ptz1bV7g1IbLLZwh2N
-nrIAzihopnS2yr6q4xNfvDG6ZjrafoA18GJyDij2RlE4YhHo7OOGhS1DBQJBAJ++
-p0XCY+SeuVd8PVz1Dslr0ENsWSi86q5IzZ3tUDNRKI6p51CjmQZfU1AIfoFRUZHW
-cSY1elj+eh/eBJI6fTECQQC8bOWvOcn/Epm5vvn3l3f0G67IXhZTX0ZCfRtuuF8e
-xe+j+aPflVteUBylgOfJ5oJ+hmmv3XfdUWrD5mfHfsVv
+MIICXQIBAAKBgQDdmoS5JoZ+c61tsgl84hrddRZvVlsx9wL0dao6R+PK3w3hEmSD
+JNPievEEY3eOKgU9PzXvcRPOuV/mXgJ47dqDwc459hss1UxrYzUCtSsK2zPWIHks
+Ib6b18LVSXV0hLjlH2rkz5AUT49EBpFSkSa87tNO9w0+GGzCtnavzwY9RwIDAQAB
+AoGASd2YgfLCf+HlHBxtJzBizhCaQtBhI313ga666CRQXK4O/UfZMxGSgvqB3fmd
+v0hoaKrqOn7RoGWP/sS1REPcQtG5Zt7Al6Qojqcp8qwPOkZQQReTs939keuSyvBy
+klqAA/2iOCmMHVtDTvWA1PGZbp9VPgLUlKckerk1qwWecPECQQD98y5mCrb4Ywq6
+24zsydARe6olbU296yepSP+eF/19nBYVEV4zLw3EwI5P0ZXtHPF7lq9uHI59TwkC
+DfK1HQfvAkEA32R9UQvTqgaVVmRWUTwQo+5v+dF61FuU+yx+1E4XkIY8+tTVtGNJ
+1vADLZ3UKtYxlVcpm0L7ej4zO9EX0GeIKQJBAPbKAhhGZ2PhlEbdIAnpYhvrawFu
+RLPBOEzqVQeFVuJf8pHMzBe/rYi8fFCTZDkG/KJXYOsIM20RhraJaYmayd8CQC/K
+C5T+9rT025WzuVN/if/HzmSfD6vGO8TP7AH3AsuELB9s0Jracr1scwGbNfxD/i94
+igoQ9kNccxFk1bdbrqECQQDHPJ4H8FeXlKAVDFiKIlDQOru2JXlEMtJAW73kTdAx
+12+U7lhLXAbtXyFIWTQw8ixz4c2qr5xrpc2ARfKC29BU
 -----END RSA PRIVATE KEY-----
diff --git a/nebula-docker-compose/secrets/root.crt b/nebula-docker-compose/secrets/root.crt
@@ -1,16 +1,16 @@
 -----BEGIN CERTIFICATE-----
-MIIChDCCAe2gAwIBAgIUXQxeBP1zbaGeVEtKjV+EncGlWfAwDQYJKoZIhvcNAQEL
+MIIChDCCAe2gAwIBAgIUT4WG4t/9uIG9JAUwmmV/C0mw4zQwDQYJKoZIhvcNAQEL
 BQAwLjELMAkGA1UEBhMCQ0gxEDAOBgNVBAoMB3Rlc3QtY2ExDTALBgNVBAMMBHJv
-b3QwHhcNMjMwODIzMDM0MDQ5WhcNMzMwODIwMDM0MDQ5WjAuMQswCQYDVQQGEwJD
+b3QwHhcNMjMwOTE1MTAwNTUyWhcNMzMwOTEyMTAwNTUyWjAuMQswCQYDVQQGEwJD
 SDEQMA4GA1UECgwHdGVzdC1jYTENMAsGA1UEAwwEcm9vdDCBnzANBgkqhkiG9w0B
-AQEFAAOBjQAwgYkCgYEAt+CM4IZKC0poJKHUFhbZw7+I213gwDQARHsNy0n70q4B
-yiw8MXLHIfXCYXhmviay1dyPYT/HTxf/a4rRedvLLPHzrGiLR6HdkNqt11ZnLHau
-tpgaui2RNPedkPA6Rsiy0tVJB+HU6Oy3Z/nOodKe6mcpChHetB2yvApQYn9kQfEC
-AwEAAaOBnjCBmzAPBgNVHRMBAf8EBTADAQH/MB0GA1UdDgQWBBTMEQlAQDTclq+d
-vBcrCfykTBpn6zBpBgNVHSMEYjBggBTMEQlAQDTclq+dvBcrCfykTBpn66EypDAw
+AQEFAAOBjQAwgYkCgYEA4MqwdRop7iY9GpwFhncFDSvrSi7Y3jwyO1s5xocB2y+8
+Rwhcm8Pln4u2y8jE+oFcYFdKtbM/aol+f0KjbX0Vshws1AHgmcxtuBP0TVVK8wfp
+wgF28JPgkTvbFzFekmggGlTCfyQ/ehTx6j56Ti5UkLs9Q4BeErN3xShen0x0sucC
+AwEAAaOBnjCBmzAPBgNVHRMBAf8EBTADAQH/MB0GA1UdDgQWBBToP7wyTiF5ua6c
+4uS+WIYSWtpK3TBpBgNVHSMEYjBggBToP7wyTiF5ua6c4uS+WIYSWtpK3aEypDAw
 LjELMAkGA1UEBhMCQ0gxEDAOBgNVBAoMB3Rlc3QtY2ExDTALBgNVBAMMBHJvb3SC
-FF0MXgT9c22hnlRLSo1fhJ3BpVnwMA0GCSqGSIb3DQEBCwUAA4GBAG46WEPWLn9g
-ob2gE1V3Op5/YwkAeiBBcLho94CY3niGE9JLe5AgQqFG10PM9IMSOemuvoJHuCND
-LNyoMh4D73fRToUIMKPCVoboWLFX9kpaMAwBylAEmAVhyVotKfSXVXNOMRg5Idto
-GcO6tFTbpyZtONufp+BNWjNI7+ZkcvoD
+FE+FhuLf/biBvSQFMJplfwtJsOM0MA0GCSqGSIb3DQEBCwUAA4GBAI6EifIhcv+z
+jz863TFmbJ/68kjPiiRvBplxr0kURGJGBUefutjiI4dJ1K/PcGKoTuzKI57huX9+
+v0FMN/rztBJCQZbDhrObjNoaU+bBIj0msY99uCkB3HWILe31fQQv5IecvsUq38tB
+PWK1fn+LuzKq5AT+PNzogg4zz3JQSMgl
 -----END CERTIFICATE-----
diff --git a/nebula-docker-compose/secrets/root.key b/nebula-docker-compose/secrets/root.key
@@ -1,15 +1,15 @@
 -----BEGIN RSA PRIVATE KEY-----
-MIICXQIBAAKBgQC34IzghkoLSmgkodQWFtnDv4jbXeDANABEew3LSfvSrgHKLDwx
-csch9cJheGa+JrLV3I9hP8dPF/9ritF528ss8fOsaItHod2Q2q3XVmcsdq62mBq6
-LZE0952Q8DpGyLLS1UkH4dTo7Ldn+c6h0p7qZykKEd60HbK8ClBif2RB8QIDAQAB
-AoGBAKsiN5tkAJffiWvGncBtRgG0Sqh4CAx6mWEi8eSpF9GuF4ZVgzQ2cfU+aMoU
-p/MDy1/VpjBJjrMjT5qEmY+Dq+S1a5OvVEhA50pHmyMxI/9droqdTB/H5/z5LyjO
-ZvNAYnpL9eYbOUugdRs6q2K2vOO3HQbO9R+Z9uc9WNYhrqztAkEA5GHIP9KgPm+5
-I96L0TGAKNpfZNyr9jqolNdLlmOV7T/jG1kqDA3g6jP6nNeWY3c6qnQCeKN1ri53
-k05wp5T8dwJBAM4c/oAP95fx1drwxp1q48UDj4ElLd/fSPrxV1qezMuxvzGdj9Le
-AbPh6sOVutquaiD40AeMIJxjux56hBd+FtcCQDBGTwrWndK00QC5APr2KK36AuIS
-FzNUEOBtZefjIwTkVUApp86mfF1lIVtX4s0hnb/8B62yd6Sa4+G6WevCfV8CQQCu
-1ueIaIMF8E4RiBdjJ24JDIkp6wjsFDOLMzh/lZ9x1tix1M9Q96QIHEcSHCxCHpvG
-VmnZTSPIpczwAMuWRg5HAkAn/326/DImJHYn2x/rMH72YRBz2/7O2kPETgqJCUmB
-X6vHHHcKLWaeeSJJMHkhz5diexalrTDrS0CocoRO3CQr
+MIICXAIBAAKBgQDgyrB1GinuJj0anAWGdwUNK+tKLtjePDI7WznGhwHbL7xHCFyb
+w+Wfi7bLyMT6gVxgV0q1sz9qiX5/QqNtfRWyHCzUAeCZzG24E/RNVUrzB+nCAXbw
+k+CRO9sXMV6SaCAaVMJ/JD96FPHqPnpOLlSQuz1DgF4Ss3fFKF6fTHSy5wIDAQAB
+AoGABWfaZnaCm59/yKwH1fv2uyJbPiVyQaXg71x6PzPv731uYabp0zUayINrmery
+EbQarJZszYHJ/J3h1N2dYHypkNthd6G7ksFMDJm3gZVeZQaY7gZ5+Rh02JOWZvjr
+0tPuS4xX5lfNhMuClvXvATazFQSteR+TvKWYH5iLebl++sECQQD3pduACRczd9I6
+Xcd+1cCRRMDppaF1Ssexs3CBdZzvcJqCG9vFzF4TWT+ocoiUmc2qbPiVLXuF9TRl
+PRYxnNvdAkEA6F9/InVRuaRfEMyQvcVgby3/49aTmRJe6S8IQkxpKoiZYlWiHiWx
+R95wBh4Ac1iyNhgfNxIEHnDUOi92GrqPkwJBALkpmKH1qhRAbb5YKfZKig3T002f
+GsahIAhcuy0ArFNW5R+NBtiwwlJDM9aVtEsvaFgZ3A9mD2qMeR2M/BAiUT0CQE4h
+7gmUEQqurhhj8Dce6rH3cZcWS0Ko3qjhW5GPR705ePmLeZtRaS6VKG2mINin9iQi
+MDzAHgpuPa3iz39lQ2kCQCUlkHY+6sii77hkV2BOir4aG+Sp1O+tlHkHFlF5FDH5
+4q3Ojbhpp7xVaAbWBcPoq9JaI04Jctb1y6A/oVfrUm0=
 -----END RSA PRIVATE KEY-----
diff --git a/nebula-docker-compose/secrets/run.sh b/nebula-docker-compose/secrets/run.sh
@@ -81,7 +81,7 @@ EOF
 	if [ ${cert_type} == "root" ]; then
 		openssl x509 -req -in ${cert_type}.csr -out ${cert_type}.crt -extfile ${cert_type}.cnf -extensions v3_ca -signkey ${cert_type}.key -CAcreateserial -days 3650
 	else
-		openssl x509 -req -in ${cert_type}.csr -out ${cert_type}.crt -CA root.crt -CAkey root.key -CAcreateserial -days 10 -extfile ${cert_type}.cnf -extensions req_ext
+		openssl x509 -req -in ${cert_type}.csr -out ${cert_type}.crt -CA root.crt -CAkey root.key -CAcreateserial -days 3650 -extfile ${cert_type}.cnf -extensions req_ext
 	fi
 
 }

diff --git a/nebula-docker-compose/secrets/server.crt b/nebula-docker-compose/secrets/server.crt
@@ -1,14 +1,14 @@
 -----BEGIN CERTIFICATE-----
-MIICIDCCAYmgAwIBAgIUGPV76GVV7ASOQ4OTmIrYLMUPS5MwDQYJKoZIhvcNAQEL
+MIICIDCCAYmgAwIBAgIUGPV76GVV7ASOQ4OTmIrYLMUPS5cwDQYJKoZIhvcNAQEL
 BQAwLjELMAkGA1UEBhMCQ0gxEDAOBgNVBAoMB3Rlc3QtY2ExDTALBgNVBAMMBHJv
-b3QwHhcNMjMwODIzMDM0MzAzWhcNMjMwOTAyMDM0MzAzWjAwMQswCQYDVQQGEwJD
+b3QwHhcNMjMwOTE1MTAwNjQ3WhcNMzMwOTEyMTAwNjQ3WjAwMQswCQYDVQQGEwJD
 SDEQMA4GA1UECgwHdGVzdC1jYTEPMA0GA1UEAwwGc2VydmVyMIGfMA0GCSqGSIb3
-DQEBAQUAA4GNADCBiQKBgQDuxsEJMhvp3NvPIJTzc9QaER/q6BEtslmXdLTKT6jO
-KsQ6hmsJseUEfjVFus3IJmoYyefkIhwrljT/24bdx0Aj26A43kHN6SGcHDfgrDDr
-rZLDH7GVypojFi1hFmoIMy+Xk+FcH5lgVpcAl3VVQDIHBtUCpZSYls8KHcGFWTxr
-cQIDAQABozkwNzA1BgNVHREELjAshwR/AAABgglsb2NhbGhvc3SCB2dyYXBoZDCC
-B2dyYXBoZDGCB2dyYXBoZDIwDQYJKoZIhvcNAQELBQADgYEAOZd+3PJEpejVkb+v
-Pb4sgnptYoeAPHmCLsa9A8fD2allHxPSSgi7rk5h79PR9fcKP4FzBbfwUKR6lc7s
-Mmo06CApTQXjUOOz1KFitou6JIAa58NVcHoNcKSOHynwJEi9hON+DGZxleU4X1SC
-nnva1E6RoCUmG4Qa3ezPnoQy5ao=
+DQEBAQUAA4GNADCBiQKBgQDJxTV8cv5+3YgPft2jebm3WFPw2bsdoZMu6C3NF5By
+SQJaWY75KRDPx1DHqnWFhpH96gRpr9UAiBWuPrOqV5AH4ZHhqIF5Ss0OePYQvpzf
+C0MCt1JDqcg0692RuVDLTH1flSIdYAE2VPTygd1+DXqxxxKIASIxbW4QNq6Mc6KK
+pwIDAQABozkwNzA1BgNVHREELjAshwR/AAABgglsb2NhbGhvc3SCB2dyYXBoZDCC
+B2dyYXBoZDGCB2dyYXBoZDIwDQYJKoZIhvcNAQELBQADgYEAY8yRSFEzV+wxNdMG
+3745FqntuKXTPzL2trWfgHnbGjqqoECiEn2D/h2F2zVboUz+F06CW66XaIXP4iac
+Ff6YNWP9eVaO2xzSDeGkZ2ME5gNgiXc2taZipBDwlp8fm0bH7RhExJn3dSVKtP6Q
+Ikk2wvBDxc3NKXkXKxKM1sDjyLs=
 -----END CERTIFICATE-----
diff --git a/nebula-docker-compose/secrets/server.key b/nebula-docker-compose/secrets/server.key
@@ -1,15 +1,15 @@
 -----BEGIN RSA PRIVATE KEY-----
-MIICXgIBAAKBgQDuxsEJMhvp3NvPIJTzc9QaER/q6BEtslmXdLTKT6jOKsQ6hmsJ
-seUEfjVFus3IJmoYyefkIhwrljT/24bdx0Aj26A43kHN6SGcHDfgrDDrrZLDH7GV
-ypojFi1hFmoIMy+Xk+FcH5lgVpcAl3VVQDIHBtUCpZSYls8KHcGFWTxrcQIDAQAB
-AoGBAN2dtW6uhn/hkFZHPFhVSihDeqdRaxhJr6PGG0Km+tsXkHdtaQ1fgltQNGua
-vQImvVRymXsBObouuNQ8UYmoNFsIge/GxFewOouVhVhju6F1RXBja0zJtV8tSfWJ
-dhvxXflMaHXo0C3Zbg1jtFnQ48kSQzlwJ/nh5mQ3mwWd31HBAkEA/yGEKI+ql4Wn
-aG7W6xNzNtdTt6s3y3IxjmV7mt5l1Mzx1oN2FgxUD+3ySryzNLVOVbbJaH7y413x
-p4JT4rXxCQJBAO+W+d0KxkrcmxhxrevOwmsyWRe3chBEi8ZgKYOGy/tdSXjCHjWH
-8+N0Tiie1f/ukNgWx5yXAjQbkijRtVEDiSkCQD3Q2huVy6iQ2qIEERC+ErFb9M3Q
-r2Ec1wMAdbVtY1DvIz1tdsQa0pdVeNpA5E7GCyfbdOtbrvAGCBIlErwghzkCQQDJ
-+ayJ+xtO4MqewLato4+ibr9MjwlJTX/HrClTB7/OF8ZoVrzAw+uGQ/XfqIcfSi4w
-/IMqLuNcqiF858zCjwiBAkEAts+c+3pJXOZr18Wadn5tquh5d8cFVg6DVBp10JXc
-ZYDDMtfYbwPxGX7M104wUwKTXxNvddA00NsGgrbTEnUvHQ==
+MIICXQIBAAKBgQDJxTV8cv5+3YgPft2jebm3WFPw2bsdoZMu6C3NF5BySQJaWY75
+KRDPx1DHqnWFhpH96gRpr9UAiBWuPrOqV5AH4ZHhqIF5Ss0OePYQvpzfC0MCt1JD
+qcg0692RuVDLTH1flSIdYAE2VPTygd1+DXqxxxKIASIxbW4QNq6Mc6KKpwIDAQAB
+AoGABH99+sFBhSiBIP9OB5fuGPVCIctozXdNpa0NYFYXJUUVZVg7xLgypL8nwNu+
+9PQUCxoNcSG3WOSvvwusy65aCpjNchd6jTBjBUrvBla/ZS94BUsTOOkEDnC5RZHn
+qhMlrUDfvVIObUOux+jxjbGRVBlLPmyqjiuCZGV0IiW2oKkCQQDl9K5SEmvmWdCh
+OOpvHwSskPzOOHwICh3zvhfW0D2vIrggr+6sDrTbQJSSpelmyb169SQY4xHwmasz
+1vO4AR8rAkEA4J9SXYFVa2wdFYlpSQ4So99FrLvc95t9sCgvjzr+UNNP7B/LNlto
+Zj826Ho6kMjXzV5yd2gnXH2AMpXIa5fkdQJBAMS1wIEYnRCZ+CxSQcj44ci05m2K
+SB+gd+rPzBjIXlv4+UWM+kBY/EEqR24DW1vAa8RI+64GYIxPB/L6h9X5r60CQBlq
+DVClDHwd/GBubqokXHmMDn8Ptl2RizP+J/tlqlaMwhMuObjJuNMwvc6p3ax5/Oiw
+kfTupN1zGakfh1CdG+0CQQDfhISnuYZSko5KpfUKbe8MOMbEXl9CopMe15Kp2YAf
+/ylMfZ3FzF2/Aj6dOoetLXhypS3Jxu58WHHg64L64Vvf
 -----END RSA PRIVATE KEY-----