Enabling HTTPS Access Mode for DTLE Using a Self‑Signed SSL Certificate
This guide walks through downloading DTLE, generating a self‑signed SSL certificate, configuring Nomad with the certificate and key, starting the DTLE services, and verifying HTTPS access to securely protect database credentials during data transfer.
DTLE defaults to HTTP access, which can expose database credentials; enabling HTTPS protects this information. The article demonstrates how to configure DTLE for HTTPS using a self‑signed SSL certificate.
1. Download and Install DTLE
Use the following commands to download the DTLE RPM package and install it without starting the service:
shell> curl -O "https://github.com/actiontech/dtle/releases/download/v4.22.01.0/dtle-ce-4.22.01.0.x86_64.rpm"
shell> rpm -ivh dtle-ce-4.22.01.0.x86_64.rpm --prefix=/opt/dtle2. Generate Certificate and Private Key
# Install openssl
yum install openssl -y
cd /opt/dtle/etc/dtle/
# Generate private key
openssl genrsa -out server.key 1024
# Generate certificate signing request (press Enter for all prompts)
openssl req -new -key server.key -out server.csr
# Generate self‑signed certificate valid for 365 days
openssl x509 -req -in server.csr -out server.crt -signkey server.key -days 365
ls
# shows server.crt server.csr server.key3. Edit nomad.hcl to Reference the Certificate
vi nomad.hcl
...
cert_file_path = "/opt/dtle/etc/dtle/server.crt"
key_file_path = "/opt/dtle/etc/dtle/server.key"
...4. Start DTLE Services
systemctl start dtle-consul dtle-nomad5. Verify HTTPS Is Working
Attempt an HTTP request (will fail because the server expects HTTPS):
# HTTP request
curl -X POST "http://127.0.0.1:8190/v2/loginWithoutVerifyCode" -H "accept: application/json" -H "Content-Type: application/json" -d "{ \"password\": \"admin\", \"tenant\": \"platform\", \"username\": \"admin\" }"
# Response: Client sent an HTTP request to an HTTPS server.Use HTTPS without trusting the self‑signed certificate (will show verification error):
# HTTPS request (certificate not trusted)
curl -X POST "https://127.0.0.1:8190/v2/loginWithoutVerifyCode" -H "accept: application/json" -H "Content-Type: application/json" -d "{ \"password\": \"admin\", \"tenant\": \"platform\", \"username\": \"admin\" }"
# curl: (60) Peer’s certificate issuer has been marked as not trusted …Skip verification with -k and confirm a successful response:
# HTTPS request with insecure flag
curl -s -k -X POST "https://127.0.0.1:8190/v2/loginWithoutVerifyCode" -H "accept: application/json" -H "Content-Type: application/json" -d "{ \"password\": \"admin\", \"tenant\": \"platform\", \"username\": \"admin\" }" | jq
# Returns JSON with token
curl -s -k -X GET "https://127.0.0.1:8190/v2/nodes" -H "accept: application/json" -H "Authorization:
" | jq
# Returns node information JSON6. Capture Traffic to Observe Encryption
Using https the transmitted login data is encrypted, while using http it is sent in clear text (illustrated by the accompanying screenshots).
Conclusion
If you use DTLE for data transfer, enable HTTPS access mode to protect your information security.
Aikesheng Open Source Community
The Aikesheng Open Source Community provides stable, enterprise‑grade MySQL open‑source tools and services, releases a premium open‑source component each year (1024), and continuously operates and maintains them.
How this landed with the community
Was this worth your time?
0 Comments
Thoughtful readers leave field notes, pushback, and hard-won operational detail here.