github.com/cs3org/reva/v2@v2.27.7/changelog/2.11.0_2022-11-03/grpc-tls-settings.md

github.com/cs3org/reva/v2@v2.27.7/changelog/2.11.0_2022-11-03/grpc-tls-settings.md (about)

     1  Enhancement: Allow to enable TLS for grpc service
     2  
     3  We added new configuration settings for the grpc based services allowing to enable
     4  transport security for the services. By setting:
     5  
     6  ```toml
     7  [grpc.tls_settings]
     8  enabled = true
     9  certificate = "<path/to/cert.pem>"
    10  key = "<path/to/key.pem>"
    11  ```
    12  
    13  TLS transportsecurity is enabled using the supplied certificate. When `enabled` is set
    14  to `true`, but no certificate and key files are supplied reva will generate
    15  temporary self-signed certificates at startup (this requires to also configure
    16  the clients to disable certificate verification, see below).
    17  
    18  The client side can be configured via the shared section. Set this to configure the CA for
    19  verifying server certificates:
    20  
    21  ```toml
    22  [shared.grpc_client_options]
    23  tls_mode = "on"
    24  tls_cacert = "</path/to/cafile.pem>"
    25  ```
    26  
    27  To disable server certificate verification (e.g. when using the autogenerated self-signed certificates)
    28  set:
    29  
    30  ```toml
    31  [shared.grpc_client_options]
    32  tls_mode = "insecure"
    33  ```
    34  
    35  To switch off TLS for the clients (which is also the default):
    36  
    37  ```toml
    38  [shared.grpc_client_options]
    39  tls_mode = "off"
    40  ```
    41  
    42  https://github.com/cs3org/reva/pull/3332