github.com/diptanu/nomad@v0.5.7-0.20170516172507-d72e86cbe3d9/website/source/docs/agent/configuration/tls.html.md

github.com/diptanu/nomad@v0.5.7-0.20170516172507-d72e86cbe3d9/website/source/docs/agent/configuration/tls.html.md (about)

     1  ---
     2  layout: "docs"
     3  page_title: "tls Stanza - Agent Configuration"
     4  sidebar_current: "docs-agent-configuration-tls"
     5  description: |-
     6    The "tls" stanza configures Nomad's TLS communication via HTTP and RPC to
     7    enforce secure cluster communication between servers, clients, and between.
     8  ---
     9  
    10  # `tls` Stanza
    11  
    12  <table class="table table-bordered table-striped">
    13    <tr>
    14      <th width="120">Placement</th>
    15      <td>
    16        <code>**tls**</code>
    17      </td>
    18    </tr>
    19  </table>
    20  
    21  The `tls` stanza configures Nomad's TLS communication via HTTP and RPC to
    22  enforce secure cluster communication between servers, clients, and between.
    23  
    24  ```hcl
    25  tls {
    26    http = true
    27    rpc  = true
    28  }
    29  ```
    30  
    31  ~> Incorrect configuration of the TLS configuration can result in failure to
    32  start the Nomad agent.
    33  
    34  This section of the documentation only covers the configuration options for
    35  `tls` stanza. To understand how to setup the certificates themselves, please see
    36  the [Agent's Gossip and RPC Encryption](/docs/agent/encryption.html).
    37  
    38  ## `tls` Parameters
    39  
    40  - `ca_file` `(string: "")` - Specifies the path to the CA certificate to use for
    41    Nomad's TLS communication.
    42  
    43  - `cert_file` `(string: "")` - Specifies the path to the certificate file used
    44    for Nomad's TLS communication.
    45  
    46  - `key_file` `(string: "")` - Specifies the path to the key file to use for
    47    Nomad's TLS communication.
    48  
    49  - `http` `(bool: false)` - Specifies if TLS should be enabled on the HTTP
    50    endpoints on the Nomad agent, including the API.
    51  
    52  - `rpc` `(bool: false)` - Specifies if TLS should be enabled on the RPC
    53    endpoints and [Raft][raft] traffic between the Nomad servers. Enabling this on
    54    a Nomad client makes the client use TLS for making RPC requests to the Nomad
    55    servers.
    56  
    57  - `verify_https_client` `(bool: false)` - Specifies agents should require
    58    client certificates for all incoming HTTPS requests. The client certificates
    59    must be signed by the same CA as Nomad.
    60  
    61  - `verify_server_hostname` `(bool: false)` - Specifies if outgoing TLS
    62    connections should verify the server's hostname.
    63  
    64  ## `tls` Examples
    65  
    66  The following examples only show the `tls` stanzas. Remember that the
    67  `tls` stanza is only valid in the placements listed above.
    68  
    69  ### Enabling TLS
    70  
    71  This example shows enabling TLS configuration. This enables TLS communication
    72  between all servers and clients using the default system CA bundle and
    73  certificates.
    74  
    75  ```hcl
    76  tls {
    77    http = true
    78    rpc  = true
    79  
    80    ca_file   = "/etc/certs/ca.crt"
    81    cert_file = "/etc/certs/nomad.crt"
    82    key_file  = "/etc/certs/nomad.key"
    83  }
    84  ```
    85  
    86  [raft]: https://github.com/hashicorp/serf "Serf by HashiCorp"