github.com/maier/nomad@v0.4.1-0.20161110003312-a9e3d0b8549d/nomad/structs/config/tls.go (about) 1 package config 2 3 // TLSConfig provides TLS related configuration 4 type TLSConfig struct { 5 6 // EnableHTTP enabled TLS for http traffic to the Nomad server and clients 7 EnableHTTP bool `mapstructure:"http"` 8 9 // EnableRPC enables TLS for RPC and Raft traffic to the Nomad servers 10 EnableRPC bool `mapstructure:"rpc"` 11 12 // VerifyServerHostname is used to enable hostname verification of servers. This 13 // ensures that the certificate presented is valid for server.<region>.nomad 14 // This prevents a compromised client from being restarted as a server, and then 15 // intercepting request traffic as well as being added as a raft peer. This should be 16 // enabled by default with VerifyOutgoing, but for legacy reasons we cannot break 17 // existing clients. 18 VerifyServerHostname bool `mapstructure:"verify_server_hostname"` 19 20 // CAFile is a path to a certificate authority file. This is used with VerifyIncoming 21 // or VerifyOutgoing to verify the TLS connection. 22 CAFile string `mapstructure:"ca_file"` 23 24 // CertFile is used to provide a TLS certificate that is used for serving TLS connections. 25 // Must be provided to serve TLS connections. 26 CertFile string `mapstructure:"cert_file"` 27 28 // KeyFile is used to provide a TLS key that is used for serving TLS connections. 29 // Must be provided to serve TLS connections. 30 KeyFile string `mapstructure:"key_file"` 31 } 32 33 // Merge is used to merge two TLS configs together 34 func (t *TLSConfig) Merge(b *TLSConfig) *TLSConfig { 35 result := *t 36 37 if b.EnableHTTP { 38 result.EnableHTTP = true 39 } 40 if b.EnableRPC { 41 result.EnableRPC = true 42 } 43 if b.VerifyServerHostname { 44 result.VerifyServerHostname = true 45 } 46 if b.CAFile != "" { 47 result.CAFile = b.CAFile 48 } 49 if b.CertFile != "" { 50 result.CertFile = b.CertFile 51 } 52 if b.KeyFile != "" { 53 result.KeyFile = b.KeyFile 54 } 55 56 return &result 57 }