github.com/taylorchu/nomad@v0.5.3-rc1.0.20170407200202-db11e7dd7b55/website/source/docs/agent/configuration/tls.html.md

github.com/taylorchu/nomad@v0.5.3-rc1.0.20170407200202-db11e7dd7b55/website/source/docs/agent/configuration/tls.html.md (about)

     1  ---
     2  layout: "docs"
     3  page_title: "tls Stanza - Agent Configuration"
     4  sidebar_current: "docs-agent-configuration-tls"
     5  description: |-
     6    The "tls" stanza configures Nomad's TLS communication via HTTP and RPC to
     7    enforce secure cluster communication between servers, clients, and between.
     8  ---
     9  
    10  # `tls` Stanza
    11  
    12  <table class="table table-bordered table-striped">
    13    <tr>
    14      <th width="120">Placement</th>
    15      <td>
    16        <code>**tls**</code>
    17      </td>
    18    </tr>
    19  </table>
    20  
    21  The `tls` stanza configures Nomad's TLS communication via HTTP and RPC to
    22  enforce secure cluster communication between servers, clients, and between.
    23  
    24  ```hcl
    25  tls {
    26    http = true
    27    rpc  = true
    28  }
    29  ```
    30  
    31  ~> Incorrect configuration of the TLS configuration can result in failure to
    32  start the Nomad agent.
    33  
    34  This section of the documentation only covers the configuration options for
    35  `tls` stanza. To understand how to setup the certificates themselves, please see
    36  the [Agent's Gossip and RPC Encryption](/docs/agent/encryption.html).
    37  
    38  ## `tls` Parameters
    39  
    40  - `ca_file` `(string: "")` - Specifies the path to the CA certificate to use for
    41    Nomad's TLS communication.
    42  
    43  - `cert_file` `(string: "")` - Specifies the path to the certificate file used
    44    for Nomad's TLS communication.
    45  
    46  - `key_file` `(string: "")` - Specifies the path to the key file to use for
    47    Nomad's TLS communication.
    48  
    49  - `http` `(bool: false)` - Specifies if TLS should be enabled on the HTTP
    50    endpoints on the Nomad agent, including the API.
    51  
    52  - `rpc` `(bool: false)` - Specifies if TLS should be enabled on the RPC
    53    endpoints and [Raft][raft] traffic between the Nomad servers. Enabling this on
    54    a Nomad client makes the client use TLS for making RPC requests to the Nomad
    55    servers.
    56  
    57  - `verify_server_hostname` `(bool: false)` - Specifies if outgoing TLS
    58    connections should verify the server's hostname.
    59  
    60  ## `tls` Examples
    61  
    62  The following examples only show the `tls` stanzas. Remember that the
    63  `tls` stanza is only valid in the placements listed above.
    64  
    65  ### Enabling TLS
    66  
    67  This example shows enabling TLS configuration. This enables TLS communication
    68  between all servers and clients using the default system CA bundle and
    69  certificates.
    70  
    71  ```hcl
    72  tls {
    73    http = true
    74    rpc  = true
    75  
    76    ca_file   = "/etc/certs/ca.crt"
    77    cert_file = "/etc/certs/nomad.crt"
    78    key_file  = "/etc/certs/nomad.key"
    79  }
    80  ```
    81  
    82  [raft]: https://github.com/hashicorp/serf "Serf by HashiCorp"