github
/
consul
mirror of https://github.com/hashicorp/consul
1
0
Fork 0
Code Issues Projects Releases Wiki Activity
Browse Source

docs: fixes makdown leakage

pull/12872/head
Karl Cardenas 3 years ago
parent
6a4ca9c5a7
commit
dbaed47da2
No known key found for this signature in database
GPG Key ID: AC61D76B41F1EDC
1 changed files with 13 additions and 14 deletions
Whitespace
Show all changes Ignore whitespace when comparing lines Ignore changes in amount of whitespace Ignore changes in whitespace at EOL
Split View
Diff Options
Show Stats Download Patch File Download Diff File
  1. 27
      website/content/docs/security/security-models/core.mdx

27
website/content/docs/security/security-models/core.mdx
Unescape View File

@ -143,25 +143,24 @@ environment and adapt these configurations accordingly.
**Example Client Agent TLS Configuration**
```hcl
tls {
defaults {
verify_incoming = false
verify_outgoing = true
ca_file = "consul-agent-ca.pem"
tls {
defaults {
verify_incoming = false
verify_outgoing = true
ca_file = "consul-agent-ca.pem"
}
internal_rpc {
verify_server_hostname = true
}
}
internal_rpc {
verify_server_hostname = true
auto_encrypt {
tls = true
}
}
auto_encrypt {
tls = true
}
```
-> The client agent TLS configuration from above sets [`verify_incoming`](/docs/agent/config/config-files#tls_defaults_verify_incoming)
-> **Note**: The client agent TLS configuration from above sets [`verify_incoming`](/docs/agent/config/config-files#tls_defaults_verify_incoming)
to false which assumes all incoming traffic is restricted to `localhost`. The primary benefit for this configuration
would be to avoid provisioning client TLS certificates (in addition to ACL tokens) for all tools or applications
using the local Consul agent. In this case ACLs should be enabled to provide authorization and only ACL tokens would

Write Preview
Loading…
Cancel
Save