status-im
/
consul
mirror of https://github.com/status-im/consul.git
2
0
Fork 0
Code Issues Projects Releases Wiki Activity

Merge pull request #12872 from hashicorp/markdown-fix 

docs: fixes makdown leakage
This commit is contained in:
Karl Cardenas 2022-04-27 14:20:19 -07:00 committed by GitHub
parent 6a4ca9c5a7 dbaed47da2
commit 3bf17020d9
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
1 changed files with 13 additions and 14 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

27
website/content/docs/security/security-models/core.mdx
View File

@ -143,25 +143,24 @@ environment and adapt these configurations accordingly.
**Example Client Agent TLS Configuration**
```hcl
tls {
defaults {
verify_incoming = false
verify_outgoing = true
ca_file = "consul-agent-ca.pem"
tls {
defaults {
verify_incoming = false
verify_outgoing = true
ca_file = "consul-agent-ca.pem"
}
internal_rpc {
verify_server_hostname = true
}
}
internal_rpc {
verify_server_hostname = true
auto_encrypt {
tls = true
}
}
auto_encrypt {
tls = true
}
```
-> The client agent TLS configuration from above sets [`verify_incoming`](/docs/agent/config/config-files#tls_defaults_verify_incoming)
-> **Note**: The client agent TLS configuration from above sets [`verify_incoming`](/docs/agent/config/config-files#tls_defaults_verify_incoming)
to false which assumes all incoming traffic is restricted to `localhost`. The primary benefit for this configuration
would be to avoid provisioning client TLS certificates (in addition to ACL tokens) for all tools or applications
using the local Consul agent. In this case ACLs should be enabled to provide authorization and only ACL tokens would