mirror of
https://github.com/status-im/consul.git
synced 2025-01-11 06:16:08 +00:00
Fix some formatting and a typo.
This commit is contained in:
parent
f0059665bb
commit
6117bdb9d5
@ -32,11 +32,6 @@ You may also configure Consul to use an external
|
|||||||
[certificate management system](/docs/connect/ca.html), such as
|
[certificate management system](/docs/connect/ca.html), such as
|
||||||
[Vault](https://vaultproject.io).
|
[Vault](https://vaultproject.io).
|
||||||
|
|
||||||
-> **Security note:** Enabling Connect is enough to try the feature but doesn't
|
|
||||||
automatically ensure complete security. Please read the [Connect production
|
|
||||||
guide](/docs/guides/connect-production.html) to understand the additional steps
|
|
||||||
needed for a secure deployment.
|
|
||||||
|
|
||||||
No agent-wide configuration is necessary for non-server agents. Services
|
No agent-wide configuration is necessary for non-server agents. Services
|
||||||
and proxies may always register with Connect settings, but they will fail to
|
and proxies may always register with Connect settings, but they will fail to
|
||||||
retrieve or verify any TLS certificates. This causes all Connect-based
|
retrieve or verify any TLS certificates. This causes all Connect-based
|
||||||
@ -45,9 +40,14 @@ connection attempts to fail until Connect is enabled on the server agents.
|
|||||||
-> **Note:** Connect is enabled by default when running Consul in
|
-> **Note:** Connect is enabled by default when running Consul in
|
||||||
dev mode with `consul agent -dev`.
|
dev mode with `consul agent -dev`.
|
||||||
|
|
||||||
|
~> **Security note:** Enabling Connect is enough to try the feature but doesn't
|
||||||
|
automatically ensure complete security. Please read the [Connect production
|
||||||
|
guide](/docs/guides/connect-production.html) to understand the additional steps
|
||||||
|
needed for a secure deployment.
|
||||||
|
|
||||||
## Built-In Proxy Options
|
## Built-In Proxy Options
|
||||||
|
|
||||||
This is complete example of all the configuration options available for the
|
This is a complete example of all the configuration options available for the
|
||||||
built-in proxy. Note that only the `service.connect.proxy.config` map is being
|
built-in proxy. Note that only the `service.connect.proxy.config` map is being
|
||||||
described here, the rest of the service definition is shown for context and is
|
described here, the rest of the service definition is shown for context and is
|
||||||
[described elsewhere](/docs/connect/proxies.html#managed-proxies).
|
[described elsewhere](/docs/connect/proxies.html#managed-proxies).
|
||||||
@ -94,47 +94,42 @@ described here, the rest of the service definition is shown for context and is
|
|||||||
range](/docs/agent/options.html#proxy_min_port) if available. By default the
|
range](/docs/agent/options.html#proxy_min_port) if available. By default the
|
||||||
range is [20000, 20255] and the port is selected at random from that range.
|
range is [20000, 20255] and the port is selected at random from that range.
|
||||||
|
|
||||||
* <a name="local_service_address"></a><a href="#local_service_address">`local_service_address`</a>
|
* <a name="local_service_address"></a><a href="#local_service_address">`local_service_address`</a> - The
|
||||||
- The `[address]:port` that the proxy should use to connect to the
|
`[address]:port` that the proxy should use to connect to the local application
|
||||||
local application instance. By default it assumes `127.0.0.1` as the address
|
instance. By default it assumes `127.0.0.1` as the address and takes the port
|
||||||
and takes the port from the service definition's `port` field. Note that
|
from the service definition's `port` field. Note that allowing the application
|
||||||
allowing the application to listen on any non-loopback address may expose it
|
to listen on any non-loopback address may expose it externally and bypass
|
||||||
externally and bypass Connect's access enforcement. It may be useful though
|
Connect's access enforcement. It may be useful though to allow non-standard
|
||||||
to allow non-standard loopback addresses or where an alternative
|
loopback addresses or where an alternative known-private IP is available for
|
||||||
known-private IP is available for example when using internal networking
|
example when using internal networking between containers.
|
||||||
between containers.
|
|
||||||
|
|
||||||
* <a name="local_connect_timeout_ms"></a><a href="#local_connect_timeout_ms">`local_connect_timeout_ms`</a>
|
* <a name="local_connect_timeout_ms"></a><a href="#local_connect_timeout_ms">`local_connect_timeout_ms`</a> - The number
|
||||||
- The number of milliseconds the proxy will wait to establish a
|
of milliseconds the proxy will wait to establish a connection to the _local
|
||||||
connection to the _local application_ before giving up. Defaults to `1000`
|
application_ before giving up. Defaults to `1000` or 1 second.
|
||||||
or 1 second.
|
|
||||||
|
|
||||||
* <a name="handshake_timeout_ms"></a><a href="#handshake_timeout_ms">`handshake_timeout_ms`</a>
|
* <a name="handshake_timeout_ms"></a><a href="#handshake_timeout_ms">`handshake_timeout_ms`</a> - The
|
||||||
- The number of milliseconds the proxy will wait for _incoming_ mTLS
|
number of milliseconds the proxy will wait for _incoming_ mTLS connections to
|
||||||
connections to complete the TLS handshake. Defaults to `10000` or 10
|
complete the TLS handshake. Defaults to `10000` or 10 seconds.
|
||||||
seconds.
|
|
||||||
|
|
||||||
* <a name="upstreams"></a><a href="#upstreams">`upstreams`</a>
|
* <a name="upstreams"></a><a href="#upstreams">`upstreams`</a> - An array of
|
||||||
- An array of upstream definitions for remote services that the proxied
|
upstream definitions for remote services that the proxied
|
||||||
application needs to make outgoing connections to. Each definition has the
|
application needs to make outgoing connections to. Each definition has the
|
||||||
following fields:
|
following fields:
|
||||||
* <a name="destination_name"></a><a href="#destination_name">`destination_name`</a>
|
* <a name="destination_name"></a><a href="#destination_name">`destination_name`</a> -
|
||||||
- [required] The name of the service or prepared query to route connect
|
[required] The name of the service or prepared query to route connect to.
|
||||||
to.
|
* <a name="local_bind_port"></a><a href="#local_bind_port">`local_bind_port`</a> -
|
||||||
* <a name="local_bind_port"></a><a href="#local_bind_port">`local_bind_port`</a>
|
[required] The port to bind a local listener to for the application to
|
||||||
- [required] The port to bind a local listener to for the application to
|
make outbound connections to this upstream.
|
||||||
make outbound connections to this upstream.
|
* <a name="local_bind_address"></a><a href="#local_bind_address">`local_bind_address`</a> -
|
||||||
* <a name="local_bind_address"></a><a href="#local_bind_address">`local_bind_address`</a>
|
The address to bind a local listener to for the application to make
|
||||||
- The address to bind a local listener to for the application to make
|
outbound connections to this upstream.
|
||||||
outbound connections to this upstream.
|
* <a name="destination_type"></a><a href="#destination_type">`destination_type`</a> -
|
||||||
* <a name="destination_type"></a><a href="#destination_type">`destination_type`</a>
|
Either `service` or `upstream`. The type of discovery query to use to find
|
||||||
- Either `service` or `upstream`. The type of discovery query to use to
|
an instance to connect to. Defaults to `service`.
|
||||||
find an instance to connect to. Defaults to `service`.
|
* <a name="destination_datacenter"></a><a href="#destination_datacenter">`destination_datacenter`</a> -
|
||||||
* <a name="destination_datacenter"></a><a href="#destination_datacenter">`destination_datacenter`</a>
|
The datacenter to issue the discovery query too. Defaults to the local datacenter.
|
||||||
- The datacenter to issue the discovery query too. Defaults to the local
|
* <a name="connect_timeout_ms"></a><a href="#connect_timeout_ms">`connect_timeout_ms`</a> -
|
||||||
datacenter.
|
The number of milliseconds the proxy will wait to establish a connection to
|
||||||
* <a name="connect_timeout_ms"></a><a href="#connect_timeout_ms">`connect_timeout_ms`</a>
|
and complete TLS handshake with the _remote_ application or proxy. Defaults
|
||||||
- The number of milliseconds the proxy will wait to establish a connection
|
to `10000` or 10 seconds.
|
||||||
to and complete TLS handshake with the _remote_ application or proxy.
|
|
||||||
Defaults to `10000` or 10 seconds.
|
|
||||||
|
|
||||||
|
Loading…
x
Reference in New Issue
Block a user