status-im
/
consul
mirror of https://github.com/status-im/consul.git
2
0
Fork 0
Code Issues Projects Releases Wiki Activity

Add extra clarification around verify_incoming_https for localhost 

In many cases access to localhost is restricted to trusted/privellged actors only
This commit is contained in:
Kent 'picat' Gruber 2020-11-05 16:20:41 -05:00
parent 84a345324c
commit e0a9e329e5
1 changed files with 2 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
website/pages/docs/security/security-models/core.mdx
View File

@ -78,7 +78,8 @@ environment and adapt these configurations accordingly.
HTTPS API.
- [`verify_incoming_https`](/docs/agent/options#verify_incoming_https) - By default this is false, and should be set
to true to require clients to provide a valid TLS certificate when the Consul HTTPS API is enabled.
to true to require clients to provide a valid TLS certificate when the Consul HTTPS API is enabled. TLS for the API
may be not be necessary if it is exclusively served over a loopback interface such as `localhost`.
- [`verifing_incoming_rpc`](/docs/agent/options#verify_incoming_rpc) - By default this is false, and should almost
always be set to true to require clients to provide a valid TLS certificate for Consul agent RPCs.