Add extra clarification around verify_incoming_https for localhost

In many cases access to localhost is restricted to trusted/privellged actors only
This commit is contained in:
Kent 'picat' Gruber 2020-11-05 16:20:41 -05:00
parent 84a345324c
commit e0a9e329e5
1 changed files with 2 additions and 1 deletions

View File

@ -78,7 +78,8 @@ environment and adapt these configurations accordingly.
HTTPS API. HTTPS API.
- [`verify_incoming_https`](/docs/agent/options#verify_incoming_https) - By default this is false, and should be set - [`verify_incoming_https`](/docs/agent/options#verify_incoming_https) - By default this is false, and should be set
to true to require clients to provide a valid TLS certificate when the Consul HTTPS API is enabled. to true to require clients to provide a valid TLS certificate when the Consul HTTPS API is enabled. TLS for the API
may be not be necessary if it is exclusively served over a loopback interface such as `localhost`.
- [`verifing_incoming_rpc`](/docs/agent/options#verify_incoming_rpc) - By default this is false, and should almost - [`verifing_incoming_rpc`](/docs/agent/options#verify_incoming_rpc) - By default this is false, and should almost
always be set to true to require clients to provide a valid TLS certificate for Consul agent RPCs. always be set to true to require clients to provide a valid TLS certificate for Consul agent RPCs.