kemko/nomad
1
0
Fork 0
mirror of https://github.com/kemko/nomad.git synced 2026-01-06 18:35:44 +03:00
Code Issues Packages Projects Releases Wiki Activity

Mention required cli config when using tls

Browse Source 
Fixes #2571
This commit is contained in:
Michael Schurter
2017-04-18 09:04:06 -07:00
parent 8ad95182a0
commit b54c248feb
1 changed files with 21 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

21
website/source/docs/agent/encryption.html.md
View File

@@ -51,6 +51,27 @@ TLS is used to secure the RPC calls between agents, but gossip between nodes is
done over UDP and is secured using a symmetric key. See above for enabling
gossip encryption.
### Configuring the command line tool
If you have HTTPS enabled for your Nomad agent, you must export environment
variables for the command line tool to also use HTTPS:
```sh
# NOMAD_ADDR defaults to http://, so set it to https
# Alternatively you can use the -address flag
export NOMAD_ADDR=https://127.0.0.1:4646
# Set the location of your CA certificate
# Alternatively you can use the -ca-cert flag
export NOMAD_CACERT=/path/to/ca.pem
```
Run any command except `agent` with `-h` to see all environment variables and
flags. For example: `nomad status -h`
Since HTTPS currently does not validate client certificates you do not need to
give the command line tool access to any private keys.
## Encryption Examples
### TLS Configuration using `cfssl`