learn-consul-docker icon indicating copy to clipboard operation
learn-consul-docker copied to clipboard

Published 20 hours ago verified publisher icon hashicorp

[DO NOT MERGE] Senario with Consul 1.14 and new TLS config

Open danielehc opened this issue 2 years ago • 1 comments

Test scenario with Consul 1.14 and new TLS configuration for Consul DC

Configuration reference:

  • Server:
    "tls": {
        "defaults": {
            "ca_file"   : "/consul/config/certs/consul-agent-ca.pem",
            "cert_file" : "/consul/config/certs/dc1-server-consul-0.pem",
            "key_file"  : "/consul/config/certs/dc1-server-consul-0-key.pem",
        
            "verify_outgoing"        : true,
            "verify_incoming"        : true
        },

        "https": {
            "verify_incoming"        : false
        },
        "internal_rpc": {
            "verify_server_hostname" : true
        }
    },

    "auto_encrypt": {
        "allow_tls" : true
    }
  • Client:
    "tls": {
        "defaults": {
            "ca_file"   : "/consul/config/certs/consul-agent-ca.pem",
            "verify_outgoing"        : true,
            "verify_incoming"        : true
        },
        "https": {
            "verify_incoming"        : false
        },
        "internal_rpc": {
            "verify_server_hostname" : true
        }
    },

    "auto_encrypt": {
        "tls" : true
    }

danielehc avatar Nov 17 '22 14:11 danielehc

I tested the scenario and it works for me too! If you would like to automate the certificate creation, take a look at this repo here:

https://github.com/hashicorp-demoapp/hashicups-setups/blob/7b8a0738c8a73b95aaebd71e0fd4ce5d385ba31a/docker-compose-consul/build_images.sh#L3

It basically builds a Consul image that runs the tls commands and then copies the certs off the container into the working dir.

krastin avatar Dec 08 '22 13:12 krastin