Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

TLS config documentation for HTTPS server #831

Closed
ryanuber opened this issue Mar 31, 2015 · 7 comments
Closed

TLS config documentation for HTTPS server #831

ryanuber opened this issue Mar 31, 2015 · 7 comments
Assignees
@ryanbreen
Labels
type/docs Documentation needs to be created/updated/clarified
Milestone
0.5.1

Comments

@ryanuber
Copy link
Member

From https://groups.google.com/forum/#!topic/consul-tool/JOGcE2o1GK0:

the docs don't specify that you need to (or even that you can) set the 'https' address in the config.
If you don't do that it silently fails to set up the https server. Bit of a head-scratcher for a while.

/cc @ryanbreen
@ryanuber ryanuber added the type/docs Documentation needs to be created/updated/clarified label Mar 31, 2015
@ryanbreen
Copy link
Contributor

Cool, I can get that added.

@ryanbreen ryanbreen self-assigned this Mar 31, 2015
@ryanbreen
Copy link
Contributor

Definitely makes sense to add documentation of the https address to the options docs, but it also feels like we need a "Securing Consul" guide to cover this stuff in more depth. Forcing people to scour the config options feels unreasonable.

@ryanuber
Copy link
Member Author

ryanuber commented Apr 3, 2015

I agree, a security guide would be great!

@armon
Copy link
Member

armon commented Apr 3, 2015

Yep, totally agreed. There is too broad a surface to reason about.

ryanbreen added a commit that referenced this issue Apr 4, 2015
@ryanbreen
Website: GH-831, mention that https port must be specified to start a…
0ad25ec 
…n https listener.
@ryanbreen
Copy link
Contributor

For starters, I made one minor change to the options docs, clarifying that https port must be set. However, I'm having a hard time validating that there's a codepath where address: https needs to be set for the https listener to start.

If an https port is set but no https address is set, this line https://github.com/hashicorp/consul/blob/master/command/agent/http.go#L47 calls https://github.com/hashicorp/consul/blob/master/command/agent/config.go#L453 with an empty string as the first param. That'll yield a returned addr equivalent to ClientAddr, and that should default to 127.0.0.1.

What am I missing?

@armon armon modified the milestone: 0.5.1 Apr 9, 2015
@ryanuber
Copy link
Member Author

@ryanbreen I don't think you are missing anything. If the port is configured, the HTTPS server should start, and the HTTPS address field is just there to allow changing what it binds to.

@armon
Copy link
Member

armon commented May 5, 2015

Closing, this seems to be done. Thanks @ryanbreen

@armon armon closed this as completed May 5, 2015
@ekmixon ekmixon mentioned this issue May 14, 2022
Open
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@ryanbreen ryanbreen

Labels
type/docs Documentation needs to be created/updated/clarified
Projects
None yet
Milestone
0.5.1
Development

No branches or pull requests
3 participants
@ryanbreen @armon @ryanuber