open-consul/website/source/docs/connect/configuration.html.md

---
layout: "docs"
page_title: "Connect - Configuration"
sidebar_current: "docs-connect-config"
description: |-
  A Connect-aware proxy enables unmodified applications to use Connect. A per-service proxy sidecar transparently handles inbound and outbound service connections, automatically wrapping and verifying TLS connections.
---

# Connect Configuration

There are many configuration options exposed for Connect. The only option
that must be set is the "enabled" option on Consul Servers to enable Connect.
All other configurations are optional and have reasonable defaults.

## Enable Connect on the Cluster

The first step to use Connect is to enable Connect for your Consul
cluster. By default, Connect is disabled. Enabling Connect requires changing
the configuration of only your Consul _servers_ (not client agents). To enable
Connect, add the following to a new or existing
[server configuration file](/docs/agent/options.html). In HCL:

```hcl
connect {
  enabled = true
}
```

This will enable Connect and configure your Consul cluster to use the
built-in certificate authority for creating and managing certificates.
You may also configure Consul to use an external
[certificate management system](/docs/connect/ca.html), such as
[Vault](https://vaultproject.io).

No agent-wide configuration is necessary for non-server agents. Services
and proxies may always register with Connect settings, but they will fail to
retrieve or verify any TLS certificates. This causes all Connect-based
connection attempts to fail until Connect is enabled on the server agents.

-> **Note:** Connect is enabled by default when running Consul in
dev mode with `consul agent -dev`.
Starting Docs (#46) * website: first stab at Connect docs * website: lots more various stuff (bad commit messages) * website: getting started page for Connect * website: intentions * website: intention APIs * website: agent API docs * website: document agent/catalog proxy kind service values * website: /v1/catalog/connect/:service * website: intention CLI docs * website: custom proxy docs * website: remove dedicated getting started guide * website: add docs for CA API endpoints * website: add docs for connect ca commands * website: add proxy CLI docs * website: clean up proxy command, add dev docs * website: todo pages * website: connect security 2018-05-29 21:07:40 +00:00			`---`
			`layout: "docs"`
			`page_title: "Connect - Configuration"`
			`sidebar_current: "docs-connect-config"`
			`description: \|-`
			`A Connect-aware proxy enables unmodified applications to use Connect. A per-service proxy sidecar transparently handles inbound and outbound service connections, automatically wrapping and verifying TLS connections.`
			`---`

			`# Connect Configuration`

			`There are many configuration options exposed for Connect. The only option`
			`that must be set is the "enabled" option on Consul Servers to enable Connect.`
			`All other configurations are optional and have reasonable defaults.`

			`## Enable Connect on the Cluster`

			`The first step to use Connect is to enable Connect for your Consul`
			`cluster. By default, Connect is disabled. Enabling Connect requires changing`
			`the configuration of only your Consul _servers_ (not client agents). To enable`
			`Connect, add the following to a new or existing`
			`[server configuration file](/docs/agent/options.html). In HCL:`

			```hcl
			`connect {`
			`enabled = true`
			`}`
			```

			`This will enable Connect and configure your Consul cluster to use the`
			`built-in certificate authority for creating and managing certificates.`
			`You may also configure Consul to use an external`
			`[certificate management system](/docs/connect/ca.html), such as`
			`[Vault](https://vaultproject.io).`

			`No agent-wide configuration is necessary for non-server agents. Services`
			`and proxies may always register with Connect settings, but they will fail to`
			`retrieve or verify any TLS certificates. This causes all Connect-based`
			`connection attempts to fail until Connect is enabled on the server agents.`

			`-> Note: Connect is enabled by default when running Consul in`
			dev mode with `consul agent -dev`.