From d12429ef2bea5d48f35fdd138e0ba9be392f077f Mon Sep 17 00:00:00 2001 From: Stuart Williams Date: Mon, 3 Feb 2020 12:10:47 +0000 Subject: [PATCH] docs: rate limiting applies to Consul agents in server mode (#6932) --- website/source/docs/agent/options.html.md | 39 ++++++++++++----------- 1 file changed, 20 insertions(+), 19 deletions(-) diff --git a/website/source/docs/agent/options.html.md b/website/source/docs/agent/options.html.md index bc73a9e0f..7dcac8c5e 100644 --- a/website/source/docs/agent/options.html.md +++ b/website/source/docs/agent/options.html.md @@ -38,7 +38,7 @@ documented below in the [reload command](/docs/commands/reload.html) can also be used to trigger a configuration reload. -You can test the following configuration options by following the [Getting Started](https://learn.hashicorp.com/consul/getting-started/install?utm_source=consul.io&utm_medium=docs) guides to install a local agent. +You can test the following configuration options by following the [Getting Started](https://learn.hashicorp.com/consul/getting-started/install?utm_source=consul.io&utm_medium=docs) guides to install a local agent. ## Environment Variables Environment variables **cannot** be used to configure the Consul client. They @@ -100,12 +100,12 @@ The options below are all specified on the command-line. the local machine and will [advertise](/docs/agent/options.html#_advertise) the private IPv4 address to the rest of the cluster. If there are multiple private IPv4 addresses available, Consul will exit with an error - at startup. If you specify "[::]", Consul will [advertise](/docs/agent/options.html#_advertise) - the public IPv6 address. + at startup. If you specify "[::]", Consul will [advertise](/docs/agent/options.html#_advertise) + the public IPv6 address. If there are multiple public IPv6 addresses available, Consul will exit with an error at startup. - Consul uses both TCP and UDP and the same port for both. If you have any firewalls, - be sure to allow both protocols. In Consul 1.0 and later this can be set to a - [go-sockaddr](https://godoc.org/github.com/hashicorp/go-sockaddr/template) + Consul uses both TCP and UDP and the same port for both. If you have any firewalls, + be sure to allow both protocols. In Consul 1.0 and later this can be set to a + [go-sockaddr](https://godoc.org/github.com/hashicorp/go-sockaddr/template) template that needs to resolve to a single address. Some example templates: ```sh @@ -996,14 +996,14 @@ default will automatically work with some tooling. generating a new key. If `private_key` is set for the Consul provider, or existing root or intermediate PKI paths given for Vault then this will be ignored. Currently supported options are `ec` or `rsa`. - Default is `ec`. - + Default is `ec`. + It is required that all servers in a Datacenter have the same config for the CA. It is recommended that servers in different Datacenters have the same CA config for key type and size although the built-in CA and Vault provider will both allow mixed CA key types. - + Some CA providers (currently Vault) will not allow cross-signing a new CA certificate with a different key type. This means that if you migrate from an RSA-keyed Vault CA to an EC-keyed CA from any @@ -1187,8 +1187,8 @@ default will automatically work with some tooling. set to true, in a DNS query for a service, the label between the domain and the `service` label will be treated as a namespace name instead of a datacenter. When set to false, the default, the behavior will be the same as non-Enterprise versions and will assume the label is the datacenter. See: [this section](/docs/agent/dns.html#namespaced-services-enterprise) for more details. - - + + * `domain` Equivalent to the [`-domain` command-line flag](#_domain). @@ -1371,7 +1371,8 @@ default will automatically work with some tooling. * `limits` Available in Consul 0.9.3 and later, this is a nested object that configures limits that are enforced by - the agent. The following parameters are available: + the agent. Prior to Consul 1.5.2, this only applied to agents in client mode, + not Consul servers. The following parameters are available: * `http_max_conns_per_client` - @@ -1536,13 +1537,13 @@ default will automatically work with some tooling. Set to `0` to disable automatic port assignment. * `expose_min_port` - Inclusive minimum port - number to use for automatically assigned - [exposed check listeners](/docs/connect/registration/service-registration.html#expose-paths-configuration-reference). + number to use for automatically assigned + [exposed check listeners](/docs/connect/registration/service-registration.html#expose-paths-configuration-reference). Default 21500. Set to `0` to disable automatic port assignment. * `expose_max_port` - Inclusive maximum port - number to use for automatically assigned - [exposed check listeners](/docs/connect/registration/service-registration.html#expose-paths-configuration-reference). + number to use for automatically assigned + [exposed check listeners](/docs/connect/registration/service-registration.html#expose-paths-configuration-reference). Default 21755. Set to `0` to disable automatic port assignment. * `protocol` Equivalent to the @@ -1558,8 +1559,8 @@ default will automatically work with some tooling. [`-raft-protocol` command-line flag](#_raft_protocol). * `raft_snapshot_threshold` This controls @@ -1868,7 +1869,7 @@ to the old fragment --> currently only supports numeric IDs. - `mode` - The permission bits to set on the file. -* `verify_incoming` +* `verify_incoming` - If set to true, Consul requires that all incoming connections make use of TLS and that the client provides a certificate signed by a Certificate Authority from the [`ca_file`](#ca_file) or [`ca_path`](#ca_path). This applies to