Go to file
Matt Keeler 7b49fc1529
Require enabling TLS to enable Auto Config (#8159)
On the servers they must have a certificate.

On the clients they just have to set verify_outgoing to true to attempt TLS connections for RPCs.

Eventually we may relax these restrictions but right now all of the settings we push down (acl tokens, acl related settings, certificates, gossip key) are sensitive and shouldn’t be transmitted over an unencrypted connection. Our guides and docs should recoommend verify_server_hostname on the clients as well.

Another reason to do this is weird things happen when making an insecure RPC when TLS is not enabled. Basically it tries TLS anyways. We should probably fix that to make it clearer what is going on.
2020-06-19 16:38:14 -04:00
.circleci Bump golang to 1.14.4 to avoid known runtime issue (#8146) 2020-06-18 11:38:33 -05:00
.github fixed links (#8020) 2020-06-04 16:18:37 -04:00
acl Merge pull request #8035 from hashicorp/feature/auto-config/server-rpc 2020-06-17 16:07:25 -04:00
agent Require enabling TLS to enable Auto Config (#8159) 2020-06-19 16:38:14 -04:00
api Merge pull request #8034 from hashicorp/dnephin/add-linter-staticcheck-4 2020-06-17 12:16:02 -04:00
bench Gets benchmarks running again and does a rough pass for 0.7.1. 2016-11-29 13:02:26 -08:00
build-support Implement the insecure version of the Cluster.AutoConfig RPC endpoint 2020-06-17 11:25:29 -04:00
command Allow cancelling startup when performing auto-config (#8157) 2020-06-19 15:16:00 -04:00
connect Implement Client Agent Auto Config 2020-06-17 16:49:46 -04:00
contributing Update comments that reference PatchSliceOfMaps 2020-06-09 17:43:05 -04:00
demo demo: Added udp port forwarding 2018-05-30 13:56:56 +09:00
internal/go-sso Merge pull request #8035 from hashicorp/feature/auto-config/server-rpc 2020-06-17 16:07:25 -04:00
ipaddr Ensure Consul is IPv6 compliant (#5468) 2019-06-04 10:02:38 -04:00
lib Merge pull request #8034 from hashicorp/dnephin/add-linter-staticcheck-4 2020-06-17 12:16:02 -04:00
logging Implement Client Agent Auto Config 2020-06-17 16:49:46 -04:00
sdk acl: remove the deprecated `acl_enforce_version_8` option (#7991) 2020-05-29 16:16:03 -05:00
sentinel Allow users to configure either unstructured or JSON logging (#7130) 2020-01-28 17:50:41 -06:00
service_os Changes made : 2018-06-28 21:18:14 -04:00
snapshot Enable gofmt simplify 2020-06-16 13:21:11 -04:00
terraform terraform: remove modules in repo (#5085) 2019-04-04 16:31:43 -07:00
test Support envoy 1.14.2, 1.13.2, 1.12.4 (#8057) 2020-06-10 23:20:17 +02:00
testrpc acl: remove the deprecated `acl_enforce_version_8` option (#7991) 2020-05-29 16:16:03 -05:00
tlsutil Merge pull request #8035 from hashicorp/feature/auto-config/server-rpc 2020-06-17 16:07:25 -04:00
types Removes remoteConsuls in favor of the new router. 2017-03-16 16:42:19 -07:00
ui-v2 ui: Remove with-listeners mixin (#8142) 2020-06-18 14:54:31 +01:00
vendor Update go-memdb and go-lru dependencies 2020-06-16 13:00:28 -04:00
version Putting source back into Dev Mode 2020-05-28 14:39:39 -04:00
website remove prerelease tag 2020-06-18 20:02:21 -05:00
.dockerignore Update the scripting 2018-06-14 21:42:47 -04:00
.gitattributes Initial commit 2013-11-04 14:15:27 -08:00
.gitignore .gitignore: cut IDE-specific entries, cleanup (#7083) 2020-01-17 11:06:33 -08:00
.golangci.yml Merge pull request #8034 from hashicorp/dnephin/add-linter-staticcheck-4 2020-06-17 12:16:02 -04:00
.hashibot.hcl hashibot: let hashibot help us more (#7281) 2020-02-19 15:30:27 +01:00
CHANGELOG.md Update CHANGELOG.md 2020-06-19 13:36:37 -06:00
GNUmakefile Make envoy integration tests a `go test` suite (#7842) 2020-05-19 14:00:00 -04:00
INTERNALS.md Add contributing dir with Config file checklist (#7017) 2020-01-14 12:24:03 +00:00
LICENSE Initial commit 2013-11-04 14:15:27 -08:00
NOTICE.md add copyright notice file 2018-07-09 10:58:26 -07:00
README.md Small changes to Readme around Consul description (#8114) 2020-06-16 09:44:26 -07:00
Vagrantfile Adds a basic Linux Vagrant setup, stolen from Nomad. 2017-10-06 08:10:12 -07:00
codecov.yml ui: Test Coverage Reporting (#7027) 2020-05-12 17:13:50 +00:00
go.mod state: track changes so that they may be used to produce change events 2020-06-16 13:04:29 -04:00
go.sum state: track changes so that they may be used to produce change events 2020-06-16 13:04:29 -04:00
main.go cli: slightly more direct way of printing custom version 2020-03-26 15:35:34 -04:00
main_test.go Adding basic CLI infrastructure 2013-12-19 11:22:08 -08:00

README.md

Consul CircleCI Discuss

Consul is a distributed, highly available, and data center aware solution to connect and configure applications across dynamic, distributed infrastructure.

Consul provides several key features:

  • Multi-Datacenter - Consul is built to be datacenter aware, and can support any number of regions without complex configuration.

  • Service Mesh/Service Segmentation - Consul Connect enables secure service-to-service communication with automatic TLS encryption and identity-based authorization. Applications can use sidecar proxies in a service mesh configuration to establish TLS connections for inbound and outbound connections without being aware of Connect at all.

  • Service Discovery - Consul makes it simple for services to register themselves and to discover other services via a DNS or HTTP interface. External services such as SaaS providers can be registered as well.

  • Health Checking - Health Checking enables Consul to quickly alert operators about any issues in a cluster. The integration with service discovery prevents routing traffic to unhealthy hosts and enables service level circuit breakers.

  • Key/Value Storage - A flexible key/value store enables storing dynamic configuration, feature flagging, coordination, leader election and more. The simple HTTP API makes it easy to use anywhere.

Consul runs on Linux, Mac OS X, FreeBSD, Solaris, and Windows. A commercial version called Consul Enterprise is also available.

Please note: We take Consul's security and our users' trust very seriously. If you believe you have found a security issue in Consul, please responsibly disclose by contacting us at security@hashicorp.com.

Quick Start

A few quick start guides are available on the Consul website:

Documentation

Full, comprehensive documentation is available on the Consul website:

https://www.consul.io/docs

Contributing

Thank you for your interest in contributing! Please refer to CONTRIBUTING.md for guidance.