luxolus/open-nomad
2
0
Fork 0
Code Issues 1 Pull requests Packages Releases Wiki Activity

Merge pull request #2572 from hashicorp/docs-2571-cli-tls

Browse source 
Mention required cli config when using tls
This commit is contained in:
Michael Schurter 2017-04-18 09:40:43 -07:00 committed by GitHub
parent 5a08ea7801 772f301b6b
commit 25a2717a3b
1 changed files with 21 additions and 0 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

21
website/source/docs/agent/encryption.html.md
View file

@ -51,6 +51,27 @@ TLS is used to secure the RPC calls between agents, but gossip between nodes is
done over UDP and is secured using a symmetric key. See above for enabling done over UDP and is secured using a symmetric key. See above for enabling
gossip encryption. gossip encryption.
### Configuring the command line tool
If you have HTTPS enabled for your Nomad agent, you must export environment
variables for the command line tool to also use HTTPS:
```sh
# NOMAD_ADDR defaults to http://, so set it to https
# Alternatively you can use the -address flag
export NOMAD_ADDR=https://127.0.0.1:4646
# Set the location of your CA certificate
# Alternatively you can use the -ca-cert flag
export NOMAD_CACERT=/path/to/ca.pem
```
Run any command except `agent` with `-h` to see all environment variables and
flags. For example: `nomad status -h`
Since HTTPS currently does not validate client certificates you do not need to
give the command line tool access to any private keys.
## Encryption Examples ## Encryption Examples
### TLS Configuration using `cfssl` ### TLS Configuration using `cfssl`