commit 39dfc081645856cb82bb8d7ad111b3bb7daf032f parent e0429a3c255a93e80050bea832b2a84a359eed7a Author: Andreas Gruhler <agruhl@gmx.ch> Date: Sat, 18 Feb 2023 22:13:46 +0100 feat(consul): fix deprecated tls options Diffstat:
| M | consul.sh | | | 32 | ++++++++++++++++++++------------ |
1 file changed, 20 insertions(+), 12 deletions(-)
diff --git a/consul.sh b/consul.sh @@ -77,18 +77,26 @@ cat << EOF > /etc/consul.d/server.hcl server = true bootstrap_expect = 3 -# Auto-encrypt RPC - -# "verify rpc only", because ui=true -ui = true -verify_incoming = false -verify_incoming_rpc = true -verify_outgoing = true -verify_server_hostname = true - -ca_file = "/opt/consul/tls/consul-agent-ca.pem" -cert_file = "/opt/consul/tls/dc1-server-consul.pem" -key_file = "/opt/consul/tls/dc1-server-consul-key.pem" +ui_config { + enabled = true +} + +tls { + defaults { + verify_incoming = false + verify_outgoing = true + ca_file = "/opt/consul/tls/consul-agent-ca.pem" + cert_file = "/opt/consul/tls/dc1-server-consul.pem" + key_file = "/opt/consul/tls/dc1-server-consul-key.pem" + } + + # Auto-encrypt RPC + # "verify rpc only", because ui enabled + internal_rpc { + verify_incoming = true + verify_server_hostname = true + } +} EOF # Configure systemd service unit