Remove mTLS from doc and config example
This commit is contained in:
parent
4c7e15a7ce
commit
935319a218
2 changed files with 0 additions and 21 deletions
|
@ -161,13 +161,6 @@ acme_email: ""
|
||||||
# Domain name to request a TLS certificate for:
|
# Domain name to request a TLS certificate for:
|
||||||
tls_letsencrypt_hostname: ""
|
tls_letsencrypt_hostname: ""
|
||||||
|
|
||||||
# Client (Tailscale/Browser) authentication mode (mTLS)
|
|
||||||
# Acceptable values:
|
|
||||||
# - disabled: client authentication disabled
|
|
||||||
# - relaxed: client certificate is required but not verified
|
|
||||||
# - enforced: client certificate is required and verified
|
|
||||||
tls_client_auth_mode: relaxed
|
|
||||||
|
|
||||||
# Path to store certificates and metadata needed by
|
# Path to store certificates and metadata needed by
|
||||||
# letsencrypt
|
# letsencrypt
|
||||||
# For production:
|
# For production:
|
||||||
|
|
14
docs/tls.md
14
docs/tls.md
|
@ -29,17 +29,3 @@ headscale can also be configured to expose its web service via TLS. To configure
|
||||||
tls_cert_path: ""
|
tls_cert_path: ""
|
||||||
tls_key_path: ""
|
tls_key_path: ""
|
||||||
```
|
```
|
||||||
|
|
||||||
### Configuring Mutual TLS Authentication (mTLS)
|
|
||||||
|
|
||||||
mTLS is a method by which an HTTPS server authenticates clients, e.g. Tailscale, using TLS certificates. This can be configured by applying one of the following values to the `tls_client_auth_mode` setting in the configuration file.
|
|
||||||
|
|
||||||
| Value | Behavior |
|
|
||||||
| ------------------- | ---------------------------------------------------------- |
|
|
||||||
| `disabled` | Disable mTLS. |
|
|
||||||
| `relaxed` (default) | A client certificate is required, but it is not verified. |
|
|
||||||
| `enforced` | Requires clients to supply a certificate that is verified. |
|
|
||||||
|
|
||||||
```yaml
|
|
||||||
tls_client_auth_mode: ""
|
|
||||||
```
|
|
||||||
|
|
Loading…
Reference in a new issue