Skip to content

Commit e2be724

Browse files
eschabelleschabell
authored
Erics tls updatesUpdated TLS doc configuration options table to match v4.1 release. Fixes #2088. (#2123)
* Removing a readme file this is not standardized in classic-mode directory. Signed-off-by: Eric D. Schabell <[email protected]> * Updated to not use readme file in classic-config directory, but the correct description file. Signed-off-by: Eric D. Schabell <[email protected]> * Updated to better sort some sections and update for missing entries. Fixes #2108. Signed-off-by: Eric D. Schabell <[email protected]> * Updated configuration variables for opentelemetry output plugin, many new ones added. Signed-off-by: Eric D. Schabell <[email protected]> * Updated configuration variables for opentelemetry output plugin, many new ones added. Fixes #2083 Signed-off-by: Eric D. Schabell <[email protected]> * Fixes reqeusted by reviewers for options table for opentelemetry output plugin. Signed-off-by: Eric D. Schabell <[email protected]> * Updated TLS doc configuration options table to match v4.1 release. Fixes #2088. Signed-off-by: Eric D. Schabell <[email protected]> * Updates to fix suggestion from @esmerel. Applys to #2088. Signed-off-by: Eric D. Schabell <[email protected]> --------- Signed-off-by: Eric D. Schabell <[email protected]>
1 parent 368cf31 commit e2be724

File tree

1 file changed

+22
-19
lines changed

1 file changed

+22
-19
lines changed

administration/transport-security.md

Lines changed: 22 additions & 19 deletions
Original file line numberDiff line numberDiff line change
@@ -5,18 +5,21 @@ Fluent Bit provides integrated support for Transport Layer Security (TLS) and it
55

66
Both input and output plugins that perform Network I/O can optionally enable TLS and configure the behavior. The following table describes the properties available:
77

8-
| Property | Description | Default |
9-
| :--- | :--- | :--- |
10-
| `tls` | Enable or disable TLS support. | `Off` |
11-
| `tls.verify` | Force certificate validation. | `On` |
12-
| `tls.verify_hostname` | Force TLS verification of host names. | `Off` |
13-
| `tls.debug` | Set TLS debug verbosity level. Accepted values: `0` (No debug), `1` (Error), `2` (State change), `3` (Informational) and `4`. (Verbose) | `1` |
14-
| `tls.ca_file` | Absolute path to CA certificate file. | _none_ |
15-
| `tls.ca_path` | Absolute path to scan for certificate files. | _none_ |
16-
| `tls.crt_file` | Absolute path to Certificate file. | _none_ |
17-
| `tls.key_file` | Absolute path to private Key file. | _none_ |
18-
| `tls.key_passwd` | Optional password for `tls.key_file` file. | _none_ |
19-
| `tls.vhost` | Hostname to be used for TLS SNI extension. | _none_ |
8+
| Property | Description | Default |
9+
|:----------------------|:----------------------------------------------------------------------------------------------------------------------------------------|:--------|
10+
| `tls` | Enable or disable TLS support. | `off` |
11+
| `tls.debug` | Set TLS debug verbosity level. Accepted values: `0` (No debug), `1` (Error), `2` (State change), `3` (Informational) and `4` (Verbose). | `1` |
12+
| `tls.ca_file` | Absolute path to CA certificate file. | _none_ |
13+
| `tls.ca_path` | Absolute path to scan for certificate files. | _none_ |
14+
| `tls.ciphers` | Specify TLS ciphers up to TLSv1.2. | _none_ |
15+
| `tls.crt_file` | Absolute path to Certificate file. | _none_ |
16+
| `tls.key_file` | Absolute path to private Key file. | _none_ |
17+
| `tls.key_passwd` | Optional password for `tls.key_file` file. | _none_ |
18+
| `tls.max_version` | Specify the maximum version of TLS. | _none_ |
19+
| `tls.min_version` | Specify the minimum version of TLS. | _none_ |
20+
| `tls.verify` | Force certificate validation. | `on` |
21+
| `tls.vhost` | Hostname to be used for TLS SNI extension. | _none_ |
22+
| `tls.verify_hostname` | Force TLS verification of host names. | `off` |
2023

2124
To use TLS on input plugins, you must provide both a certificate and a private key.
2225

@@ -187,8 +190,8 @@ pipeline:
187190
Host 192.168.2.3
188191
Port 80
189192
URI /something
190-
tls On
191-
tls.verify Off
193+
tls on
194+
tls.verify off
192195
```
193196

194197
{% endtab %}
@@ -247,8 +250,8 @@ pipeline:
247250
Match *
248251
Host 192.168.10.100
249252
Port 24224
250-
tls On
251-
tls.verify On
253+
tls on
254+
tls.verify on
252255
tls.ca_file /etc/certs/fluent.crt
253256
tls.vhost fluent.example.com
254257
```
@@ -302,8 +305,8 @@ pipeline:
302305
Match *
303306
Host other.fluent-aggregator.net
304307
Port 24224
305-
tls On
306-
tls.verify On
308+
tls on
309+
tls.verify on
307310
tls.verify_hostname on
308311
tls.ca_file /path/to/fluent-x509v3-alt-name.crt
309312
```
@@ -317,4 +320,4 @@ This outgoing connect will fail and disconnect:
317320
[2024/06/17 16:51:31] [error] [tls] error: unexpected EOF with reason: certificate verify failed
318321
[2024/06/17 16:51:31] [debug] [upstream] connection #50 failed to other.fluent-aggregator.net:24224
319322
[2024/06/17 16:51:31] [error] [output:forward:forward.0] no upstream connections available
320-
```
323+
```

0 commit comments

Comments
 (0)