Skip to content

Commit

Permalink
Remove mTLS from doc and config example
Browse files Browse the repository at this point in the history
  • Loading branch information
Juan Font authored and juanfont committed Nov 19, 2022
1 parent 4c7e15a commit 935319a
Show file tree
Hide file tree
Showing 2 changed files with 0 additions and 21 deletions.
7 changes: 0 additions & 7 deletions config-example.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -161,13 +161,6 @@ acme_email: ""
# Domain name to request a TLS certificate for:
tls_letsencrypt_hostname: ""

# Client (Tailscale/Browser) authentication mode (mTLS)
# Acceptable values:
# - disabled: client authentication disabled
# - relaxed: client certificate is required but not verified
# - enforced: client certificate is required and verified
tls_client_auth_mode: relaxed

# Path to store certificates and metadata needed by
# letsencrypt
# For production:
Expand Down
14 changes: 0 additions & 14 deletions docs/tls.md
Original file line number Diff line number Diff line change
Expand Up @@ -29,17 +29,3 @@ headscale can also be configured to expose its web service via TLS. To configure
tls_cert_path: ""
tls_key_path: ""
```

### Configuring Mutual TLS Authentication (mTLS)

mTLS is a method by which an HTTPS server authenticates clients, e.g. Tailscale, using TLS certificates. This can be configured by applying one of the following values to the `tls_client_auth_mode` setting in the configuration file.

| Value | Behavior |
| ------------------- | ---------------------------------------------------------- |
| `disabled` | Disable mTLS. |
| `relaxed` (default) | A client certificate is required, but it is not verified. |
| `enforced` | Requires clients to supply a certificate that is verified. |

```yaml
tls_client_auth_mode: ""
```

0 comments on commit 935319a

Please sign in to comment.