Skip to content
This repository has been archived by the owner on May 17, 2019. It is now read-only.

Docs for mutual TLS auth support #465

Merged
merged 1 commit into from
Mar 7, 2018
Merged

Docs for mutual TLS auth support #465

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
13 changes: 11 additions & 2 deletions docs/v1.0/in_forward.txt
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -295,9 +295,19 @@ To test your encryption settings, execute the following command in your terminal

If you can confirm TLS/SSL encryption has been set up correctly, please proceed to [the configuration of the out_forward server](out_forward#how-to-connect-to-a-tls/ssl-enabled-server).

Additionally, since v1.1.1 it is allso possible to enable [Client Certificate Auth](https://en.wikipedia.org/wiki/Mutual_authentication) using `client_cert_auth` flag.
When this is enabled Fluentd will check all incoming HTTPS requests for a client certificate signed by the trusted CA, requests that don't supply a valid client certificate will fail.
In such cases you also want to provide a Certificate Auhority certificate using `ca_path` parameter.

:::term
$ openssl s_client -connect localhost:24224 \
-key path/to/client.key \
-cert path/to/client.crt \
-CAfile path/to/ca.crt

### Multi-process environment

If you use this plugin under multi-process environment, port will be shared.
If you use this plugin under multi-process environment, port will be shared.

:::term
<system>
Expand All @@ -321,4 +331,3 @@ With this configuration, 3 workers share 24224 port. No need additional port. In

`in_forward` doesn't provide parsing mechanism unlike `in_tail` or `in_tcp` because `in_forward` is mainly for efficient log transfer. If you want to parse incoming event, use [parser filter](https://github.com/tagomoris/fluent-plugin-parser) in your pipeline.<br />
See Docker logging driver usecase: [Docker Logging](http://www.fluentd.org/guides/recipes/docker-logging)

10 changes: 8 additions & 2 deletions docs/v1.0/transport-section.txt
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -21,15 +21,21 @@ It's specifying transport protocol, its version, and certificates.

### Signed public CA parameters

* ``ca_path``: [string]
* Default: nil
* Specify path to CA certificate file
* ``cert_path``: [string]
* Default: nil
* Specify public CA contained path
* Specify path to Certificate file
* ``private_key_path``: [string]
* Default: nil
* public CA private key contained path
* Specify path to private Key file
* ``private_key_passphrase``: [string]
* Default: nil
* public CA private key passphrase contained path
* ``client_cert_auth``: [bool]
* Default: false
* When this is set Fluentd will check all incoming HTTPS requests for a client certificate signed by the trusted CA, requests that don't supply a valid client certificate will fail.

### Generated and signed by private CA parameters

Expand Down