From 935319a2183ad8892eba14d767135375f1020220 Mon Sep 17 00:00:00 2001 From: Juan Font Date: Sat, 19 Nov 2022 10:35:48 +0000 Subject: [PATCH] Remove mTLS from doc and config example --- config-example.yaml | 7 ------- docs/tls.md | 14 -------------- 2 files changed, 21 deletions(-) diff --git a/config-example.yaml b/config-example.yaml index d1e46e26..2028d332 100644 --- a/config-example.yaml +++ b/config-example.yaml @@ -161,13 +161,6 @@ acme_email: "" # Domain name to request a TLS certificate for: tls_letsencrypt_hostname: "" -# Client (Tailscale/Browser) authentication mode (mTLS) -# Acceptable values: -# - disabled: client authentication disabled -# - relaxed: client certificate is required but not verified -# - enforced: client certificate is required and verified -tls_client_auth_mode: relaxed - # Path to store certificates and metadata needed by # letsencrypt # For production: diff --git a/docs/tls.md b/docs/tls.md index c319359a..557cdf01 100644 --- a/docs/tls.md +++ b/docs/tls.md @@ -29,17 +29,3 @@ headscale can also be configured to expose its web service via TLS. To configure tls_cert_path: "" tls_key_path: "" ``` - -### Configuring Mutual TLS Authentication (mTLS) - -mTLS is a method by which an HTTPS server authenticates clients, e.g. Tailscale, using TLS certificates. This can be configured by applying one of the following values to the `tls_client_auth_mode` setting in the configuration file. - -| Value | Behavior | -| ------------------- | ---------------------------------------------------------- | -| `disabled` | Disable mTLS. | -| `relaxed` (default) | A client certificate is required, but it is not verified. | -| `enforced` | Requires clients to supply a certificate that is verified. | - -```yaml -tls_client_auth_mode: "" -```