From d44b2a7c014b98178743421b5ebc0b7b65100cb3 Mon Sep 17 00:00:00 2001
From: Justin Angel <justinangel86@gmail.com>
Date: Sun, 30 Jan 2022 07:26:28 -0500
Subject: [PATCH] adding default for tls_client_auth_mode

---
 config-example.yaml | 7 +++++++
 1 file changed, 7 insertions(+)

diff --git a/config-example.yaml b/config-example.yaml
index 3301669d..3d8fe88c 100644
--- a/config-example.yaml
+++ b/config-example.yaml
@@ -85,6 +85,13 @@ acme_email: ""
 # Domain name to request a TLS certificate for:
 tls_letsencrypt_hostname: ""
 
+# Client (Tailscale/Browser) authentication mode (mTLS)
+# Acceptable values:
+# - disabled: client authentication disabled
+# - relaxed: client certificate is required but not verified
+# - enforced: client certificate is required and verified
+tls_client_auth_mode: disabled
+
 # Path to store certificates and metadata needed by
 # letsencrypt
 tls_letsencrypt_cache_dir: /var/lib/headscale/cache