TheArchive/zitadel
1
0
Fork 0
mirror of https://github.com/zitadel/zitadel.git synced 2025-08-12 00:47:33 +00:00
Code Issues Packages Projects Releases Wiki Activity

feat: show basic info start-from-init (#6183)

Browse Source
This commit is contained in:
Miguel Cabrerizo
2023-07-12 19:46:50 +02:00
committed by GitHub
parent 036bb33cb8
commit 0f3c33cb86
4 changed files with 57 additions and 10 deletions
Download Patch File Download Diff File Expand all files Collapse all files

18
docs/docs/self-hosting/manage/tls_modes.mdx
View File

@@ -2,8 +2,8 @@
title: TLS Modes
---
To allow ZITADEL to be run on any kind of infrastrucute it allows to configure on how tho handle TLS connections.
There are three mode of operation: `external`, `enabled`, `disabled`.
To allow ZITADEL to be run on any kind of infrastructure it allows to configure on how tho handle TLS connections.
There are three mode of operation: `external`, `enabled`, `disabled`.
Generally this command is set as argument while starting ZITADEL. For example like this:
@@ -11,18 +11,18 @@ Generally this command is set as argument while starting ZITADEL. For example li
zitadel start-from-init --masterkey "MasterkeyNeedsToHave32Characters" --tlsMode disabled
```
## External
## External
The mode `external` allows you to configure ZITADEL in such a way that it will instruct its clients to use https.
However ZITADEL delegates the management of TLS connections to a reverseproxy, web application firewall or a service mesh.
## Enabled
When using the mode `enabled` ZITADEL is setup to await incoming connections in an encrypted fashion.
When using the mode `enabled` ZITADEL is setup to await incoming connections in an encrypted fashion.
Wether it is from a client directly, a reverseproxy or web application firewall.
This allows http connections to be secured at the transport level the whole way.
If you use the mode `enabled` you need to configure ZITADEL with the nessecary TLS settings.
If you use the mode `enabled` you need to configure ZITADEL with the necessary TLS settings.
```yaml
TLS:
@@ -31,17 +31,17 @@ TLS:
# either directly or by a path to the corresponding file
Enabled: true
# Path to the private key of the TLS certificate, it will be loaded into the Key
# and overwrite any exising value
# and overwrite any existing value
KeyPath: #/path/to/key/file.pem
# Private key of the TLS certificate (KeyPath will this overwrite, if specified)
Key: #<bas64 encoded content of a pem file>
# Path to the certificate for the TLS connection, it will be loaded into the Cert
# and overwrite any exising value
# and overwrite any existing value
CertPath: #/path/to/cert/file.pem
# Certificate for the TLS connection (CertPath will this overwrite, if specified)
Cert: #<bas64 encoded content of a pem file>
```
## Disabled
With the mode `disabled` ZITADEL is instructed to await all connections with plain http without TLS.
@@ -55,4 +55,4 @@ Be aware this is not a secure setup and should only be used for test systems!
## HTTP/2
To allow ZITADEL to function properly please make sure that HTTP/2 is enabled. If you are using the mode `external` or `disabled` make sure to verify h2c compatibilty.
You can read more about how ZITADEL utilizes in our [HTTP/2 docs](/self-hosting/manage/http2).
You can read more about how ZITADEL utilizes in our [HTTP/2 docs](/self-hosting/manage/http2).