Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

SSL Administrator-Guide should clearly separate between settings on the server and on the client #755

Open
johanneskastl opened this issue Jul 14, 2022 · 0 comments
Open

SSL Administrator-Guide should clearly separate between settings on the server and on the client #755

johanneskastl opened this issue Jul 14, 2022 · 0 comments

Comments

@johanneskastl
Copy link
Contributor

johanneskastl commented Jul 14, 2022
edited
Loading

I find the current structure of the Administrator Guide for SSL somewhat confusing.

I would propose to split it up into two sections, one for servers and one for clients.

This would make it more readable, and avoid confusion on which steps are (or are not?) needed on the client?

## Servers
- set up certificates
- enable TLS on management traffic using /var/lib/glusterd/secure-access
- enable TLS on a volume
  -  enable client.ssl
  - enable server.ssl

## Clients
- set up certificates
- enable TLS on management traffic using /var/lib/glusterd/secure-access
- IO traffic

## TLS-related configuration on volumes
- auth.tls-allow
- ssl.certificate-depth on a volume
- ssl.cipher-list on a volume

If desired, I can come up with a PR.

This is slightly related to #754, where the value inside /var/lib/glusterd/secure-access apparently can be different on servers and clients.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@johanneskastl