Remove mTLS from doc and config example

This commit is contained in:
Juan Font 2022-11-19 10:35:48 +00:00 committed by Juan Font
parent 4c7e15a7ce
commit 935319a218
2 changed files with 0 additions and 21 deletions

View file

@ -161,13 +161,6 @@ acme_email: ""
# Domain name to request a TLS certificate for: # Domain name to request a TLS certificate for:
tls_letsencrypt_hostname: "" tls_letsencrypt_hostname: ""
# Client (Tailscale/Browser) authentication mode (mTLS)
# Acceptable values:
# - disabled: client authentication disabled
# - relaxed: client certificate is required but not verified
# - enforced: client certificate is required and verified
tls_client_auth_mode: relaxed
# Path to store certificates and metadata needed by # Path to store certificates and metadata needed by
# letsencrypt # letsencrypt
# For production: # For production:

View file

@ -29,17 +29,3 @@ headscale can also be configured to expose its web service via TLS. To configure
tls_cert_path: "" tls_cert_path: ""
tls_key_path: "" tls_key_path: ""
``` ```
### Configuring Mutual TLS Authentication (mTLS)
mTLS is a method by which an HTTPS server authenticates clients, e.g. Tailscale, using TLS certificates. This can be configured by applying one of the following values to the `tls_client_auth_mode` setting in the configuration file.
| Value | Behavior |
| ------------------- | ---------------------------------------------------------- |
| `disabled` | Disable mTLS. |
| `relaxed` (default) | A client certificate is required, but it is not verified. |
| `enforced` | Requires clients to supply a certificate that is verified. |
```yaml
tls_client_auth_mode: ""
```