Couper Documentation


TLS (Server)

Block nameContextLabel
tlsServer Blockno

The tls block allows to configure one or more server certificates in the first place. The certificates will be served on all ports within the hosts list. Enabling tls also enables the upgrade option to the HTTP2 protocol.

The simplest configuration is an empty tls {} block which will serve a self signed certificate for local development.

Multiple server_certificate or client_certificate blocks are allowed.


Once a client_certificate block is defined the server automatically requests and verify a certificate from the client.


server "couper" {  hosts = ["*:443"]  tls {    server_certificate "" {      public_key_file = "couperServer.crt" # PEM      private_key_file = "couperServer.key" # PEM    }    # mTLS    client_certificate "IOT" {      ca_certificate_file = "couperIntermediate.crt" # PEM      # OR(AND!)      leaf_certificate_file = "couperClient.crt" # PEM    }  }

Nested Blocks


Configures a client certificate (zero or more).


Configures a server certificate (zero or more).