TLS (Server)
| Block name | Context | Label |
|---|---|---|
tls | Server Block | no |
The tls block allows to configure one or more server certificates in the first place.
The certificates will be served on all ports within the hosts list. Enabling tls also enables the upgrade option to the HTTP2 protocol.
The simplest configuration is an empty
tls {}block which will serve a self signed certificate for local development.
Multiple server_certificate or client_certificate blocks are allowed.
mTLS
Once a client_certificate block is defined the server automatically requests and verify a certificate from the client.
Example
server "couper" {
hosts = ["*:443"]
tls {
server_certificate "api.example.com" {
public_key_file = "couperServer.crt" # PEM
private_key_file = "couperServer.key" # PEM
}
# mTLS
client_certificate "IOT" {
ca_certificate_file = "couperIntermediate.crt" # PEM
# OR(AND!)
leaf_certificate_file = "couperClient.crt" # PEM
}
}
Nested Blocks
| Name | Description |
|---|---|
client_certificate | Configures a client certificate (zero or more). |
server_certificate | Configures a server certificate (zero or more). |