Skip to main content

tls server

tls server

The tls server binding decodes encrypted TLS protocol on the inbound network stream, producing higher level cleartext application streams for each request.

tls_server:
  type: tls
  kind: server
  vault: server
  exit: default_server
  options:
    keys:
      - localhost
    sni:
      - localhost
    alpn:
      - echo
  routes:
    - when:
        - alpn: echo
      exit: echo_server

Configuration (* required)

vault

string

Vault name.

options

object

The tls specific options.

options:
  keys:
  - localhost
  sni:
  - localhost
  alpn:
  - echo

options.version

string

Protocol version.

options.keys

array of string

A list of reference names for the Vault key.

options.trust

array of string

A list of reference names for the Vault certificate.

options.signers

array of string

A list of reference names for the Vault signer certificate.

options.trustcacerts

boolean

Trust CA certificates. When the this property is not explicitly set it will be automatically set to true if options.trust is null.

options.sni

array of string

A list of the Server Name Indications.

options.alpn

array of string

Application protocols.

options.mutual

enum [ required, requested, none ]

Mutual authentication. When the this property is not explicitly set it will be automatically set to none if options.trust is null, otherwise it will be set to required.

routes*

array of object

Conditional tls specific routes.

routes:
  - when:
      - alpn: echo
  exit: echo_server

routes[].guarded

object as map of named array of string

List of roles required by each named guard to authorize this route.

routes:
  - guarded:
      my_guard:
        - read:items

routes[].when

array of object

List of conditions (any match) to match this route. Read more: When a route matches

routes:
  - when:
      - alpn: echo

when[].authority

string

Associated authority.

when[].alpn

string

Application protocol.

when[].port

integer, string, array

Port number(s), including port number ranges.

routes[].exit

string

Next binding when following this route.

routes:
  - when:
    ...
    exit: echo_server

exit

string

Default exit binding when no conditional routes are viable.

exit: echo_server

telemetry

object

Defines the desired telemetry for the binding.

telemetry.metrics

array

Telemetry metrics to track

telemetry:
  metrics:
    - stream.*
© aklivity, inc. 2023-2024