Skip to content

TLS

TLS configuration for the Remote inbound and outbound.

Inbound

{
  "tls": {
    "enabled": true,
    "server_name": "",
    "alpn": [],
    "certificate": [],
    "certificate_path": "",
    "key": [],
    "key_path": ""
  }
}

Outbound

{
  "tls": {
    "enabled": true,
    "server_name": "",
    "insecure": false,
    "alpn": [],
    "certificate": [],
    "certificate_path": ""
  }
}

Fields

enabled

Enable TLS.

server_name

Used to verify the hostname on the returned certificates unless insecure is given.

It is also included in the client's handshake to support virtual hosting unless it is an IP address.

insecure

Outbound only.

Accepts any server certificate.

alpn

List of supported application level protocols, in order of preference.

certificate

The server certificate line array, in PEM format.

certificate_path

The path to the server certificate, in PEM format.

key

Inbound only.

The server private key line array, in PEM format.

key_path

Inbound only.

The path to the server private key, in PEM format.

Generate

Generate a self-signed certificate key pair:

backup-dev generate tls-keypair backup.example.com --months 12