Is it possible to configure temporal/temporal front end to accept both tls and non tls traffic?

madhu · September 2, 2021, 11:32am

Can the temporal server be configured to accept both TLS traffic and non TLS traffic?

i have a set of clients which are internal in nature, which i want to connect without TLS

and i have another set of clients which are external (3rd party), which needs to connect only through TLS,

Is this configuration possible?

arnesenfamily · September 2, 2021, 2:04pm

I’d suggest looking at the hostOverrides option in the server config. I think that’s the way to control frontend TLS configuration per incoming host.

github.com

temporalio/customization-samples/blob/master/tls/tls-full/config_template.yaml#L140

    
      
                  serverName: internode.cluster-x.contoso.com
                  rootCaFiles:
                      - /etc/temporal/config/certs/cluster/ca/server-intermediate-ca.pem
          frontend:
              server:
                  requireClientAuth: true
                  certFile: /etc/temporal/config/certs/cluster/internode/cluster-internode.pem
                  keyFile: /etc/temporal/config/certs/cluster/internode/cluster-internode.key
                  clientCaFiles:
                      - /etc/temporal/config/certs/cluster/ca/server-intermediate-ca.pem
              hostOverrides:
                  accounting.cluster-x.contoso.com:
                      certFile: /etc/temporal/config/certs/cluster/accounting/cluster-accounting-chain.pem
                      keyFile: /etc/temporal/config/certs/cluster/accounting/cluster-accounting.key
                      requireClientAuth: true
                      clientCaFiles:
                          - /etc/temporal/config/certs/client/ca/client-intermediate-ca-accounting.pem
                  development.cluster-x.contoso.com:
                      certFile: /etc/temporal/config/certs/cluster/development/cluster-development-chain.pem
                      keyFile: /etc/temporal/config/certs/cluster/development/cluster-development.key
                      requireClientAuth: true

Topic		Replies	Views
Need Help on tls config in java Community Support java-sdk	4	1378	January 18, 2022
Tctl won't use TLS config specified in env Community Support tls , tctl	7	1682	July 6, 2022
Docker-compose deployment with mutual TLS Community Support	5	1594	August 13, 2020
Configuring namespace specific TLS certificates dynamically Community Support go-sdk	4	1119	May 28, 2021
Potential Error in /docker/config_template.yaml Community Support worker	14	2780	June 24, 2021

Is it possible to configure temporal/temporal front end to accept both tls and non tls traffic?

Related Topics