adding default for tls_client_auth_mode

2022-01-30 07:26:28 -05:00 · 2022-01-30 07:26:28 -05:00 · d44b2a7c01
parent c98a559b4d
commit d44b2a7c01
1 changed files with 7 additions and 0 deletions
--- a/config-example.yaml
+++ b/config-example.yaml
@ -85,6 +85,13 @@ acme_email: ""
 # Domain name to request a TLS certificate for:
 tls_letsencrypt_hostname: ""

+# Client (Tailscale/Browser) authentication mode (mTLS)
+# Acceptable values:
+# - disabled: client authentication disabled
+# - relaxed: client certificate is required but not verified
+# - enforced: client certificate is required and verified
+tls_client_auth_mode: disabled
+
 # Path to store certificates and metadata needed by
 # letsencrypt
 tls_letsencrypt_cache_dir: /var/lib/headscale/cache