You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
It is now possible to enable TLS for the web UI console of cockroach demo with the new flag --secure-http. This makes it possible to expose the HTTP interface to a shared network. Note however that this configuration still uses an ephemeral self-signed CA generated by demo itself, and is thus insufficient for use by end users web browsers directly: it should still be combined with a HTTP proxy that exposes the service using a public CA. This feature is not enabled by default. The network address bound by cockroach demo simulated nodes is now configurable via the new command-line flags --http-addr (for the HTTP interface) and --sql-addr (for the TCP interface for SQL clients). The default for these flags results in the same configuration as in previous versions, that is, the demo nodes only listen on 127.0.0.1. Note that --http-addr cannot be used without passing --secure-http explicitly (either via --secure-http=true or --secure-http=false), so as to clearly signal intent. The CommonName (CN) field of the TLS server certificate generated for the HTTP port in cockroach demo (when --secure-http is used) is now configurable via the new flag --http-advertise-addr. This is also the address displayed in the web UI URLs printed to the user via the %5Cdemo ls client-side command. The default for this value is the same as --http-addr.
The text was updated successfully, but these errors were encountered:
It is now possible to enable TLS for the web UI console of
cockroach demo
with the new flag--secure-http
. This makes it possible to expose the HTTP interface to a shared network. Note however that this configuration still uses an ephemeral self-signed CA generated bydemo
itself, and is thus insufficient for use by end users web browsers directly: it should still be combined with a HTTP proxy that exposes the service using a public CA. This feature is not enabled by default. The network address bound bycockroach demo
simulated nodes is now configurable via the new command-line flags--http-addr
(for the HTTP interface) and--sql-addr
(for the TCP interface for SQL clients). The default for these flags results in the same configuration as in previous versions, that is, thedemo
nodes only listen on 127.0.0.1. Note that--http-addr
cannot be used without passing--secure-http
explicitly (either via--secure-http=true
or--secure-http=false
), so as to clearly signal intent. The CommonName (CN) field of the TLS server certificate generated for the HTTP port incockroach demo
(when--secure-http
is used) is now configurable via the new flag--http-advertise-addr
. This is also the address displayed in the web UI URLs printed to the user via the%5Cdemo ls
client-side command. The default for this value is the same as--http-addr
.The text was updated successfully, but these errors were encountered: