TLS

The gateway can use TLS connections between S3 client and server if the TLS certs are provided. The cert and key must be provided to the gateway to enable TLS connections. If the server is only hosting traffic on a local network, then self signed credentials can be generated. For hosting a public facing service, it is recommended to generate official credentials using Let's Encrypt or some other CA service.

To enable TLS, see Global-Options for specifying TLS cert and key files.

To generate self signed certificates, follow the direction for mkcert:

$ mkcert -install
$ mkcert localhost 127.0.0.1 ::1

Add any local IPs and hostnames to the list as needed, or to generate a wildcard cert for the local domain:

$ mkcert "*.local.test"

Or you can use openssl to generate the certs, for example:

# interactive and 1 year expiration
openssl req -x509 -newkey rsa:4096 -keyout key.pem -out cert.pem -sha256 -days 365 -nodes
# non-interactive and 10 years expiration
openssl req -x509 -newkey rsa:4096 -keyout key.pem -out cert.pem -sha256 -days 3650 -nodes -subj "/C=XX/ST=StateName/L=CityName/O=CompanyName/OU=CompanySectionName/CN=CommonNameOrHostname"

@versitysoftware

Home
User:
- Quickstart
- System Requirements
- Install
  - Linux
- Workflow
- Global Options
- TLS
- HA/Load Balancing
  - Load-Balancing
  - HealthCheck
- Event Notifications
- Docker
- PreSignedURL
- Multi-Tenant/IAM
  - IAM Vault
  - Differences from AWS S3
- Example Client Configs
- Metrics
- Admin APIs
- Backends:
  - POSIX
    - Metadata Options
  - ScoutFS
  - S3
  - AzureBlob
- Logging:
  - Logfile
  - Webhook
Developer:
Articles:

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

TLS

@versitysoftware

Clone this wiki locally