# Config: Transport Section Some Fluentd input, output, and filter plugins, that use `server`/`http_server` plugin helper, also support the `` section to specify how to handle the connections. ## Transport Section Overview The **`transport`** section must be under ``, ``, and `` sections. It specifies the transport protocol, version, and certificates. ``` # tcp # udp # tls cert_path /path/to/fluentd.crt private_key_path /path/to/fluentd.key private_key_passphrase YOUR_PASSPHRASE # ... ``` ## Parameters ### Protocol The protocol is specified as the argument of `` section. ``` ``` * \[enum: `tcp`/`udp`/`tls`] * Default: `tcp` ### General Setting #### `linger_timeout` | type | default | available transport type | version | | ------- | ------- | ------------------------ | ------- | | integer | 0 | tcp, tls | 1.14.6 | The timeout (seconds) to set `SO_LINGER`. The default value `0` is to send RST rather than FIN to avoid lots of connections sitting in TIME\_WAIT on closing. You can set positive value to send FIN on closing. {% hint style="info" %} On Windows, Fluentd sends FIN without depending on this setting. {% endhint %} ``` linger_timeout 1 ``` #### `receive_buffer_size` | type | default | available transport type | version | | ------- | ------- | ------------------------ | ------- | | integer | nil | tcp, udp, tls | 1.18.0 | The max size of socket receive buffer for TCP/UDP. This is used in `SO_RCVBUF` socket option. ``` receive_buffer_size 4194304 ``` ### TLS Setting * `version`: \[enum: `TLS1_1`/`TLS1_2`/`TLS1_3`] * Default: `TLSv1_2` * `min_version`: \[enum: `TLS1_1`/`TLS1_2`/`TLS1_3`] * Default: `nil` * Specifies the lower bound of the supported SSL/TLS protocol. * `max_version`: \[enum: `TLS1_1`/`TLS1_2`/`TLS1_3`] * Default: `nil` * Specifies the upper bound of the supported SSL/TLS protocol. * `ciphers` \[string] * Default: `"ALL:!aNULL:!eNULL:!SSLv2"` * OpenSSL 1.0.0 or higher default. * `insecure` \[bool] * Default: `false` (uses secure connection with `tls`) * `ensure_fips`: \[bool] * Default: `false` * Version: 1.18.0 * Specifies whether it must use FIPS mode with OpenSSL. If `true`, Fluentd will check FIPS mode is supported in your environment, if not, just aborts. If `false`, it does nothing and don't care FIPS mode with OpenSSL. If you want to accept multiple TLS protocols, use `min_version`/`max_version` instead of `version`. To support the old style, fluentd accepts `TLS1_1` and `TLSv1_1` values. NOTE: `TLS1_3` is available when your system supports TLS 1.3. ### Signed Public CA Parameters For ``: * `ca_path`: \[string] * Default: `nil` * Specifies the path of CA certificate file * `cert_path`: \[string] * Default: `nil` * Specifies the path of Certificate file * `private_key_path`: \[string] * Default: `nil` * Specifies the path of Private Key file * `private_key_passphrase`: \[string] * Default: `nil` * Specifies the public CA private key passphrase * `client_cert_auth`: \[bool] * Default: `false` * If `true`, Fluentd will check all the incoming HTTPS requests for a client certificate signed by the trusted CA. The requests that don't supply a valid client certificate will fail. * `cert_verifier`: \[string] * Default: `nil` * Specifies the code path for cert verification. See also \[server article]\(/developer/api-plugin-helper-server.md#cert\_verifier-example). ### Generated and Signed by Private CA Parameters For ``: * `ca_cert_path`: \[string] * Default: `nil` * Specifies the private CA cert path * `ca_private_key_path`: \[string] * Default: `nil` * Specifies the private CA private key path * `ca_private_key_passphrase`: \[string] * Default: `nil` * Specifies the private CA private key passphrase ### Generated and Signed by Private CA Certs or Self-signed Parameters For ``: * `generate_private_key_length`: \[integer] * Default: 2048 * `generate_cert_country`: \[string] * Default: US * `generate_cert_state`: \[string] * Default: CA * `generate_cert_locality`: \[string] * Default: Mountain View * `generate_cert_common_name`: \[string] * Default: `nil` * `generate_cert_expiration`: \[integer] * Default: (60 \* 60 \* 24 = 86400) \* 365 \* 10 = 10 years ## Cert Digest Algorithm Parameter For ``: * `generate_cert_digest`: \[enum: `sha1`/`sha256`/`sha384`/`sha512`] * Default: `sha256` If this article is incorrect or outdated, or omits critical information, please [let us know](https://github.com/fluent/fluentd-docs-gitbook/issues?state=open). [Fluentd](http://www.fluentd.org/) is an open-source project under [Cloud Native Computing Foundation (CNCF)](https://cncf.io/). All components are available under the Apache 2 License. --- # Agent Instructions: Querying This Documentation If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question. Perform an HTTP GET request on the current page URL with the `ask` query parameter: ``` GET https://docs.fluentd.org/configuration/transport-section.md?ask= ``` The question should be specific, self-contained, and written in natural language. The response will contain a direct answer to the question and relevant excerpts and sources from the documentation. Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.