Fluentd's input, output, and filter plugins which use server
plugin helper support the <transport>
section to specify how to handle connection.
Transport section must be in <match>
, <source>
, and <filter>
sections. It's specifying transport protocol, its version, and certificates.
protocol
[enum]
Default: :tcp
version
[enum]
Default: 'TLSv1_2'
ciphers
[string]
Default: "ALL:!aNULL:!eNULL:!SSLv2"
OpenSSL 1.0.0 or higher default.
insecure
[bool]
Default: false (use secure connection when use tls)
ca_path
: [string]
Default: nil
Specify path to CA certificate file
cert_path
: [string]
Default: nil
Specify path to Certificate file
private_key_path
: [string]
Default: nil
Specify path to private Key file
private_key_passphrase
: [string]
Default: nil
public CA private key passphrase contained path
client_cert_auth
: [bool]
Default: false
When this is set Fluentd will check all incoming HTTPS requests
for a client certificate signed by the trusted CA, requests that
don't supply a valid client certificate will fail.
ca_cert_path
: [string]
Default: nil
Specify private CA contained path
ca_private_key_path
: [string]
Default: nil
private CA private key contained path
ca_private_key_passphrase
: [string]
Default: nil
private CA private key passphrase contained path
generate_private_key_length
: [integer]
Default: 2048
generate_cert_country
: [string]
Default: US
generate_cert_state
: [string]
Default: CA
generate_cert_locality
: [string]
Default: Mountain View
generate_cert_common_name
: [string]
Default: nil
generate_cert_expiration
: [integer]
Default: (60 * 60 * 24 = 86400) * 365 * 10 = 10 years
generate_cert_digest
: [enum]
Default: :sha256
If this article is incorrect or outdated, or omits critical information, please let us know. Fluentd is a open source project under Cloud Native Computing Foundation (CNCF). All components are available under the Apache 2 License.