Config: Transport Section
Fluentd's input, output, and filter plugins which use server plugin helper support the <transport> section to specify how to handle connection.
Transport section must be in <match>, <source>, and <filter> sections. It's specifying transport protocol, its version, and certificates.
protocol[enum]Default: :tcp
version[enum]Default:
'TLSv1_2'
ciphers[string]Default:
"ALL:!aNULL:!eNULL:!SSLv2"OpenSSL 1.0.0 or higher default.
insecure[bool]Default: false (use secure connection when use tls)
ca_path: [string]Default: nil
Specify path to CA certificate file
cert_path: [string]Default: nil
Specify path to Certificate file
private_key_path: [string]Default: nil
Specify path to private Key file
private_key_passphrase: [string]Default: nil
public CA private key passphrase contained path
client_cert_auth: [bool]Default: false
When this is set Fluentd will check all incoming HTTPS requests
for a client certificate signed by the trusted CA, requests that
don't supply a valid client certificate will fail.
cert_verifier[string]Default: nil
Specify code path for cert verification. See also server article​
ca_cert_path: [string]Default: nil
Specify private CA contained path
ca_private_key_path: [string]Default: nil
private CA private key contained path
ca_private_key_passphrase: [string]Default: nil
private CA private key passphrase contained path
generate_private_key_length: [integer]Default: 2048
generate_cert_country: [string]Default: US
generate_cert_state: [string]Default: CA
generate_cert_locality: [string]Default: Mountain View
generate_cert_common_name: [string]Default: nil
generate_cert_expiration: [integer]Default: (60 * 60 * 24 = 86400) * 365 * 10 = 10 years
generate_cert_digest: [enum]Default: :sha256
If this article is incorrect or outdated, or omits critical information, please let us know. Fluentd is a open source project under Cloud Native Computing Foundation (CNCF). All components are available under the Apache 2 License.
