https://github.com/osquery/osquery logo
#fleet
Title
# fleet
m

Mike S.

03/17/2023, 5:52 PM
Hi team - certificate question for you - We are looking at putting our Fleet EC2 behind an Elastic Load Balancer in AWS, which will sit behind Cloudflare. Does the certificate for Fleet have to be on the EC2, or can it be on Cloudflare or the ELB? I'm referring to the certificate that clients would use to communicate with the Fleet server.
z

zwass

03/17/2023, 6:06 PM
No problem there. As long as the clients see a valid cert they won't complain.
m

Mike S.

03/17/2023, 6:43 PM
Cool, thank you! So how would that look from a fleet.config perspective? Would I still have the cert on the local box and point to that, or would I need to point to the Cloudflare or AWS cert?
z

zwass

03/17/2023, 6:48 PM
You can have the ELB terminate TLS and turn off TLS in the Fleet config.
m

Mike S.

03/17/2023, 6:50 PM
Ah nice. Thank you!
z

zwass

03/17/2023, 6:51 PM
Not sure if you already are, but I'd recommend using the Terraform which will ease getting everything set up: https://fleetdm.com/announcements/fleet-terraform-module#how-to-use-the-module
m

Mike S.

03/17/2023, 6:52 PM
Unfortunately I'm doing this manually at the moment, but Terraform is on the horizon for future deployments.