wennan.he
09/20/2022, 8:20 PMMichal Nicpon
09/20/2022, 9:27 PM--server_tls=false
when running fleet behind a TLS terminator.wennan.he
09/20/2022, 9:33 PMKathy Satterlee
09/20/2022, 9:43 PM--server-tls
only controls whether Fleet is served over TLS. You'd generally only disable that if you had a proxy server that was terminating TLS. Were you running in to trouble with TLS enabled on Fleet?wennan.he
09/20/2022, 9:57 PMKathy Satterlee
09/20/2022, 10:24 PMwennan.he
09/20/2022, 10:58 PMKathy Satterlee
09/20/2022, 11:39 PMwennan.he
09/20/2022, 11:42 PMKathy Satterlee
09/20/2022, 11:51 PMosquery
sends an enrollment request to the Fleet server over TLS, which includes an enroll secret.
2. Either the Fleet server itself or a proxy acts as the TLS endpoint for that request.
3. If using a proxy, the request is then forwarded to Fleet.
4. Fleet accepts the request and enrolls the host if the enroll secret is valid.
5. Fleet responds with a node key that is used for future authentication.wennan.he
09/20/2022, 11:54 PMKathy Satterlee
09/20/2022, 11:56 PMwennan.he
09/20/2022, 11:57 PMKathy Satterlee
09/21/2022, 12:00 AMosquery
uses TLS to communicate with the server. Either Fleet or a proxy can be the TLS endpoint, but there needs to be one.wennan.he
09/21/2022, 12:03 AMKathy Satterlee
09/21/2022, 12:05 AMwennan.he
09/21/2022, 12:19 AM