»Security and networking
This learning collection is part of the Day 1 learning path, and will cover how to secure and set up networking for your first Consul datacenter. It assumes that you have already deployed your first datacenter.
By following this collection, you will learn about:
By the end of this tutorial, you will be able to configure gossip encryption on a your Consul datacenter. Gossip communication between all agents in the datacenter can be secured with a symmetric key.
»Securing Agent Communication with TLS Encryption
By the end of the this tutorial, you will know how to generate certificates for your datacenter. This tutorial will cover how to create a Certificate Authority (CA), and how to generate server certificates and client certificates. Encrypting both incoming and outgoing communication is crucial for securing your datacenter.
»Securing Consul with ACLs
By the end of this tutorial, you will have ACLs configured on the Consul agents, servers and clients. For each step, you will be able to recognize if the process is not properly executed. Optionally, you can also configure the anonymous token and token for the UI.
»Managing ACL policies
By the end of this tutorial, you will be able to discover the minimum privileges required for any datacenter operation.
By the end of this tutorial, you will be able to update the parameters for tuning stale reads, negative response caching, and TTL in the agent's configuration file.
By the end of this tutorial, you will be able to setup DNS forwarding from BIND, dnsmasq, Unbound, systemd-resolved, iptables, or macOS. You will also be able to test and troubleshoot the DNS service after the initial setup.
»Datacenter federation with WAN gossip
By the end of this tutorial, you will connect two datacenters using WAN gossip. This tutorial includes two methods for connecting the Consul servers, on the command line or in the agent's configuration file.