diff --git a/content/terraform-enterprise/1.0.x/docs/enterprise/deploy/prepare-host.mdx b/content/terraform-enterprise/1.0.x/docs/enterprise/deploy/prepare-host.mdx index a619988bc1..9c31f49ad4 100644 --- a/content/terraform-enterprise/1.0.x/docs/enterprise/deploy/prepare-host.mdx +++ b/content/terraform-enterprise/1.0.x/docs/enterprise/deploy/prepare-host.mdx @@ -116,34 +116,39 @@ If your certificate files are from Let’s Encrypt, the file names map to the fo If you do not have a certificate, you can generate a self-signed certificate. -The following example uses the `openssl` command to generate an RSA key and certificate for `MyOrganization`. Specify details about your organization in the `-subj` flag or omit and enter them when prompted. Refer to the [OpenSSL documentation](https://docs.openssl.org/master/man1/openssl-req/) for information about forming the command. The `-nodes` option is required because Terraform Enterprise cannot use a private key that is protected by a passphrase. +The following example uses the `openssl` command to generate an RSA key and certificate for an organization with name `MyOrganization`. The `-nodes` option is required because Terraform Enterprise cannot use a private key that is protected by a passphrase. Specify details about your organization in the `-subj` flag. Refer to the [OpenSSL documentation](https://docs.openssl.org/master/man1/openssl-req/) for information about forming the command. + +The example is making use of environment variables to keep the self-signed certificate generation a simple one line command. + +|Environment variable overview|| +| --- |--- | +|`CERT_CN`|Common Name (e.g. server FQDN or YOUR name) [], use your Terraform Enteprise FQDN here| +|`CERT_COUNTRY`|Country Name (2 letter code) [AU]| +|`CERT_STATE`|State or Province Name (full name) [Some-State]| +|`CERT_LOCALITY`|Locality Name (eg, city)| +|`CERT_ORGNAME`| Organization Name (eg, company) [Internet Widgits Pty Ltd]| +|`CERT_ORGUNIT`|Organizational Unit Name (eg, section)| + +First export the details of `MyOrganization` as environment variables, replace the example values as required. ```shell-session -openssl req -nodes -x509 -sha256 -newkey rsa:4096 \ - -keyout cert.key \ - -out cert.crt \ - -days 356 \ - -subj "/C=US/ST=CA/L=San Francisco/O=MyOrganization/OU=Global/CN=example.com" \ - -addext "subjectAltName=DNS:example.com" +export CERT_CN="tfe.example.com" +export CERT_COUNTRY="US" +export CERT_STATE="California" +export CERT_LOCALITY="San Francisco" +export CERT_ORGNAME="MyOrganization" +export CERT_ORGUNIT="Engineering" ``` -When generating the key, replace `` with the Terraform Enterprise hostname: +Then generate the self-signed certificate. ```shell-session -You are about to be asked to enter information that will be incorporated -into your certificate request. -What you are about to enter is what is called a Distinguished Name or a DN. -There are quite a few fields but you can leave some blank -For some fields there will be a default value, -If you enter '.', the field will be left blank. ------ -Country Name (2 letter code) [AU]:US -State or Province Name (full name) [Some-State]:California -Locality Name (eg, city) []:San Francisco -Organization Name (eg, company) [Internet Widgits Pty Ltd]:HashiCorp, Inc. -Organizational Unit Name (eg, section) []:Engineering -Common Name (e.g. server FQDN or YOUR name) []: -Email Address []: +openssl req -nodes -x509 -sha256 -newkey rsa:4096 \ + -keyout cert.key \ + -out cert.crt \ + -days 356 \ + -subj "/C=${CERT_COUNTRY}/ST=${CERT_STATE}/L=${CERT_LOCALITY}/O=${CERT_ORGNAME}/OU=${CERT_ORGUNIT}/CN=${CERT_CN}" \ + -addext "subjectAltName=DNS:${CERT_CN}" ``` Copy the `cert.pem` file to a new file named `bundle.pem`: diff --git a/content/terraform-enterprise/1.0.x/docs/enterprise/deploy/reference/configuration.mdx b/content/terraform-enterprise/1.0.x/docs/enterprise/deploy/reference/configuration.mdx index d013c9684d..f1f2101c90 100644 --- a/content/terraform-enterprise/1.0.x/docs/enterprise/deploy/reference/configuration.mdx +++ b/content/terraform-enterprise/1.0.x/docs/enterprise/deploy/reference/configuration.mdx @@ -314,7 +314,7 @@ Must be `true` or `false`. `true` indicates Redis server is configured to use `T Must be `true` or `false`. `true` indicates to use TLS to access Redis. Defaults to `false`. -## `TFE_REDIS_USE_MTLS` +### `TFE_REDIS_USE_MTLS` Must be `true` or `false`. `true` indicates to use mutual TLS (mTLS) authentication for clients to access Redis with Redis standalone or Sentinel. Defaults to `false`. @@ -615,8 +615,12 @@ Required when `TFE_OBJECT_STORAGE_TYPE` is `s3`. #### `TFE_OBJECT_STORAGE_S3_ENDPOINT` -S3 endpoint. Useful when using a private S3 endpoint. Leave blank to use the -default AWS S3 endpoint. Defaults to `""`. +S3 endpoint. Useful when using a private S3 endpoint. + +Example: `TFE_OBJECT_STORAGE_S3_ENDPOINT: https://s3.example.com` + +Leave blank to use the default AWS S3 endpoint. Defaults to `""`. + #### `TFE_OBJECT_STORAGE_S3_REGION` diff --git a/content/terraform-enterprise/v202507-1/docs/enterprise/deploy/reference/configuration.mdx b/content/terraform-enterprise/v202507-1/docs/enterprise/deploy/reference/configuration.mdx index 9cc2893700..acccc7d1ad 100644 --- a/content/terraform-enterprise/v202507-1/docs/enterprise/deploy/reference/configuration.mdx +++ b/content/terraform-enterprise/v202507-1/docs/enterprise/deploy/reference/configuration.mdx @@ -529,8 +529,11 @@ Required when `TFE_OBJECT_STORAGE_TYPE` is `s3`. #### `TFE_OBJECT_STORAGE_S3_ENDPOINT` -S3 endpoint. Useful when using a private S3 endpoint. Leave blank to use the -default AWS S3 endpoint. Defaults to `""`. +S3 endpoint. Useful when using a private S3 endpoint. + +Example: `TFE_OBJECT_STORAGE_S3_ENDPOINT: https://s3.example.com` + +Leave blank to use the default AWS S3 endpoint. Defaults to `""`. #### `TFE_OBJECT_STORAGE_S3_REGION`