2022-02-18 14:12:03 +00:00
<clickhouse >
<!-- HTTP API with TLS (HTTPS).
You have to configure certificate to enable this interface.
See the openSSL section below.
-->
<https_port > 8443</https_port>
<!-- Native interface with TLS.
You have to configure certificate to enable this interface.
See the openSSL section below.
-->
2023-03-14 22:10:08 +00:00
<tcp_port_secure > 9440</tcp_port_secure>
2022-02-18 14:12:03 +00:00
<!-- Used with https_port and tcp_port_secure. Full ssl options list: https://github.com/ClickHouse - Extras/poco/blob/master/NetSSL_OpenSSL/include/Poco/Net/SSLManager.h#L71 -->
<openSSL replace= "replace" >
<server > <!-- Used for https server AND secure tcp port -->
<certificateFile > /etc/clickhouse-server/config.d/server-cert.pem</certificateFile>
<privateKeyFile > /etc/clickhouse-server/config.d/server-key.pem</privateKeyFile>
<caConfig > /etc/clickhouse-server/config.d/ca-cert.pem</caConfig>
<verificationMode > relaxed</verificationMode>
</server>
<client > <!-- Used for connecting to https dictionary source and secured Zookeeper communication -->
<loadDefaultCAFile > true</loadDefaultCAFile>
<cacheSessions > true</cacheSessions>
<disableProtocols > sslv2,sslv3</disableProtocols>
<preferServerCiphers > true</preferServerCiphers>
<!-- Use for self - signed: <verificationMode>none</verificationMode> -->
<invalidCertificateHandler >
<!-- Use for self - signed: <name>AcceptCertificateHandler</name> -->
<name > RejectCertificateHandler</name>
</invalidCertificateHandler>
</client>
</openSSL>
</clickhouse>