mirror of
https://github.com/ClickHouse/ClickHouse.git
synced 2024-11-15 20:24:07 +00:00
34 lines
1.5 KiB
XML
34 lines
1.5 KiB
XML
<clickhouse>
|
|
<!-- HTTP API with TLS (HTTPS).
|
|
You have to configure certificate to enable this interface.
|
|
See the openSSL section below.
|
|
-->
|
|
<https_port>8443</https_port>
|
|
|
|
<!-- Native interface with TLS.
|
|
You have to configure certificate to enable this interface.
|
|
See the openSSL section below.
|
|
-->
|
|
<tcp_port_secure>9440</tcp_port_secure>
|
|
|
|
<!-- Used with https_port and tcp_port_secure. Full ssl options list: https://github.com/ClickHouse-Extras/poco/blob/master/NetSSL_OpenSSL/include/Poco/Net/SSLManager.h#L71 -->
|
|
<openSSL replace="replace">
|
|
<server> <!-- Used for https server AND secure tcp port -->
|
|
<certificateFile>/etc/clickhouse-server/config.d/server-cert.pem</certificateFile>
|
|
<privateKeyFile>/etc/clickhouse-server/config.d/server-key.pem</privateKeyFile>
|
|
<caConfig>/etc/clickhouse-server/config.d/ca-cert.pem</caConfig>
|
|
<verificationMode>relaxed</verificationMode>
|
|
</server>
|
|
|
|
<client> <!-- Used for connecting to https dictionary source and secured Zookeeper communication -->
|
|
<loadDefaultCAFile>true</loadDefaultCAFile>
|
|
<cacheSessions>true</cacheSessions>
|
|
<disableProtocols>sslv2,sslv3</disableProtocols>
|
|
<preferServerCiphers>true</preferServerCiphers>
|
|
<invalidCertificateHandler>
|
|
<name>RejectCertificateHandler</name>
|
|
</invalidCertificateHandler>
|
|
</client>
|
|
</openSSL>
|
|
</clickhouse>
|