Skip to content

Commit

Permalink
Expand in quickstart insecure mode
Browse files Browse the repository at this point in the history
  • Loading branch information
@benarent
benarent committed May 29, 2019
1 parent eac0039 commit bc49607
Show file tree
Hide file tree
Showing 2 changed files with 14 additions and 4 deletions.
9 changes: 7 additions & 2 deletions docs/4.0/quickstart-enterprise.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -269,8 +269,13 @@ in Teleport always must to go through an SSH proxy, sometimes called an "SSH bas

!!! warning "Warning":
For the purposes of this quickstart we are using the `--insecure` flag which allows
us to skip configuring the HTTP/TLS certificate for Teleport proxy.
Never use `--insecure` in production. You must configure the HTTP/TLS proxy certificate.
us to skip configuring the HTTP/TLS certificate for Teleport proxy. Your browser will
throw a warning **Your connection is not private**. Click Advanced, and **Proceed to 0.0.0.0 (unsafe)**
to preview the Teleport UI.

Never use `--insecure` in production unless you terminate SSL at a load balancer. This will
apply to most cloud providers (AWS, GCP and Azure). You must configure a HTTP/TLS certificate for the Proxy.
This process has been made easier with Let's Encrypt. [We've instructions here](https://gravitational.com/blog/letsencrypt-teleport-ssh/).

If successful, `tsh login` command will receive Joe's user certificate and will
store it in `~/.tsh/keys/<proxy>` directory.
Expand Down
9 changes: 7 additions & 2 deletions docs/4.0/quickstart.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -113,8 +113,13 @@ in Teleport must to go through a proxy, sometimes called a "bastion".

!!! warning "Warning":
For the purposes of this quickstart we are using the `--insecure` flag which allows
us to skip configuring the HTTP/TLS certificate for Teleport proxy.
Never use `--insecure` in production. You must configure the HTTP/TLS proxy certificate.
us to skip configuring the HTTP/TLS certificate for Teleport proxy. Your browser will
throw a warning **Your connection is not private**. Click Advanced, and **Proceed to 0.0.0.0 (unsafe)**
to preview the Teleport UI.

Never use `--insecure` in production unless you terminate SSL at a load balancer. This will
apply to most cloud providers (AWS, GCP and Azure). You must configure a HTTP/TLS certificate for the Proxy.
This process has been made easier with Let's Encrypt. [We've instructions here](https://gravitational.com/blog/letsencrypt-teleport-ssh/).

If successful, `tsh login` command will receive a user certificate for a given proxy
and will store it in `~/.tsh/keys/<proxy>` directory.
Expand Down

0 comments on commit bc49607

Please sign in to comment.