Skip to content

Commit cafb03c

Browse files
ewoutpewoutp
committed
Updated docs
1 parent 47805b7 commit cafb03c

File tree

1 file changed

+59
-2
lines changed

1 file changed

+59
-2
lines changed

README.md

Lines changed: 59 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -134,6 +134,65 @@ Usually one would use the Docker image `arangodb/arangodb`.
134134
`containerName` is the name of a Docker container that is used to run the
135135
executable. This argument is required when running the executable in docker.
136136

137+
Authentication options
138+
----------------------
139+
140+
The arango starter by default creates a cluster that uses no authentication.
141+
142+
To create a cluster that uses authentication, create a file containing a random JWT secret (single line)
143+
and pass it through the `--jwtSecretFile` option.
144+
145+
For example:
146+
147+
```
148+
echo "MakeThisSecretMuchStronger" > jwtSecret
149+
arangodb --jwtSecretFile=./jwtSecret
150+
```
151+
152+
All starters used in the cluster must have the same JWT secret.
153+
154+
SSL options
155+
-----------
156+
157+
The arango starter by default creates a cluster that uses no unencrypted connections (no SSL).
158+
159+
To create a cluster that uses encrypted connections, you can use an existing server key file
160+
or let the starter create one for you.
161+
162+
To use an existing server key file use the `--sslKeyFile` option like this:
163+
164+
```
165+
arangodb --sslKeyFile=myServer.key
166+
```
167+
168+
Go to the [SSL manual](https://docs.arangodb.com/3.1/Manual/Administration/Configuration/SSL.html) for more
169+
information on how to create a server key file.
170+
171+
To let the starter created a self-signed server key file, use the `--sslAutoKeyFile` option like this:
172+
173+
```
174+
arangodb --sslAutoKeyFile
175+
```
176+
177+
All starters used to make a cluster must be using SSL or not.
178+
You cannot have one starter using SSL and another not using SSL.
179+
180+
Note that all starters can use different server key files.
181+
182+
Additional SSL options:
183+
184+
* `--sslCAFile path`
185+
186+
Configure the servers to require a client certificate in their communication to the servers using the CA certificate in a file with given path.
187+
188+
* `--sslAutoServerName name`
189+
190+
name of the server that will be used in the self-signed certificate created by the `--sslAutoKeyFile` option.
191+
192+
* `--sslAutoOrganization name`
193+
194+
name of the server that will be used in the self-signed certificate created by the `--sslAutoKeyFile` option.
195+
137196
Esoteric options
138197
----------------
139198

@@ -222,8 +281,6 @@ Future plans
222281

223282
* bundle this program with the usual distribution
224283
* make port usage configurable
225-
* support SSL
226-
* support authentication
227284

228285
Technical explanation as to what happens
229286
----------------------------------------

0 commit comments

Comments
 (0)