16552: Option to get TLS certificates automatically from LE.

[arvados.git] / lib / config / config.default.yml

diff --git a/lib/config/config.default.yml b/lib/config/config.default.yml
index 472a22c6b2cb11a3566d882e6420f52400ca4b13..29d9d9cc41df6db1b857450d59164f93078aa47f 100644 (file)
--- a/lib/config/config.default.yml
+++ b/lib/config/config.default.yml
@@ -900,10 +900,23 @@ Clusters:
       Repositories: /var/lib/arvados/git/repositories
 
     TLS:
+      # Use "file:///var/lib/acme/live/example.com/cert" and ".../key"
+      # to load externally managed certificates.
       Certificate: ""
       Key: ""
+
+      # Accept invalid certificates when connecting to servers. Never
+      # use this in production.
       Insecure: false
 
+      # Agree to Let's Encrypt terms of service and obtain
+      # certificates automatically for ExternalURL domains.
+      Automatic: false
+
+      # Use Let's Encrypt staging environment instead of production
+      # environment.
+      Staging: false
+
     Containers:
       # List of supported Docker Registry image formats that compute nodes
       # are able to use. `arv keep docker` will error out if a user tries