I know that Tile38 doesn't natively support TLS, but recommends configuring a external facing proxy with TLS when exposing Tile 38 to an untrusted network. This works fine for clients using a TLS capable SSL client library to connect.
However, such a setup imposes challenges if you want a Tile 38 server on the external network to follow the TLS secured server. You would basically need to setup a non-secure proxy on the host where the follower is installed to expose a localhost only non-encrypted endpoint to the leader. It also imposes some challenges with how to configure the replica_announce settings of the follower.
Configuration could be simplified if Tile38 were able to connect to TLS endpoints of leaders and followers.
This should preferrable able be configured with an tls option for the FOLLOW command e.g.
FOLLOW leader port [tls]
And the replica_announce_ options should allow configuring a TLS endpoint to connect to
replica_announce_tls [on|off|hostname to connect to]
I know that Tile38 doesn't natively support TLS, but recommends configuring a external facing proxy with TLS when exposing Tile 38 to an untrusted network. This works fine for clients using a TLS capable SSL client library to connect.
However, such a setup imposes challenges if you want a Tile 38 server on the external network to follow the TLS secured server. You would basically need to setup a non-secure proxy on the host where the follower is installed to expose a localhost only non-encrypted endpoint to the leader. It also imposes some challenges with how to configure the replica_announce settings of the follower.
Configuration could be simplified if Tile38 were able to connect to TLS endpoints of leaders and followers.
This should preferrable able be configured with an tls option for the FOLLOW command e.g.
FOLLOW leader port [tls]
And the replica_announce_ options should allow configuring a TLS endpoint to connect to
replica_announce_tls [on|off|hostname to connect to]