Skip to main content
The SSL section enables SSL/TLS on build event protocol and remote cache gRPC connections (gRPCS).
This section is optional.

Configuration Options

enable_ssl
boolean
Whether or not to enable SSL/TLS on gRPC connections (gRPCS).
use_acme
boolean
Whether or not to automatically configure SSL certs using ACME. If ACME is enabled, cert_file and key_file should not be set.
cert_file
string
Path to a PEM encoded certificate file to use for TLS if not using ACME.
key_file
string
Path to a PEM encoded key file to use for TLS if not using ACME.
client_ca_cert_file
string
Path to a PEM encoded certificate authority file used to issue client certificates for mTLS auth.
client_ca_key_file
string
Path to a PEM encoded certificate authority key file used to issue client certificates for mTLS auth.

Generating client CA files

# Change these CN's to match your BuildBuddy host name
SERVER_SUBJECT=buildbuddy.io
PASS=$(openssl rand -base64 32) # <- Save this :)

# Generates ca.key
openssl genrsa -passout pass:${PASS} -des3 -out ca.key 4096

# Generates ca.crt
openssl req -passin pass:${PASS} -new -x509 -days 365000 -key ca.key -out ca.crt -subj "/CN=${SERVER_SUBJECT}"

# Generates ca.pem
openssl pkcs8 -passin pass:${PASS} -topk8 -nocrypt -in ca.key -out ca.pem

Example Configuration

config.yaml
ssl:
  enable_ssl: true
  use_acme: true
  client_ca_cert_file: your_ca.crt
  client_ca_key_file: your_ca.pem

Build docs developers (and LLMs) love

Get started for freeTalk to us