Skip to main content
Version: Next

mTLS Configuration

Mutual Transport Layer Security (mTLS) is a protocol that provides both authentication and encryption for communication between two parties. It ensures that only authorized entities can communicate, and that their data is protected from eavesdropping and tampering. Below is a guide on how to configure mTLS for Lunar.dev's API Consumption Gateway.

mTLS Configuration

Provide Certificate Files

Ensure that you supply the necessary certificate and key files, following the correct structure. These files should be stored in /etc/lunar-proxy/certs/mtls/ as shown below:

├── /certs/
    ├── /mtls/
    ├── /tls/

Using a Combined Certificate and Key File

If you prefer to combine the certificate and key into a single .pem file, this simplifies your configuration. You can create this combined file using the following command:

cat server.crt server.key > server.pem

Then, in your gateway_config.yaml, reference the .pem file under the cert field:

/etc/lunar-proxy/gateway_config.yaml
mTLS:
  - domain: api.example.com
    cert: /etc/lunar-proxy/certs/mtls/server.pem

Using Separate Certificate and Key Files

For enhanced security, you can keep the certificate and private key as separate files. Make sure they have the same base name, with the .crt and .key extensions, and place them in the same directory. Only the .crt file needs to be specified in the gateway_config.yaml file; the key file is automatically matched based on the name.

For example:

/etc/lunar-proxy/gateway_config.yaml
mTLS:
  - domain: api.example.com
    cert: /etc/lunar-proxy/certs/mtls/server.crt

In this case, the system will automatically associate the server.crt.key file with the server.crt.

Example mTLS Configuration

Below is an example configuration for two domains (api.example.com and api.store.com). The certificates and keys are stored in /etc/lunar-proxy/certs/mtls/:

/etc/lunar-proxy/gateway_config.yaml
mTLS:
  - domain: api.example.com
    cert: /etc/lunar-proxy/certs/mtls/example.crt
  - domain: api.store.com
    cert: /etc/lunar-proxy/certs/mtls/store.crt

This configuration ensures that both the certificate and key are automatically associated for secure mTLS communication.

Make sure that your certificate files and their corresponding key files are properly managed and kept up to date to maintain the security of your mTLS connections.